Systems used and personal data held
The purpose of this document is to talk through all the software systems I use and where data may be held as part of performance accountancy, which is part of Herrington Accounting Services.
JotForm
JotForm is used to capture your data. Be it your personal data, or for companies, in order to sign up with me for being a client. On the self assessment side it will collect your name, contact details, the type of income and costs you may have, as well as a few other bits and pieces. Most of the data collated here is used for your tax return.
Capsule
Capsule is my current CRM system. It captures your name, your address and a lot of the details that was on the JotForm, but this then is a computerised system, so I don’t actually lose the data. It also logs emails that I might have sent to you with regards to your tax return.
Accountancy Manager
This is where all current client data is held and stored as this helps to generate my workload as to what has to be done, by when, its deadline and task driven, so in this will be again your name, postal address, contact details and also things like your unique tax reference number and your national insurance number. Accountancy Manager is also a document portal, and clients can use this to sign tax returns, accounts, terms & conditions and any engagement letters.
Digita
This is a practice management tool and the only things that go in here are your name and contact details, your unique tax reference number, marital status, and things that are relevant for a personal tax return. This drives the engagement letter at the moment although this element will be replaced by Accountancy Manager. However, come 2020 when HMRC might introduce quarterly reporting for tax returns for individuals, this will end up being the driver to create those tax returns as there will be no access to the HMRC portal for Tax agents.
TaxCalc
The only thing TaxCalc is used for is to drive our anti-money laundering processes. TaxCalc requires your full name, postal address and date of birth in order to search all the public records & databases that is required for anti-money laundering requirements.
Campaign Monitor and MailChimp
Campaign Monitor and MailChimp are our email marketing systems. Both of them hold your name and email address only. Campaign Monitor will be the system that survives for email marketing, notifications, updates & newsletters to be sent out. MailChimp will cease to exist for us hopefully part the way through 2018.
You Can Book Me
YouCanBook.Me is a calendar booking system, so if you need to have a meeting with me or to discuss anything by phone, then you can use this to book a meeting into my Google calendar. The information stored is what you enter, so it’ll be your full name, your contact telephone number and your email address. If you do have a Skype call then it will also have your Skype address name.
Dropbox.
This is used where I store all client data, so it could be Excel spreadsheets & working papers, copies of tax returns, the anti-money laundering documentation etc. Dropbox is now coming under the GDPR compliance, so there should not be an issue in keeping documents held there.
Your paper file
Everybody has a paper file, so what’s included in the paper file will be a paper copy of the JotForm you completed plus, all the other onboarding documentation we need. There’ll also be a copy of your tax calculation, tax sign offs, submission receipts, prior accountants working, and potentially your bank details if you’ve asked us to do a refund for you from HMRC.
Adobe Sign
Adobe Sign is the current system used in order to sign your tax documentation, be it your corporation tax return, your company accounts, any self assessment tax return, your engagement letter, so the main thing it holds onto is your name and your email address, but obviously there will be the documents that you have to sign that’s on that system.
Process Street
Process Street records is my way of working, so it actually shows you the processes I go through in order to either onboard you or do your self assessment tax return. The only personal data that’s held on here is your full name and your contact email address. It also links to trello which is the current workflow management tool which just records you name and no other data.
The HMRC portal,
Well that is what we use in order to do your self assessment tax return and on there will everything that HMRC requires for your tax return, so it will have your name, your postal address, date of birth, your national insurance number, your unique tax reference number and it will obviously generate your tax return and your tax calculation. It won’t have your email or telephone number unless you decide to include it in your government gateway/personal tax account.
Performance Accountancy email
My email is linked to Gmail, so therefore what will come through there is any data that you send to me via email will be on my email account including your name, contact details and any reference data you might send.
Xero
The accounting system I use is Xero, so that’ll house your name, your postal address, contact number and email address. It won’t hold any other sensitive data. It’s so I can invoice you and be paid.
Bomb Bomb
This is a video platform where your name & email is held in order to send video messages to clients & prospects for updates in tax & accounts that may affect clients, as well as a more personal approach to welcome new clients & chase for data. I like the human touch.
There are a few other pieces of software we might have depending on whether we do your bookkeeping or not. If we do your bookkeeping or you’re linked to us for bookkeeping then some data might be in Datamolino or Receipt Bank. That’ll just have your name and email address on it and then whatever sales invoices you might put through it or purchase invoices, and Auto Statement will have bank statements going through it if we do your bookkeeping, so they will have your bank details in there.
I believe that is all the systems we use that contain any amount of personal data that could be linked back to you.
Systems compliance as at 30 April 2018
| System/Software | Server Location | GDPR Compliance |
| Jot Form | EU – German | Yes |
| Capsule | Amazon Web Services | Yes by 25 May 2018 |
| Accountancy Manager | London | Working on it |
| Digita | UK | Yes by 25 May 2018 |
| Tax Calc | Yes by 25 May 2018 | |
| Campaign Monitor | Yes | |
| Mailchimp | US Privacy shield | |
| You Can Book Me | Yes by 25 May 2018 | |
| Dropbox | USA | US Privacy shield but Plus account will be covered by GDPR |
| Paper Filing | ||
| Adobe Sign | Yes by 25 May 2018 | |
| Process Street | Amazon Web Services | Will be getting US Privacy shield |
| Trello | EU-US Privacy Shield and will be GDPR compliant by 25th May. | |
| HMRC Portal | ||
| Email via gmail | ||
| Bomb Bomb | Not yet ready and will not be ready for 25 may 2018 | |
| Text Anywhere | Textanywhere will be GDPR compliant before 25 May. |