14. Data Protection
- In this clause, the following definitions shall apply:
- ‘client personal data’ means any personal data provided to us by you, or on your behalf, for the purpose of providing our services to you, pursuant to our engagement letter with you;
- ‘data protection legislation’ means all applicable privacy and data protection legislation and regulations including PECR, the GDPR and any applicable national laws, regulations and secondary legislation in the UK relating to the processing of personal data and the privacy of electronic communications, as amended, replaced or updated from time to time;
- ‘controller’, ‘data subject’, ‘personal data’, and ‘process’ shall have the meanings given to them in the data protection legislation;
- ‘GDPR’ means the General Data Protection Regulation ((EU) 2016/679); and
- ‘PECR’ means the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003).
- We shall each be considered an independent data controller in relation to the client personal data. Each of us will comply with all requirements and obligations applicable to us under the data protection legislation in respect of the client personal data.
- You shall only disclose client personal data to us where:
- you have provided the necessary information to the relevant data subjects regarding its use (and you may use or refer to our privacy notice available at www.duncantoplis.co.uk/privacynotice for this purpose);
- you have a lawful basis upon which to do so, which, in the absence of any other lawful basis, shall be with the relevant data subject’s consent; and
- you have complied with the necessary requirements under the data protection legislation to enable you to do so.
- Should you require any further details regarding our treatment of personal data, please contact our data protection officer email@example.com
- We shall only process the client personal data:
- in order to provide our services to you and perform any other obligations in accordance with our engagement with you;
- in order to comply with our legal or regulatory obligations; and
- where it is necessary for the purposes of our legitimate interests and those interests are not overridden by the data subjects’ own privacy rights. Our privacy notice (available at www.duncantoplis.co.uk/privacynotice) contains further details as to how we may process client personal data.
- For the purpose of providing our services to you, pursuant to our engagement letter, we may disclose the client personal data to members of our firm’s network, our regulatory bodies or other third parties (for example, our professional advisors or service providers). The third parties to whom we disclose such personal data may be located outside of the European Economic Area (EEA). We will only disclose client personal data to a third party (including a third party outside of the EEA) provided that the transfer is undertaken in compliance with the data protection legislation.
- We shall maintain commercially reasonable and appropriate security measures, including administrative, physical and technical safeguards, to protect against unauthorised or unlawful processing of the client personal data and against accidental loss or destruction of, or damage to, the client personal data.
- In respect of the client personal data, provided that we are legally permitted to do so, we shall promptly notify you in the event that:
- we receive a request, complaint or any adverse correspondence from or on behalf of a relevant data subject, to exercise their data subject rights under the data protection legislation or in respect of our processing of their personal data;
- we are served with an information, enforcement or assessment notice (or any similar notices), or receive any other material communication in respect of our processing of the client personal data from a supervisory authority as defined in the data protection legislation (for example in the UK, the Information Commissioner’s Officer); or
- we reasonably believe that there has been any incident which resulted in the accidental or unauthorised access to, or destruction, loss, unauthorised disclosure or alteration of, the client personal data.
- Upon the reasonable request of the other, we shall each co-operate with the other and take such reasonable commercial steps or provide such information as is necessary to enable each of us to comply with the data protection legislation in respect of the services provided to you in accordance with our engagement letter with you in relation to those services.
15. Limitation of Third Party Rights
- Persons who are not party to this agreement shall have no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement. This clause does not affect any right or remedy of any person which exists or is available otherwise than pursuant to that Act.
- The advice that we give to you is for your sole use and does not constitute advice to any third party to whom you may communicate it, unless we have expressly agreed in writing that a specified third party may rely on our work. We accept no responsibility to third parties, including any group company to whom the engagement letter is not addressed, your spouse nor any family member of yours or your employer, for any aspect of our professional services or work that is made available to them.
16. Client Identification
- In common with other professional services firms, we are required by the Proceeds to Crime Act 2002 and the Money Laundering Regulations 2017 to:
- Maintain identification procedures for clients, beneficial owners of clients and persons purporting to act on behalf of clients;
- Maintain records of identification evidence and the work undertaken for the client;
- Report, in accordance with the relevant legislation and regulations; and
- We have a statutory obligation under the above legislation to report to the National Crime Agency (NCA) any reasonable knowledge or suspicion of money laundering. Any such report must be made in the strictest confidence. In fulfilment of our legal obligations, neither the firm’s principals nor may staff enter into any correspondence or discussions with you regarding such matters.
- If we are not able to obtain satisfactory evidence of your identity and where applicable that of the beneficial owners, we will not be able to proceed with the engagement.
17. Our Membership of Kreston International
- Kreston International (‘Kreston’) is a global network of independent accounting firms which provide professional services to clients. Each firm is a member of Kreston International (‘Kreston International’), a UK company limited by guarantee, which provides no services to the clients of its members. Members of Kreston are separate legal entities and are only associated with each other through the common membership of Kreston International. Some of the members of Kreston use Kreston as part of their business name.
- Nothing in the arrangements or rules of Kreston constitutes or implies an agency relationship or a partnership between Kreston International and/or the member firms of Kreston.
- We may, from time to time, introduce you to partners or staff from other members of Kreston to assist us in providing services to you.
- If you use the services of such partners or staff in connection with this Engagement, you must make your own contractual arrangements directly with them and they are not deemed to be acting as our servants or agents. Accordingly, we are not liable for work which they carry out on your behalf. Neither Kreston International nor any other Member Firm of Kreston assumes any responsibility to you in connection with this Engagement, unless you contract directly with them. The fact that you may have been introduced to us by an associated Kreston entity does not make that associated Kreston entity or any its staff members responsible for any of our acts or omissions.
- By engaging us, you agree that any claim arising from this Engagement shall be brought only against this firm and that no claims in respect of this Engagement will be brought against any other Member Firm of Kreston or against Kreston International or personally against any other persons involved in the performance of this Engagement.
18. Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards
- Unless agreed specifically in a separate engagement letter, we are not responsible for your compliance with the International Tax Compliance (United States of America) Regulations 2013, produced as a result of FATCA. In particular, we are not responsible for the categorisation of any UK entity into either a Financial Institution (FI) or an active or passive Non-Financial Foreign Entity (NFFE) nor, if a Financial Institution, for its registration with the US Internal Revenue Service (IRS) and subsequent submission of the required annual returns to HM Revenue & Customs.
19. General Limitation of Liability
- We will provide our services as outlined in this letter with reasonable care and skill. Our liability to you is limited to losses, damages, costs and expenses caused by our negligence or wilful default. However, to the fullest extent permitted by law, we will not be responsible for any losses, penalties, surcharges, interest or additional tax liabilities where you or others supply incorrect or incomplete information or fail to supply any appropriate information or where you fail to act on our advice or respond promptly to communications from us or the tax authorities. Further, we will not be liable to you for any delay or failure to perform our obligations if the delay or failure is caused by circumstances outside our reasonable control. Subject to clause 19.5 below, our liability to you shall be limited as set out in our engagement or other client letter.
- You will not hold us, our directors, shareholders or employees responsible, to the fullest extent permitted by law, for any loss suffered by you arising from any misrepresentation, (intention or unintentional), supplied to us orally or in writing. This applies equally to fraudulent acts, misrepresentation or wilful default on the part of any party to the transaction and their directors, officers, employees, agents or advisers. However, this exclusion shall not apply where such misrepresentation, withholding or concealment is or should (in carrying out the procedures which we have agreed to perform with reasonable care and skill) have been evident to us without further enquiry.
- You agree that you will not bring any claim in connection with services we provide to you against any of our directors, shareholders or employees personally.
- Our work is not, unless there is a legal or regulatory requirement, to be made available to third parties without our written permission and we will accept no responsibility to third parties for any aspect of our professional services or work that is made available to them. You agree to indemnify us and our agents in respect of any claim (including any claim for negligence) arising out of any unauthorised disclosure by you or by any person for whom you are responsible of our advice and opinions, whether in writing or otherwise. This indemnity will extend to the cost of defending any such claim, including payment at our usual rates for the time that we spend in defending it and our legal fees on an indemnity basis.
- Nothing in this agreement shall exclude or limit our liability for death or personal injury caused by negligence nor for fraudulent misrepresentation or other fraud which may not as a matter of applicable law be excluded or limited.
20. Intellectual Property Rights and Use of Our Name
- We will retain all intellectual property rights in any document prepared by us during the course of carrying out the engagement except where the law specifically states otherwise. You may only use such rights to the extent we agreed when engaged to provide services to you and may not resell or sublicense such rights without our further prior consent.
- You are not permitted to use our name in any statement or document that you may issue unless our prior written consent has been obtained. The only exception to this restriction would be statements or documents that in accordance with applicable law are to be made public.
21. The Provision of Services Regulations 2009
- We are registered to carry on audit work in the UK by the Institute of Chartered Accountants in England and Wales. Details of our audit registration can be viewed at auditregister.org.uk under reference number C003910696.
- The professional rules applicable to our audit work are the Audit Regulations and Guidance which can be found at icaew.com.auditnews and the International Standards on Auditing (UK and Ireland) which can be found at www.frc.org.uk/apb/publications/isa.cfm.
- Our professional indemnity insurer is Zurich Insurance Plc of The London Underwriting Centre, 3 Minster Court, Mincing Lane, London, EC3R 7DD. The territorial coverage is worldwide excluding business carried out from an office in the United States of America or Canada and excludes any action for a claim brought in any court in the United States of America or Canada.
- We are also on the Irish audit register. Details of our audit registration can be viewed at search.cro.ie/auditors/ under reference number EWC003910696.
- If any provision of our engagement letter or terms of business is held to be void for whatever reason, then that provision will be deemed not to form part of this contract, and no other provisions will be affected or impaired in any way. In the event of any conflict between these terms of business and the engagement letter or appendices, the relevant provision in the engagement letter or schedules will take precedence.
23. Internal Disputes Within a Client
- If we become aware of a dispute between the parties who own the business, or who are in some way involved in its ownership and management, it should be noted that our client is the business (unless we have agreed otherwise) and we would not provide information or services to one party without the express knowledge and permission of all parties. Unless otherwise agreed by all parties, we will continue to supply information to the registered office/normal place of business for the attention of the directors/proprietors. If conflicting advice, information or instructions are received from different directors/principals in the business, we will refer the matter back to the board of directors/the partnership and take no further action until the board/partnership has agreed the action to be taken. In certain cases, we reserve the right to cease acting for the business/client entirely.
- If we resign or are asked to resign, we will normally issue a disengagement letter to ensure that our respective responsibilities are clear.
25. Provision of Cloud-Based Services
- Where the firm provides accounting software in the Cloud, this will be supplied by a third party (the ‘Cloud Supplier’). We have satisfied ourselves that the software providers we use have robust security and are aware of their obligations to ensure compliance with the relevant clauses in the firm’s standard terms of business above (i.e. Our fees (5), Confidentiality (7), Internet Communication (13), Relevant Data Protection Legislation and General limitation of liability (19)).
- The service provided to you by the Cloud Supplier will be a discrete web based hosted facility, and you agree that access will also be provided to the firm and the Cloud Supplier.
- The firm cannot be held liable for any interruption of service provided by the Cloud Supplier. However, we will liaise with them to help ensure that normal service is resumed as soon as possible.
26. Mail Received by Duncan & Toplis Addressed to the Client
- The office Director opens all mail, regardless who it is addressed to.
- The original letter may then be passed to the manager to action or forward to the client (physically or on email) at their discretion.
27. Credit-Related Services
- We are regulated by the Institute of Chartered Accountants in England and Wales to provide certain credit related services where these are complimentary to or arise out of the professional services we are providing to you. Such services may include a payment of fees by instalments. If during the provision of professional services to you, you need advice beyond what we are permitted to do, we may have to refer you to someone who is authorised by the Financial Conduct Authority, as we are not.