OKC Chartered Accountants endeavours to comply with the General Data Protection Regulation, Data Protection Act 2018 and data protection best practices.
We process personal information provided to us by individuals, whether it be provided through our website (www.okc.ie), by any form, correspondence, telephone, email or by any other means, or otherwise processed by us in relation to you, in the manner set out in this policy.
Information collected by us
The information about you that we may collect, use and store (process) includes:
Information necessary in order to facilitate, process, invoice or collect monies related to any agreed business transaction with OKC Chartered Accountants (of which such data may include name, address, contact details, billing details, etc.).
Information you provide to us by filling out any forms on the website or by way of emailing us or by any other form of written communication.
Records of correspondences whether by email, telephone, through any form on our website or by any other means,
Information you provide to us in person,
Details of any business, commercial or trade transactions you carry out with us, whether through email, this website, telephone, or by any other means.
Information provided by an employer who engages with OKC Chartered Accountants for the provision of payroll services and or employee services provided by OKC Chartered Accountants as defined in any contractual relationship in place, including an appropriate data processing agreement to protect the rights of data subjects.
Information provided by a company and or employer who engages with OKC Chartered Accountants for the purposes of auditing and or complying with any legal obligation, as defined in any contractual relationship in place, to include an appropriate data processing agreement to protect the rights of data subjects. For example, the Companies Act 2014 requires director’s personal data to be sent to the Companies Registration Office as part of filing company papers, OKC Chartered Accountants can do this on behalf of the company when requested.
Typically, the categories of personal data processed by us include a data subject’s:
Email address (where applicable)
Phone number (where applicable)
Employer’s details (where applicable)
Employee’s details (where applicable)
VAT number (where applicable)
PPS number (where applicable)
Revenue/PAYE credits (where applicable)
Financial information (such as accounts, VAT returns, etc. where applicable).
On a case-by-case basis we may need to processes further categories of personal data to provide a specific service (e.g. to provide payroll services we need to process employees’ data provided by an employer). In such an event, we only process the minimum amount of personal data necessary to provide such services and or comply with any contractual obligation on our part.
On a case-by-case basis we may need to process special categories of personal data in order to provide reasonable accommodation under the Equity Status Act or Employment Equity Acts. In such an event, it processing would only be limited to what is necessary to comply with equality legislation.
Our lawful basis for processing
We rely on the following as a lawful basis of processing personal data:
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Processing is necessary for compliance with a legal obligation to which the controller is subject to which includes, anti-money laundering requirements, reporting accounts to the Companies Registration Office, reporting tax returns and PAYE to the Revenue Commissioners, reporting fraud to the Gardai and or Revenue Commissioners, etc.
Processing is necessary in order to protect the vital interests of the data subject or of another natural person with particular regard to the reporting of any criminal activity to the Gardai and or Revenue Commissioners.
Processing is necessary for the purposes of the legitimate interests pursued by the controller of which includes:
to detect, prevent, investigate and or report any act or omission that may affect the health, safety and wellbeing of any individual.
a. to detect, prevent, investigate and or report any criminal act or omission that may affect any individual.
b. to detect, prevent, investigate and or act upon any act by a third party or data subject that may impact upon the sustainability, integrity c. and or profitability of OKC Business Services.
d. to enter into any acquisition, takeover or merger by OKC Business Services to any applicable third party.
How we use your personal information
In addition to the lawful grounds of processing above, we may use your personal information for the purposes of:
Processing any enquiry requested by you;
Entering into and or completing any sales commercial or business-related requests or transactions requested by you;
Complying with any contractual obligations relating to any accountancy and or payroll agreement that you may enter into;
Setting up, operating and managing any account or line of credit, if applicable;
Setting up, operating and managing any marketing and or advertising services subject to your explicit consent (please see Marketing & Advertising below);
Complying with our legal duties and responsibilities;
Debt collection and the collection of outstanding monies;
Monitoring any billing or credit transactions for the purpose of preventing fraud;
Provision of security to, and ensuring the health and safety of employees, customers and visitors to our premises.
The provision of a payroll service to an employer where the data originated from the employer and OKC Chartered Accountants acts as a data processor on behalf of the employer data controller.
The provision of employment and or auditing and or compliance services to third party firms in cases where the personal data originated from the third party and OKC Chartered Accountants acts as a data processor on behalf of this third party.
All data processed will be held as confidential, secure, will be used only for the purposes for which it was collected and will be destroyed or deleted once is it no longer necessary in accordance with our data retention policy. Our standard data retention period is seven years.
OKC Chartered Accountants does not engage in any automated decision-making processes nor do we use any personal data as a basis for any such automated decisions.
OKC Chartered Accountants does not transfer personal data outside the jurisdiction of, or application of, the General Data Protection Regulation. However, OKC Chartered Accountants may outsource some commercial activities and or and or engage with some third-party service providers based within the EU that may share data within other EU member states (e.g. back up, storage facilities, etc.) and such third-party suppliers are subject to the One Stop Shop Mechanism as identified by the Irish Data Protection Commission.
We may also outsource some commercial actives to third parties that are based outside the EU but GDPR still applies to any data processed as a result, in accordance with GDPR and practice directives issued by the Irish Data Protection Commission.
For more information about the One Stop Shop Mechanism, Privacy Shield Framework or Standard Contractual Clauses applicable to data being processed outside of Ireland and or the EU, please visit the Data Protection Commission website at www.dataprotection.ie.
Data Processing Agreements
A Data processing agreement, which ensures compliance with the Data Protection Act 2018 and GDPR, between a data controller and data processer, is incorporated into our standard terms of business for all clients.
For the avoidance of doubt, we have an applicable data processing agreement / terms of service for when we act as a data controller and, separately, for when we act as a data processor on behalf of a data controller in the provision of services (e.g. where we provide payroll services to a business).
Where we act as data processor for a data controller
At times we may act as a data processor for a data controller, mainly in the provision of payroll services and, as such, we may process personal data that originated from the data controller. As such we are relying on the veracity and lawful processing identified by the data controller.
This policy and our data protection practices also applies for when we act as a data processor. Notwithstanding our obligations under GDPR and the Data Protection Act 2018, nor any data protection agreement or terms of service, it is up to the data controller to ensure ongoing compliance and inform us of any updates or changes to personal data.
Marketing & Advertising
OKC Chartered Accountants provides accountancy services, payroll services and services to assist firms in compliance and regulatory matters, including auditing, review and assessment of a firm’s financial data and financial sustainability.
As part our marketing and advertising practices, we may use promotional emails, text messages and or phone calls to people who have consented to being contacted for marketing and advertising purposes.
In terms of data processing, subject to your explicit consent, we may use your personal information for the purpose of:
Marketing and Sales promotions;
Providing you with information about promotional offers on our products and services;
Carrying out any service user, membership or customer research, survey and analysis;
Commercial activities, including brand or event awareness, participation and product or service launches;
At times, OKC Chartered Accountants may host or organise events in which data subjects may interact with us face-to-face, e.g. at trade shows, talks, presentations, etc. In such cases, we may verbally ask if you consent to your data being processed for marking and advertising purposes subject to this policy. We may also announce that photographs may be taken for social medical purposes but please refer to the social media section below.
OKC Chartered Accountants may use Mailchimp for our email marketing who are GDPR compliant by way of an EU-US Privacy Shield. Please note that if you do not consent to your email being used for marketing purposes then we do not contact you by email for marketing or advertising purposes and the privacy shield stated here is not applicable. For more information on Privacy Shield please see the Data Protection Commission’s website www.dataprotection.ie and Mailchimp at https://mailchimp.com/help/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr/
OKC Chartered Accountants is committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing processes; you will only ever have the option of ‘opting in’ if you’d like to be included. We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed. You are free to withdraw consent for any marketing matters at any time you want.
OKC Chartered Accountants engages in a number of social media services and we strive to uphold privacy rights online. However, sometimes members of the public may post something objectionable and beyond our control to our social media pages/forums. In such cases, we will act to rectify any difficulties as soon as we are notified or become aware of the problem. We do not provide a continuous monitoring of social media sites/forums so there may be a slight delay from the initial post to when become aware of a problem.
OKC Chartered Accountants may hold marketing events in which customers, visitors or employees may be present. Sometimes we may wish to take a photograph at such events to promote our brand or event on social media. In such cases, it is our policy for our photographer/social media handler to announce their presence and provide additional instructions and assistance. However, we do not have any control over private individuals or their personal social media accounts, as such we cannot stop or prevent private individuals from posting materials to their own personal social media accounts that others may find objectionable.
Use of Webcams / Zoom
We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks to include two-step authentication, and, where applicable, any physical data records will be kept in an appropriately secure environment.
We have a general data retention policy that relates to the retention of relevant data for seven years. Personal data that is no longer required will be destroyed and or deleted in secure manner.
We do not record or process personal data that is not required or not necessary for any of our stated purposes.
Disclosure of data
We may outsource certain commercial functions to external third parties, e.g. debt collection, accounting auditors, etc. and in such cases where personal data is required for the purposes of completing those functions then an appropriate data processing agreement, with relevant safeguards, will be in place to ensure our ongoing obligations under the Data Protection Act 2018 are upheld.
We may also have to disclose certain personal data in accordance with any legal obligation imposed on us. Any such disclosure would be in accordance with the law, e.g. disclosed on foot of a court order, Child First Act, etc.
Requesting your data
Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.
If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:
OKC Chartered Accountants
29A Dartry Road
Or email email@example.com.
In order to process your request, we may request that you send us a copy of your identification (passport, driver’s licence, etc.). The reason we ask for personal identification is to ensure that you are the correct person making the request for your personal data.
Unfortunately, verbal access requests cannot be entertained.
In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you notify us first of any issue so that we may help resolve it as quickly as possible.
You have the right to rectify any incorrect or inaccurate personal data at no cost to you.
If you believe that we are incorrectly processing any of your personal data, please inform us by writing to the above address or email firstname.lastname@example.org.
Queries or complaints
Individuals have the right to refer any matter to the Data Protection Commission by contacting them at www.dataprotection.ie or by writing to:
Data Protection Commission
Office of the Data Protection Commission
21 Fitzwilliam Square South
If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.