Privacy Statement

Last revised: 11 December 2024

Accounting Valuation Experts is committed to protecting your privacy.  This privacy statement explains how we collect, handle, store and protect your personal information.

This privacy statement explains what personal information we collect about you, what we use it for and who we share it with.  It also sets out your rights and who you can contact for more information or queries.

Who are we?

Under the laws of the United Kingdom and European Union, a data controller is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal information is, or is likely to be, processed. 

The controller of your personal information is Accounting Valuation Expert LLP (“AVE”) with registered office address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom (“we”, “us” or “our”) and website address: www.aveforensic.com.

In very limited circumstances when we are providing services to you, we may act as a processor rather than a controller, in which case we will let you know and ensure that an appropriate contract is put in place.

Who does this privacy statement apply to?

This privacy statement applies to the personal information of:

  • users of our website;
  • individuals that we provide services to;
  • contact persons or other relevant personnel of businesses that we provide services to; and
  • any other person that we inform that we are processing their personal information with reference to this privacy statement.

Contact details

We have appointed a data privacy officer who is responsible for overseeing questions in relation to this privacy statement. If you have any questions about this privacy statement, including any requests to exercise your legal rights, contact the data privacy officer using the details set out below:

Email: dpo@aveforensic.com.

What type of information we have

If you are a user of our website and you contact us, we collect the following personal information:

  • Contact Data – including address, email, and mobile phone number.
  • Marketing and Communications Data – including your preferences in receiving marketing from us and your communication preferences.

We collect the following data from all website users:

  • Technical Data – including internet protocol (IP) address and the media access control (MAC) address of the device you use when logging in to any guest Wi-Fi service which we hold for 24 hours.

If you are an individual customer that we provide services to, in addition to the personal information set out directly above (in respect of website users (as applicable)), we collect and process the following information:

  • Identity Data – including title, name, gender, age, date of birth, National Insurance number and photographic identification data.
  • Contact Data – including address, email, and mobile phone number.
  • Employment Data – including, as applicable, the organisation you work for, your job title and your education details.
  • Transaction Data – including details about payments to and from you and other details of services you have purchased from us.
  • Usage Data – including details of how you use our services and any complaints you make.
  • Financial Data – including bank account and payment card details.

If you are a customer that is a legal entity, in addition to the personal information collected in respect of website users (as applicable), we collect and process the following information:

  • Identity Data – including title, name;
  • Contact Data – including address, email, and mobile phone number.
  • Employment Data – including, the organisation you work for, your job title and your education details.

How we get the information and why we have it

We collect and process information about you that you provide to us, that we obtain from third parties, that is collected by our website or that is publicly available.

Personal information

We are required by law to set out the legal grounds on which we rely to process your personal information. These are set out below and we further describe the purposes which we rely on each legal ground for in the section headed “What we do with the information” below):

  • The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
  • The processing is necessary for compliance with a legal obligation such as keeping records for tax purposes or providing information to a public body, law enforcement agency or regulator;
  • The processing is necessary to perform a task carried out in the public interest;
  • The processing is necessary for the purposes of a legitimate interest pursued by us or a third party and your interests and fundamental rights do not override those interests. Such a legitimate interest might be:
    • to provide our services to you or our clients and other third parties;
    • to ensure that our client engagements are well-managed;
    • to prevent fraud;
    • to protect our business interests;
    • to ensure that complaints are investigated; or
    • to keep you or our clients informed about relevant services and provide you with information.

We do not generally rely on consent as a legal basis for processing your personal information. If we do, you have the right to withdraw consent at any time by contacting us.

What we do with the information

We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so.  We have also identified what our legitimate interests are where appropriate.

We may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data.  

Purpose or activityType of dataLawful basis for processing including basis of legitimate interest
To check whether we can act for you as a new or existing client or adverse to you as a counter party or other third party on a matter involving a new or existing client, and carry out all of our regulatory compliance requirements, including conflicts of interest, anti-money laundering, anti-terrorism, sanctions, fraud and background screeningIdentity Contact Financial Employment DataPerformance of a contract with you Necessary to comply with a legal or regulatory obligation Public interest Necessary for our legitimate interests (to detect and prevent fraud, money laundering and terrorism offences)
To deliver our services to you including engaging service providers, managing payments, fees and charges and collecting and recovering money owed to usIdentity Contact Financial Transaction Marketing and CommunicationsPerformance of a contract with you Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with youIdentity Contact Marketing and CommunicationsPerformance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to review how clients use our services)
To enable you to complete a surveyIdentity Contact Usage Marketing and CommunicationsPerformance of a contract with you Necessary for our legitimate interests (to review how clients use our services, to develop them and grow our business)
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)Identity Contact TechnicalNecessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant website content to you and measure or understand the effectiveness of the marketing we provide to youIdentity Contact Usage Marketing and Communications TechnicalNecessary for our legitimate interests (to study how clients use our services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our services, marketing, customer relationships and experiencesTechnical UsageNecessary for our legitimate interests (to define types of clients for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)  
To make suggestions and recommendations to you about services that may be of interest to youIdentity Contact Technical Usage Marketing and CommunicationsNecessary for our legitimate interests (to develop our services and grow our business)

Sharing your information with others

We may share your personal information with:

  • Third parties that provide services to us, such as providers of IT services, compliance services and system administration services;
  • Competent authorities (including , courts and authorities regulating us);
  • Our professional advisers, including, as applicable, lawyers, bankers, accountants, auditors and insurers;
  • Any other person or organisation after a restructure, sale or acquisition of us, as long as they use your information for the same purposes we did; or
  • Other third parties that reasonably require access to personal information relating to you.

We require all third parties to respect the security of your personal information and to treat it in accordance with data protection law.

We may use your Identity, Contact, Technical and Usage Data from time to time to inform you by letter, telephone, email and other electronic methods about products and services (including those of third parties) that may be of interest to you.  You may, at any time, ask us not to send such information to you by following the unsubscribe instructions in communications from us or by emailing dpo@aveforensic.com.

We will get your express opt-in consent before we share your personal information with any third party for marketing purposes.

International transfers

We do not routinely transfer your personal information outside the UK and EU. If it is necessary to transfer your personal information outside of the UK and the EU, this will only be done in accordance with data protection law.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for a purpose which is not compatible with the original purposes for which we collected your personal information, we will notify you and we will explain the legal basis which allows us to do so.

How we store your information

Your information is securely stored in UK and/or EU.  We use a range of measures to ensure we keep your personal information secure, accurate and up to date, including:

  • Limiting access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal information on our instructions and they are subject to a duty of confidentiality;
  • Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;
  • Administrative and technical controls to restrict access to personal information to a ‘need to know’ basis;
  • Technological security measures, including encryption; and
  • Physical security measures, such as security passes to access our premises.

The transmission of data over the internet (including by e-mail) is never completely secure.  So, although we use appropriate measures to try to protect personal information, we cannot guarantee the security of data transmitted to us or by us.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will you use my personal information for?

We retain your personal information for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your personal information: see the paragraph below for further information.

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your data protection rights

Under data protection law, you have rights including:

  • The right to request access to your personal information;
  • The right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete personal information you think is incomplete;
  • The right to ask us to erase your personal information in certain circumstances;
  • The right to ask us to restrict the processing of your personal information in certain circumstances;
  • The right to object to the processing of your personal information in certain circumstances;
  • The right to ask us to transfer your personal information; and
  • Withdrawal of consent.

You are not required to pay any charge for exercising your rights.  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we could refuse to comply with your request in these circumstances.

If you make a request, we will try to respond to you within one month.  Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Please contact us at dpo@aveforensic.com if you wish to make a request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights).  This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

If you require further information on your rights under data protection law and the circumstances in which you can exercise those rights, you can refer to the guide available at: https://ico.org.uk/for-the-public.

Third-party links

Our website may include links to third-party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy policy of every website you visit.

How to make a complaint

If you wish to make a complaint about how we are using your information, exercise any of the rights set out above, or if you have any questions or comments about privacy issues, you can contact us by sending an email to dpo@aveforensic.com.

You can also complain to the Information Commissioner’s Office on +44 303 123 1113 or to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

Changes to this privacy statement

We may modify or amend this privacy statement from time to time.  When we make changes to this privacy statement, we will amend the revision date.  The modified or amended privacy statement will apply from that date.  We encourage you to review this statement periodically to remain informed about how we are protecting your information.

Keeping your data current

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.