GDPR, Data Protection, Anti-Money Laundering
- Our processes to safe-guard your data
First and foremost, all and any of the data we collect, we consider to be sensitive and needs to be protected.
When you first engage in our services, we need to complete various on-boarding processes. This can include electronic checks on the directors and also individuals that hold over a 25% shareholding, for the purposes of anti-money laundering legislation. It can also include requesting and storing your full company accounts and tax computations to undertake further research, projections and calculations to consider the likely benefit of an R&D tax claim. These early processes can also include requesting proof of identity, analysing detailed breakdowns of costs listed in the accounts, and investigating contracts with suppliers and/or customers.
Moving further into the R&D claim preparation process, we start to collect a considerable array of personal and company information, including staff details, names, email addresses, home and registered office addresses, phone numbers, companies house details, tax reference numbers, and much more.
All of this information and data is vital and also mandatory for us to carry out and deliver a quality service and be compliant with various regulations, including processes for understanding who we are doing business with, anti-money laundering processes, anti-corruption, the prevention of facilitation of tax evasion, terrorism financing and more.
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
It should also be noted that LinkStep are supervised by CIOT (Chartered Institute of Taxation) for the purposes of anti-money laundering legislation.
Some notable points on what we don’t do:
- We do not store any payment or credit card information.
- We do not mine, sell or process your data for marketing purposes.
- Your data will never be passed to third parties, unless this is part of the R&D claim process and this has been explicitly agreed with you in advance – for example, passing an R&D claim to HMRC, working with your accountant to submit an R&D claim, and responding to HMRC on your behalf.
- You will never be contacted with ‘spam’ marketing emails from us or any marketing company on our behalf.
How do we secure our infrastructure?
- All of our laptops and computers are set up and regularly assessed by an independent security expert.
- Every hard drive is encrypted and locked down with secure access only.
- We operate as a paperless office as much as legally possible. This means that we are able to secure your data using the most up-to-date methods, but sometimes we do still have the need to press the print button. In this case, unwanted paperwork is shredded immediately.
- Your data is stored within Citrix’s secure, SSAE 16 audited data centres. These are privately managed server farms equipped with the latest firewalls and Internet security updates to help keep your data completely safe, and physical security measures from fingerprint scanners to ballistic-proof exteriors protect against theft and natural disaster.
- All of our stored data is encrypted using 256-bit SSL.
- Files are transported between the storage tier directly over an SSL or TLS encrypted segment using high grade encryption.
- Emails are sent encrypted through Office365.
Please don’t hesitate to contact us should you have any questions.
– Managing Director of LinkStep R&D Tax Services