A.C.T.-Audit-Logo-Small-1-removebg-preview
Contact

Privacy Statement

Privacy Statement

The General Data Protection Regulation (GDPR), formally known as Regulation (EU) 2016/679 of the European Parliament and Council, replaced the previous EU Data Protection Directive 95/46/EC. GDPR is designed to harmonise privacy laws across EU member states and to foster trust in the digital economy. The regulation introduces enhanced rights for individuals, giving them greater control and protection over their personal data.

Under GDPR, organisations that collect or process personal data must provide clear evidence of compliance, if requested by clients, regulators, or other stakeholders. This requirement ensures accountability and transparency in data handling practices and supports individuals’ rights to know how their data is being used and protected.

The GDPR has been in effect across the EU since 25 May 2018. Although the UK exited the EU in 2020, GDPR principles continue to apply in the UK under the UK GDPR, which mirrors the EU’s standards and is complemented by the Data Protection Act 2018. Together, these form the basis of data protection law in the UK. Additionally, any data exchanges between the UK and EU must meet GDPR adequacy requirements to ensure consistency in data protection across both jurisdictions.

1. WHO IS RESPONSIBLE FOR DATA PROCESSING?

The data controller responsible for data processing is:
A.C.T Audit Limited
27 Hill Street, Mayfair, London W1J 5LP, UK
Tel. +44 (0)207 4326 050
Fax +44 (0)207 4326 051
E-mail: GDPR@act.audit

2. WHAT IS THE PURPOSE OF PROCESSING AND ON WHAT LEGAL BASIS?

A.C.T Audit Limited processes personal data in line with the requirements of both the EU General Data Protection Regulation (GDPR) and the UK GDPR as follows:

For the fulfillment of contractual obligations (Art. 6(1)(b) GDPR): Personal data is processed to provide accountancy, audit, payroll, and tax advisory services, or to perform pre-contractual measures. Further details about specific purposes for data processing are outlined in relevant contractual documents and terms and conditions.

For legitimate interests (Art. 6(1)(f) GDPR): Processing may occur to serve our legitimate interests or those of third parties, such as enforcing or defending legal claims.

With your consent (Art. 6(1)(a) GDPR): Where you have granted us specific consent to process your data (e.g., for marketing), you have the right to withdraw this consent at any time. Note that withdrawal does not affect the legality of data processed prior to withdrawal.

Compliance with legal obligations (Art. 6(1)(c) GDPR): We are subject to numerous regulatory and legal requirements (e.g., Anti-Money Laundering regulations, Financial Conduct Authority (FCA) standards, HMRC, and National Crime Agency (NCA) guidelines). Data processing for these purposes includes identity and age verification, fraud and money laundering prevention, and fulfilling control and reporting obligations.

3. WHAT SOURCES AND DATA DO WE USE?

We process personal data obtained from clients during our business relationship and may also process personal data from publicly available sources (e.g., commercial registers, press, internet) or from third parties, in compliance with GDPR. Data categories include personal details (e.g., name, address, birthdate, nationality), identification (e.g., ID card information), authentication data (e.g., signature samples), as well as data related to contracts, payment transactions, financial details, and other relevant information.

4. WHO RECEIVES MY DATA?

Within A.C.T Audit Limited, departments that need your data to fulfill our contractual and legal obligations have access to it. Data may also be shared externally if legally required, consented to, or contractually authorized.

Recipients of personal data may include:

Advisors and service providers: To fulfill our services, personal data may be shared with relevant third parties, such as advisors, banks, or contracted agents, under strict confidentiality agreements.
Public authorities: Data may be disclosed to law enforcement or regulatory bodies where legally required.

5. WILL DATA BE TRANSFERRED TO A THIRD COUNTRY?

Data transfers outside the European Economic Area (EEA) occur only if:

It is necessary for contract fulfillment,
It is required by law (e.g., for tax reporting), or
You have provided explicit consent.

6. AM I OBLIGED TO PROVIDE DATA?

In the context of our business relationship, you must provide all personal data required to initiate and carry out services. This is also necessary for us to meet legal obligations, such as Anti-Money Laundering requirements, which mandate identity verification. Without this data, we cannot engage in or maintain a business relationship with you.

7. FOR HOW LONG WILL MY DATA BE STORED?

We process and retain personal data only for as long as necessary to fulfill contractual or statutory obligations. When data is no longer needed, it is deleted unless required for limited further processing (e.g., to fulfill record-keeping obligations under commercial and tax law).

8. WHAT DATA PRIVACY RIGHTS DO I HAVE?

Under the GDPR, you have the right to:

Access (Art. 15 GDPR),
Rectification (Art. 16 GDPR),
Erasure (Art. 17 GDPR),
Restriction of processing (Art. 18 GDPR),
Objection (Art. 21 GDPR), and,
Data portability (Art. 20 GDPR, where applicable).
Additionally, you have the right to file a complaint with a data protection authority (Art. 77 GDPR). You may also withdraw any consent you previously granted for data processing; this applies only going forward and does not affect prior data processing.

9. TO WHAT EXTENT IS THERE AUTOMATED DECISION-MAKING?

A.C.T Audit Limited does not use automated decision-making (Art. 22 GDPR) in the formation or execution of business relationships.

10. WILL PROFILING TAKE PLACE?

No profiling occurs in our data processing activities.