Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (GDPR) says we have to give you as a ‘data controller’:
- Our site address is https://rndtax.co.uk
- Our company name is R&D Tax Solutions Limited
- Our company number is 09212506
- Our registered address is Melrose House, Suite 3, 181 Chorley New Road, Bolton. BL1 4QZ.
- Our nominated representative is Evgeni Vachkov and they can be contacted at email@example.com.
What We May Collect
We may collect, use, store, process and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier.
- Contact Data includes billing address, contact address, email address and telephone numbers.
- Financial Data that may include bank account and payment card details for any Services you may require from us.
- Transaction Data that may include details about payments to and from you if relevant, as well as other details of our products and services.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
- Profile Data includes your username and password, purchases or orders made by you (if applicable), your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our Website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Interaction Data includes any information that you might provide to any discussion forums on the Website.
- Third Parties and Information we receive from other sources We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case, where applicable, we will have informed you when we collected that data that it may be shared internally and combined with data collected on our Website. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, anti-money laundering referencing providers, etc) and may receive information about you from them.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We may process certain personal data, including contact information, such as first name, last name, email address, telephone number, mobile number and postal address used by you in your work-related capacity for marketing purposes under the lawful basis of legitimate interests. These data are obtained by us or our contractors, or by third parties based in EEA, from publicly available sources.
Our legitimate interests are to contact clients and/or potential clients about the services that we offer. The data subjects’ legitimate interest is to be able to receive marketing information that we believe may be relevant to the data subjects.
Collecting personal data from publicly available sources and processing them for the purposes of contacting data subjects is necessary in order to achieve the legitimate interests.
Where the data has already been made public by the data subject, the intrusiveness is minimal taking into account that the data relates to the work rather than the home sphere. In 2018, business people know and expect that their names, email addresses and work addresses may be selected for a targeted email or postal marketing campaign.
Telephone numbers may be kept by us but will only be used where explicit consent of data subjects is obtained in advance.
- Business contacts
We may process contact information, including name, company name, job position, work address, telephone number and e-mail address used in work related capacity, date of birth including those available via business networking websites, such as LinkedIn, for the purpose of business networking on the lawful basis of legitimate interests of all parties to network in the context of business.
It is necessary to exchange, keep and otherwise process contact information in order to network in the context of business.
There is normally a positive action taken by all parties to provide their contact details during networking with the expectation that such contact details, including personal data, may be used by the recipient for business networking.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
a) You have given consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which we are subject;
d) processing is necessary to protect the vital interests of you or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments, except where such interests are overridden by the fundamental rights and freedoms of the data subject, in particular where the data subject is a child.
In some instances, it may be appropriate for us to combine your information with other information that we may be holding about you, such as combining your name with your geographic location or your browsing or purchasing history.
If you choose not to provide the data
If you choose not to provide the personal information we request, you can still visit most areas of the Website. You have the final decision on whether to proceed with any activity that requests personal information.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
How your data is collected
We (or third party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information by way of different methods to collect data from and about you including through:
Direct interactions.You may give us your information by filling in forms via our Website or by corresponding with us by post, phone, email or otherwise.
This includes personal data you provide when you:
- Supply information you put into forms or surveys on our Website at any time
- Present Website content
- Correspond with us
- Receive our Services
- Request marketing to be sent to you;
- Enter a competition, promotion or survey; or
- Give us some feedback.
- Enable us to carry out work on your instructions;
- Enable us to comply with any legal, professional or regulatory obligations;
- Enable us to maintain client records;
- Verify your identity; and
- Complete our financial records
And in addition to the above, we may use your information in the following ways:
- To personalise your Website experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To allow us to better service you in responding to your customer service requests.
- To administer Website features.
- If You have opted-in to receive any e-mail newsletters or marketing services, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please refer to the “How can you opt-out, remove or modify information you have provided to us?” section below.
- Present Website content effectively to you.
- Provide information, products and Services that you request, or (with your consent) which we think may interest you.
- Carry out our contracts with you.
- Provide the relevant products or Services to you.
- Tell you our charges.
Automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
Third parties or publicly available sources. We shall contract with third parties to supply services to you on our behalf. These may include payment processing, business partners, IT support, suppliers, search engine facilities, advertising and marketing. We may also need to disclose your personal data if we are legally obliged to do so. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
We currently disclose your personal data to:
CONTACT / MARKETING: n/a
FINANCE & TRANSACTION: Zen Bookkeeping
SOFTWARE: Acorah Software Products Ltd, The Sage Group plc.
SERVICE PROVIDERS: Veriphy Ltd.
TAX AUTHORITIES: HMRC
PROFESSIONAL ADVISORS: n/a
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you are already our client, we will only contact you electronically about any services similar to those previously provided to you.
If you are a new client, you will only be contacted if you agree to it.
Please note that we don’t identify individuals to our advertisers, but we do give them aggregate information to help them reach their target audience, and we may use information we have collected to display advertisements to that audience.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the products and services we can provide you if you don’t provide your personal data in these cases.
How do we use your data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation
Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw your consent by contacting us at firstname.lastname@example.org. In this case wewill either delete your data from our systems or move your personal data to our “unsubscribe list”. However, you acknowledge this may limit our ability to provide the best possible services to you.
As already indicated above, with your permission or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email and, where we have a lawful basis for that, telephone, with information, news and offers on our Services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
What are cookies?
Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage of the Website. This allows the Website, through its server to provide the users with a tailored experience within this site.
Users are advised that if they wish to deny the use and saving of cookies from this Website on to their computer’s hard drive they should take necessary steps within their web browsers security settings to block all cookies from this Website and its external serving vendors or use the cookie control system if available upon their first visit.
A few of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Website and will last for longer.
Who sets the cookies?
Most cookies on our Website will be set by us, however some may also be set by third parties by virtue of certain software or systems that we may use.
Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can prevent the setting of cookies by adjusting the settings on your browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the Website.
The cookies will be used for:
Essential session management
- Creating a specific log-in session for a user of the Website in order that the Website remembers that a user is logged in and that their page requests are delivered in an effective, secure and consistent manner;
- Recognising when a user of the Website has visited before allowing us to identify the number of unique users we receive to the Website and make sure we have enough capacity for the number of users that we receive.
- Recognising if a visitor to the Website is registered with us in any way;
- We may also log information from your computer including the existence of cookies, your IP address and information about your browser program in order to allow us to diagnose problems, administer and track your usage of our Website.
- Customising elements of the promotional layout and/or content of the pages of the Website.
Performance and measurement
- Collecting statistical information about how our users use the Website so that we can improve the Website and learn which parts are most popular to user
Where We Store Your Data and Security
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see the European Commission: EU-US Privacy Shield.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website.
We have implemented security measures such as a firewall and encryption to protect any data and maintain a high level of security.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not keep personal data for longer than is necessary which is usually the life of our relationship and up to a period of seven to ten years after our relationship has ended. We may however be required to retain personal data for a longer period of time where we have legitimate interests to do so that are not overridden by data subjects’ rights and freedoms or to ensure we comply with our legislative and regulatory requirements. We review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internetand you take the risk that any sending of that data turns out to be not secure despite our efforts.
If we give you a password upon registration on our Website, you must keep it confidential. Please don’t share it.
Disclosing Your Information
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. The term “outside parties” does not include R&D Tax Solutions Limited. It also does not include our website hosting partners, business partners, suppliers, subcontractors and other third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
We contract with third parties to supply services to you on our behalf. These may include payment processing, software providers, delivery of solutions or additional services, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We are also allowed to disclose your information in the following cases:
- If we want to sell our business, or our company, we can disclose it to the potential buyer
- We can disclose it to other businesses in our group
- We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights;
- In connection with legal proceedings (including prospective proceedings);
- In order to establish or defend our legal rights; and
- We can exchange information with others to protect against fraud or credit risks.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
You can ask us not to use your data for marketing. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at email@example.com.
Under the GDPR, you have the right to:
- request access to, deletion of or correction of, your personal data held by us at no cost to you;
- request that your personal data be transferred to another person (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of your personal data; and
- complain to a supervisory authority.
- You also have rights with respect to automated decision-making and profiling as set out below.
Links To Other Websites
Automated Decision-Making and Profiling
In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us.
The right described in the paragraph above does not apply in the following circumstances:
- the decision is necessary for the entry into, or performance of, a contract between the you and us;
- the decision is authorised by law; or
- you have given you explicit consent.
Where we use your personal data for profiling purposes, the following shall apply:
- clear information explaining the profiling will be provided, including its significance and the likely consequences;
- appropriate mathematical or statistical procedures will be used;
- technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
- all personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.
If any such dispute cannot be settled amicably through ordinary negotiations between the parties, or either or both is or are unwilling to engage in this process, either party may propose to the other in writing that structured negotiations be entered into with the assistance of a fully accredited mediator before resorting to litigation.