Who we are
This is the privacy notice of Xcelsior Limited, company number 10818398 registered in England and Wales. Our website address is: https://www.xcelsior.ltd. In this document, “we”, “our”, or “us” refer to Xcelsior Limited.
At Xcelsior we care about your privacy and believe in transparency. That’s why we are committed to being upfront about our privacy practices. We only collect personal information necessary to deliver our services and we handle it carefully and sensibly.
If you have any questions about this Policy or how we look after your personal information, these should be sent by email to info@xcelsior.ltd or by writing to The Data Controller, Xcelsior Ltd, Saxon House, 27 Duke Street, Chelmsford, Essex CM1 1HT.
What personal data we collect and why we collect it
We may collect, process and store the following kinds of Personal Data, and we may also collect certain types of anonymous statistical data. Sometimes we may need to ask for your explicit consent to collect personal data and when this is required we will make that request clear.
Information you give us: We obtain information about you when you use our online Contact Us form on our Website or by corresponding with Us via telephone, email, face-to-face or other methods. The information you provide Us with may include name, address, telephone number, date of birth, email address, family information, financial and credit information.
Information We collect: Every time you visit our Website, we automatically collect the following information: Internet Protocol (IP) address, operating system, zone setting, browser type and information regarding what pages are accessed and when. If you contact Us, we may keep a record of that correspondence and we will retain any information that you provide to Us during the course of any work We carry out on your behalf.
We may use your Personal Data for a number of purposes including:
• Administer our relationship with you, provide services and respond to enquiries
• Enable business development including sending legal updates, publications and details to events
• Process applications for payment
• Deliver requested information to you about our services and our associated businesses
• Ensure the billing of any procured services and obtain payment
• Process and respond to any complaints
• Enable us to meet out legal and other regulatory obligations imposed on us
• Audit usage on our website
Who we share your data with
We never sell your personal data to any third party. We only share your data with third parties where it is required to do so by law and or to deliver the information and or services you have requested from us. This would also only be done with respect to the applicable Data Protection Legislation.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this Privacy Notice, we may disclose information about you:
• to carefully selected sub-processors to help us collect, store or manage your information. This will always be managed under the terms of a written data processing agreement;
• to the extent that we are required to do so by the applicable Data Protection Legislation;
• in connection with any legal proceedings or prospective legal proceedings;
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
Transfer of data outside of the EU
We shall not transfer any personal data to any country outside of the European Economic Area unless we ensure that such personal data is subject to an adequate level of protection and appropriate legal safeguards in accordance with Data Protection Legislation.
How long we retain your data
When acting as a data controller and in accordance with recognised good practice within the tax and accountancy sector we will retain all of our records relating to you as follows:
• where tax returns have been prepared it is our policy to retain information for seven years from the end of the tax year that the information relates to.
• where ad hoc advisory work has been undertaken it is our policy to retain information for seven years from the date the business relationship ceased.
• where we have an ongoing client relationship permanent information (the data supplied by you and others which is needed for more than one year’s tax compliance) including, for example, capital gains base costs and claims and elections submitted to HMRC are retained throughout the period of the relationship but will be deleted seven years after the end of the business relationship unless we are asked to retain it for a longer period by our clients.
Our contractual terms refer to the destruction of documents after seven years and therefore agreement to the contractual terms are taken as agreement to the retention of records for this period. Under the Money Laundering Regulations (MLR 2017) personal data must normally be destroyed within specified time limits but where contractual agreement is in place this is taken as agreement under Regulation 40 (5) MLR 2017 to retain records for the longer period of seven years.
You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us.
Documents and records relevant to your tax affairs are required by law to be retained by you as follows:
Individuals, trustees and partnerships
• with trading or rental income: five years and 10 months after the end of the tax year
• otherwise: 22 months after the end of the tax year
Companies, LLPs and other corporate entities
• six years from the end of the accounting period
Where we act as a data processor as defined in DPA 2018, we will delete or return all personal data to the data controller as agreed with the controller at the termination of the contract.
Cookies
We use cookies on the Website to help us understand how the Website is being used and to develop it with a view to providing our Website visitors with a better experience. A cookie is a computer file that is sent by a web server to a web browser when someone logs onto a website. Cookies are stored by the Website visitor’s browser – e.g. Chrome, Internet Explorer, Safari – until they automatically expire or until they are deleted by the Website visitor.
The information collected by the cookies is sent back to the web server each time the browser requests a page from the server. This enables the web server to identify and track how the web browser is using the Website.
The cookies we use allow us to understand things such as which pages a visitor views, for how long and how a visitor came to the Website (from which source e.g. Google, Twitter, Facebook). They cannot identify a specific person’s identity. They only collect anonymous data about how a person is using the Website. We may also use anonymous cookie data for remarketing purposes. This means, you may see our promotions and advertisements on other websites that you visit.
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
We use Google Analytics to help us understand how the Website is being used so that we can improve how it functions and our services. Google Analytics generates statistical and other information about how websites are used by using cookies.
Google may store this anonymous data in its servers in multiple locations across the world. You can find their privacy policy and more detail about the information they collect on their website here www.google.com/privacypolicy.html.
What rights you have over your data
You have rights in relation to any Personal Data that we hold about you. If you wish to access your Personal Data you may make a formal subject access request by contacting info@xcelsior.ltd.
At any time, you may review or update personally identifiable information that we hold about you, by contacting us via info@xcelsior.ltd.
To obtain a copy of any information that is not provided on our website you may send us a request by contacting us via email info@xcelsior.ltd.
If you wish us to remove personally identifiable information from our website, you may contact us at via email info@xcelsior.ltd.
How we protect your data
We have taken reasonable technical and procedural precautions to prevent the loss, misuse or inadvertent alteration of your personal data. We will store all the personal data you provide in secure servers or systems.
However, we cannot guarantee the security of any data you choose to send to us over the internet and if you choose to send such information to us via the internet, you do so at your own risk. The Website does however use an SSL certificate to help ensure that any information sent to us through it, is more secure than it otherwise would be.
If you look in the address bar of your browser, when visiting our site, you will see the letters https. The S stands for secure and means that information sent to us through our site is sent to us through an encrypted channel.
We are committed to ensuring that your information is secure and we have procedures in place to try and prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect online.
All the Personal Data collected by us and stored electronically is held on a secure server in the EEA only. Where required, this information is encrypted for additional security. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to Personal Data only for those employees who require it to fulfil their job responsibilities.
Information regarding children
We do not intentionally market our services or collect information via this website from data subjects under the age of 13. We do not collect information regarding children for the provision of our services and will erase any data collected if informed by the parent or legal guardian of a child whose data we have erroneously collected.
Changes to this privacy notice
We may change this Privacy Notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your Personal Data.
Please check this notice from time to time to ensure you are aware of any updates we may have made to our Personal Data handling practices. The date of the changes will be listed at the bottom of this page. We will endeavour to notify all of our current clients of any updates to this notice via email and we will post the relevant announcement on the Website homepage.
We recommend that you print a copy of this page for your reference.
Contact us
Should you wish to know more about how we handle your Personal Information then please contact us via email info@xcelsior.ltd
If you are unhappy about the way we handle your Personal Information and you feel that you have not had a satisfactory response to your questions then please contact the Information Commissioners Office via their website www.ico.gov.uk