This policy describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
INFORMATION ABOUT US
Our full details are:
Full name of legal entity: Premier Tax Solutions Limited
Email address: firstname.lastname@example.org
Postal address: Unit F1, Daisy Bank House, 17-19 Leek Road, Cheadle, ST10 1JE
Telephone number: 01782 479699
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com
1.HOW WE MAY COLLECT YOUR PERSONAL DATA
We obtain personal data about you from different sources including:
- From yourself
- From a third party acting on your behalf (such as a broker)
- From publicly available sources
- From other organisations
- THE KIND OF INFORMATION WE HOLD ABOUT YOU
The information we hold about you may include the following:
- Your personal details (such as your name, address, national insurance number, tax code, salary details);
- Details relating to your taxation affairs and history
- Financial information such as bank details, bank statements
- Details of contact we have had with you in relation to the provision, or the proposed provision, of our services;
- Details of any services you have received from us;
- Our correspondence and communications with you;
- Information we receive from other sources
- HOW WE MAY USE YOUR PERSONAL DATA
We may use your personal data in order to:
- Carry out our obligations arising from any agreements entered into between you and us and our clients and us
- Communicate with you
- Confirm your identity and address
- Provide you with information related to our services and our events and activities that you request from us or which we feel may interest you, provided you have consented to be contacted for such purposes;
- In some circumstances, we mayanonymise or pseudonymise the personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.
- If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
- We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
- HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
- The requirements of our business and the services provided
- Any statutory or legal obligations
- The purposes for which we originally collected the personal data
- The lawful grounds on which we based our processing
- The types of personal data we have collected
- The amount and categories of your personal data; and whether the purpose of the processing could reasonably be fulfilled by other means
- SECURITY OF DATA
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- HOW AND WHERE DO WE STORE OR TRANSFER YOUR PERSONAL DATA?
In order to perform our contract with you we may use external third parties based outside the EEA such as Xero so their processing of your personal data may involve a transfer of data outside the EEA. Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
We will only transfer your personal data to countries that have been deemed to provide adequate level of protection for personal data by the European Commission.
Where there is not an adequacy decision by the European Commission in relation to a country we may use certain service providers under specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- DATA SHARING
We may share your information with:
- third parties used to facilitate payment transactions, for example, Go Cardless/Directli
- third parties where you have a relationship with that third party and you have consented to us sending information (for example social media sites or other third party application providers);
- third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities.
- any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
- any third party in order to meet our legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
- HOW CAN YOU ACCESS YOUR PERSONAL DATA?
- If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held).
- This is known as a “subject access request”.
- All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 1.
- There is not normally any charge for a subject access request.
- We will respond to your subject access request within 30 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
- If you wish for your personal data to be erased from our various systems, please contact us (See Part 1) and we will follow our strict procedures to ensure that all of your data has been removed from our systems.
Services delivered via the website such as video or embedded content from external providers may also place cookies on your computer. By continuing to use this site you are deemed to be consenting to the website placing cookies on your computer as set out.
10. CHANGES TO THIS NOTICE
Any changes we may make to our privacy notice in the future will be updated on our website.
This privacy notice was last updated July 2018.