We are committed to respecting confidentiality of personal data and complying with data protection legislation. When we process personal data in the United Kingdom we do so in compliance with the Data Protection Act 2018 and the UK GDPR. When we process personal data in the European Economic Area we do so in compliance with the EU GDPR. Any reference in this policy solely to “GDPR” should be construed as either the UK GDPR as applies in the United Kingdom or the EU GDPR as applies in the European Economic Area.
This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may process personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.
Each company in the Azets group of companies is a separate legal entity and a separate controller of personal data. Some of these companies trade under a trading name that does not include the word “Azets” in the company title, for example, Blick Rothenberg. A full list of our legal entities to which this policy applies is available here.
“Azets” (and “we”, “us”, or “our”) refers to Azets Opco Limited, registered in Jersey under registration number FC033952, with registered address at 22 Grenville Street, St Helier, Jersey, JE4 8PX, with United Kingdom establishment registration number BR019040, 16 Great Queen Street, Covent Garden, London, WC2B 5AH and such Azets companies in Europe and their subsidiaries that:
If you wish to discuss any data protection matter please contact our Data Protection Officer as described below.
Data Protection Officer for all Azets companies |
The Data Protection Officer Azets Opco Limited 2nd Floor, Regis House 45 King William Street London EC4R 9AN United Kingdom |
Tel +44 (0) 20 7403 1877 |
DPO@azets.co.uk (in the United Kingdom) dataprotection@azets.ie (in the Republic of Ireland) privacy@azets.com (in the rest of the European Economic Area) |
If you are based in the European Economic Area but serviced by one of our UK entities and wish to discuss our compliance with the EU GDPR please contact our EU representative as described below (all of our UK entities have appointed the following as their EU Representative in writing as required by EU GDPR Article 27).
EU Representative for Azets companies in the United Kingdom |
The EU Representative Azets AS Postboks 342 Sentrum 0101 Oslo Norway |
Tel +47 40 10 40 18 |
Email privacy@azets.com |
If you are based in the United Kingdom but serviced by one of our EEA entities and wish to discuss our compliance with the UK GDPR please contact our UK representative as described below (all of our EEA entities have appointed the following as their UK Representative in writing as required by UK GDPR Article 27).
UK Representative for Azets companies in the European Economic Area |
The UK Representative Azets Holdings Limited 2nd Floor, Regis House 45 King William Street London EC4R 9AN United Kingdom |
Tel +44 (0) 20 7403 1877 |
Email DPO@azets.co.uk |
Our role as a controller or a processor depends upon the nature of our engagement with you. If you are a customer this will be defined in your letter of engagement and associated schedules and Terms of Business which form our contract with you. But generally:
Personal data is any information relating to an identified or identifiable living person. We only collect such personal data that is necessary for us to perform our services or inform you about our services and we ask customers only to share such personal data as required for that purpose. Where we identify that a customer has provided us with unnecessary personal data, we either return that information to its source or destroy it, considering the customer’s preference wherever possible.
If you are a prospective customer, we process the following:
If you are a personal or sole trader customer, we may process the following:
If you are a business customer, we also process the following:
If we are providing payroll services or tax return services for your employees, we will process the following personal data concerning your employees:
If you are a supplier, we process the following:
If you contact us concerning employment whether by letter, email, LinkedInTM or via our careers pages you may provide:
If you use our secure portal Cozone we collect the following information from you:
If you visit one of our websites, we collect information about your computer:
If you receive marketing emails from us and interact with them, we collect:
If you use social media accounts which are registered using the same email address you have provided to us elsewhere our systems enable us to link your social media accounts to your email address and so we process:
We do not normally collect special category personal data such as health, race or ethnic origin. However, for certain services or activities such as wealth management or HR consultancy and when required by law or with an individual’s consent this may be necessary. We always seek to minimise our processing of special category personal data.
We provide a wide range of business services. Most of these services require us to process personal data to provide advice and deliverables. The lawful basis for processing personal data for the purpose of providing services to our customers depends upon the context. We use one or more of the following legal bases for processing:
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We keep records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. For example, when conducting customer due diligence measures to comply with anti-money laundering regulations we carry out searches to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular customer, such as sanctions, criminal convictions (including in respect of company directors and beneficial owners), conduct or other reputational issues. Where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory obligations.
If you wish to become our customer (and periodically thereafter), we have a legal obligation to verify your identity. We do not need to obtain your consent to do this because it is a legal obligation imposed upon us. However, we are obliged to inform you that this will take place. We may achieve this by:
We process personal data to run our business. This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services. Such processing includes:
The lawful basis for processing personal data for the purpose of recruitment is our legitimate interest to develop our business.
When an applicant becomes an employee, their personal data is processed subject to our Internal Privacy Policy.
Personal data collected from unsuccessful employment applicants is retained for 6-24 months (depending upon which part of our group you have applied to) after which it is securely destroyed.
The initial lawful basis for processing personal data for the purpose of business development is our legitimate interest to develop our business by undertaking sales and marketing activities.
When we first contact an individual or organisation, we will seek consent to process personal data before we proceed any further. We retain evidence of the consent which has been provided.
When sending electronic marketing messages to existing customers concerning similar products or services to those already purchased, we rely on the “soft opt-in” approved by the UK’s Information Commissioner and similar mechanisms in other EEA countries. Such mechanisms permit us to lawfully send marketing messages to existing customers provided that they contain an “opt out” mechanism.
The lawful basis for sending electronic marketing messages to named individuals is consent. We retain evidence of the consent which has been provided.
We retain personal data collected through our business development processes for as long as we believe our products and services may be of interest to prospective customers. Individuals and organisations can ask to be removed from our business development system at any time.
The lawful basis for processing personal data for the purpose of procurement is our legitimate interest to maintain efficient and effective procurement processes.
The retention period for the personal data we process is always in accordance with legal, regulatory and contractual requirements.
We only share personal data with other organisations when we have a lawful basis to do so. When we share data with other organisations, we put contractual arrangements and security mechanisms in place to protect personal data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to, or disclosed to, other companies in the Azets group of companies (see list here) and our ultimate parent companies Hg Capital and PAI Partners.
We may share personal data with other Azets companies where necessary for administrative purposes and to provide professional services to our customers.
All companies in the Azets group of companies are bound by a Data Sharing Agreement which commits them to share personal data in a secure and lawful manner that respects the rights and freedoms of data subjects.
Depending upon the nature of the service being provided to you we may lawfully share personal data with other organisations. This may change from time to time, so for the latest information please refer to the following: https://www.azets.ie/about-us/privacy-policy/data-sharing
We use specialist organisations to provide certain services, such as data hosting. These organisations (defined as processors in data protection legislation) are bound by a written contract which defines their tasks and responsibilities. Azets only employs processors that comply with data protection legislation and processors are subject to audit or certification review to ensure continuing compliance.
The processors used by Azets group companies may change from time to time, so for the latest information please refer to the following: https://www.azets.ie/about-us/privacy-policy/processors
If we were to contemplate selling all or part of the Azets business we may disclose personal data to the potential purchaser as a necessary part of a due diligence process. This would be governed by a legally binding contract that guarantees confidentiality in full compliance with data protection legislation. The contract would also bind the prospective purchaser’s professional advisers to confidentiality. The lawful basis for such disclosure is Legitimate Interest (any Special Category Personal Data would be subject to further restrictions and conditions).
Should a prospective acquisition or merger not proceed to completion the contract would oblige the prospective purchaser to erase any personal data that had been disclosed for the purpose of evaluating the potential business acquisition/merger.
If we were to conclude a sale of all or part of the Azets business personal data would be transferred as an asset in conjunction with the sale or merger (including transfers made as part of any insolvency or bankruptcy proceedings). If this were to occur you will be notified by email and/or a prominent notice on our web sites describing any change of ownership and /or use of your personal data, as well as choices you may have regarding your personal data.
We are part of a global association of accountants and in common with other professional service providers, we sometimes use organisations located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our customers are located.
We will neither transfer nor process personal data outside the country in which a customer has contracted, nor will we permit personal data to be so transferred or processed by a third party, unless it is under one of the following conditions:
Some of our processors, such as Microsoft, are ultimately US-owned, but our contracts are with their UK or EU entities, subject to UK GDPR and EU GDPR legislation respectively. We have risk-assessed our continued usage of such US-owned service providers in compliance with European Data Protection Board guidance. We continually keep under review the requirements which are imposed by applicable legislation.
Some of our processors who host personal data in the United States of America comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. See here for a list of participating organisations.
We do not perform any profiling based on personal data that has a legal or significant effect upon data subjects.
We do not perform any automated decision-making involving personal data.
For information relating to our insolvency and restructuring practice in Ireland please click here.
You have the following rights concerning your personal data:
Right to be informed |
This privacy policy is designed to satisfy your right to be informed about the processing of personal data, but if you have any further questions please contact the Data Protection Officer shown at the top of this notice. |
Right of access |
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data. |
Right to rectification |
You have the right to oblige us to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement. |
Right to erasure (right to be forgotten) |
You have the right (under certain circumstances, but not all) to oblige us to erase personal data concerning you. |
Right to restriction of processing |
You have the right (under certain circumstances, but not all) to oblige us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you. |
Right to data portability |
You have the right (under certain circumstances, but not all) to oblige us to provide you with the personal data about you which you have provided in a structured, commonly used and machine-readable format. You also have the right to oblige us to transmit those data to another controller. |
Right to withdraw consent |
If the lawful basis for processing is consent, you have the right to withdraw that consent. |
Right to object to direct marketing |
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing. |
Rights in relation to automated decision making and profiling |
We do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you. |
If you would like to exercise any of your rights shown above, please contact the Data Protection Officer by post, telephone or by using one of the email addresses at the top of this notice.
If you are not satisfied with the response you receive, you have the right to lodge a complaint with the relevant supervisory authority for the territory in which you are contracted as shown in the table below.
Contracted in |
Supervisory authority |
Denmark |
Datatilsynet / The Danish Data Protection Agency Carl Jacobsens Vej 35 DK-2500 Valby Denmark (t) +45 33 19 32 00 |
Estonia |
Andmekaitse Inspektsioon / Republic of Estonia Data Protection Inspectorate 39 Tatari St. 010134 Tallinn Estonia (t) (+372) 627 4135 (e) info@aki.ee |
Finland |
Tietosuojavaltuutetun Toimisto / Office of the Data Protection Ombudsman P.O. Box 800 00531 Helsinki Finland (t) +358 (0)29 566 6700 (e) tietosuoja@om.fi |
Guernsey |
Office of the Data Protection Authority St Martin's House Le Bordage St Peter Port Guernsey GY1 1BR (t) +44 (0) 1481 742074 |
Isle of Man |
Barrantagh Fysseree (Information Commissioner) First floor, Prospect House Prospect Hill Douglas Isle of Man IM1 1ET (t) +44 (0) 1624 693260 |
Republic of Ireland |
An Coimisiún um Chosaint Sonraí (Data Protection Commission) 21 Fitzwilliam Square South Dublin D02 RD28 Ireland (t) + 353 (0)1 7650100 https://forms.dataprotection.ie/contact
|
Jersey |
Jersey Office of the Information Commissioner 2nd Floor 5 Castle Street St. Helier Jersey JE2 3BT (t) +44 (0) 1534 716530 |
Norway |
Datatilsynet / The Norwegian Data Protection Authority Postboks 458 Sentrum 0105 Oslo Norway (t) +47 22 39 69 00 |
Romania |
Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter personal / The National Supervisory Authority for personal data Processing B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, cod postal 010336 Bucuresti Romania (t) +40.318.059.211 (t) +40.318.059.212 |
Sweden |
Integritetsskydds myndigheten (IMY) / Swedish Authority for Privacy Protection (IMY) Box 8114 10420 Stockholm Sweden (t) 08-657 61 00 (e) imy@imy.se |
United Kingdom |
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF (t) +44 (0) 303 123 1113 |
This Privacy Policy is version 20240306 and was published 6 March 2024