Privacy Policy

Privacy Policy

1. PURPOSE OF THIS NOTICE
   The following notice explains how we collect and utilize your personal data in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act of 1998 or 2018, and any other applicable national implementing laws, regulations, and secondary legislation. We may amend or update these laws from time to time in the UK. We advise that you carefully read the following to understand our approach to handling your personal data and how we will manage it.
2. ABOUT US
   My Tax Doc Limited is a limited company registered in England and Wales as number 13669035 with its registered office at 82 James Carter Road, Bury St Edmunds, IP28 7DE. As the ‘data controller’ under the Data Protection Legislation, we are responsible for determining how we collect and use your personal data. We are obliged under the Data Protection Legislation to inform you about the contents of this privacy notice. We have designated a [Data Protection Officer OR data protection manager OR Head of Privacy OR Other as applicable] to act as our Data Protection Point of Contact and answer any inquiries regarding this notice or the processing of your personal data. For contact details, please refer to paragraph 12 (Contact Us) below.
3. HOW WE MAY COLLECT YOUR PERSONAL DATA

We collect personal data about you when:
• [You request a service proposal from us;]
• [You or your employer or our clients engage us for our services and during the provision of those services;]
• [You get in touch with us via email, telephone, post [or social media] (e.g., if you have a query about our services);] or [From third parties and/or publicly available resources (e.g., from your employer or Companies House)].

4. THE KIND OF INFORMATION WE HOLD ABOUT YOU
   We may hold the following information about you:
   • Personal details (such as name and address)
   • Details of our interactions with you regarding the provision or proposed provision of our services
   • Details of any services you’ve received from us
   • Our correspondence and communications with you
   • Information about any complaints and enquiries you’ve made to us
   • Information from research, surveys, and marketing activities
   • Information we receive from other sources, such as publicly available information or information provided by your employer or our clients, or our member network firms.
5. HOW WE USE PERSONAL DATA WE HOLD ABOUT YOU
   We may use your personal data for various purposes, including to fulfill our contractual obligations to you, your employer or our clients, as well as to comply with legal requirements. If you are an employee, subcontractor, supplier or customer of our client, we may process your personal data for the performance of our contract with our client. We may also process your personal data for our legitimate interests, as long as they do not override your own interests, rights, and freedoms. This may include processing for marketing, business development, statistical analysis, and management purposes. In some limited circumstances, we may need your consent to process your personal data for additional purposes, and if so, you have the right to withdraw your consent. Please note that we may process your personal data for multiple lawful reasons, depending on the specific purpose for which we are using your data.
   Situations in which we will use your personal data

We may process your personal data for the following purposes: • Fulfilling our obligations under any agreement between us and [you, your employer, or our clients], which usually involves providing our services; • Fulfilling our obligations under any agreement between us and our clients, which usually involves providing our services, and where you may be a subcontractor, supplier or customer of our client; • Providing you with information about our services, events and activities that you request from us or that we believe may interest you, if you have given your consent to be contacted for such purposes; • Seeking your opinions and feedback on the services we provide; • Notifying you about any changes to our services.
In certain cases, we may anonymize or pseudonymize your personal data, rendering it no longer associated with you, and we may use it without further notice to you.
If you decline to provide certain information when requested, we may be unable to perform our contractual obligations to you, or we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent when legally required or permitted to do so in accordance with this notice.

Data retention

The personal data we collect will only be retained for as long as necessary to fulfill the purposes for which it was collected. In determining an appropriate retention period for your personal data, we consider the following: • the requirements of our business and the services provided; • any statutory or legal obligations; • the purposes for which we originally collected the personal data; • the lawful basis for our processing of the data; • the types and amount of personal data collected; • whether the processing purpose could be reasonably fulfilled by other means

Change of purpose
If we need to use your personal data for a different purpose than the one for which we initially collected it, we will only do so if the new purpose is compatible with the original purpose. If it becomes necessary to process your personal data for a new purpose, we will inform you and provide the legal basis that allows us to do so before starting any new processing.

6. DATA SHARING
   Why might you share my personal data with third parties?
   We may disclose your personal data to third parties in circumstances where it is necessary to administer our relationship with you, where required by law, or where we have a legitimate interest in doing so. Third parties may include entities within our group, members of our firm’s network, or third-party service providers. These third-party service providers may provide us with services such as IT services, cloud services, professional advisory services, administration services, marketing services, and banking services. We require all of our third-party service providers to take appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions. If we need to disclose your personal data to any other third party, we will notify you and communicate the legal basis for doing so before any new processing begins.

What about other third parties?

Your personal data may be shared with other third parties in the event of a potential sale or restructuring of our business. Additionally, we may be required to share your personal data with a regulatory body or to comply with legal obligations.

7. TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

Your personal data may be shared with other third parties in the event of a potential sale or restructuring of our business. Additionally, we may be required to share your personal data with a regulatory body or to comply with legal obligations.

8. DATA SECURITY
   We have implemented commercially reasonable and appropriate security measures to safeguard your personal data from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed. Moreover, we restrict access to your personal data to employees, agents, contractors, and other third parties with a legitimate business requirement to access it. They will only process your personal data according to our instructions and are obligated to maintain confidentiality. We have implemented protocols to address any suspected data security breaches and will notify you and the appropriate regulator of any suspected breaches if required by law.
9. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
   Your duty to inform us of changes

Ensuring the accuracy of your personal information is important to us. If you need to update your personal information, please contact us using the contact information provided below.

Your rights related to your personal information:

You have the right to request access to your personal information. This allows you to receive information about the personal data we have collected about you and to ensure that we are processing it in a lawful manner.
You have the right to request that we correct any inaccurate personal data we have collected about you.
You have the right to request that we delete or remove your personal data where there is no legitimate reason for us to continue processing it. You may also request that we delete your personal data where you have exercised your right to object to processing (see below).
You have the right to object to the processing of your personal data when we are relying on legitimate interest (or the legitimate interest of a third party) and your particular situation warrants such an objection. You also have the right to object to the processing of your personal data for direct marketing purposes.
You have the right to request that we restrict the processing of your personal data. This allows you to request that we stop processing your personal data, for example, if you believe that it is inaccurate or there is no legitimate reason for us to continue processing it.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller where the processing is based on your consent and is carried out by automated means.
If you wish to exercise any of the above rights, please email our data protection point of contact at Zubair.ali@mytaxdoc.co.uk. We do not charge a fee to access your personal data or to exercise any of your other rights. However, if your request for access is clearly unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request. We may also need to verify your identity before providing access to your personal data to ensure that we do not disclose it to unauthorized parties. We have implemented commercially reasonable and appropriate security measures to prevent unauthorized access to your personal data and to ensure its accuracy. If we suspect that your personal data has been subject to unauthorised access, we will notify you and any relevant regulators in accordance with our procedures.

10. RIGHT TO WITHDRAW CONSENT
    If you have provided your consent for the collection, processing, and transfer of your personal data for a specific purpose (such as direct marketing), you can withdraw your consent for that particular processing at any time. To do so, please contact our data protection point of contact at Zubair.ali@mytaxdoc.co.uk.

Once we receive notice that you have withdrawn your consent, we will no longer process your personal data for the purpose(s) you initially agreed to, unless we have another legal basis for doing so.

11. CHANGES TO THIS NOTICE
    If we make any changes to our privacy notice in the future, we will update it on our website at www.mytaxdoc.co.uk. This privacy notice was last updated on March 9th, 2023.
12. CONTACT US
    Please feel free to contact our Data Protection Point of Contact, Mr. Zubair Ali at Zubair.ali@mytaxdoc.co.uk if you have any questions regarding this notice or if you would like to discuss how we process your personal data. In addition, you have the right to file a complaint with the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection matters. You can contact the ICO at any time using the following details: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone – 0303 123 1113 (local rate) or 01625 545 745 Website – https://ico.org.uk/concerns