This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject)
Fiscale: Fiscale (Holdings) Limited including all wholly owned subsidiaries but not exclusively restricted to Fiscale Limited and Fiscale (North West) Limited.
Workers: includes, employees, apprentices, work experience, interns, agency workers and casual employees
Third Parties: includes but is not exclusively restricted to Franchisees, Business Contacts, Clients, Professional Referrers, Strategic Partners, Client Referrers and Suppliers
Data: For the purpose of this document Data means personal data or information which relates to a living person who can be from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data. It may include but is not exclusively restricted to contact details and date of birth, bank details and information in relation to tax status including national insurance number, identification documents including passport and driving licence and other information, an agreement with us, images (whether captured on CCTV, by photograph or video).
GDPR: The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
Data Controller: the entity that determines the purposes, conditions and means of the processing of personal data
Data Protection Officer (DPO): an officer of Fiscale who is responsible for ensuring that Fiscale is adhering to the policies and procedures set forth in the GDPR
Data Subject: a natural person whose personal data is processed by a controller or processor
Processing: any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
SAR: Data subjects can make a ‘subject access request’ to find out the information we hold about them.
Subject Access Right: also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.
2018 Act: the Data Protection Act 2018.
Fiscale takes the security and privacy of data seriously. We need to gather and use information or ‘data’ as part of our business and to manage our relationships. We intend to comply with our legal obligations under the 2018 Act and GDPR in respect of data privacy and security. We have a duty to notify a data subject of the information contained in this policy.
Fiscale has measures in place to protect the security of data in accordance with our Data Security Policy.
Fiscale will hold data in accordance with our Data Retention Policy.
Fiscale will only hold data for as long as necessary for the purposes for which we collected it.
Fiscale is a ‘data controller’ for the purposes of data held by Fiscale.
This policy explains how Fiscale will hold and process Data and explains the rights of data subjects. It is intended that this policy is fully compliant with the 2018 Act and the GDPR. If any conflict arises between those laws and this policy, Fiscale intends to comply with the 2018 Act and the GDPR.
Data must be processed in accordance with six ‘Data Protection Principles.’ It must:
We are accountable for these principles and must be able to show that we are compliant.
This policy applies to all Data whether it is stored electronically, on paper or on other materials.
Data might be provided to us by data subjects, or someone else (such as a Business Contact).
‘Processing’ means any operation which is performed on data such as:
This includes processing Data which forms part of an electronic filing system and any automated processing.
We will use your Data for:
However, we can only do this if your interests and rights do not override ours. You have the right to challenge our legitimate interests and request that we stop this processing. See details of your data subject rights below.
We can process Data for these purposes without the knowledge or consent of the data subject.
We will not use Data for an unlawful purpose.
If you choose not to provide us with certain Data you should be aware that we may not be able to carry out certain parts of the contract between us. For example, if you do not provide us with your bank account details we may not be able to pay you or in the case of a client, to pass on refunds from HMRC paid to the Fiscale Client Account as a consequence of our making a R&D Tax Credit claim on your behalf.
Examples, but not necessarily an exhaustive list, of when we might process your Data
We have to process your Data in various situations.
This may be carried out by Fiscale for all and any new projects and/or new uses of data.
Whatever the nature of your relationship with Fiscale we may share your Data with workers, group companies, Franchisees ,our sub-contractors or relevant third parties to carry out our contractual obligations, or for our legitimate interests.
We require those recipients to keep your Data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
Data is never transferred outside the European Economic Area, except in compliance with the law and under authorisation of the Data Protection Officer and consent of the data processor.
Printed data is shredded and disposed of securely when finished with, in compliance with our Data Security Policy Our workers will ask for help from our Data Protection Officer if they are unsure about data protection or if they notice any areas of data protection or security we can improve upon.
We will only keep data for as long as is required to fulfil our legal obligations. We will not keep data longer than necessary and will keep this under review.
Fiscale has robust measures in place to minimise and prevent data breaches from taking place. Should a breach of Data occur (whether in respect of you or someone else) then we will take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals, then we will also notify the Information Commissioner’s Office within 72 hours. If relevant, Data Subjects will be advised of any high-risk breach.
If you are aware of a data breach you should contact our Data Protection Officer immediately and keep any evidence you have in relation to the breach.
Data Subjects can make a ‘Subject Access Request’ (‘SAR’) to obtain a copy of the information we hold about them. This request must be made in writing.
If you would like to make a SAR in relation to your own Data, you should make this in writing to our Data Protection Officer. We will respond within one month unless the request is complex or numerous, in which case the period in which we will respond could be extended by a further two months.
There is no fee for making a SAR. However, if a request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to the request.
You have the right to information about the Data we hold and process and on what basis it is held.
A Data Subject has the right to access any Data by way of a Subject Access Request (see above).
Inaccuracies in data can be corrected by contacting the Data Protection Officer.
A Data Subjects has the right to request that we erase Data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected by contacting the Data Protection Officer.
Data Subject has the right to object to data processing where we are relying on
a legitimate interest, direct marketing to do so and the data subject believes
that his/her rights and interests outweigh our own and you wish us to
Where professionally required and legally possible, Fiscale will port your data to another Data Controller without fees.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your Data for a specific purpose, you have the right not to consent, or to withdraw your consent later, subject to contract.
You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
Fiscale’s Data Protection Officer is responsible for reviewing this policy and updating the Board of Directors on Fiscale’s data protection responsibilities and any risks in relation to the processing of data. You should direct any questions in relation to this policy to
Fiscale’s Data Protection at DPO@fiscale.com
The data controller for the Fiscale websites is: Fiscale Limited, a UK Private limited Company with company number: 08838304
Whose registered office is:
25 Rookwood Way,
For more information about our data protection policies or to report a concern regarding our use of personal data, please contact: