Privacy policy.
This privacy policy explains how we collect and use any personal information we collect about you. The policy depends on whether you are “The User” (person or organisation authorised to use BrightHR), an Employee of “The User” or a Visitor to the website.
Privacy Policy
Welcome to Book End Accounts privacy policy. We appreciate you taking the time to read all our notices carefully.
Book End Accounts LTD (“Book Ends”/ “BE’A Business” / BE’A Creative”) is committed to protecting your privacy by ensuring that any personal data is collected and used lawfully and transparently. When delivering our professional services, we are the Data Processor of the personal data that you supply to the software platform under your contract with us.
This Privacy Notice explains:
Who we are
Personal data we collect
Our legal basis for processing
Who we may share information with and why
Where we may transfer data to
How we keep information secure and deal with security incidents
How long we may keep your data for
Your data privacy rights
Who is Book End Accounts?
Book End Accounts ltd specialises in the provision of Accountancy & Creative services within the UK.
When providing these services, we take our responsibilities regarding data protection very seriously and are bound by all applicable data protection laws in respect of the handling, processing and collection of data. All employees who handle personal and business data are known to ensure that the data is processed in line with the General Data Protection Regulations 2018 (GDPR) as well as The Data Protection Act 2018 (DPA).
Personal data we collect
The type and frequency of any personal data collected will always depend on how our website and services are used.
Personal Data provided to us:
We use electronic contact forms and chat facilities across our websites. These forms will prompt users to input basic contact details so we can generate service quotes, provide newsletter updates and respond to enquiries. You may also provide data to us when registering for an event, seminar or vacancy or when corresponding with us by phone, email, letter or social media. It is important that the personal data we hold about you is accurate and current. You should keep us informed if your personal data changes during your relationship with us.
Personal Data collected by us:
Where you ask us to provide services, we may be required to process additional categories of personal data relating to you or other parties to ensure the provision of our services can be met effectively, for example, software users with a disability who may need additional support. We may also collect additional data from you as part of our recruitment process, during your employment or when you visit our offices via CCTV. We may also ask to verify your identity in limited circumstances by providing valid photographic identification.
Personal Data from other sources:
We may receive information about you and/or your company from specific third parties such as business partners, sub-contractors, advertising networks, analytics providers, hosting providers and search information providers. Book End Accounts also receives referrals from other clients and purchases marketing lists from external companies.
Special Categories of Data:
There may be instances where we process Special Category Data provided by you or other users of our services during the lifetime of our service. Special category data is a more sensitive type of data which reveals insights about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation. We may also process data that relates to criminal and/or civil offences as well as child data in some very limited circumstances. Sensitive data collection will only take place where it is applicable to the provision of the services that we are contracted to provide or if this is input into the platform by software users. To undertake our core service functions to software users, we do not need to actively collect this category of data, however, if provided in the course of service it will be held securely and confidentially.
Online Identifiers:
When you visit our website, a record of your device’s IP address is retained which is used anonymously in order to determine website and page visitors. This enables us to continually update and refine the site. If you use any forms on the website to send an email to us, a record will also be made of your email address and your telephone number. For more information on how we use online identifiers or cookies please visit our
Our legal basis for processing
Before processing any personal data, we ensure that at least one lawful basis under GDPR is met. We will not disclose personal data for any purpose other than what the data was originally collected for; unless there is an overriding legal basis that enables this processing.
We may collect, hold, use and disclose the information collected to compile statistical data and to maintain our database; to develop or improve our website; respond to any queries; notify you of any upcoming marketing, training or other events that we think may be of interest to you; provide you with publications; manage quality control and compliance issues; manage systems administration; provide you or your organisation with advice; notify you about important changes or developments to our services; contact you for your views on our services or to determine the suitability for employment.
We may also process your personal data in the following circumstances:
To Perform Our Service Under the Contract:
We process information in order to support and maintain our existing or potential contractual relationships under the lawful basis ‘performance of a contract’. We may process personal data in order to provide various supporting client services, take payments and to make improvements to our website. We record calls made to our staff members including internal, inbound or outbound calls. The lawful basis which we often rely on to process data for the duration of servicing on your account and for the decision to enter an initial or any subsequent contract is under our ‘legitimate interests’. Ensuring our administrative and IT systems are secure and robust against unauthorised access also falls under this basis.
For Fraud Prevention:
Due to the services we offer to companies, we also have a ‘legal obligation’ to validate the status of companies we work with which may involve identifying and verifying individual data subjects as part of our ‘legitimate interests’ to safeguard against criminal or fraudulent activities. We also need to ensure that VAT and premium tax is paid.
To Defend Legal Issues:
We have a ‘legitimate interest’ to process data which may assist us in connection with the establishment, exercise or defence of legal claims.
To Process Sensitive Data:
In some cases, where the processing is deemed high risk or highly sensitive, we may ask for your ‘consent’ before we undertake the processing. For example, when providing information on reasonable adjustments before an interview. Where consent is used as the lawful basis for the processing, you will be entitled to withdraw that consent at any time as well as exercise your data privacy rights.
When you apply for a vacancy:
You provide several pieces of data to us directly during the recruitment exercise. In some cases, and to facilitate our ‘Legitimate Interests’ we will collect data about you from third parties, such as employment agencies and former employers when gathering references or credit reference agencies. Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins. We have a Legal Obligation to ensure you have a right to work in the UK and make reasonable adjustments for you if you have a disability. The ongoing lawful basis we rely on to process your data will be under our legal obligations or legitimate interests which may include assessments made on salary.
For Marketing Purposes:
Book End Accounts Limited is split into 3 separate departments. There may be occasions where several divisions in the group are involved in the delivery of the services you are contracted to receive. On occasion, we may share data with our affiliated divisions under our ‘legitimate interests’ to enhance the delivery of any services you have.
You can opt out of group marketing by emailing us at: bea'creative@bookendaccounts.co.uk
As part of our business-to-business sales strategy we may contact companies and individuals of companies about our products and services. To do this, we rely on our shared ‘legitimate interests’ in doing business together. This lawful basis also applies to any purchased data we may use from our various lead sources and when we share your data across our group databases. You can also opt out of updates and marketing by clicking on the unsubscribe button at the footer of our email communications.
118 Data Resource Limited: http://www.118information.co.uk/privacy/
Full information about our data processing obligations for each product we sell can be obtained via our Group Data Protection Officer upon request. Their contact details are disclosed at the bottom of this notice.
Data Sharing and International Transfers
Personal data will only be disclosed on a confidential basis to external service providers so that they can provide services such as financial, technological or administrative assistance. When we share data with an external third party; these operations are governed by a Data Processing Agreement (DPA) and we perform regular due diligence on any external companies we work with to ensure that high levels of data integrity are maintained.
Any transfers taking place outside the EEA are only permitted with the provision of an Adequacy decision, Standard Contractual Clauses (SCC’s) or any other lawful transfer mechanism. Where necessary, we may need to share data with external organisations such as law enforcement, regulatory bodies, fraud prevention agencies, partners or advisors. Before any data is shared, we ensure that all technical and organisational controls are firmly in place and a data protection impact assessment is undertaken, where applicable, if the sharing or transfer is considered high risk. We do not sell your data to any third parties.
We will not use or disclose your personal information for any other purpose which is not related (or in the case of sensitive information, directly related) to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales.
Data Retention
We will only keep your data for as long as necessary and only when the retention is compatible with the terms of your contract, and we will not retain data if it is deemed unlawful to do so. As we are a processor; we cannot keep data longer than is necessary unless specified by the client account holder. When using our software, there is a facility to download and transport any data input into the platform for later use so that our clients can facilitate any Data Subject Access Requests they may receive from employees at a later date. We do not retain copies of the data once the user account has been shut down. When you become a client of ours, we will retain information relating to your contract terms and our mutual business relationship as per our legitimate interests for up to 10 years.
Some data may be deleted before this time period depending on the category of that data in line with our commercial legitimate interests and retention schedule, for example, data provided to us in the course of an unsuccessful job application will be retained no longer than 6 months after the recruitment exercise.
Personal data that is no longer necessary is deleted securely in line with Book End Accounts Data Disposal Policy. Our Data Retention and Data Disposal policies are available upon request
Your Data Privacy Rights
All data subjects have individual rights. On a case by case basis, you have the following rights in relation to your personal data processed by Book End Accounts:
The right to be informed about how your personal data is collected and used
The right to request access to a copy of any personal data that we hold about you
The right to rectify personal data we may hold which is identified as incorrect or misleading
The right to erasure of any personal data; also known as ‘the right to be forgotten’
The right to restrict further processing of your personal data
The right to data portability where technology allows us to send personal data onto a new controller
The right to object to the processing or certain processing activities
Rights in relation to automated decision-making including profiling.
As an organisation we do not operate any automated decision-making systems. Please be aware that the rights listed in this section only apply to individuals and cannot be used to request data relating to business entities. Please be aware that your rights of access do not entitle you to physical or digital copies of any documentation we hold.
Queries and Complaints
If you’re not satisfied with our response, or believe we’re not processing your personal data in accordance with the law, you can approach the UK regulator for further guidance at www.ico.org.uk/concerns
Additional Information
This version was last updated and reviewed October 2020.
We regularly review and monitor regulatory guidance for any industry changes which may impact our business operations or your rights and freedoms.
We are legally known as Book End Accounts Limited, and our registered office is at Enterprise House, Wrest Park, Silsoe, Beds. MK45 4HS. We are registered in England under company number 6135073