This Privacy Policy sets out the basis on which we will process any personal data we collect from you, or that you provide to us. Please read it to understand how we use and protect your personal information. This policy may change from time to time so please check it periodically. It was last updated on 4th February 2022.
We are committed to protecting your personal information and being transparent about what information we hold about you. Using personal information allows us to develop a better understanding of our customers and the services we provide.
The purpose of this Privacy Policy is to give you a clear explanation about how we use the information we collect from you directly, and from third parties. We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information we may collect about you
- When and how we may use that information
- In what situations we may disclose your details to third parties
- Our use of cookies to improve your use of our website and marketing content
- How we keep your personal information secure
- How long we maintain it for and your rights to be able to access it
1. Contacting Tax Systems
For the purpose of the General Data Protection Regulation (GDPR) the data controller is known as either:
- Information Security Compliance Officer
ICO Registration Number ZA259790 - Tax Computer Systems Ltd (UK and Ireland)
ICO Registration Number ZA189581 - Osmo Data Technology Limited
ICO Registration Number Z9013757
If you want to know what information we hold about you, or if you have any other queries in relation to this Privacy Policy, our contact details are as follows:
Postal Address:
FAO: Data Protection Officer
Magna House
18-32 London Road
Staines-Upon-Thames
Surrey
TW18 4BP
Email: information.security@taxsystems.com
Please note: If you wish to opt out of any communication or amend your contact preferences, you can do so by contacting enquiries@taxsystems.com or by contacting us as per the details above.
2. What personal information we collect
2.1 Information you give us – For example when you register on our website or by phone we’ll store personal information you give us such as your name, work email address, work postal address, telephone number and mobile number. We will also store a record of all your orders, enquires and engagement. This information will be held on our system and may be used for operational purposes, such as the processing of orders in connection with our services and for mailing list subscriptions (see Section 4. How and why we use your personal data). Generic information about your interaction with our online content may be used to improve and tailor the services we offer you.
2.2 Special categories of personal data – data protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not collect this type of information about our customers unless there is a clear reason for doing so.
2.3 We may also collect generic information about your visit or use of the Tax Systems website such as your IP addresses, geographical location, browser type, referral source, length of visit and number of page views. We may use this information for security purposes as well as, but not limited to, optimising the use of the Tax Systems website and providing an improved and personalised experience. For example, we may use third party contributors such as analytics service providers for website traffic analysis and reporting and to track information such as which browser, screen resolution and IP address you are using to access our website, in addition to tracking your movements around our content.
3. The legal basis we rely on to process your personal data
According to current data protection laws, there is a series of bases under which we may process your data. These include:
3.1 Contractual obligations – when you make a purchase from us or indicate interest, you are entering into a contract with us or providing agreement to take the necessary data processing steps to reach contract stage. In order to perform this contract, we need to process and store your data. For example, we may need to contact you by email or telephone in the case of system upgrades, or in the case of problems with your payment.
3.2 Legitimate interest –
- In certain situations we collect and process your personal information to pursue our legitimate interests in a way which might be reasonably expected as part of running our business and which does not materially impact your rights, freedom or interests.
- • We may also use your engagement or previous enquiry history to send you personalised offers or marketing information by email or post about similar services and initiatives that we think may be of interest to you (you may opt-out of receiving these at any time using the contact details at the beginning of this policy).
- For research and reporting purposes (we also combine the order history of customers or prospective customers) to identify trends and ensure we provide the best possible customer service.
- Please see paragraph 5. Disclosure of your information to check where we may use this basis for processing.
3.3 With your explicit consent – In certain situations, where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information. For example, when you tick an opt-in box to receive specific communications. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service or offer.
3.4 Legal compliance – If the law requires us to, we may pass on details of people involved in fraud or other criminal activity which may affect Tax Systems.
Less commonly, we may process your personal information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
4. How and why we use your personal data
- To process or fulfil any bookings or orders that you place online, in person or over the phone;
- To provide you with marketing information by email or text about relevant products, services and events that you request from us, or which we feel may interest you, where you have consented to be contacted for such purposes, or it is our legitimate interest to do so;
- To provide you with marketing information by phone about relevant products, services and events that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or it is our legitimate interest to do so and we have checked the telephone preference service and our own marketing preference records;
- To provide employee training and quality assurance monitoring we may record phone calls;
- To provide you with marketing information by post about relevant products, services and events that we feel may interest you, where it is our legitimate interest to do so or you have consented to be contacted for such purposes;
- To provide you with marketing communications by post, email, web, text and/or phone about relevant products, services and news of other third parties that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- To provide customer service in relation to your use of the Tax Systems website, software solutions, and services to deal with enquiries and complaints and to notify you about changes to our services;
- To enable you to create an account and participate in interactive features of our website, software solutions, and services when you choose to do so;
- To provide customer service in relation to your use of the Tax Systems website and software solution, to deal with enquiries and complaints and to notify you about changes to our services;
- To administer, support, improve and develop our website and software solutions, ensuring that its content is presented in the most effective manner for you and for your computer;
- To send you (non-marketing) communications required by law or which are necessary to inform you about our changes to the services we provide to you (eg updates to this Privacy Policy);
- To improve our website, software solutions, and services, we may analyse information about how you use it and the content that you interact with. We may also monitor users’ use to enable us to analyse customer make-up, track patterns, review other site behaviour in order to determine what other solutions, services, and events you may be interested in, and in order to assist us improve our business generally. We’ll do this on the basis of our legitimate business interest;
- To send you surveys and feedback requests to help improve our services – participation in these is entirely voluntary and you therefore have a choice whether or not to disclose any information which might be required. We’ll do this on the basis of our legitimate business interest as this will help us make our products or services more relevant to you;
- To provide third parties with statistical information about our customers but this information will not be able to be used to identify any individual user;
- To identify and prevent fraud or any other criminal activity.
5. Disclosure of your information
5.1 Other than as expressly set out in this Privacy Policy or as otherwise required or permitted by law, we will not share, sell or distribute any of the information you provide to us without your consent.
5.2 Direct marketing – we aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as services you have contracted with us for in the past, as well as any preferences you may have told us about and any interest or interaction you have shown in our content. We use your explicit consent or our legitimate organisational interest as the legal basis for communications by post and email. You may opt-out of receiving these at any time using the contact details at the beginning of this policy.
5.3 Email marketing – When purchasing our services, we may send you information about similar products, related services and events which we feel may interest you, where you have consented to be contacted for such purposes, or it is our legitimate interest to do so. You are given the opportunity to opt out from any marketing communication on every subsequent marketing email you receive. You can also opt-out or update your contact preferences at any time by using the contact details at the start of this policy.
5.4 Third parties – We sometimes share your personal data with trusted third parties, including:
- Any third party to whom disclosure is necessary to enable us to provide you with any service to which you have subscribed (including, but not limited to, for the purposes of processing payments, or designing, maintaining and administering the Tax Systems website).
- Any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Policy or under our Terms & Conditions.
- Other parties within the Tax Systems group to contact you about events or services which may be of interest to you, only if you have consented to be contacted by third parties for such purposes.
- Customer research companies that may work with us to improve our services to you (in this case, all data is treated anonymously).
- Third party websites/advertisers to show you products that might interest you while you’re browsing the internet. This is based on the use of our website. Please refer to section 6. Cookies for details.
- In order to enforce any terms and conditions or agreements between us.
- As part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation (we will always notify you in advance and we will aim to ensure that your privacy rights will continue to be protected).
- To protect our rights, property and safety, or the rights, property and safety of others (this includes exchanging information with other companies, organisations and regulators for the purposes of fraud protection and credit risk reduction).
- In these cases, we require that these third parties comply strictly with our instructions and with data protection laws.
5.5 If we are required by law or requested by the police or a regulatory or government authority investigating potentially illegal activities to provide information concerning your activities whilst using the network we shall do so. We may also disclose personal information to appropriate third parties to assist in anti-fraud checks and investigations.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms.
You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the beginning of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
In order to fulfil our obligations to you and deliver the best possible level of customer of care, we currently use the companies listed in our Sub-Processor lists who will process your personal data (sometimes entirely anonymously) as part of their contracts with us:
https://www.taxsystems.com/dpa-subprocessors
6. Cookies
6.1 The Tax Systems website uses cookies to ensure that you get the most out of our website. Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used. We use cookies to identify how our content is being interacted with and what improvements we can make.
6.2 Therefore as soon as you download any of our content, we may send a cookie which may be stored by your browser on your computer’s storage. We may use the information we obtain from the cookie in the administration of the Tax Systems website, to improve our content’s usability and for marketing purposes. We may also use that information to recognise your computer when you visit our online content, to monitor website traffic and to personalise this for you.
Cookies used by Tax Systems include (but are not limited to)
Google Universal Analytics – First Party – Session to 2 years
To collect anonymous information about how visitors use our website and help us know what to improve.
LiveAgent – First Party – Session to 1 year
Both required and functional cookies for our Live Chat service to improve functionality and accelerate processing times. By saving a user’s settings, cookies can enhance the user’s experience and the Chat performance.
Google Ads – First Party – Session to 1 year
The conversion linker is set by Google to measure behaviour around our ads. They serve purposes such as measuring interactions with the ads and preventing the same ads from being shown to you too many times.
Google Remarketing – Third Party – Up to 1.5 years
Used to serve ads across the internet based on their interactions with our website or with similar websites to make sure we match the right people with the right message.
LinkedIn Insight – First & Third Party – Session to 2 years
This cookie allows us to gain valuable insights into LinkedIn users visits to our website and interactions with our LinkedIn ads. All data is encrypted and not personally identifiable
SalesLoft – First & Third Party – 10 years
Used to show how our contacts interact with our content as well as improve and personalise the experience when doing so. Examples include prefilled webforms and honouring preferences.
Application Gateway – First Party – Session
Cookies essential to the secure functioning of our website. Routes traffic correctly for the user providing load balancing.
6.3 If you do not wish us to install cookies on your computer for these purposes, you may change the settings on your internet browser to reject cookies and clear any that a visit has already placed. For more information, please consult the ‘Help’ section of your browser. Please note that if you do set your browser to reject cookies, you may not be able to use all of the features of our site and may experience reduced functionality when accessing certain services.
7. Third party sites and contributors
7.1 The website may contain links to other websites and microsites that are operated by third parties. We do not control those websites and microsites and as such this Privacy Policy does not apply to those websites and microsites. Please consult the terms and conditions and privacy policy of those third party websites and microsites to find out how they collect and use your personal data and to establish whether and for what purpose they use cookies.
8. Security – How we protect your data
8.1 We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We store all the personal information you provide, including your login and user details (where applicable), on our secure servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.
Only employees and approved contractors/sub-contractors/developers we may appoint from time to time, and who need the information to perform a specific job, are granted access to personally identifiable information.
Our offices and data centre locations are secure and only personnel holding appropriate security passes can access areas where personal data is stored.
When necessary, we dispose of, or delete your data securely.
We ensure that our employees, agents, contractors and sub-contractors are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties working on our behalf are aware of their privacy and data security obligations.
We limit access to your personal information to those employees, agents, contractors, sub-contractors and other third parties who have a need to know.
8.2 Regular security reviews are held by us to ensure that the site remains safe and secure for your protection.
8.3 Data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
9. International Data Transfer
9.1 Our servers are situated in the UK, however we collect data from wherever users are situated. The information that we collect may therefore be transferred to the UK from any other country in which you may be located, and will be subject to the UK data protection laws.
9.2 Your personal data may also be stored within the European Economic Area (EEA) by Sales, Marketing and Support systems.
9.3 Your personal data may be transferred, processed and/or stored outside the European Economic Area (EEA), for example if the supplier or service provider of our choice is based outside the EU. If we transfer your information outside of the EEA in this way, and the country in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you agree to this transfer, storing or processing.
10. Data retention – How long we will keep your personal data
10.1 We will retain your information, including your name, work address, work email, phone number (where applicable), for the duration of your contract (where applicable) and for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10.2 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.3 At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning and reporting.
Our retention periods may be extended or reduced if we deem it necessary, for example, to defend legal proceedings or if there is an on-going investigation relating to the information.
11. Your rights
11.1 Under certain circumstances, by law you have the right to:
- Access the information held about you (commonly known as a “data subject access request”)
- Ask us to make any necessary changes to ensure that it is accurate and kept up to date.
- Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.
- Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.
- Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.
- Ask us to transfer your personal information to another person or organisation.
You also have rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. We do not carry out any automated processing, including profiling, which produces significant legal effects concerning you.
If you wish to exercise any of these rights, please contact us (see paragraph 1. Contacting Tax Systems).
11.2 You may request us to cease sending you any marketing information at any time by updating your profile and contact preferences online or by notifying us in writing. However, if you withdraw your consent to certain types of processing we may be unable to fulfil our obligations to you (eg. providing customer services).
12. Queries and Complaints
12.1 If you have any questions about this Privacy Policy or how we handle your personal information, please contact us (see paragraph 1. Contacting Tax Systems).
12.2 You have the right to make a complaint at any time to the relevant Supervisory Authority
In the UK this is the Information Commissioner’s Office (ICO)
Information Governance department
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: +44 0303 123 1113
In Ireland, this is the Data Protection Commissioner
Data Protection Commissioner
Canal House
Station Road
Portarlington
R32 AP23
Co. Laois
Telephone: +353 57 8684800
6. Cookies
6.1 The Tax Systems website uses cookies to ensure that you get the most out of our website. Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function as well to provide website operators with information on how the site is being used. We use cookies to identify how the website is being used and what improvements we can make.
6.2 Therefore, we may send a cookie which may be stored by your browser on your computer’s storage. We may use the information we obtain from the cookie in the administration of the Tax Systems website, to improve the site’s usability and for marketing purposes. We may also use that information to recognise your computer when you visit the site, to monitor website traffic and to personalise the site for you.
6.3 If you do not wish us to install cookies on your computer for these purposes, you may change the settings on your internet browser to reject cookies. For more information, please consult the ‘Help’ section of your browser. Please note that if you do set your browser to reject cookies, you may not be able to use all of the features of our site.
6.4 As mentioned above, we may use an analytics service provider (such as Google Analytics) for website traffic analysis and reporting. Analytics service providers generate statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to the site may be used to create reports about the use of the site and the analytics service provider will store this information.
7. Third party sites and contributors
7.1 The website may contain links to other websites and microsites that are operated by third parties. We do not control those websites and microsites and as such this Privacy Policy does not apply to those websites and microsites. Please consult the terms and conditions and privacy policy of those third party websites and microsites to find out how they collect and use your personal data and to establish whether and for what purpose they use cookies.
8. Security – How we protect your data
8.1 We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We store all the personal information you provide, including your login and user details (where applicable), on our secure servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.
Only employees and approved contractors/sub-contractors/developers we may appoint from time to time, and who need the information to perform a specific job, are granted access to personally identifiable information.
Our offices and data centre locations are secure and only personnel holding appropriate security passes can access areas where personal data is stored.
When necessary, we dispose of, or delete your data securely.
We ensure that our employees, agents, contractors and sub-contractors are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties working on our behalf are aware of their privacy and data security obligations.
We limit access to your personal information to those employees, agents, contractors, sub-contractors and other third parties who have a need to know.
8.2 Regular security reviews are held by us to ensure that the site remains safe and secure for your protection.
8.3 Data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
9. International Data Transfer
9.1 Our servers are situated in the UK, however we collect data from wherever users are situated. The information that we collect may therefore be transferred to the UK from any other country in which you may be located, and will be subject to the UK data protection laws.
9.2 Your personal data may also be stored within the European Economic Area (EEA) by Sales, Marketing and Support systems.
9.3 Your personal data may be transferred, processed and/or stored outside the European Economic Area (EEA), for example if the supplier or service provider of our choice is based outside the EU. If we transfer your information outside of the EEA in this way, and the country in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you agree to this transfer, storing or processing.
10. Data retention – How long we will keep your personal data
10.1 We will retain your information, including your name, work address, work email, phone number (where applicable), for the duration of your contract (where applicable) and for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10.2 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10.3 At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning and reporting.
Our retention periods may be extended or reduced if we deem it necessary, for example, to defend legal proceedings or if there is an on-going investigation relating to the information.
11. Your rights
11.1 Under certain circumstances, by law you have the right to:
- Access the information held about you (commonly known as a “data subject access request”)
- Ask us to make any necessary changes to ensure that it is accurate and kept up to date.
- Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.
- Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.
- Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.
- Ask us to transfer your personal information to another person or organisation.
You also have rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. We do not carry out any automated processing, including profiling, which produces significant legal effects concerning you.
If you wish to exercise any of these rights, please contact us (see paragraph 1. Contacting Tax Systems).
11.2 You may request us to cease sending you any marketing information at any time by updating your profile and contact preferences online or by notifying us in writing. However, if you withdraw your consent to certain types of processing we may be unable to fulfil our obligations to you (eg. providing customer services).
12. Queries and Complaints
12.1 If you have any questions about this Privacy Policy or how we handle your personal information, please contact us (see paragraph 1. Contacting Tax Systems).
12.2 You have the right to make a complaint at any time to the relevant Supervisory Authority
In the UK this is the Information Commissioner’s Office (ICO)
Information Governance department
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: +44 0303 123 1113
In Ireland, this is the Data Protection Commissioner
Data Protection Commissioner
Canal House
Station Road
Portarlington
R32 AP23
Co. Laois
Telephone: +353 57 8684800