1       Introduction

We are committed to respecting the privacy and confidentiality of personal data and complying with data protection legislation. When we process personal data in the United Kingdom we do so in compliance with the Data Protection Act 2018 and the UK GDPR. When we process personal data in the European Economic Area we do so in compliance with the EU GDPR. Any reference in this policy solely to “GDPR” should be construed as either the UK GDPR as applies in the United Kingdom or the EU GDPR as applies in the European Economic Area.

This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may process personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.

2       About us

Each company in the Azets group of companies is a separate legal entity and a separate controller of personal data. Some of these companies trade under a trading name that does not include the word “Azets” in the company title, for example, Blick Rothenberg or Cogidocs. A full list of our legal entities to which this policy applies is show in Appendix A at the end of this policy.

“Azets” (and “we”, “us”, or “our”) refers to Azets Opco Limited, registered in Jersey under registration number FC033952, with registered address at 22 Grenville Street, St Helier, Jersey, JE4 8PX, with United Kingdom establishment registration number BR019040, 16 Great Queen Street, Covent Garden, London, WC2B 5AH and such Azets companies in Europe and their subsidiaries that:

  • are a contracting party for the purposes of providing or receiving services, or
  • posted a position for which you are applying, or
  • you have a role or relationship with.

3       How to contact us - Data Protection Officer, EU representative and UK Representative

If you wish to discuss any data protection matter please contact our Data Protection Officer as described below.

Data Protection Officer for all Azets companies

The Data Protection Officer

Azets Opco Limited

Regis House

2nd floor

45 King William Street

London EC4R 9AN

United Kingdom

Tel +44 (0) 20 7403 1877

Email

DPO@azets.co.uk (in the United Kingdom)

privacy@azets.com (in the European Economic Area)

 

If you are based in the European Economic Area but serviced by one of our UK entities and wish to discuss our compliance with the EU GDPR please contact our EU representative as described below (all of our UK entities have appointed the following as their EU Representative in writing as required by EU GDPR Article 27).

EU Representative for Azets companies in the United Kingdom

The EU Representative

Azets AS

Postboks 342 Sentrum

0101 Oslo

Norway

Tel +47 40 10 40 18

Email privacy@azets.com

 

If you are based in the United Kingdom but serviced by one of our EEA entities and wish to discuss our compliance with the UK GDPR please contact our UK representative as described below (all of our EEA entities have appointed the following as their UK Representative in writing as required by UK GDPR Article 27).

UK Representative for Azets companies in the European Economic Area

The UK Representative

Azets Holdings Limited

Regis House

2nd floor

45 King William Street

London EC4R 9AN

United Kingdom

Tel +44 (0) 20 7403 1877

Email DPO@azets.co.uk

4       Our Role

Our role as a controller or a processor depends upon the nature of our engagement with you. If you are a customer this will be defined in your letter of engagement and associated schedules and Terms of Business which form our contract with you. But generally:

  • Where we decide the purpose and means of processing, we are a controller.
  • Where we jointly decide the purpose and means of processing with you, we are a joint controller.
  • Where we process personal data according to your explicit written instructions, in a contract that satisfies Article 28 of the GDPR, we are a processor.

5       How we obtain personal data

Personal data is any information relating to an identified or identifiable living person. We only collect such personal data that is necessary for us to perform our services and we ask customers only to share such personal data as required for that purpose. Where we identify that a customer has provided us with unnecessary personal data, we either return that information to its source or destroy it, considering the customer’s preference wherever possible.

5.1             personal data that you provide to us by:

  • Filling in forms on our websites azets.co.uk, www.blickrothenberg.com, www.azets.com, www.dontfretaboutdebt.net, www.idur.se, www.cogidocs.com, www.cogidocs.co.uk, www.azets.no, www.azets.se, www.azets.dk, www.azets.fi, www.azets.ro or www.rantamaki.com (including the subdomains of these websites);
  • Corresponding with us by telephone;
  • Corresponding with us by email;
  • Corresponding with us by letter;
  • Communicating with us by our secure portal “CoZone”;
  • Using the Live Chat facility;
  • Personal messaging services such as WhatsApp®, Facebook Messenger® and SMS (although we do not recommend using such services);
  • If you visit our offices, you may record your details in a visitors’ book, Covid register or electronic equivalent or we may do that for you;
  • If you visit our offices, you may be recorded by CCTV systems owned by us or our landlord which are deployed for the prevention and detection of crime and to provide a safe working environment for employees and visitors.

5.2             personal data that we collect from publicly available sources

  • From credit reference agencies and other company information providers;
  • From national business administration authorities, such as Companies House in the UK;
  • From social media such as LinkedIn®;
  • From our own research activities such as reviewing websites.

5.3             personal data that we receive from referrals

  • We may receive unsolicited personal data in the form of a business-to-business referrals. We will seek consent before processing such personal data any further;
  • We may receive personal data submitted as a referral from one of our own employees. We will seek consent before processing such personal data any further.

6       The personal data that we process about you

If you are a prospective customer, we process the following:

  • First name;
  • Last name;
  • Job title;
  • Company name;
  • Web site address;
  • Email address;
  • Telephone number;
  • Banking details (if relevant to the service)
  • Tax filing details (if relevant to the service)
  • Any further personal data that you choose to provide in your initial enquiry;
  • Any further personal data that you choose to provide during subsequent discussions whether by phone, email or letter.

If you are a personal or sole trader customer, we may process the following:

  • Your name, home address and date of birth;
  • Name, home address and date of birth of any family members, advocates or other beneficiaries and connected parties;
  • Employment status;
  • Financial details such as salary, other income and investments, tax status and debt level.

If you are a business customer, we also process the following:

  • Company name and registration number;
  • Business type and industry sector;
  • Name, business address, job title, email address and telephone number(s) of all employees who may engage directly with us;
  • For officers of the company, beneficial owners and persons of significant control:
  • Contact details (name, home address);
  • Date of birth;
  • PEP (Politically Exposed Persons) status;
  • SIP (Special Interest Person) status.

If we are providing payroll services or tax return services for your employees, we will process the following personal data concerning your employees:

  • Contact details (name and address);
  • Unique identification number such as National Insurance (NI) number, unique Taxpayer Reference (UTR) or social security number;
  • Salary, tax and deduction information.

If you are a supplier, we process the following:

  • Company name and registration number;
  • Business type and industry sector;
  • Company address(es);
  • Company telephone number(s);
  • Name, address, job title, email address and telephone number(s) of all employees who may engage directly with us.

If you contact us concerning employment whether by letter, email, LinkedInTM or via our careers pages you may provide:

  • Your Curriculum Vitae (CV) containing personal data;
  • Further personal data in a covering letter.

If a recruitment agency contacts us concerning employment whether by letter, email or via our careers pages they may provide:

  • Your Curriculum Vitae (CV) containing personal data;
  • Further personal data in a covering letter.

If you visit one of our websites, we collect information about your computer:

  • IP address (where available);
  • Geographic location (if you allow this when prompted by your browser);
  • Operating system;
  • Browser type;
  • To enable our systems to recognise your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy.

If you receive marketing emails from us and interact with them, we collect:

  • Time you received the email;
  • Time you opened the email;
  • Device you used to open the email;
  • Geographical location when you opened the email;
  • Which parts of the email you interacted with.

If you use social media accounts which are registered using the same email address you have provided to us elsewhere our systems enable us to link your social media accounts to your email address and so we process:

  • Links to any social media accounts that you use.

7       Special Category Personal Data

We do not normally collect special category personal data such as health, race or ethnic origin. However, for certain services or activities, and when required by law or with an individual’s consent this may be necessary. We always seek to minimise our processing of special category personal data.

8       Purpose for the processing and the legal basis for the processing

We provide a wide range of business services. Most of these services require us to process personal data to provide advice and deliverables. The legal basis for processing personal data for the purpose of providing services to our customers depends upon the context. We use one or more of the following legal bases for processing:

  • Processing necessary for the performance of a contract, or steps taken to enter into a contract with our customers;
  • To address our legitimate interests;
  • To satisfy a legal obligation.

 

8.1             Complying with any requirement of law, regulation or a professional body of which we are a member

As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We keep records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. This processing is necessary for us to comply with a legal obligation; for example, when conducting customer due diligence measures to comply with anti-money laundering regulations we carry out searches to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular customer, such as sanctions, criminal convictions (including in respect of company directors and beneficial owners), conduct or other reputational issues. Where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory obligations.

If you wish to become our customer (and periodically thereafter), we have a legal obligation to verify your identity. We do not need to obtain your consent to do this because it is a legal obligation imposed upon us. However, we are obliged to inform you that this will take place. We may achieve this by:

  • performing a search with a credit reference agency. This will leave a footprint on your credit file as evidence that the check has taken place. This footprint is not the same as a credit check footprint and has no impact at all on your credit rating. It just leaves a footprint that proves we have satisfied the legal obligation to verify your identity. Even when these identity checks are performed periodically their repetition has no impact on your credit rating; and/or
  • evaluation of traditional ID-check documents (passport, drivers’ licence etc) and the use of an electronic signature complying with the European Union Trusted Lists (EUTL).

8.2             Administering, managing and developing our businesses and services

We process personal data to run our business. This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services. Such processing includes:

  • managing our relationship with customers;
  • developing our businesses and services (such as identifying customer needs and improvements in service delivery);
  • maintaining and using IT systems;
  • hosting or facilitating the hosting of events; and
  • administering and managing our websites, systems and applications.

8.3             Recruitment

The legal basis for processing personal data for the purpose of recruitment is our legitimate interest to develop our business.

When an applicant becomes an employee, their personal data is processed subject to our Internal Privacy Policy.

Personal data collected from unsuccessful employment applicants is retained for 6-12 months (depending upon which part of our group you have applied to) after which it is securely destroyed.

8.4             Business Development and marketing

The initial legal basis for processing personal data for the purpose of business development is our legitimate interest to develop our business by undertaking sales and marketing activities.

When we first contact an individual or organisation, we will seek consent to process personal data before we proceed any further. We retain evidence of the consent which has been provided.

When sending electronic marketing messages to existing customers concerning similar products or services to those already purchased, we rely on the “soft opt-in” approved by the UK’s Information Commissioner and similar mechanisms in other European countries. Such mechanisms permit us to lawfully send marketing messages to existing customers provided that they contain an “opt out” mechanism.

The lawful basis for sending electronic marketing messages to named individuals is consent. We retain evidence of the consent which has been provided.

We retain personal data collected through our business development processes for as long as we believe our products and services may be of interest to prospective customers. Individuals and organisations can ask to be removed from our business development system at any time.

8.5             Procurement of services from suppliers

The legal basis for processing personal data for the purpose of procurement is our legitimate interest to maintain efficient and effective procurement processes.

9       Retention of Personal Data

The retention period for the personal data we process is always in accordance with legal, regulatory and contractual requirements.

10    Data Sharing

 

10.1          Data sharing - introduction

We only share personal data with other organisations when we have a lawful basis to do so. When we share data with other organisations, we put contractual arrangements and security mechanisms in place to protect personal data and to comply with our data protection, confidentiality and security standards.

10.1    Data sharing within the Azets group of companies

Personal data held by us may be transferred to, or disclosed to, other companies in the Azets group of companies (see Appendix A) and our ultimate parent company Hg Capital. We may share personal data with other Azets companies where necessary for administrative purposes and to provide professional services to our customers.

All companies in the Azets group of companies are bound by a Data Sharing Agreement which commits them to share personal data in a secure and lawful manner that respects the rights and freedoms of data subjects.

10.2          Data sharing with other controllers

Depending upon the nature of the service being provided to you we may lawfully share personal data with other organisations. This may change from time to time, so for the latest information please refer here.

10.3          Processors

We use specialist organisations to provide certain services, such as data hosting. These organisations (defined as processors in data protection legislation) are bound by a written contract which defines their tasks and responsibilities. Azets only employs processors that comply with data protection legislation and processors are subject to audit or certification review to ensure continuing compliance.

The processors used by Azets group companies may change from time to time, so for the latest information please refer here.

11    International Transfers

We are part of a global association of accountants and in common with other professional service providers, we sometimes use organisations located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our customers are located.

We will neither transfer nor process personal data outside the country in which a customer has contracted, nor will we permit personal data to be so transferred or processed by a third party, unless it is under one of the following conditions:

  • the territory into which the data are being transferred has an adequacy decision issued by the European Commission (under EU GDPR) or the Secretary of State (under UK GDPR);
  • the transfer is made under the unaltered terms of the standard contractual clauses issued by the European Commission (under EU GDPR) or the Secretary of State (under UK GDPR);
  • the transfer is made under the provision of binding corporate rules which have been approved and certified by the European Commission (under EU GDPR) or the Secretary of State (under UK GDPR);
  • the transfer is made in accordance with one of the exemptions set out in GDPR Article 49.

11.1          The demise of Privacy Shield and European Data Protection Board (EDPB) Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.

Some of our service providers (processors) are ultimately US-owned, but our contracts are with their UK or EU entities, subject to UK GDPR and EU GDPR legislation respectively. We have risk-assessed our continued usage of such US-owned service providers in compliance with the above-mentioned EDPB guidance. We continually keep under review the requirements which are imposed by applicable legislation.

12    Profiling and automated decision-making

We do not perform any profiling based on personal data that has a legal or significant effect upon data subjects.

We do not perform any automated decision-making involving personal data.

13    Information relevant solely to our UK Insolvency and restructuring practice

For information solely relating to our insolvency and restructuring practice in the UK Please click here.

14    Your Rights

You have the following rights concerning your personal data:

Right to be informed

This privacy policy is designed to satisfy your right to be informed about the processing of personal data, but if you have any further questions please contact the Data Protection Officer shown at the top of this notice.

Right of access

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data.

Right to rectification

You have the right to oblige us to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.

Right to erasure (right to be forgotten)

You have the right (under certain circumstances, but not all) to oblige us to erase personal data concerning you.

Right to restriction of processing

You have the right (under certain circumstances, but not all) to oblige us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

Right to data portability

You have the right (under certain circumstances, but not all) to oblige us to provide you with the personal data about you which you have provided in a structured, commonly used and machine-readable format.

You also have the right to oblige us to transmit those data to another controller.

Right to withdraw consent

If the lawful basis for processing is consent, you have the right to withdraw that consent.

Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.

Rights in relation to automated decision making and profiling

We do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.

 

15    Your right to lodge a complaint with a supervisory authority

If you would like to exercise any of your rights shown above, please contact the Data Protection Officer by post, telephone or by using one of the email addresses at the top of this notice.

If you are not satisfied with the response you receive, you have the right to lodge a complaint with the relevant supervisory authority for the territory in which you are contracted as shown in the table below.

Contracted in

Supervisory authority

United Kingdom

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

(t) +44 (0) 303 123 1113

(e) casework@ico.org.uk

Norway

Datatilsynet / The Norwegian Data Protection Authority

Postboks 458 Sentrum

0105 Oslo

Norway

(t) +47 22 39 69 00

(e) postkasse@datatilsynet.no

Romania

Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter personal / The National Supervisory Authority for personal data Processing

B-dul G-ral. Gheorghe Magheru 28-30

Sector 1, cod postal 010336 Bucuresti

Romania

(t) +40.318.059.211

(t) +40.318.059.212

(e) anspdcp@dataprotection.ro

(e) dpo@dataprotection.ro

Sweden

Datainspektionen / The Swedish Data Procetion Authority

Box 8114

10420 Stockholm

Sweden

(t) 08-657 61 00

(e) datainspektionen@datainspektionen.se

Finland

Tietosuojavaltuutetun Toimisto / Office of the Data Protection Ombudsman

P.O. Box 800

00531 Helsinki

Finland

(t) +358 (0)29 566 6700

(e) tietosuoja@om.fi

Estonia

Andmekaitse Inspektsioon / Republic of Estonia Data Protection Inspectorate

39 Tatari St.

010134 Tallinn

Estonia

(t) (+372) 627 4135

(e) info@aki.ee

Denmark

Datatilsynet / The Danish Data Protection Agency

Carl Jacobsens Vej 35

DK-2500 Valby

Denmark

(t) +45 33 19 32 00

(e) dt@datatilsynet.dk

 

Appendix A

Companies in the Azets Group of companies

Entity (controller) name

Reg No.

Registered in

Controller's Business Address

Azets Opco Limited

FC033952

Jersey

22 Grenville Street, St Helier, Jersey, JE4 8PX

Azets Opco Limited

BR019040

England & Wales

16 Great Queen Street, Covent Garden, London, WC2B 5AH

Blick Rothenberg Limited

10238654

England & Wales

16 Great Queen Street, Covent Garden, London, WC2B 5AH

Azets Holdings Ltd

06365189

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets Technology Solutions Limited

05661107

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets Property Holding Company Limited

11468087

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Blick Rothenberg Audit LLP

OC377158

England & Wales

16 Great Queen Street, Covent Garden, London, WC2B 5AH

Azets Audit Services Ltd

09652677

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets Probate Services Ltd

10775894

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets (Ashby) Limited

06290343

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets Debt Solutions Limited

SC569126

Scotland

Titanium House, Kings Inch Place, Renfrew, PA4 8WF

Azets Financial Planning Limited

07146887

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets Financial Management Limited

13169053

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Azets Corporate Finance Limited

08912009

England & Wales

Churchill House 59, Lichfield Street, Walsall, WS4 2BX

Roffe Swayne

02179595

England & Wales

Ashcombe Court, Woolsack Way, Godalming, Surrey, GU7 1LQ

Trustee(s) of the Baldwins Pension Scheme

 

 

The Pavilions, 69-71 Macrae Road, Eden Park, Ham Green, Bristol, BS20 0DD

The Trustees of the Blick Rothenberg Group Life Insurance Scheme

 

 

16 Great Queen Street, Covent Garden, London, WC2B 5AH

The Blick Rothenberg Excepted Group Life Insurance Scheme

 

 

16 Great Queen Street, Covent Garden, London, WC2B 5AH

Titanium Trustees Limited

SC462976

Scotland

Titanium House, Kings Inch Place, Renfrew, PA4 8WF

Azets AS

917 774 447

Norway

Postboks 342 Sentrum, 0101 Oslo, Norway

Azets People AS

087 733 748

Norway

Postboks 342 Sentrum, 0101 Oslo, Norway

CogiDocs AS

983 390 684

Norway

7898 Limingen, Norway

Azets People Management AS

912 327 094

Norway

Postboks 342 Sentrum, 0101 Oslo, Norway

Azets Insight AS

983 338 917

Norway

Postboks 881 Sentrum, 5807 Bergen, Norway

Azets Insight SRL

24813426

Romania

5 Nicolaus Olahus Street, Sibiu Business Centre, Entrance A, 9. & 10. Floor, 550370 Sibiu, Romania

Cogidocs RO SRL

416 75 790

Romania

5 Nicolaus Olahus Street, Sibiu Business Centre, Entrance A, 9. Floor, 550370 Sibiu, Romania

Azets Insight AB

556 250 3580

Sweden

Box 1424, 17127 Solna, Sweden

CogiDocs AB

556808-6143

Sweden

Box 398, 73726 Fagersta, Sweden

IDUR Information AB

556632-5188

Sweden

Enhagsslingan 6, 187 40 Täby, Sweden

Azets (Cogidocs) Limited

03794595

England & Wales

24 Pindar Road, Hoddesdon, Hertfordshire, EN11 0DE, UK

Isännöitsijäoimisto Jarmo Rantamäki OY

1594341-5

Finland

Elielinaukio 5 B, 00100 Helsinki, Finland

Azets Insight OY

0220227-1

Finland

Elielinaukio 5 B, 00100 Helsinki, Finland

Cogidocs OY

2609954-7

Finland

Kirkkokatu 25 A, 80100 Joensuu, Finland

Azets Insight OÜ

146 28 759

Estonia

Lõõtsa 1A, Tallinn, 11415, Estonia

Azets Employee Public A/S

27 71 86 12

Denmark

Lyskær 3 C, 2730 Herlev, Denmark

Azets ATB ApS

252 29 649

Denmark

Lyskær 3 C, 2730 Herlev, Denmark

Azets Labs A/S

10407745

Denmark

Lyskær 3 C, 2730 Herlev, Denmark

Azets Insight II ApS

324 78 336

Denmark

Vindigevej 10, 4000 Roskilde, Denmark

Azets Insight A/S

25 07 48 23

Denmark

Lyskær 3 C, 2730 Herlev, Denmark

Azets Wise Management ApS

317 67 091

Denmark

Vindigevej 10, 4000 Roskilde, Denmark

Azets CoSoft AB

559273-6937

Sweden

Ekenbergsvägen 113, 171 41 Solna, Sweden

 

This Privacy Policy is version 20210301 and was published 1 March 2021.