Data Protection Policy

Introduction

The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of MSK ACCOUNTING & TAXATION SERVICES in dealing with personal data, to ensure that the organisation complies with the requirements of the relevant Irish legislation, namely the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003).

Why the Policy Exists

MSK ACCOUNTING & TAXATION SERVICES must comply with the Data Protection principles set out in the relevant legislation. This Policy applies to all Personal Data collected, processed, and stored by MSK ACCOUNTING & TAXATION SERVICES in relation to its staff, service providers, and clients during its activities. MSK ACCOUNTING & TAXATION SERVICES makes no distinction between the rights of Data Subjects who are employees or clients and those who are not. All are treated equally under this Policy.

Scope

During its daily organisational activities, MSK ACCOUNTING & TAXATION SERVICES acquires, processes, and stores personal data in relation to:

  • The office of MSK ACCOUNTING & TAXATION SERVICES
  • All staff of MSK ACCOUNTING & TAXATION SERVICES
  • All contractors, suppliers, and other people working on behalf of MSK ACCOUNTING & TAXATION SERVICES

This applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR and Irish Data Protection Act 2018. This can include:

  • Names of individuals
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • Plus, any other information relating to individuals.

MSK ACCOUNTING & TAXATION SERVICES acts as both a Data Controller & Data Processor.

Responsibilities

Everyone who works for MSK ACCOUNTING & TAXATION SERVICES has some responsibility for ensuring data is collected, stored, and handled appropriately. Each person handling personal data must ensure it is processed in line with this policy and data protection principles.

The following people have key areas of responsibility:

  • Maria Sleziak Krynicka is ultimately responsible for ensuring that MSK ACCOUNTING & TAXATION SERVICES meets its legal obligations.
  • Risk and issues are managed by Maria Sleziak Krynicka.
  • Reviewing data protection procedures and related policies.
  • Arranging data protection training and advice.
  • Handling data protection questions from staff and others.
  • Handling requests to access data held by MSK ACCOUNTING & TAXATION SERVICES.
  • Approving contracts or agreements with third parties handling sensitive data.

MSK ACCOUNTING & TAXATION SERVICES is Responsible for:

  • Ensuring systems and equipment used for storing data meet security standards.
  • Performing regular checks to ensure security hardware/software functions properly.
  • Evaluating third-party services considered for data storage or processing (e.g., cloud computing services).

MSK ACCOUNTING & TAXATION SERVICES ensures that its staff have sufficient awareness of Data Protection legislation to identify issues, and appropriate corrective action is taken when necessary.

The Data Protection Principles

The following principles are enshrined in Irish legislation and are fundamental to the MSK ACCOUNTING & TAXATION SERVICES Data Protection policy:

  1. Obtained and processed fairly and lawfully: Data subjects will be informed of the identity of the Data Controller, the purpose(s) for data collection, and any disclosures. Consent will be sought where possible, or justified under lawful processing conditions.
  2. Obtained only for specified purposes: Data will be obtained for specific, lawful purposes, and MSK ACCOUNTING & TAXATION SERVICES will be transparent about those purposes.
  3. Not further processed in a manner incompatible with specified purposes: Data will only be used in ways compatible with the purpose for which it was collected.
  4. Kept safe and secure: High standards of security will be employed to protect personal data. Access is limited to authorised staff with password access, and data is encrypted when transferred electronically.
  5. Kept accurate, complete, and up to date: Regular assessments and reviews will ensure data accuracy.
  6. Adequate, relevant, and not excessive: Data processed must be relevant to its purpose.
  7. Not kept longer than necessary: Data retention periods are specified, after which data will be securely destroyed or erased.
  8. Accessible for data subject access requests: Data will be stored in a manner that allows for easy retrieval if a subject access request is made.

Lodging, Processing, and Storing Data Subject Access Requests

MSK ACCOUNTING & TAXATION SERVICES has implemented a procedure for handling subject access requests efficiently within the legally stipulated timelines.

If you would like to lodge a Subject Access Request, please email us. Your request will be acknowledged within 7 days, and the owner’s identity will be verified before releasing any data.

Definitions

  • Data: Includes automated and manual data, held on computers or in relevant filing systems.
  • Personal Data: Information related to a living individual who can be identified either directly or indirectly.
  • Sensitive Personal Data: A category of personal data related to race, religion, health, or sexual orientation, among others.
  • Data Controller: A person or entity controlling the content and use of Personal Data.
  • Data Subject: A living individual to whom personal data relates.
  • Data Processor: A person or entity processing personal data on behalf of a Data Controller.
  • Data Protection Contact: A person appointed to monitor compliance with Data Protection legislation and respond to data queries.
  • Relevant Filing System: Any set of information that is structured to allow easy retrieval of specific data.

Key Details

  • Policy prepared by: MSK ACCOUNTING & TAXATION SERVICES
  • Approved by the Owners: 05 October 2024
  • Policy became operational: October 2024
  • Next review date: April 2025
  • Policy updated: October 2024