How the law protects you
The law states we must have one or more of these reasons for using your data:
To fulfil a contract we have with you to provide our services
Where it is our legal duty
When it is in our legitimate interest
When you consent to the use of the data
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Under the GDPR your rights are:
To be informed – we must make available this privacy notice with the emphasis on transparency over how we process your data
Access – you are entitled to find out what details we may hold about you and why
Rectification – we are obliged to correct or update your details
Erasure of information we hold – also known as the right to be forgotten
Restrict processing – you have the right to ‘block’ or suppress the processing by us of your personal data
Data portability – you have the right to obtain and reuse your personal data that you have provided to us
Object – you have the right to object to us processing your data in relation to direct marketing and or profiling
Use of personal information
At Buchler Phillips, we may process information held by our clients (‘Clients’) which relate to an identified or identifiable natural person (a Data Subject) when carrying out our work as specialist insolvency practitioners.
The nature of our work and the services offered to our Clients include the review of data held by them while administering corporate and personal insolvency appointments, whether prior to or during their appointment. Our legitimate interest in being given access to personal data which may be contained in our Client’s working files, arises from review work conducted by us, to assist our Clients to comply with the regulatory obligations imposed by their licensing bodies.
Whilst Buchler Phillips is a data controller in its own right, we will act only as a processer on behalf of our Clients in respect of any access that may be provided to personal data about Data Subjects contained in case files controlled by our Clients. In doing so, we will comply with data legislation in processing any such data and the exercise and performance of our obligations when carrying out such work.
We undertake that any personal data we are granted access to by a Client will be treated confidentially, kept secure and processed only for matters relating to the insolvency review work being dealt with for that Client. Should it arise, Buchler Phillips will refer any Subject Access Requests it receives to the Client concerned without undue delay.
It is the nature of our work and services that we may take Joint Appointments or contract in services from other specialist insolvency practitioners. In those circumstances and for the purposes of this Privacy Notice , the term ‘Buchler Phillips’ incorporates such Joint Appointees and specialist services providers who will be subject to our policies with regard to our Clients.
The data we may process
The personal data that may be processed by Buchler Phillips will in most cases be basic details, which may identify an individual and will typically be sufficient to allow us to carry out our review work, but may often include information about employees, directors, consumer debtors and creditors on insolvency cases.
We recognise that insolvency practitioners may be appointed over entities that process personal data that is considered more sensitive, for example medical and financial records. Whilst we may have access to such data when reviewing files, it is not our practice to retain or process such data and if this is provided in electronic format during a review, we will take appropriate steps to safeguard any sensitive data and to destroy it at the end of the review. In short, data of this nature will not be retained by us.
Although it is unlikely that Buchler Phillips will hold personal information from our client review work, we confirm that we will only share information which may contain personal data with our Client’s express written permission, unless we are under a legal duty to disclose this to another third party, for example, to lawfully assist the police or other law enforcement agencies, with the prevention and detection of crime, where disclosure is necessary to protect the safety or security of any persons and/or otherwise as permitted by law or in the circumstances already mentioned where we have a joint appointment or have contracted in specialist insolvency services and we will share with that Joint Appointee or contracted in service provider who will be obliged under our privacy policies . We also embrace the use of social media and may wish to process any comments made public by you.
We also use third party service providers to help us provide services to you. These would include:
cloud accounting and payroll providers including IPS (Insolvency Practitioner Software)
Xero, and associated payroll processing services
email and secure document exchange
Mailchimp and mailing houses
Off-site storage services.
All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.
As part of the services offered to you, we may send your data outside of the European Economic Area (EEA). Where this is the case, we will take reasonable steps to ensure that your data is protected in the same way as if it was being used in the EEA.
Under GDPR you have the right to erasure under specific circumstances. A request for your personal data to be deleted will be decided on a case by case basis and must be submitted in writing to the contact details provided in this policy.
We will correct or update your data at the earliest opportunity provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.
The security and confidentiality of client data and information made available to us during our compliance work matters to us. For this reason, we will ensure appropriate safeguards are in place to protect the data we may hold from time to time.
In the unlikely event of a Data Breach involving client data which may lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any client data, Buchler Phillips will promptly notify the Client concerned and provide the Client with details of the Data Breach.
How long will we hold data?
Buchler Phillips will, at its Client’s written request, delete (or return as appropriate) any relevant data within a reasonable period of time after the end of either the performance of the relevant services to that Client, or once the processing of any client data is no longer required for the purpose of our agreement for services with the Client in question.
What are your rights?
You have the right to request access to, or to rectify or erase, any personal data which may be held by Buchler Phillips as part of our agreement for services with you. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you. Insofar as we hold personal data relating to a Client rather than relating to work the Client undertakes (such as names and email addresses of staff), this is held in order that we may provide regulatory support as part of our service offering, such as newsletters, technical updates, etc. Personal data of this nature in support of Buchler Phillips’s service offering, will be held so long as we consider a client relationship exists between us.
Individuals have the right to request that incorrect or incomplete data is corrected and in certain circumstances, they may request that we erase any personal data we hold.
Should you have any complaints about how we handle personal data, please contact at firstname.lastname@example.org so that we may address the issue. You also have the right to lodge a complaint about the use any of personal data held by Buchler Phillips with the Information Commissioners Office (ICO), the UK data protection regulator.
How can we help you?
We offer initial free confidential advice without obligation.