ASE Global Ltd and all subsidiaries, known as ASE, are committed to the safeguarding of all personal data, irrespective of how it is received by, or provided to us. In this privacy statement we will explain how we will process and protect the personal data we receive.
ASE holds two separate registrations as a data controller with the Information Commissioner’s Office (ICO). Details concerning both registrations can be viewed at https://ico.org.uk/esdwebpages/search under registration numbers Z332476 and Z1936284
Personal data we may receive
ASE will processes personal data which is specifically and voluntarily submitted to us by, for example, a visitor to our website who chooses to provide this information for a number of reasons which can include; registration to certain areas of our website, to apply for a job, or to order a publication. ASE will also process personal data submitted to us via our commercial clients where they have a legal obligation or must do so in order to perform their contract with us. When a visitor or a client provides personal data to us we use it solely for the purposes for which it was provided.
Personal data is data that can be used, or used in conjunction with multiple types of data, to identify a living person.
ASE can receive personal data directly for a number of reasons which include the following:
- Register for certain areas of our website
- Attend training seminars or workshops
- Request reference materials
- Submit job applications or a CV
- Participate in “join our mailing list” initiatives
- Participate in bulletin boards, discussion or message forums
- Participating in our website’s Live-Chat feature
- Contact us for further information
- Enter quick surveys, quizzes or bench-marking studies
- Register for events and conferences
- Register for premium online services
- Signing in to the reception of our offices
- Via Cookies and other web analytics on our site and social media pages.
Other than any prerequisite personal data associated with general recruitment processes, ASE does not seek any personal data through our website, other than those listed above.
ASE will also receive your personal data indirectly, through your employer, in the following ways:
- If your workplace uses one or more of our applications, your data will be submitted to us via your employer in order for us to set up your access accounts, and to facilitate any I.T. requests – the legal basis for this processing is the performance of a contract.
- This will include your name, professional email address and telephone number, business address and postcode, town and county, and country.
- Your data will be retained for as long as your account stays active, and then for a reasonable period afterwards, unless you instruct us to remove this data earlier and we have no legally overriding interests.
- If your workplace uses ASE as an Auditor, we will collect the following data depending upon the type of work that is carried out:
- For Statutory Audits, if applicable to you, we can collect your name, salary details, National Insurance number, and other financial details.
- For Financial Due Diligence ,if applicable to you, your name, job title, employment details, salary, OTE, holiday information, pension data, life assurance data, company car data, fuel allowances, and healthcare data.
- These are supplied to us under a legal obligation of, and processed by us to perform our contract with, your employer. This information will be retained for no less than seven years, up to eight years, for compliance with our legal obligations. This information will be shared with the relevant authorities where we have a legal obligation to do so.
- If you or your workplace uses ASE for our Tax Accounting services, we will collect the following data depending upon the type of work that is carried out:
- For Company Compliance work, if applicable to you, we will collect your name, title, personal address, and date of birth. This will be shared with Companies House, under our legal obligation.
- For Personal Tax and P11D, if applicable to you, we will collect your name, , title, initials, D.O.B. date of death, sex, marriage data (married date, spouse name, dissolution, separation, death of partner, partner tax reference), nationality, salutations, nee, qualifications, honors, other identification, address, previous address & date of change, town, county, country, postcode, phone, fax, email, tax reference, national insurance number, employer reference, related companies, related people, contacts (for companies). This will be shared with HMRC under our legal obligation.
- If your employer uses ASE to complete PAYE Reviews, VAT Reviews or Financial Due Diligence Reviews, then we will collect the following data; name, D.O.B, National Insurance number, Address, PAYE reference, bank details, medical conditions – doctors details, disability, sick notes. Financial information, drivers license, passport details, employment contracts, utility bills. This information will be shared with Companies House or HMRC under our legal obligation.
- This information will be retained for no less than seven years, up to eight years, for compliance with our legal obligations. This information will be shared with the relevant authorities where we have a legal obligation to do so.
- If you have contacted ASE in your professional capacity to inquire about our services, your contact details may be added to our Customer Relations Management database – where it could be used to contact you in the future, under our business’ legitimate interests. Your details will be retained for a maximum of 15 months from our last contact with you, unless you instruct us to delete your details sooner.
Use of Data
ASE will never use personal data received for one purpose in relation to another, and where we have no further reason to retain personal data we will ensure its secure destruction. If we have collected your information for a particular purpose, we will not use it for anything else unless you have been informed and, where relevant, your permission obtained. Personal data is never shared with a third party unless clearly stated in this document, or with documented prior consent.
In as many circumstances as possible we will only ever process your personal data where we have a legal or contractual obligation to do so. However, there are times where we need to contact you and you have asked us not do to so. If this situation ever arises we will conduct what is known as a Legitimate Interest balancing test in order to establish if it is right and appropriate for us to speak to you bearing in mind you may have asked us not to.
Where we rely on your consent to process personal data, you have the right to withdraw your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the use of your personal data, please contact our Data Protection Officer here.
Where do we process data?
We process data at our registered offices, details of which can be found here.
Current, former and job applicant data
Retention and destruction details in relation to current and former ASE employees can be accessed by current and former ASE employees by emailing our Data Protection and Compliance officer
When we receive personal data via CV, online applications etc. we will only ever use that data to process the application. Where we feel it appropriate to disclose that data to a third party, for example, to obtain a reference or conduct a Disclosure and Barring Service (DBS) check, we will only ever do so with the applicants permission and, in the case of DBS checks, where deemed appropriate to the role.
While, as previously stated, it is ASE policy not to disclose information to third parties, unless clearly stated at the point of provision and with documented consent where applicable. There are circumstances under which we are legally obligated to do so, for example:
- Where we are required to do so by law
- In relation to any legal proceedings, either ongoing or prospective
- With the intention of exercising, establishing or defending our legal rights (including providing information to other party(s) in respect of the prevention of fraud for example)
- Disclosure with a purchaser(s) (or prospective purchaser(s)) of any business or asset that we may either be in the process of, or planning to dispose of.
ASE utilizes carefully chosen sub-processors to carry out specified tasks in relation to our data. Each sub processor is legally obligated to ensure that they are themselves compliant with GDPR, and to ensure the maximum protection via technological safeguards are applied to the processing of your data. Our sub-processors are;
- Live Chat Monitoring – who provide our Live-Chat function on our website.
- Concerto – who provide Property Asset Management and Customer Relations Management services to us.
- My Work Papers & IRIS – is used by our Audit and Tax departments as cloud-based digital work spaces.
- MB Advertising – used by our marketing department to manage our marketing campaigns.
ASE has implemented industry standard levels of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. All ASE employees follow a business-wide security policy. Only after signing the appropriate confidentiality agreements are authorized ASE personnel provided access to personal or business data; and only where appropriate and relevant to their role.
ASE policy is to use secure socket layer (SSL) technology for the protection of credit card information submitted through web forms. This policy is also required for any fulfillment agents of the business.
Your information rights under GDPR
- You can instruct us to provide you with any personal information we hold about you, via a Subject Access Request.
- If you instruct us to no longer process your personal data we will do so as quickly as possible, where appropriate.
- If you instruct us to destroy or update any/all of your personal data we hold we will do so as quickly as possible, where possible.
- If you instruct us to cease all processing for marketing purposes we will do so as quickly as possible.
- Further information regarding how to exercise any of the rights listed above can be obtained from the ICO Guidance or by contacting our Data Protection Officer.
Access to your information and correction
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address provided in the final section of this statement. We will provide this information to you free of charge, however, we reserve the right to charge you a small administration fee for disbursements.
We want to make sure that your personal information is accurate and up to date. You can ask us to correct or remove information you think is inaccurate. And where possible, we will make any appropriate changes as soon as possible.
Cookies and Analytics
You can set your browser not to accept cookies and this link tell you how to remove cookies from your browser. However, in a few cases some of our website’s features may not function as a result.
Our site uses CookieBot, a third party cookie management service to help us to be as transparent as possible, and to provide a full user control over cookies on our site. Any cookies that are necessary for our website to perform correctly will be deployed automatically, in order to provide you with our site in its correctly functioning state – these can’t be turned off, as the site may not perform correctly or behave as we had hoped. Cookies relating to preferences and statistics are deployed automatically under our legitimate interests, but can be switched off via the banner.
We also use marketing cookies, to help provide us with aggregated data of the usage of our site and the mediums which are driving traffic to the site. Where possible, this data is anonymized and cannot identify you. These types of cookies will only be activated given your consent to do so, and this consent can be revoked as mentioned below. These cookies will collect as little personal data as possible; this data will be deleted once there is no reasonable reason to retain this. You can find the retention periods for each individual cookie by expanding our CookieBot toolbar on our site.
Some of this data is shared with the third parties who set these cookies, meaning that this information may be shared outside of the EEA; where this is the case these recipients will be covered by an adequacy decision – given by the European Commission to declare that the country offers an adequate level of data protection, or, the companies with whom this data is shared will be contractually bound to observe data protection principles when processing your data.
Your cookie consent settings will remain valid for 12 months and will be remembered upon your next visit – if you wish to update your consent settings before this, then you can delete this cookie from your browser.
We will also collect your IP Address via our site; this is a unique identifier for your computer to time stamp your arrival on our site, but is not linked to any information from which you are personally identifiable, like a username. ASE will retain this information for a maximum of two years, or until no longer necessary. This will be collected and retained in our interests to help us to inform law enforcement in the case of a network breach; and to analyze the use of the website in order to help guide improvements. The syslog server where these are kept uses heavy encryption on its storage, and is not accessible to anyone outside of the core infrastructure team.
This Privacy Statement was last updated on the 24th May 2018.
ASE holds two separate registrations as a data controller with the Information Commissioner’s Office (ICO). Details concerning both registrations can be viewed at https://ico.org.uk/esdwebpages/search under registration numbers Z3324276 and Z1936284.
You also have the right to lodge a complaint with the ICO, who can be contacted via this link.
How to contact us
If you have any data protection issues, or if you have any questions about our privacy statement or the information we hold on you, you can contact our Data Protection team via GDPR@ase-global.com
Or alternatively, write to us at the following address:
ASE Global, Rowan Court, Concord Business Park, Manchester, M22 0RR.