Personal information which you may supply to me will be dealt with in accordance with the General Data Protection Regulations ("GDPR").

Personal data has been been provided by or for you for the purpose of obtaining legal advice from me and will be used by me for legitimate purposes, that is the provision of legal advice and assistance in relation to taxation. Personal data which has not been obtained directly from you will come from publicly available sources of persons acting on your behalf. I may use personal data for the purposes of keeping you informed of elements in the law that I think may be of interest to you, but only with your express consent.

The data controller of the firm is Paul Giles, who can be contacted on paul.giles@paulgilestax.co.uk .

Personal data held by me is held in digital form on password protected computers. The data is backed up with an external hard drive kept on the firm's premises, another external hard drive kept on premises in the UK on behalf of the firm, and in the cloud through Microsoft Office 365 which is itself GDPR compliant. In addition there is personal data held in hardcopy form which is kept on the premises of the firm or at a storage facility operated by Whitefields Storage Ltd, which is itself GDPR compliant. Personal data is never stored outside the European Union and there is no intention for personal data to be transferred outside the European Union unless the United Kingdom ceases to be part of the European Union in which case I will comply with any replacement legislation of the United Kingdom.

I shall not share ordisclose your personal data to third parties without your consent unless required to do so by reason of law or regulatory requirements. Your consent will be assumed to be given where sharing such data is required for the purposes of providing you with legal advice and assistance.

Your data will be deleted following the later of the last date that I am required to keep such data by law, including in particular the legislation relating to taxation, and eight years after the last date on which I have submitted a bill to you.

You have the right to request access to and rectification or erasure of your personal data, to objects to and request the restriction of processing, and to data portability. You also have the right to withdraw your consent at any point where your consent is the lawful basis for processing of your data. In each case you should contact the data controller referred to above.

You have the right to complain to the Information Commissioner's Office in respect of any breach of my obligations under the GDPR.