Important Information about Privacy and Security
What is GDPR?
The General Data Protection Regulation ((EU) 2016/679) (EU GDPR) replaced the Data Protection Directive 95/46/EC as of 25 May 2018. It is designed to strengthen the rights that individuals have regarding personal data relating to them and to harmonize data privacy laws across Europe.
The UK GDPR is the retained EU law version of the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland. Alongside the Data Protection Act 2018, it forms the Data Protection legislation of the UK. It includes the provisions of what was previously the applied GDPR, unless the context otherwise requires.
We are committed to respecting confidentiality of personal data and complying with all applicable data protection legislation. When we process personal data in the United Kingdom we do so in compliance with the Data Protection Act 2018 and the UK GDPR. When we process personal data in the European Economic Area we do so in compliance with the EU GDPR.
How We Ensure Our Compliance
Our role as a controller or a processor depends upon the nature of our engagement with you. If you are a customer this will be defined in your letter of engagement and associated schedules and Terms of Business which form our contract with you. But generally:
- Where we decide the purpose and means of processing, we are a Controller.
- Where we jointly decide the purpose and means of processing with you, we are a Joint Controller.
- Where we process personal data according to your explicit written instructions, in a contract that satisfies Article 28 of the GDPR, we are a Processor.
As the leading provider of technology and services within accounting, payroll, HR, recruitment and advisory in the Nordics, we have the role of a Processor. We have addressed EU data protection requirements applicable to us as a Processor. Data Processing Agreements with our customers have been reviewed and updated to be compliant with the EU GDPR.
As largest regional Top 10 SME Accountancy and Business Advisory firm delivering accounting, tax, audit, business and advisory services in the UK, we act in the role of a Controller. Our activities rely on us determining the purpose of processing to effectively carry out our duties to customers. It is also likely that we will sometimes act as Joint Controllers with our customers.
For example, when payroll processing, Azets is a Joint Controller because it will be acting jointly with the customer to determine the purpose of the processing. In the event of acting in a traditional accountant’s role Azets will be an independent Controller.
Because we act as Controllers, our data protection responsibilities are covered in the terms and conditions of our engagement letters which highlight data sharing responsibilities for both parties.
Azets is committed to protecting Personal Data processed by us and/or our Processors and Sub-processors. We ensure that our Processors and Sub-processors are subject to GDPR compliant Data Processing Agreements. We are committed to always providing an adequate level of protection for the personal data processed. Such protection is in accordance with applicable privacy legislation.
To ensure GDPR compliance, we continuously assess all Azets’ systems, applications, policies, procedures and documentation.
We have gathered useful information here in the Trust Centre. Our goal is to help you understand our commitment to comply with applicable privacy legislation, including the UK GDPR and EU GDPR.
This information may be subject to change, to make sure that the content and information available is current and accurate.
Do you have any questions regarding security, privacy and GDPR that you didn’t find any answers to in this overview?
Please send an email to firstname.lastname@example.org (in mainland Europe) or DPO@azets.co.uk (in the UK). This will be used to provide you with further information and help us in expanding the Trust Centre to include more relevant content.