Tax and accounts software for accountants, tax specialists, SMEs and business owners

Taxshield P11D Manager

1. INTRODUCTION

1.1 Shield Products Limited t/as Taxshield (hereinafter referred to as "Taxshield”) complies with the principles of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

1.2 Taxshield’s company policy and reputation has been built on our ability to keep client data confidential and secure.

1.3 This policy sets out the basis on which personal data collected from you, or that you provide to us will be processed by us. This policy is in addition to additional obligations relating to your personal data contained in the specific terms and conditions that you may enter into with us in respect of our delivery and your receipt of Taxshield.

1.4 Your privacy and security are of primary importance to us and we are committed to safeguarding the privacy and security of our web based software users. We will always follow the principles set out above.

1.5 Taxshield offers web based services. We reserve the right to add, remove, or edit any of these services. We strictly protect the security of your personal information within the confines of these domains and we honour your choices for their intended use.

1.6 We have safeguards in place (some of which are set out below) to protect your data from loss, misuse, unauthorised access, alteration, or destruction. All users should handle their own and other people’s personal and confidential information with care. We protect your data from disclosure, with the exception of matters where designated by law or court order.

2. PROCESSING OF DATA & PRIVACY STATEMENT

2.1 Personal data is collected, stored, used, and transferred for the specific purposes or purposes for which you agreed to use the software and for those set out in this privacy statement. The personal data that we collect from you is generally as follows:

2.1.1 your name, your geographical address and/or IP address, your email address (hereinafter collectively referred to as "your Personal Data").

2.1.2 The storage of data may include (but are not limited to) items such as P11D inputs, Personal Tax Returns, ID and AV details as well as secure document storage.

2.1.3 the banking and payment information from your or the person/company nominated as being responsible paying the bill ("Billing Information").

2.1.4 any other data which we may require in order to provide you with the service that you have subscribed for and/or have engaged us to provide and for which we have a lawful basis for processing, including (but not limited to) those set out in paragraph 2.5 below.

2.2 If you have provided us with the personal data of another person ("Third Party Personal Data") you hereby confirm that they consent to the processing of their personal data by us and that you have informed them of our identity and the purposes (as set out herein and in any agreement between us) for which their personal data will be processed.

2.3 You thereby consent to the collection and processing of payments by Taxshield, or by a third party payments service provider acting on Taxshield’s behalf, to process or deliver orders, invoices, or notify you of the status of your order made via our website. No other use is made of your Billing Information, nor is it stored by us other than for use as set out in this paragraph 2.2.

2.4 None of the aforesaid data is shared with any third party (save with your express permission and by operation of law). That data is captured and processed securely for you.

2.5 The processing of personal data shall be carried out for purposes of running, debugging, maintenance, and/or optimisation of the service and/or to maintain customer relationships. Additionally, in some instances, we may also use personal data to send users information regarding update downloading, upgrades, enhancements, surveys, or advertisements.

2.6 Analysis of web or service usage (for purposes of debugging, maintenance, and optimization of service) shall never be done on a basis that reveals usage patterns of individual users, but it shall be done by aggregating data, anonymising individual identities. We will not share or disclose such details except as required by law or law enforcement.

3. OUR LEGAL BASIS FOR COLLECTING AND PROCESSING YOUR DATA

3.1 Contractual basis: When you click the "accept” box you are agreeing to be bound by this Privacy Notice which is part of the T&C and together form the basis of our contractual relationship with you. Therefore, we may collect, hold and process your personal data on the basis that you have accepted our contractual terms by agreeing to this Privacy Notice and the T&Cs. For this reason, when we need to send you any notification regarding any change in the Privacy Notice or any communication regarding these documents we may send you an email including the relevant provisions, such as answering your queries, complaints, acknowledgement of how many points you have, activation messages, deletion request responses.

3.2 Consent: We collect, hold and process your personal data on the basis that you give us consent when you accept this Privacy Notice and choose the different options (defined above in "your communication preferences”). In other words, we set out what we are going to do with your data in this Privacy Notice.

• We present a link to this Privacy Notice from our website.

• We ask you to read this Privacy Notice to ensure you are happy with the way that we will process your data.

• We ask you to confirm that you agree with our Privacy Notice when you confirm your decision to use Taxshield.

• You also have the option to opt in to the different marketing options that you prefer.

You remain in control of the personal data you share with Taxshield. You can change your preferences in at any time, by choosing whether you want to give consent to your data being processed for specific types of communication and / or communication channels. You can cancel your account at any time and your details and information will be deleted.

3.3 Necessary for the performance of the Contract

3.4 Legitimate interest: We may collect, hold and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, and send you information about Taxshield's features and updates.

NOTE: if you do not want to continue to receive these types of emails – notifications – you can opt-out at any time by sending an email to the following email address [email protected]

3.5 Vital interest: We may use your personal information to contact you if we reasonably believe that there is any urgent safety or product issue that we need to communicate to you because the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.

3.6 Legal Obligation: We may use and process your personal data to comply with our legal obligations such as HMRC requirements, if the Police requests it or to identify you as an individual if you contact us, or to verify the accuracy of your data.

3.7 The Company shall, as far as is reasonably practicable, to ensure that all data is:

• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes

• Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

• Not kept for longer than necessary

• Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.

• Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

• Not transferred to other countries without adequate protection

• Where consent is relied upon, the Company will ensure that such consent is specific and granular

3.8 We will use your Personal Data as follows:

3.8.1 to enable us to provide the services which we have agreed to provide to you;

3.8.2 to alert you to any product and service changes and updated information; and

3.8.3 for our own administration purposes.

3.9 We shall not pass your Personal Data to any third party for marketing purposes unless you have provided us with your consent to do so.

4. RETENTION OF YOUR PERSONAL DATA

4.1 The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.

4.2 When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.

4.3 The DPO will instruct specific members of staff to periodically review the data being held by the Company and to review whether or not it is still required to be held. This review will take place on an annual basis or, on an ad hoc basis should any issues be identified.

4.4 If your Personal Data changes, please notify us in writing at Taxshield, Finch House, 28/30 Wolverhampton Street, Dudley, DY1 1DB or emailing us at [email protected].

4.5 We will update your Personal Data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.

5.YOUR RIGHTS

5.1 Data subjects may make subject access requests ("SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why. The responsibility of responding to any SAR shall be that of the DPO. If you wish to contact us for these purposes, please email us at [email protected].

5.2 Data subjects wishing to make a SAR may do so in writing, using the Company’s Subject Access Request Form, or other written communication.

5.3 SARs should be addressed to the Company’s Data Protection Officer at Price Pearson Limited, Finch House, 28-30 Wolverhampton Street, Dudley, West Midlands DY1 1DB.

5.4 Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.

5.5 All SARs received shall be handled by the Company’s Data Protection Officer.

5.6 The Company does not charge a fee for the handling of normal SARs. However, the Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.

5.7 Data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.

5.8 The Company shall rectify the personal data in question, and inform the data subject of that rectification, within one month of the data subject informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.

5.9 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.

5.10 The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

5.11 Data subjects have the right to request that the Company erases the personal data it holds about them in the following circumstances:

• It is no longer necessary for the Company to hold that personal data with respect to the purpose(s) for which it was originally collected or processed;

• The data subject wishes to withdraw their consent to the Company holding and processing their personal data

• The data subject objects to the Company holding and processing their personal data (and there is no overriding legitimate interest to allow the Company to continue doing so)

• The personal data has been processed unlawfully;

• The personal data needs to be erased in order for the Company to comply with a particular legal obligation

5.12 Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request.

5.13 The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.

5.14 In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).

6. DISCLOSURE OF YOUR INFORMATION

6.1 We may disclose your Personal Data and/or Billing Information to any member of our group, which means our subsidiaries if we have received your consent to do so or if we have to do so in order to need to do so in order to carry out our contractual duties with you.

6.2 We may disclose your Personal Data and/or Billing Information to third parties only in the following limited situations:

6.2.1 if Taxshield or substantially all of its assets are acquired by a third party, in which case personal data held by Taxshield may be transferred to the entity acquiring Taxshield; or

6.2.2 if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation, or in order to enforce any of our agreements; or

6.2.3 to protect the rights, property, or safety of Taxshield, our customers, or third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

7.DATA BREACH NOTIFICATION

7.1 All personal data breaches must be reported immediately to the Company’s Data Protection Officer.

7.2 If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.

7.3 In the event that a personal data breach is likely to result in a high risk (that is, a higher risk than that described under Part 7.2) to the rights and freedoms of data subjects, the Data Protection Officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.

7.4 Data breach notifications shall include the following information:

• The categories and approximate number of data subjects concerned;

• The categories and approximate number of personal data records concerned;

• The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);

• The likely consequences of the breach;

• Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

8. COOKIES AND IP ADDRESSES

8.1 We may store information about you in a cookie (a small file that is sent by our web server to your computer), which we can access when you make return visits to www.taxshield.co.uk (the "Website"). Storing cookies is usual practice for any web site that needs to remember what its users' preferences are and we use cookies to keep track of your choices in the Website.

8.2 When you visit our site, we may also log your IP address, a unique identifier for your computer or other access device.

9.DATA PROTECTION REGISTRATION

9.1 We are registered as a data controller with the UK Information Commissioner's Office.

9.2 Our data protection registration number is Z9940633

9.3 The Information Commissioner regulates compliance with the Data Protection Act. See details at end of the contact page.

10 EFFECTIVE DATE AND NOTIFICATION OF CHANGES TO OUR PRIVACY STATEMENT

10.1 This Privacy Statement is effective as of 25 May 2018.

10.2 We reserve the right to change this Privacy Statement at any time. If we materially change this Privacy Statement, we will either notify you by email (sent to the e-mail address specified in your account) or post a prominent notice on our Website.

10.3 Any changes are effective as of the date we post them on the privacy statement page of our Website. We encourage you to periodically review this Privacy Statement.

11. OUR DETAILS

11.1 We are registered in England and Wales under registration number 4128649, and our registered office is at Finch House, 28-30 Wolverhampton Street, Dudley, West Midlands DY1 1DB.

11.2 Our principal place of business is at 6, Church Street, Kidderminster DY10 2AD

11.3 You can contact us by writing to the business address given above, by using our website contact form, by email to [email protected] or by telephone on 0870 609 1918.


Amended as of 1 November 2019

Share and email your Label documents securely using FileProtect