Need help fast? Click here for our contact details.Get in touch
This policy applies to Croucher Needham and CNM Advisory, trading styles of Croucher Needham (Essex) LLP and Croucher Needham Limited respectively.
Croucher Needham (Essex) LLP and Croucher Needham Limited are registered to carry out audit work in the UK and Ireland by The Association of Chartered Certified Accountants.
Croucher Needham (Essex) LLP is registered in England and Wales No.OC350217 and Croucher Needham Ltd is registered in England and Wales No. 06019395. Their registered office is Market House, 10 Market Walk, Saffron Walden, Essex, CB10 1JZ.
What is personal data?
Personal data relates to any data for any living individual who can be identifiable from that data which includes (but is not limited to):
What is sensitive personal data?
Sensitive personal data includes genetic data and biometric data. Genetic data is defined as personal data relating to inherited or acquired genetic characteristics. Biometric data is defined as personal data resulting from specific technical processing, e.g. facial images.
What is a data controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
Where applicable the data controller is Croucher Needham (Essex) LLP.
The data protection officer is Paul Tucker, a Partner of Croucher Needham (Essex) LLP, who can be contacted at
the registered address, by email at email@example.com or by calling 01799 521301.
What is a data processor?
A “data processor” is a person or organisation which processes personal data for the data controller. Croucher Needham (Essex) LLP acts as a data processor in some of the services it provides.
What is data processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What is a business client?
A business client is an incorporated entity e.g.: Plc, Limited Company, LLP partnership, charity, trust, foundation, local authority or government institution).
What is a consumer client?
A consumer client is an individual tax client, sole trader or unincorporated partnership, trust or foundation.
What information do we collect about you and how?
Croucher Needham (Essex) LLP, as a data controller, is bound by the requirements of the General Data Protection Regulations (GDPR).
As a client you agree that we are entitled to obtain, use and process the information you provide to us to enable us to provide the services as defined in our Engagement Letter and for other related purposes including:
We also collect information when an individual completes any form on our website (www.cnmadviosry.com) or mobile application (“MyAccountants”).
When individuals submit forms on our website or mobile application [App] we use a third-party software provider for automated data collection and processing purposes and a further third-party software provider for retention of that data. These third parties will not use data collected for any purposes and will only hold the data in line with our policy on data retention.
Website usage information is also collected using cookies (a packet of data sent by an Internet server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server). Please note that you can block or restrict cookies set by any website through the browser settings on each browser you use, and on each device you use to access the Internet.
We use Google Analytics to analyses these cookies and give us an insight into how users find and use our website and App. These cookies do not store any personal information about you. Likewise we do not track any personal data from social media accounts that link through to our website.
An IP address, or Internet Protocol address, is a unique numerical address assigned to a computer as it logs on to the Internet. Croucher Needham (Essex) LLP does not have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.
Provision of services
At Croucher Needham (Essex) LLP we take your privacy seriously and will only use your personal information as a client to provide the services you have requested from us, as detailed in your Engagement Letter and the supporting Terms & Conditions, and as we have identified above. We will only use this information subject to your instructions, data protection law and our duty of confidentiality, except where we have any other legal and regulatory responsibilities.
For business clients and contacts our lawful basis for processing personal information will be “legitimate interests”. Under “legitimate interests” the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
For consumer clients and contacts our lawful reason for processing your personal information will be “contract” since we have a contract to supply goods or services that you have requested. This also includes steps taken at your request before entering into a contract.
We may receive personal data from you for the purposes of our money laundering checks, such as a copy of your passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may from time to time use your personal information to contact you to make you aware of other services we can offer and provide relevant topical industry information surrounding tax and accounting. We will only do this where we have sought consent to do so and you will have the right to withdraw consent at any time.
Where we collect information through our website and you consent for us to do so we will use your personal information in the same way.
We will not share your information with any other third parties for their marketing purposes.
We may export personal data you supply to us outside the EU/EEA/UK for the purposes of storage and data processing. We will ensure all such data export is compliant with relevant data protection legislation. You consent to such data export.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
All personal data held by us is stored on secure servers, accessed by employees and authorised subcontractors through secure passwords. Within our servers, our software is password protected so personal data is only available to those that require it.
The length of time that we will hold your data is as follows:
Accessing your personal data
You have a right of access to the personal data, under a subject access request, held by us.
If you would like a copy of your personal information, please email firstname.lastname@example.org or write to us at the following address:
Mr Paul Tucker
Croucher Needham (Essex) LLP Market House
10 Market Walk
We will respond to your request within one month of receipt of the request.
You have the right to have your personal data deleted, subject to any requirement by us to retain it for legal and regulatory reasons. Should you wish for us to completely delete all information that we hold about you please notify us in writing using the contact details above.
If you are dissatisfied with this policy, have queries about our data protection procedures or wish to lodge a complaint, please contact the company in the first instance using the contact details above. Thereafter you have the right to submit a complaint to the Supervisory Authority, the Information Commissioner’s Office (ICO) at:
The Information Commissioner’s Office Wycliffe House
Cheshire SK9 5AF