Privacy Policy
This is the privacy statement of WR Partners. WR Partners is the trading name of Whittingham Riddell LLP a firm of Chartered Accountants, Tax and Business Advisers.
At WR Partners (“WR Partners” or “we”) we are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you; that you provide us or that we receive from others about you will be processed by us. For the purposes of data protection laws, we are the “data controller” of all personal information that we collect, use and/or otherwise process about you under this Privacy Statement.
1 | How and why we process personal data
We will process data to deliver the services WR Partners are contracted to provide to you; to administer requests or bookings submitted via our website https://wrpartners.co.uk/ and to provide marketing information to you. We confirm when processing data on your behalf that we will comply with the provisions of all relevant data protection legislation and regulation.
We do not sell, rent or lease any of the personal information collected from you to third parties. We do not process sensitive personal information, such as race, religion, or political affiliations (in the event that we become aware of any), without your explicit consent or where have another lawful reason to do so.
What personal information we collect
The personal information that we collect will vary depending on which product or service we deliver and the nature of our interactions with you. These may include (the list is non-exhaustive):
Personal Identifiable Information (Names, email address, postal information, DOB)
Contractual (details of the products or services that we will provide to you)
Open data and public records (details about you that are in public records such as UK Companies House, the UK Electoral Register and information about you that is openly available on the internet.
Payment and transaction date
Information about your employment
Financial information
IP addresses
Profile and usage data.
Information you provide when you apply for a job with us.
Information we collect [when you work for us]
Where we collect personal information from
Through formal engagement to provide professional services.
When you talk to us on the phone or in our offices.
In emails and letters.
Via our website and third party websites (General enquiries; mailing list sign up, event booking; questionnaires or surveys; submission of a job application)
At marketing or recruitment events (event feedback/surveys; prize draws)
[Medical practitioners in the case of our staff]
Government and law enforcement agencies
Recruitment consultants
[Payroll service providers]
[Fraud prevention agencies]
[Banks]
When we engage you to provide products or services to us
Personal information about others
We may collect information from you about others, such as members of your household or family (in the case of staff) or, about customers/clients of yours, in the case of clients. If you give us information about another person it is your responsibility to ensure and confirm that:
you have either told the individual who we are and how we use personal information, as set out in this Privacy Statement; and have permission from the individual to provide that personal information (including any sensitive personal data) to us and for us to process it, as set out in this Privacy Statement; or
you are otherwise satisfied that you are not in breach of data protection legislation by providing the information to us.
When do we need to collect your sensitive Information?
In certain circumstances, we may collect information that is deemed sensitive. This is most likely to include:
information about your health (for example if you are a member of staff); and/or
information about any criminal record you may have (this will generally only relate to members of staff).
We seek to limit any sensitive personal data that we collect and, unless we have other specific lawful reasons to use this information (such as in an emergency situation), we will ask for your consent to collect it.
How the law protects you
Legal bases for processing data
We are only allowed to use personal information if we have a proper lawful reason to do so. Data protection law sets out the legal bases for the processing of client data. These include being allowed to use your data where we enter into a formal client engagement with you and the processing is necessary for the performance of the contract between us. In addition, we are allowed to process data if we have your consent to do so or another legally permitted reason applies. This includes when we have a legal duty that we have to comply with or when it is in our legitimate interests to use your personal data. Our legitimate interests include the business interests of our company in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We can only rely on this basis if it is fair and reasonable for us to do so. For example, we have a legitimate interest in marketing our products and services. We will ensure that our marketing is relevant to you and is tailored to your interests. How we use your personal data
The purposes for which personal information is processed may include any or all of the following (the list is non-exhaustive):
Deliver services and meet legal responsibilities in accordance with our contract with you.
Verify identity where this is required
Communication by post, email, WR App or telephone
Understanding client needs and how they may be met
Maintain records
Process financial transactions
Prevent and detect crime, fraud or corruption
Send information about events, topical news and changes to legislation
To ensure security and protect our business interests
To exercise our rights contained in agreements or contracts, website terms of use and other terms and conditions of business.
To optimise our website. To collate information on how you interact with us and our services so that we can improve this if felt necessary.
To run our business in an efficient and proper manner (e.g. audit, managing our business capability, managing risk for us and our clients, finances, responding to complaints and seeking to resolve them).
Who has access and why?
Data will be held and processed for the purpose of providing the service that we are contracted to provide under our Terms of Engagement; or where you have provided your information via our website, or at a marketing event or where you have expressly consented to marketing.
Only those staff who have a legitimate need to access data will be authorised to do so.
Your information may also be disclosed when we believe in good faith that the disclosure is:
required by law;
to protect the safety of our employees, the public or our property;
required to comply with a judicial proceeding, court order or legal process; or
in the event of a merger, asset sale, or other related transaction; or
for the prevention or detection of crime (including fraud).
We may also be required to share your data with some other third parties. For example, if we have a problem with some software it may be necessary to provide the software supplier with specific data. However, where this is necessary we only disclose the information that is required to resolve the issue, and we have a contract in place that requires them to keep your information secure and not to use for their own purposes. Examples of third parties could include (this list is non-exhaustive):
Software providers
Website hosting provider
Electronic communication providers
We may also share your data when you have consented to us doing so.
If you choose not to give personal information
We may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations.
Any data collection that is optional would be made clear at the point of collection.
Our service providers and suppliers / transferring data outside of the UK
We are based in the United Kingdom. If we send personal information to countries outside the United Kingdom (for example when our hosting company is situated outside the UK as it is at the date of this privacy policy, and which means that your data will be transferred to and stored outside the UK, and will be processed by people who work for the hosting company), we will ensure that there will be a contract in place to make sure the recipient protects the data to the same standard as the UK. This may include following international frameworks for making data sharing secure. We will only transfer your personal data outside of the United Kingdom under the following circumstances:
where the transfer is to a country or other territory which has been assessed by the UK Government (or an equivalent EU body) as ensuring an adequate level of protection for personal data; or
with your consent; or
on the basis that the transfer is compliant with the UK GDPR and other applicable laws (including putting appropriate protections and safeguards in place.
If you require details of the safeguards we have in place, please contact us using the contact details set out at the end of this Privacy Statement.
How long we retain your personal data
To meet our legal data protection and privacy obligations, we only hold on to your information for as long as we need it, for the purposes we acquired it for in the first place, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. We will generally keep your data for no longer than six years for one of these reasons:
To comply with our legal obligations.
To respond to any questions or complaints.
To show that we treated you fairly.
To maintain records according to rules that apply to us.
We may keep your data for longer than six years if we cannot delete it for legal or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
2 | Using our website, Cookies & social media
What we collect when you interact with our sites and apps
As you may already know, most websites collect certain information automatically about the way in which you interact with them. This might include your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers) browser type, referral source, length of visit to the site, number of page views, the search queries you make, and similar information.
This information will be collected by us or by a third-party site analytics service provider and will be collected using cookies.
As we’ve described above, we use this information to save your settings, such as the last product you searched for so you can find it easily the second time, help improve our functionality and services, run diagnostics, analyse trends, track visitors movements, gather broad demographic information and personalise our services.
What do we mean by “cookies”?
Cookies are small amounts of information in the form of text files that we store on the device you use to access our site or our marketing communications. Cookies allow us to monitor your use of our services and improve them. For example, a temporary cookie is also used to keep track of your "session".
We use cookies for site analytics and to monitor how customers interact with and receive our marketing communications (for example, if you open a marketing communication and/or click on any of our offers). We use this information to improve the relevance and tone of our future communications to ensure we’re serving you as best as possible.
If you don’t want cookies installed on your device, you can change the settings on your browser or device to reject cookies. For more information about rejecting cookies using your internet browser settings, please consult the “Help” section of your internet browser or visit http://www.aboutcookies.org.
Please note that if you set your Internet browser to reject cookies, you may not be able to access all of the site's functions.
Social media
Any social media posts or comments you send to us (on our Facebook page, Twitter or LinkedIn) will be shared under the terms of the relevant social media platform on which they are written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend reviewing the terms and conditions and privacy policies of your social media platforms.
Marketing
When you’ll hear from us
We may from time to time provide you with updates and offers for our products and services via marketing tailored to you, whether through online services or by direct marketing (e.g. phone, e-mail, text, post) and use information we hold about you to help us identify, tailor and package our products and services that may be of interest to you. We will only do this if you have indicated that you are happy to receive marketing communications from us – that is, if you have either:
purchased services from us and have not told us that you don’t want to hear from us; or
signed up to receive marketing communications from us and have not later told us that you don’t want to hear from us.
Opting out of or withdrawing your consent in relation to marketing
If you no longer want to hear from us, you can opt out or unsubscribe by:
following the “unsubscribe” link contained in any marketing communications that you receive from us
by Email to: hello@WRPartners.co.uk
by contacting us on the details given below headed “Contact Information and Further Advice”.
Third parties and marketing
We might rely on third parties to help us manage our marketing communications, but we won’t share your information with any third parties for their marketing purposes unless you agree to our doing so.
3 | Your Rights
You have a number of rights under the UK GDPR:
Right of Access
You have the right, subject to a number of exceptions, to know what information we hold about you.
Right to Rectification
You have the right to require us to update any information we hold about you or correct inaccurate or incomplete personal data. Please let us know if your information changes so that we can keep it accurate and up to date.
Right to Erasure (also known as the right to be forgotten)
You have the right to ask us to delete personal information in certain circumstances, including where:
You consider that we no longer require the information for the purposes for which it was obtained.
We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent.
You have validly objected to our use of your personal information – see Right to Object.
Our use of your personal information is contrary to law or our other legal obligations.
Please note that this is not an absolute right and in certain circumstances we do not have to delete your data. See further below.
Right to Object
You have the right to object to our processing of your personal data. In certain circumstances we may be able to continue processing, but we will inform you of this fact if relevant. Please note that if you object to our processing your personal data or withdraw your consent, we may not be able to provide products or services to you.
We will stop any processing of your data for direct marketing as soon as we receive your request.
Right to Restrict Processing
You have the right to restrict processing of your data in certain circumstances, such as when there is a question over the way in which we are using it, so that we can only continue using it subject to restrictions.
Right to Data Portability
You have the right to require personal data which you have provided to us and which is processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine-readable format so that they can be "ported" to a replacement service provider.
Automatic Processing
We will not make any decision regarding you by purely automated means.
Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving or to comply with our legal and regulatory obligations) and to defend ourselves against any claims. We may also need to send you service-related communications relating to the services that we provide to you even when you have requested not to receive marketing communications.
How to exercise your rights
You can exercise your rights by emailing privacy@wrpartners.co.uk, or by ticking the applicable boxes on forms that we use to collect your information or to tell us that you don’t want to participate in marketing.
If you wish to remove your information from our marketing circulation lists, which include receiving marketing emails, you can unsubscribe by scrolling to the bottom of the email and clicking the ‘unsubscribe’ link.
We will comply with your requests unless we have a lawful reason not to do so.
We may need you to provide satisfactory proof of your identity. This is to ensure that your personal data is disclosed only to you.
How we look after your information
We are committed to protecting the confidentiality and security of the information that you provide to us. We put in place appropriate technical, physical and organisational security measures to protect against any unauthorised access or damage to, or disclosure or loss of, your information. By way of example we:
Ensure the physical security of our offices.
Ensure the physical and digital security of our equipment, devices and systems by mandating appropriate password protection, encryption and access restrictions.
Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work.
Maintain internal policies and procedures to make sure our staff understand their responsibilities in looking after your information and take appropriate measures to enforce these responsibilities.
Links to other sites and resources
Our website may from time to time contain content and links to other sites that are operated by third parties. You should note that we do not control these third-party sites or the cookies that such third parties operate and this Privacy Statement will not apply to them. You should ensure that you consult the Terms of Use and Privacy Policy of the relevant third party site to understand how that site collects and uses your information and to establish whether and for what purposes they use cookies.
You should also be aware that communications over the internet, such as e-mails, are not secure unless they have been encrypted.
4 | Changes to our Privacy Policy
Privacy Statement Updates
We keep this privacy statement under regular review. This privacy statement was last updated on 20th February 2023.
Contact information and further advice
Any questions or comments regarding this privacy policy or the ways in which we handle your personal information should be emailed to: E: privacy@wrpartners.co.uk.
If you want to make a subject access request, please contact us at: dpo@WRPartners.co.uk
Paper copies of the privacy statement may also be obtained from: Data Protection Officer, WR Partners Belmont House, Shrewsbury Business Park, Shrewsbury, Shropshire, SY2 6LG or T: 01743 273273.
Complaints
We seek to resolve directly all questions or complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
T : 0303 123 1113 (local rate) or 01625 545 745
Website - https://ico.org.uk/make-a-complaint/