• Collection of Data

    Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data with us where it is strictly needed for those purposes.
    Where we need to process personal data to provide professional services, we ask our clients or our client’s clients to provide the necessary information to the data subjects regarding its use. Our clients or their clients may use relevant sections of this privacy statement or refer data subjects to this privacy statement if they consider it appropriate to do so.
    The categories of personal data processed by us in relation to the services we provide to our clients are generally:

    • Personal details (e.g. name, age/date of birth, gender, marital status, country of residence);
    • Contact details (e.g. email address, contact number, postal address);
    • Financial details (e.g. salary and other income and investments, benefits, tax status); and
    • Job details (e.g. role, grade, experience and performance information).

    For providing Payroll Services to our clients, we may collect the above data for employees, contractors and sub-contractors of the client’s client
    Generally, we collect personal data from our clients or from third parties when providing services to the relevant client.  

    • Use​ ​of​ ​personal​ data

    Providing professional services
    We provide a diverse range of professional services including Book Keeping, VAT, Payroll, Management Accounts, Accounts Preparation and Personal Tax and Corporate Tax. Some of these services require us to process personal data in order to provide required deliverables
    Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data). Some of the measures we taken to ensure our clients data is protected are mentioned below:

    • The Network and Data Structure are ISO 27001 Certified
    • Paperless Environment
    • Automated Scans to identify harmful emails
    • Firewalls and other applicable security standards to detect, investigate and eliminate data threats
    • Policies and Procedures to monitor usage of data
    • Restricted use of Mobile Phones on the operations floor
    • 2 Level Authentication for accessing systems
    • Biometric access to ensure authorise access to the operations floor
    • Restriction on Computers, etc for transfer of data

    Further, we have procedures in place to monitor the quality of our services and manage risks in relation to our client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures.  

    • Data Retention

    We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
    In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is based on our client’s guidelines.
    Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

    • When and how we share personal data and locations of processing

    Further details about the processors (such as IT service providers) used by Corient and locations of processing are provided here. We may use other organisations to help us deliver our services as agreed with our client on an engagement-specific basis.