How we use your information

This Privacy Policy tells you what to expect when Haberman Ilett LLP (“the firm” or “we”) collect personal information.  It applies to information we collect about:

Visitors to our website

When someone visits https://hiforensic.com/we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out things such as the number of visitors to the various parts of the site.  This information is only processed in a way which does not identify anyone.  We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Use of cookies by the firm

You can read more about how we use cookies on our  Cookies page.

Search action

Search actions on our website are processed within the website itself.  We do not collect any personal data from visitors and no data leaves the site.

Job applicants and our current and former employees

The firm is the data controller for the information you provide during the job application process.  If you have any queries about the process or how we handle your information please contact us at office@hiforensic.com.

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area.  The information you provide will be held securely by us and our data backup host whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application.  We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for and why?

The information we ask for is used to assess your suitability for employment.  You don’t have to provide what we ask for, but it might affect your application if you don’t.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

Application stage

We ask you for your personal details including name and contact details.  We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for.  Our recruitment team will have access to all of this information.

You will also be asked to provide equal opportunities information.  This is not mandatory information – if you don’t provide it, it will not affect your application.  This information will not be made available to any staff outside of our recruitment team in a way which can identify you.  Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

Interview stage

We might ask you to attend an interview and/or complete an assessment – or a combination of these.  Information will be generated by you and by us.  For example, you might complete a written test or we might take interview notes.  This information is held by the firm.

Offers of and employment

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks.  You must successfully complete pre-employment checks to progress to a final offer.  We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies;
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies;
  • You will be asked to complete a criminal records declaration to declare any unspent convictions;
  • We will contact your referees, using the details you provide in your application, directly to obtain references; and
  • We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work.

If we make a final employment offer which you accept, we will also ask you for the following:

  • Bank details – to process salary payments;
  • National Insurance number – to process statutory pay deductions and inform HMRC; and
  • Emergency contact details – so we know who to contact in case you have an emergency at work.

Our contract of employment provides that you give consent for us to process your personal data and we are further required to process your personal data for contractual reasons, for example to make salary payments.  Your personal details will be provided to HMRC to comply with firm’s statutory obligations as your employer.

We process salary payments using software and systems hosted by Xero.  Your personal data will be processed using Xero software to pay you.  The data hosted by Xero is processed on servers located in the U.S.  The terms of Xero’s hosting service are such that Xero will not share your personal information with any organisation apart from us or as may be required by law. Xero will hold your data securely and retain your data for the period we instruct.

Salary and expense payments are processed electronically and we will pay you through the firm’s bank account.  Our bank, HSBC, will receive your personal details to process payments to you.

If you decide to join our workplace pension scheme, we will provide your personal details to the firm’s pension administrator, Standard Life.  If you choose to join our health insurance scheme, we will provide your personal details to the firm’s insurance broker Centor Insurance and Risk Management Limited , and the scheme administrator, Vitality.  You will be covered by the firm’s life insurance and income protection scheme, underwritten by a policy provided by UNUM and we will provide your personal details with UNUM.  We have contracts in place with, Standard Life, Centor Insurance and Risk Management Limited, Vitality and UNUM that means they cannot do anything with your personal information unless we or you have instructed them to amend it.  They will not share your personal information with any organisation apart from us.  They will hold it securely and retain it for the period we instruct.

Our regulator (the Institute of Chartered Accountants in England and Wales) requires all technical staff to complete annual declarations that we have met our continuing professional development and anti-money laundering requirements for the previous year, are sufficiently independent from any client, have kept all client information confidential, and are “fit and proper” persons subject to the rules of our respective professional bodies.  These annual declarations are stored securely as scanned documents, the hard-copy originals are destroyed.

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your personnel file for the duration of your employment plus 6 years following the end of your employment.  This includes your criminal records declaration, your right to work in the United Kingdom, your fitness to work and references.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months.

Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months.

Professional contacts

We maintain a database of professional contacts, that is people we have met, people we have worked with and people who we consider we may work with in the future.  The information in our contacts database is either provided to the firm by the data subject (through a business card, letter, email or social media contact) or obtained from a publicly available source, for example, from the subject’s employer’s website.

We process these data because the firm has a legitimate interest in maintaining details of and corresponding with our professional contacts.

The database includes only work-related personal information, such as office addresses, work email addresses and telephone numbers.  The database is stored on a private, firewall protected server, only accessible by our staff and our developer (see below). The database is encrypted with Advanced Encryption Standard 256-bit encryption for security.  The backup is stored in the UK.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

We have a contract in place with our database developer and storage provider, Data Therapy, that means they cannot do anything with your personal information unless we instruct them.  They will not share your personal information with any organisation apart from us.  They will hold your data securely and retain it for the period we instruct.

Clients

Our clients are generally corporate entities, firms, governments and individuals.  We are required to identify clients for Anti Money Laundering purposes and we will obtain personal information about individuals as part of the requirement for us to perform client due diligence procedures.

We process these data because the firm has a statutory requirement under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to obtain and record personal information.  The firm also processes these personal details for contractual reasons, for example, to address invoices and be paid.

Client information includes work-related personal information, such as individuals’ office addresses, work email addresses and telephone numbers.  For personal clients, the information will also include personal information such as home addresses and copies of identity documents, like passports or driving licences.  We do not keep any hard-copy client information.

Client information is stored on a private, firewall protected server, only accessible by our staff. The server backup is encrypted with Advanced Encryption Standard 256-bit encryption.  The backup is stored in the UK by our information technology support provider, Netstar.  We have a contract in place with Netstar that means they cannot do anything with your personal information unless we instruct them.  They will not share your personal information with any organisation apart from us.  They will hold your data securely and retain it for the period we instruct.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

Suppliers

We maintain and process personal information about our suppliers.  The information concerning our suppliers is usually provided to the firm by the data subject (through an invoice, letter, email or social media contact).

We process supplier data because the firm has contractual obligations to pay for supplies.

Supplier data includes only work-related personal information, such as office addresses, work email addresses and telephone numbers.  Supplier data is stored on a private, firewall protected server, only accessible by our staff. The data is encrypted with Advanced Encryption Standard 256-bit encryption for back up and storage reasons.  The backup is stored in the UK by our information technology support provider, Netstar.  We have a contract in place with Netstar that means they cannot do anything with your personal information unless we instruct them.  They will not share your personal information with any organisation apart from us.  They will hold your data securely and retain it for the period we instruct..

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

We process supplier payments using software and systems hosted by Xero.  Suppliers’ personal data will be processed using Xero software to pay you.  The data hosted by Xero is processed on servers located in the U.S.  The terms of Xero’s hosting service are such that Xero will not share your personal information with any organisation apart from us or as may be required by law. Xero will hold your data securely and retain your data for the period we instruct.

Supplier payments are processed electronically and we will pay you through the firm’s bank account.  Our bank, HSBC will receive your personal details to process payments to you. HSBC’s privacy policy.

Your rights

Under the Data Protection Act 2018, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here

Complaints and queries

We try to meet the highest standards when collecting and using personal information.  For this reason, we take any complaints we receive about this very seriously.  We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.  We would also welcome any suggestions for improving our procedures.

This Privacy Policy was drafted with brevity and clarity in mind.  It does not provide exhaustive detail of all aspects of the firm’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed.  Any requests for this should be sent to the address at the end of this Privacy Policy.

If you want to make a complaint about the way we have processed your personal information, you can contact us at the address at the end of this Privacy Policy.

Access to personal information

The firm tries to be as open as it can be in terms of giving people access to their personal information.  Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you to whom it could be disclosed; and
  • let you have a copy of the information in an intelligible form.

To make a request to the firm for any personal information we may hold you need to put the request in writing at the address at the end of this Privacy Policy.

If we do hold information about you and it contains errors, you can ask us to correct any mistakes by contacting us at the address at the end of this Privacy Policy.

Your right to unsubscribe and erasure

If you want to unsubscribe from any communication sent to you, you can email us at office@hiforensic.comand type “Unsubscribe” in the message subject heading.  If you wish your data to be erased, you can email us at office@hiforensic.comand type “Erase” in the message subject heading.

Children’s privacy protection

We understand the importance of protecting children’s privacy on the internet.  This Website is not designed for or intentionally targeted at children 13 years of age or younger.  It is not our policy to collect or maintain information about anyone under the age of 13.

Links to other websites

This Privacy Policy does not cover the links within this site linking to other websites.  We encourage you to read the privacy statements on the other websites you visit.

How to contact us

If you want to request information about our Privacy Policy, you can email us at office@hiforensic.comor write to our Data Protection Officer at:

Haberman Ilett LLP
City Tower
40 Basinghall Street
London
EC2V 5DE