This page is intended for Mouktaris & Co clients.
Data Protection Act
To enable us to discharge the services agreed in this engagement letter, comply with related legal and regulatory obligations, and for other related purposes including updating and enhancing client records and analysis for management purposes, we may obtain, use, process and disclose personal data about your affairs and the affairs of your business. Save for in the circumstances described in clause 7.3 we will process your data as a data controller. We process your data in full compliance with the provisions of all relevant data protection legislation and regulation.
You are also an independent controller responsible for complying with data protection legislation and regulation in respect of the personal data you process and, accordingly where you disclose personal data to us you confirm that such disclosure is fair and lawful and otherwise does not contravene relevant requirements. Nothing within this engagement letter relieves you as a data controller of your own direct responsibilities and liabilities under data protection legislation and regulation. You accept that you will be fully responsible for the consequences that flow from any transfer of data from you to us which is unlawful, as well as for the consequences of your use and disclosure of any data which we may send to you.
We perform certain services, such as operating outsourced payroll services, as a data processor. We therefore confirm that we will at all times take appropriate measures to comply with relevant data protection requirements when processing personal data on your behalf in this way. In particular we confirm that:
- we will process the relevant personal data only to the extent necessary to perform our obligations pursuant to this engagement letter and/or in accordance with your lawful instructions from time to time;
- we will take steps to ensure that our employees who process your data are informed of their obligations in relation to personal data, and that they will process such information in confidence and in accordance with all relevant data protection regulations;
- we take technical and organisational measures to keep personal data secure against unauthorised or unlawful processing and against accidental loss, destruction or damage;
- we will only transfer your personal data outside of the EEA to the extent that it is necessary for the performance of our obligations under this engagement letter or as you may instruct us from time to time;
- we will assist you in responding to any requests made by any relevant data subjects which concern the exercise of their rights under data protection regulations; and
- we will promptly report any actual or suspected data breaches concerning your personal data that may come to our attention.
In the event that you have any concerns or questions about the way that we process personal data, in our capacity as a data controller or a data processor, we are happy to answer them. Please use the contact details provided in the engagement letter to contact us, and we will respond as clearly and comprehensively as we can.
If you engage us as a private client (i.e. as a data subject – rather than instructing us through a company or charity) you have various rights to oblige us to handle your data in particular ways. These include your rights to make a subject access request, to have us erase certain items of data, and to oblige us to stop processing your data on the basis of our legitimate interests. Full details of these rights can be found in our online privacy policy, or you can contact us directly to exercise them or to ask us to explain those rights to you in greater detail.
You may use or refer to our online privacy policy available at mouktaris.co.uk. The privacy policy sets out the types of personal data we collect and how we may use that information. We hold personal data about our clients, suppliers, employees and other individuals for a variety of business purposes.