Our Personal Data Policy

Collection of personal data

We aim to only collect personal data from our clients or from a third party that is required for the agreed purpose of our client engagement; you can help with this by only sharing personal data with us that is strictly needed.

To fully understand your circumstances we may need information about other people that you know, such as family members, we ask our clients to provide the necessary information about privacy to these people regarding its use or forward the link to this website.

We perform a large variety of different services for personal clients and therefore process many categories of personal data, this is likely to include:

  • Contact details;
  • Business activities;
  • Family information;
  • Income, taxation and other financial-related details; and
  • Investments and other financial interests.

For certain services or activities, and only when required by law or with an individual's consent, we may also collect special categories of personal data.   Examples of special categories include race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records. This may also include details of children under the age of 16.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services
    Many of our services require us to process personal data in order to provide advice and deliverables.  For example, we often need to use personal data to provide tax consultancy or pensions advice etc.
  • Administering, managing and developing our businesses and services
    In order to run our business, we need to use personal data:
    • For managing our relationships with our clients
    • For business development to identify services that might be useful to our clients or improving our service offerings.
    • To perform benchmarking or other analysis to provide insights to our clients, any data used in this manner will be de-personalised so individuals or companies cannot be identified 
    • For hosting or facilitating the hosting of events
    • To administer and manage our website, IT systems and applications
  • Security

We are continuously detecting, investigating and resolving security threats to protect our and our clients’ information and some of these processes will include personal data, for example scanning emails to prevent phishing attacks.

  • Quality and Governance

As part of our engagement process we collect and hold personal data. During the engagement process we perform non-invasive checks with third parties to confirm that we are legally able to act for the individual(s) or business(s). This process may also involve the use of credit checking agencies. We will also contact your previous accountants to confirm that we are acting for you and to obtain relevant information from them which may contain personal data. In the unfortunate case that you choose to leave AW we will provide this information to your next accountants if required.

Whilst you remain a client of AW, we will monitor the quality of services we provide to you; this may involve processing personal data that is stored on your file.

  • Providing our clients with information about us and our range of services 
    Unless you tell us not to, we use client business contact details to provide information that we think will be of interest about us and our services.  For example, industry updates and insights, other services that may be relevant and invites to events. You can opt out of these communications by clicking on the unsubscribe link on the email or by notifying your partner or relationship manager  
  • Complying with any requirement of law, regulation or a professional body of which we are a member
    The AW group is subject to a number of legal, regulatory and professional obligations that vary across the group. In order to demonstrate our services are compliant with these standards we need to keep certain records which may include personal data. In addition we are subject to inspections from these bodies which may include personal data.

Data retention

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).   

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is ten years.