AGM: Notice is hereby given that the 48th Annual General Meeting of Thames Valley Society of Chartered Accountants will be held at: 6pm for 6.30pm on Tuesday 23 September 2025 at Sonning Golf Club, Duffield Road, Sonning, Reading RG4 6GJ

Privacy Policy

The Thames Valley Society of Chartered Accountants (the “Society”), (together “the Society”, “we”, “us” or “our”) is committed to safeguarding information provided to us by any third parties (“you”), from which any individual can be identified, such as names, contact details and personal data (“Personal Information”).

The Society is registered at the Information Commissioner’s Office (‘ICO’) with registration number Z2255716, and acts as the data controller when processing your data.

1. IMPORTANT INFORMATION

This privacy policy aims to give you information on how the Society collects and processes personal data as a controller of data where it is supplied by you:

  • in connection with membership of the Society;
  • by sending us correspondence;
  • and/or providing us with products and/or services.

In addition, it outlines your data protection rights under the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679) (the “GDPR”).

Contact details can be found at the end of this document.

2. CATEGORIES OF DATA SUBJECTS

(A) MEMBERS

The kind of information we hold about you

The Society processes your personal information to meet our legal, statutory and contractual obligations and to provide our services.

We may hold such personal information which is provided by you directly (for example by completing application forms, telephone calls and/or corresponding with us), or which is provided to us by third parties.

We may collect, store and use the following categories of personal information about you:

  • contact details (including name, title, address, telephone number, personal email address);
  • marketing and communication preferences;
  • survey data (ie any responses provided by you as part of a survey/questionnaire);
  • bank/credit card account details;
  • job title;
  • place of work; and
  • qualifications.

Public databases – we may obtain information about individuals from public databases, or company websites. We use reputable sources including public repositories. We employ appropriate measures to assure the quality of information which we collect.

How we will use information about you

Your personal data may be processed by the Society or its sub-processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

(a) to register you as a member and ensure that goods and services can be sent out to your preferred address;

(b) to allow us to administer and manage your data as necessary to comply with applicable laws and/or in our legitimate interest;

(c) to provide you with updates about professional development training and Society social activities;

(d) to make payment or provide you with a refund;

(e) to give notice of Annual or Special meetings as required for the Society’s governance;

(f) to run reports and analysis of member data;

(g) to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes;

(h) direct marketing, communicating with you to promote our services and sending you our member magazine where you have consented to receiving such communications;

(i) to share attendee names and company details where you have consented to us doing so;

(j) to obtain post event feedback surveys and otherwise conducting research; and

(k) such other actions as are necessary to manage the activities and/or to comply with the legal obligations of the Society, including by processing instructions and enforcing or defending the rights and/or interests of Society, in order to comply with our legal obligations and/or to pursue our legitimate interests.

To ensure that we provide you with the best service possible, we may use and store your personal data and/or the personal data as well as keeping records of our conversations and meetings.

(B) BUSINESS CONTACTS (including personal data of speakers at Society events)

The following section of this policy sets out how the Society may process personal data (as a controller) about its business contacts and (current, previous and/or potential) service providers (and employees of service providers) and data subjects that have corresponded with the Society.

The kind of information we hold about you

We may collect, use, store and transfer different kinds of personal data about you which you provide to us including: name, address, email address, telephone numbers, place of work, biographical data, qualification and job title.

Public databases – we may obtain information about individuals from public databases, or company websites. We use reputable sources including public repositories. We employ appropriate measures to assure the quality of information which we collect.

How we will use information about you

We will use your personal data in the following circumstances: where it is necessary for our legitimate interests, or those of a third party (including in relation to the sending of electronic marketing communications) and where your interests and fundamental rights are not overridden or where we need to comply with a legal or regulatory obligation.

Your personal data may be processed by the Society or its sub-processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

(a) to hold your personal data on our system and to contact you on the basis of the legitimate interests of the Society (including in connection with using the services that you provide);

(b) in respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided;

(c) to send you electronic marketing communications;

(d) to comply with legal or regulatory requirements;

(e) to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes; and

(f) such other actions as are necessary to manage the activities and/or to comply with the legal obligations of the Society, including by processing instructions and enforcing or defending the rights and/or interests of the Society, in order to comply with our legal obligations and/or to pursue our legitimate interests.

We may share your personal data with our professional advisers such as accountants, lawyers or other consultants.

In addition, it may be necessary to disclose your Personal Information in order to comply with any legal obligation, carry out an internal investigation, or protect the rights, or safety of the Society staff.

(C) STAFF AND JOB APPLICANTS

The kind of information we hold about you

If you submit an application for a job with us we will store personal data relating to you. Depending on how far your application progresses, this might include your contact details, your relevant education and employment history, details of referees and information you provide in your CV. Further information may be generated by us later on, such as notes of interviews.

We may gather further personal data before deciding whether to make you a final offer such as proof of your identity, proof of your qualifications, pre-employment health questionnaires and credit checks.

Most of the personal data that we process about you when you apply for a job is information that you give us directly or is generated through the recruitment exercise, although we may gather information from recruitment agencies, your referees and credit reference agencies. We may in certain circumstances need to seek confirmation from the Home Office that you have the right to work in the UK.

Our staff may also give us emergency contact information as part of our emergency planning and may give us details of their dependents and of other people in relation to their employee benefit arrangements.

If you were put down by a Staff member as a next of kin or dependent, we will store your personal data to ensure the personnel records of the Staff member are correct and disclose your information to the relevant benefits provider.

The personal data described above is processed by us pursuant to our legitimate interests as an employer.

Public databases – we may obtain information about individuals from public databases, or company websites. We use reputable sources including public repositories. We employ appropriate measures to assure the quality of information which we collect.

How we will use information about you

We use your personal data to contact you about your application and to assess your experience and suitability for a job with us, to help us assess your training needs and understand your characteristics and working-style.

We may process special categories of data to ensure that we can comply with our legal or regulatory obligations as an employer, such as details of your right to work in the UK, information about your health (in order to assess whether you are medically able to carry out the work offered and whether any adjustments would be needed to your work environment), information provided as evidence of entitlement to statutory leave and pay, for example sick pay, maternity, paternity, adoption, parental and shared paternal leave, information about a disability (in order to assess the reasonable adjustments needed to your potential work environment), and details of your relevant criminal or disciplinary history.

We may process information about your health for the purposes of occupational medicine, in order to assess your medical capacity to perform the job you have applied for. We may also need to process personal data in order to exercise our legal rights and bring, or defend claims.

Some of our service providers who act as our processors could have access to your personal data such as our auditors, IT consultants or payroll providers. In addition, we may share your personal data with recruitment and credit reference agencies, who act as separate controllers of your personal data.

If you are employed by us, our privacy policy will apply to your personal data.

3. BASIS FOR PROCESSING YOUR DATA AND RIGHT TO WITHDRAW CONSENT

If we consider it necessary to obtain your consent in relation to the use of your personal data, we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

You have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal.

To withdraw your consent, or to opt out of receiving marketing communication, please contact us using the contact details at the end of this document, or follow the unsubscribe instructions included in each electronic marketing communication.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. 5 Where such processing is being carried out on the basis that it is necessary to pursue Society’s legitimate interests, such legitimate interests do not override your interests, fundamental rights or freedoms.

4. DISCLOSURES OF YOUR PERSONAL DATA

We will not disclose personal information we hold about you to any third party except as set out below.

We may disclose your personal data to third parties including the following:

  • tax, audit, regulatory bodies or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, in connection with any anticipated litigation, or in compliance with our legal and regulatory obligations);
  • third party service providers (including Suppliers) who perform functions on our behalf (including benefit providers such as pension providers and private medical insurance external consultants, business associates such as speakers at events and professional advisers such as lawyers, auditors and accountants, transport and distribution suppliers, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
  • third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place.

These third parties will be subject to confidentiality requirements and they will only use your personal information as described in this Privacy Policy.

5. RETENTION OF PERSONAL INFORMATION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you send us an enquiry, we will hold your data until the enquiry has been completed and no further response is received for a reasonable period.

If you subscribe to our marketing mailings we will keep your data until you tell us you no longer wish to receive them.

If you make a complaint, we will retain your data for a period of up to six years after resolution of the complaint.

If you apply for a job with us and your application does not result in us employing you we will delete all the personal data gathered during the recruitment exercise six months after the recruitment exercise has ended so that we can defend any legal claims arising from the recruitment process.

If you are a business contact we will keep your data until you tell us that you no longer wish to hear from us or our relationship is ended.

If you are a supplier, we will keep your data until 6 years after our contractual relationship ends.

6. INTERNATIONAL TRANSFERS

We do not transfer your personal data outside the European Economic Area (EEA).

However, some of the external service providers used by us may process your personal data and have operations or use IT services in countries outside the EEA.

Whenever your personal data is transferred out of the EEA by us, we ensure (or require that our service providers ensure) a similar degree of protection is afforded to it by ensuring that appropriate safeguards as required by applicable law, are in place.

7. DATA SECURITY

We have put in place what we consider to be appropriate technical and operational measures against unlawful or unauthorised processing of personal data we hold, and against the accidental loss of, disclosure, or damage to, personal data.

We also have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We aim to ensure that the level of security and measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.

If you suspect any misuse or loss of or unauthorised access to your personal data please let us know immediately by contacting the GDPR Officer using the contact details at the end of this document.

8. YOUR LEGAL RIGHTS

In certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy, or the reason for processing it. Please note that there may be circumstances where you ask us to restrict our processing of your personal information, but we are legally entitled to refuse that request.
  • Request the transfer of your personal information to another party.
  • Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processes based on consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you wish to exercise any of the rights set out above, please contact the GDPR Officer in writing using the contact details at the end of this document.

Generally you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally an extension of up to 2 months may be taken if your request is particularly complex, or you have made a number of requests. In this case, we will notify you within the first month, explain why the extension is required and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

9. CHANGES TO THIS PRIVACY NOTICE

We may update this privacy notice from time to time and will communicate such updates on our website.

10. HOW TO CONTACT US

If you have any queries about this policy or your personal data, or you wish to submit an access request, or raise a complaint about the way your personal data has been handled, please do so in writing and address this to the GDPR Officer at Thames Valley Society of Chartered Accountants c/o Grenville Court, Britwell Road, Burnham, Bucks, SL1 8DF or to [email protected].

May 2025

Scroll to Top