Forvis Mazars LLP Privacy Statement
Why we process Personal Data
Forvis Mazars LLP processes Personal Data for the following reasons:
- To provide professional services to our clients
- When we provide professional services to our clients, we may need to process the personal data of our clients, clients’ employees and directors, our clients’ customers, and other people associated with our client. In most cases, the client will provide us with the personal data we need to provide our services. For some services, we may collect the personal data directly from individuals.
- When we process personal data on behalf of our clients, it is our clients’ responsibility to ensure they have identified a lawful basis for the services we are providing. Otherwise, we have identified the necessity for the performance of a contract and necessity for our legitimate interests (we have a legitimate interest to provide the services to our clients) as our lawful bases for processing personal data.
- To meet our legal or regulatory requirements
- Certain statutory obligations apply to Forvis Mazars LLP (and its subsidiaries’) work which require us to process personal data. In some circumstances, we may be required to provide it to third parties such as our regulators and supervisory authorities, or law enforcement authorities and agencies. Where such obligations arise, we will, insofar as it is possible without breaching any other duty we owe, inform our clients.
- Forvis Mazars LLP completes checks on clients prior to providing services to ensure we do not have any conflicts that would interfere with our independence as auditors. These checks will take into consideration the financial interests, relationships, and publicly available information of our clients’ directors, shareholders and other third parties associated with the client. We will collect data from individuals directly or from the clients and will review this information with information we gather from third party data sources. We also exchange information with other firms of the Forvis Mazars global network to maintain our independence.
- Under anti-money laundering legislation, we are required to verify the identity of our clients’ directors and other associated individuals (including the beneficial owners of organisations and trusts) prior to commencing our services. To comply with this legal requirement, we use Smart Search and credit reference agencies (including Experian, Equifax, Transunion, and Dow Jones) who check the details supplied during our client onboarding process against information to which they have access. The credit reference agencies may keep a record of the information we provide them and disclose it (and the fact that a search was made) to its other customers, including for the purposes of assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors.
- To manage our business operations and run our firm
- We process personal data for data management activities (such as back up, storage, and destruction of data when it is no longer needed), managing our IT systems (including security monitoring), and business continuity purposes; these activities may include all personal data we handle.
- We also process limited personal data for billing, general administration, and client management.
- To facilitate our business operations, we may use artificial intelligence that may process personal data.
- We have identified the necessity for our legitimate interests as our lawful basis for these processing activities.
- To improve or develop our business and services
- We may use personal data on the lawful basis of our own legitimate interests in promoting and developing our services.
- Quality checks are conducted to ensure we provide a high standard of service.
- Activities promoting our services include direct marketing which individuals may opt-out of at any time. Opt-out can be achieved by responding using the unsubscribe options contained within the information you have received or by emailing our Data Protection Officer at privacy@mazars.co.uk.
- Some of our marketing emails may contain web beacons, web bugs, cookies or other similar technologies which enable us to understand whether an individual opens, reads, or deletes the message and any interaction an individual makes with links contained therein. When an individual clicks on a link in a marketing email they receive from us we may also use cookies to log what pages that individual views, in accordance with our cookies policy.
- When we create reports to assess our performance and for benchmarking purposes we may need to process limited personal data.
- We carry out profiling for the purposes of marketing, developing our business and understanding the needs of our clients. To facilitate this, we collect data from our website, our social media sites which may in turn collect data from your personal social media accounts; and Zoom (or other such facility) in the event you register for and attend an event we have organised. We do not use profiling technologies for any credit or other automated decision taking processes.
- We also use personal data in pursuit of the legitimate interests of third parties, including our clients and our suppliers. Those interests include delivering our services and facilitating service improvements in the software we utilise and other ancillary services.
Types of Personal Data Processed
The types of personal data collected and processed by Forvis Mazars LLP will vary depending on the services we are providing and the reasons for which we are processing it. We process the personal data of our clients, clients’ employees and directors, our clients’ customers, and other people associated with our client. These are the categories of personal data we process:
Category | Examples |
Demographic | Name, address, date of birth, telephone number, email address, marital status |
Financial | Bank details, salary information, tax liabilities, other pay deductions, payments to others |
Employment | Employer, job title, employment contact details, employment history |
Social | Achievements, social media information, education |
Special category | Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation |
Where we process Special Category Personal Data, we will seek consent where possible or ensure we have identified another lawful basis to process such data. Where we have relied on consent to process your Special Category Personal Data, you may withdraw your consent from processing at any time.
Duration of Processing
Forvis Mazars LLP will process personal data for as long as we are required to do so for the purposes for which we collected it (including where we have a legal or regulatory obligation to retain it). Our standard retention period where it is not otherwise determined by contractual or regulatory obligations is seven years. Sometimes we may need to retain information longer if we are required by a regulatory authority or if we need to establish, exercise or defend our legal rights.
Recipients of your Personal Data
Forvis Mazars LLP relies on a number of suppliers in order for us to provide our services and to operate our business (for example, our use of third party IT solutions). Our need to rely upon suppliers may vary depending upon the services we are delivering to our clients. Most of our suppliers will not engage directly with personal data, but sometimes they may need to access personal data to assist us (for example, when providing technical assistance). When suppliers process personal data on our behalf, we require them to provide at least the same level of protection for personal data as we do.
International Data Processing
We may transfer personal data outside of the United Kingdom or European Economic Area (EEA). We ensure we have taken appropriate measures to protect personal data and to comply with the data protection laws of the United Kingdom and EEA.
International data processing may occur in the following circumstances:
- Forvis Mazars LLP uses subsidiaries of Forvis Mazars LLP, other member firms of the Forvis Mazars Group (including subsidiaries of Forvis Mazars Group SC) or the Forvis Mazars Global network for some processing activities. When we use the services of other firms in the Forvis Mazars Global network, data may be stored or accessed from outside of the United Kingdom.
- Some of our suppliers may need to transfer data outside of the United Kingdom for the provision of services.
- Forvis Mazars LLP employees and partners may need to work from outside the United Kingdom occasionally and may have access to personal data when working abroad. When our people need to work abroad, we ensure appropriate security measures are in place to protect personal data.
Your Data Protection Rights
Individuals have various rights in relation to their personal data called Data Subject Rights. Individuals may:
- Request access to the personal data we hold about them;
- Ask us to correct any data which is inaccurate;
- Request to have their personal data deleted;
- Put in place restrictions on our processing of their data;
- Ask us to transfer their data to another controller.
Forvis Mazars LLP will handle all data subject rights requests in accordance with the data protection laws. Where we are processing personal data on behalf of our client or for the provision of services to a client, we may direct the data subject rights request to the client to handle. Requests should be submitted to our Data Protection Officer (privacy@mazars.co.uk).
If you are dissatisfied with the way we have handled your personal data, you may contact our privacy team at privacy@mazars.co.uk. If we are unable to resolve the matter for you, you may take your complaint to the Information Commissioner’s Office. Further details can be found via their website at www.ico.org.uk.
Data Security
Forvis Mazars LLP has put technological and organisational controls, including policies and procedures, in place to protect personal data from loss, misuse, alteration or unintentional destruction. Our staff have been trained to maintain the confidentiality of such information.
For more information on our security controls, please see Our Security Approach.
Data Protection EU Representative
In accordance with Article 27 GDPR we have designated an EU representative to act on our behalf if and when we undertake data processing activities to which article 3(2) of GDPR applies.
Our representative is:
Forvis Mazars Belgium
Bellevue 5 - B 1001
9050 Gent
Belgium
Changes to this Statement
We recommend you check this statement on a regular basis to ensure you remain informed about the activities we carry out in respect of processing personal data.
Should we make significant changes to the way we process personal data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our business activities.
Any changes to our ‘Website’ privacy statement shall be managed in accordance with the terms stated thereunder.
Last updated: June 2024