Privacy Policy

With this Privacy Policy, we would like to inform you about the scope of the processing of your Personal Data when you visit our website at uktaxadvice.tax and/or use any other means of applications (collectively our “Platform”).

Who we are and how to contact us

  • We are UK Tax Advice and Accountancy of [20-22 Wenlock road, London, England, N1 7GU] (“UK Tax Advice and Accountancy”, “we”, “us” or “our”) and in the case of your direct use of our website and services, we act as the data controller in accordance with the UK`s Privacy and Electronic Communications Regulations (“PECR”) and the Data Protection Act 2018 (“DPA”), the California Consumer Privacy Act (“CCPA”) and the subsequent amendments from the California Privacy Rights and Enforcement Act (“CPRA”). As well as the EU`s Privacy and Electronic Communications Directive (“PECD”) and the General Data Protection Regulation (“GDPR”).
  • If you have any questions about the use of Cookies or about data protection in general, you can reach us at UK Tax Advice and Accountancy or
    020 7965 7362

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.

What is processing?

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

General information on data processing

In the course of our business and platform operations, we process data in our UK based headquarters and data collect through our website is generally transferred to our Google Firebase server operated by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the UK and EU and Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the UK and EU. The legal basis for the data processing is our legitimate interest in providing our platform. Where we transfer data outside the UAE, this is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.

All Personal Data that we obtain from you via the platform will only be processed if one or more of the following applies:

  • you have given your consent,
  • the data is necessary for the fulfilment of a contract / pre-contractual measures,
  • the data is necessary for the fulfilment of a legal obligation or,
  • the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular UK’s commercial and tax law, up to 6 years) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Processing of Automatically Collected Data

  1. Collection of access data and log files

    We collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

    Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

  • Use of cookies Cookies

    cookies” are small files that are stored on your device. Different information can be stored within the cookies. We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. For further information on the Cookies used on our website, please refer to our Cookie Policy. The legal basis for the use of cookies is our legitimate interest.

  • Device information

    Google and Apple may collect information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and WEBSITE settings and properties, WEBSITE crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.

  • Firebase

    We use the Google Firebase developer platform and related features and services provided by Google LLC and Google Ireland Limited. Google Firebase
    is a platform for developers of apps for mobile devices and website. The Google Firebase developer platform offers a variety of features. A list of these
    features can be found at: https://firebase.google.com/terms/. Firebase’s key security and privacy information can be found here:
    https://firebase.google.com/support/privacy

     

Data processing when you use our services
  • Contacting us

    If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your request.

  • Profile and account

    If you create a user account (both User and Business), we will collect both Personal and Non- Personal Data including your full name, phone number, email address, postcode. Within your profile you are able to delete your account at any time. Your data will be processed on the basis of your consent.

  • When using our services

    We process the data of our registered users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further.

    Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.

    You have choices about the Personal Data you upload and share. You don’t have to provide Personal Data; however, Personal Data helps you to get more from our Services. It’s your choice whether to include special category data and to make that special category data public. Please do not upload or add data that you would not want to be available.

    The legal basis for the processing of your personal and special category data is the establishment and implementation of the user contract for the use of the service as well as your consent. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

    You may withdraw your consent and request us to stop using and/or disclosing your personal and special category data by submitting your request to us in writing.

    The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your consent.

  • Service Notification

    By using our services, you are giving your consent to receiving notifications and messages per email. Those typically include administrative information about your account and activity. The legal bases are to provide you with our services and your consent.

  • Administration

    We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. As such, we process the same data that we process in the course of providing our contractual services (see above). The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.

    Furthermore, based on our business interests, we store information on suppliers, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

  • Marketing

    (f) Marketing Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to. Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

Obligation to provide Personal Data

You are not obliged to provide us with Personal Data. However, depending on the individual case as described above, the provision of certain Personal Data may be necessary for the provision of the services. If you do not provide us with this Personal Data, we may not be able to provide the requested service.

Do Not Sell

We do not sell data to third parties.

Authorisations and Access

The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our WEBSITE may not function as intended.

Transfer of Personal Data

We will not disclose or otherwise distribute your Personal Data to third parties unless this:
  • is necessary for the performance of our services,
  • you have consented to the disclosure,
  • or the disclosure of data is permitted by relevant legal provisions.

However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the above-mentioned laws. External service providers support us, for example, in the technical operation and support of the platform, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the above-mentioned laws responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organisational measures, and additional controls by us.

We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.

Automated decision-making

Automated decision-making including profiling does not take place.

Do Not Sell

We do not sell your Personal Data.

Children Data

We do not knowingly collect and process Personal Data of children.

Social media

We are present on social media on the basis of our legitimate interest. If you contact us via social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the DPA and GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself is very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfil the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any.

Data Security

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

We also use technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Your rights under data protection legislation

Under the DPA and the GDPR, you can exercise the following rights:
  • Right to Know/Access
  • Right to Delete
  • Right to Opt-out of Sale
  • Right to Non-Discrimination
  • Right to Rectification
  • Right to Limit Use and Disclosure of Sensitive Personal Data

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights.

The Supervisory Authority

The competent data protection authority in the UK is:

The Information Commissioner`s Office (ICO)
Wycliffe House, Water Ln,
Wilmslow SK9 5AF, UK
www.ico.org.uk

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us using hello@uktaxadvice.tax

Access Request and updating your Personal Data

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same using hello@uktaxadvice.tax

We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request.

If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

Changes and updates

We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We will amend our Privacy Policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification. This Privacy Policy was last updated on Saturday, 14 January 2023.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us using uktaxadvice.tax or 020 7965 7362 or mail us using the address indicated above.