From whom do we collect personal data?
- Business clients — Our business clients may engage us to perform professional services which involves sharing personal data they control as part of that engagement. For example, we require personal data of a company’s employees if we are instructed to run a payroll. Our services may also include processing personal data under our clients’ control on other hosted software applications, which may be governed by different privacy terms and policies.
What sort of personal data do we collect?
We may obtain the following sort of personal data about individuals through direct interactions with Pulse Tax / Craig Payroll, or from information provided through client engagements as well as from outside sources such as HMRC / DWP.
- Personal data. This is a list of personal data we typically collect in order that we may conduct our business activities.
- Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email addresses, dates of birth and postal address).
- Financial information (e.g., taxes, payroll, investment interests, pensions, assets, bank details, insolvency records).
- We do not collect data such as, medical information, biometric information, race, religion, political affiliations or trade union membership
- Data in relation to a business or company connected to you.
What lawful reasons do Pulse Tax / Craig Payroll Services have for processing personal data?
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
- Contractual – We may process personal data to perform our contractual obligations.
- Consent – We may rely on your freely given consent at the time you provided your personal data to us.
- Legitimate interests – We may rely on legitimate interests such as delivering services to our clients i.e. we need a certain level of personal data to enable us to deliver the professional services our clients have engaged us to provide.
- Legal obligations and public interests – We may process personal data in order that we meet regulatory (such as Money Laundering) and public interest obligations or mandates.
Why do we need personal data?
We aim to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
- Providing professional advice, producing accounts, running a payroll and delivering reports required by law to regulatory bodies such as HMRC, Companies House, DWP
- Complying with legal and regulatory obligations relating to countering money laundering, terrorist financing, fraud and other forms of financial crime.
- Processing online requests, including responding to communications from individuals or requests for proposals and quotations.
Do we share personal data with third parties?
Essentially no we do not, there are however, the following exceptions to that and they are as follows:
- Our professional advisers, including lawyers, auditors and insurers.
- A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger/acquisition of part or all, of a client’s business or assets, or any associated rights or interests.
- Law enforcement or other government and regulatory agencies (e.g., HMRC / DWP) or to other third parties as required by, and in accordance with, applicable law or regulation.
We do not share your data with marketing companies.
We will not share data without your prior written consent.
Do we use tracking methods and cookies when I visit your website?
No, we do not. We do not collect any information about your browsing history or any external links you may follow.
What are your data protection rights?
Your data protection rights are highlighted here. Information om how to submit a data request can be found via the following link: ico.org.uk/for-the-public/personal-information
- Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
- Erasure – You can ask us to delete your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
- Correction – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
- Processing restrictions – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
- Data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee will be applied to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
Who can you contact for privacy questions or concerns?
- You may contact the UK Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ to report concerns you may have about our data handling practices.
What about personal data security?
Access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. All personal data in electronic form is held on password protected devices and held in encrypted files.
How long do we retain personal data?
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are obliged to meet. When appropriate or permitted to do so, we will dispose of personal data in a secure manner when it is no longer required.