PRIVACY POLICY

1.         Introduction

ExpatUX Ltd (“We”) are committed to protecting and respecting your privacy at all times.

We are a private limited company established in England and Wales with company number 12570370 with registered address at Units 1 & 2, Bridge Road Business Park, Haywards Heath, RH16 1TX.  For the purposes of the Data Protection Act 2018 (“DPA 2018”) and any other applicable data protection laws (including the EU General Data Protection Regulation (the “EU GDPR”)), we are the data controller regarding any personal data that you have provided to us.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

The DPA 2018 gives data subjects (living individuals in respect of whom personal data is processed) enhanced rights and protections in relation to their personal data.  We have updated our Privacy Policy so we are completely clear as to what personal data we collect, why we collect that personal data and how we handle it.

This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you or third parties provide to us.  Please read this Privacy Notice (“Notice”) carefully so that you understand your rights in relation to your personal data, and how we will collect, use, and process your personal data.

This Notice explains our policy in relation to:

2.         Information we collect about you and how we use it

You and your employer provide certain information to us in relation to your personal circumstances and your employment which enables us to manage the data collection for tax compliance purposes and/or when contacting us online, by phone, email, post or any other engagement or correspondence that you or your employer may have with us.

You acknowledge that we may collect, use, process and transfer your personal data as set out in this Notice.

We reserve the right to change this Notice from time to time and you should therefore check this page frequently to ensure that you are happy with any changes. We will ensure that your personal data is handled in accordance with this Notice.

3.         What types of personal information do we collect about you

We hold the following personal information about you:

If you provide us with information about someone else, for example your family members and dependants, we will assume that you have their permission to do so. We will process their personal data in accordance with this Notice.  Please let them know you have provided their information to us and encourage them to read this Notice.

4.    How do we use your information

We will use your personal information for the purposes of tax compliance purposes.  We may receive information from third parties who collect your personal data and pass it on to us.  Where this is the case, the third party is responsible for obtaining the relevant consents from you to ensure you are happy with the ways in which your personal data will be used.

More information on the purposes for which we process your data and the legal bases for this processing can be found in additional information.

5.    Who we share your personal data with

We will never sell, rent or lease your personal information. We share your information with selected recipients as set out in this Notice. This includes sharing information with those who are involved in the tax compliance process, those who provide assistance to run the process, those who oversee the process, and those who may have a legal or regulatory right to request such information.

 6.    Where do we store your personal data

The information that we collect from you will be transferred to and stored at/processed in the UK/EEA. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Notice.

7.    Keeping your information safe

Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through this website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping such password confidential. Please do not share your password with anyone.

8.    How long will we keep your personal data

We will delete the data held in relation to you after 6 years, or earlier on request from your employer or yourself, subject to the following.  Your personal information may be held for longer where: (i) it is required by law or a court order; (ii) it is needed to establish, exercise, defend or pursue tax/ legal claims (iii) to deal with any queries relating to your tax affairs as necessary; and (iv) to protect the rights of another natural or legal person.

9.    Your rights regarding the personal information you provide to us

You have certain rights in relation to the personal information we hold about you, which we detail below. Some of these only apply in certain circumstances as set out below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before we respond to any of your requests. We must respond to a request by you to exercise those rights without undue delay and at least within one calendar month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us using the details at the end of this Policy.

Name of Rights

Right Description

How to make a complaint

right of information

You have the right to know the personal information we hold about you, how we use it, who we share it with and how long we keep your personal data.

Please contact us as soon as possible via the contact details at the end of this Policy

right of access

You have the right to know whether we process your personal information, and if we do, to access information we hold about you, how we use it and who we share it with.

If you require more than one copy of information we hold about you, it is free of charge, unless we deem it necessary to charge you an administration fee. We may not provide you with certain personal information if providing it would interfere with a person’s rights and freedom (e.g., where providing the personal information would reveal information about another person) or where another exemption applies. Please See “how long will we keep your personal data”.

right to rectification

The accuracy of the information we hold about you is important to us. Under the DPA 2018 and EU GDPR, you have the right to access the information we hold about you and have any inaccuracies corrected. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data.

right to erasure

This is also known as the “right to be forgotten”. Please see below for more information about the circumstances in which you may request that we erase the personal data we hold about you.

right to data portability

You have the right to receive a subset of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another third party.

If you wish for us to transfer the personal data to another third party, please ensure you detail that third party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with the rights and freedom of another person (e.g., where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).

restriction of processing to storage only

You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or to protect to right and freedom of another person. Please See “how long will we keep your personal data”.

make a complaint

You have a right to lodge a complaint with relevant data protection supervisory authorities. In the UK, it is the Information Commissioner’s Office (ICO).

Please contact ICO as soon as possible via here

Please contact relevant data protection supervisory authorities via here

10.    Third Parties

We may share your personal data with a third party where it is necessary (i) for the performance of the services you have requested (ii) for us to comply with our legal obligations or (iii) for our legitimate business interest.

11.    Technical information (including cookies) that we collect about you

When you visit our website, we collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), time zone setting, your login information, browser type and version, browser plug-in types and versions, operating systems and platforms.

We use cookies to collect information about your browsing activities over time following your use of our services. This allows us to recognise and count the number of users and to see how users navigate on our website when they are using it. This helps us to improve the services we provide to you and the way our website works.

12.    Complaints

If you wish to make a complaint about how we process your personal data, please contact us using the contact details below and we will endeavour to deal with your request as soon as possible. This does not interfere with your right to raise a complaint with a relevant data protection supervisory authority.

13.    Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact for the following regions:

Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/17012529084

14.    Changes to our Privacy Notice

Any changes we make to our Privacy Notice in the future will be updated on this page. Please check back frequently to see any updates or changes to our Privacy Notice. Any changes to this Notice will become effective when we post the revised Privacy Notice on our website. Your use of the tax compliance service, following these changes means that you accept the revised Privacy Notice. It is your responsibility to ensure that you are aware of the latest version of this Notice.

15.    Contact

If you have any questions, comments or requests regarding any aspect of this Notice, please contact us as soon as possible using the details as follows:

Data Protection Officer

ExpatUX Ltd

Units 1 & 2, First Floor Bridge Road Business Park,

Bridge Road,

Haywards Heath,

West Sussex,

RH16 1TX

Additional Information

1.    Legal Bases of Processing

Category of Personal Data

Purpose for Processing

Legal Basis of Processing

personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number and identifiers such as national insurance number

  • In relation to any correspondence (including queries relating to your information provided during the tax compliance process)
  • To notify you about our services and changes to our services
  • To conduct surveys
  • For internal record keeping
  • To verify your identity, to prevent and detect fraud and to comply with our legal and regulatory obligations

Performance of a contract as required under Tax compliance services

Legitimate interest to run an effective business

Personal details and family, lifestyle and social circumstances such as details about current marriage and partnerships and marital history, details of family and dependents

  • To carry out our obligations arising from any agreement that we have with, or concerning you

Performance of a contract as required under Tax compliance services

employment details such as employment and career history, recruitment and termination details, job title and job responsibilities, financial details such as income, salary, assets and investments, bank account details for tax compliance purposes, voluntary deductions, benefits, grants etc;

  • To comply with any present or future law, rule, tax legislation, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes
  • To comply with any present or future requests received from you or your employer
  • To comply with requests made by local and foreign regulators, governments and law enforcement authorities, and complying with any subpoena or court process, or in connection with any litigation

Performance of a contract as required under Tax compliance services

Legitimate interests to run an effective business

Technical information and other information about your visits to our website

  • To improve the services we provide to you and the way our website and systems work

Legitimate interest to ensure our website and systems are operating effectively

 2.    Who Do We Share Your Personal Data With

The categories of recipients

Who do we
share your personal data with

Categories
of recipients

  • cloud and other data storage providers, to store the personal
    data you provide and for disaster recovery services, as well as for the
    performance of any contract we enter into with you, your employer or
    your employer’s tax adviser;
  • legal and other professional advisers, to provide us with legal
    and other professional services (who in certain circumstances will also
    be ‘data controllers’);
  • HMRC and other relevant Government bodies, to help deal with and
    ensure the tax compliance process is followed.

We will share your information with law
enforcement agencies, public authorities or other organisations if legally
required to do so, or if we have a good faith belief that such use is
reasonably necessary to

Categories
of recipients

  • comply with a legal obligation, process or request;
  • enforce our terms and conditions and other agreements, including
    investigation of any potential violation thereof;
  • detect, prevent, investigate or otherwise address security, fraud
    or technical issues; or
  • protect the rights, property or safety of us, our users, a third
    party or the public as required or permitted by law (exchanging
    information with other companies and organisations for the purposes of
    fraud protection and credit risk reduction).

3.    Your Right to
Erasure

Right to
Erasure

You may request that we erase the personal data
we hold about you in the following circumstances

Right to
Erasure

  • you believe that it is no longer necessary for us to hold the
    personal data we hold about you;
  • we are processing the personal data we hold about you on the
    basis of your consent (please contact us via our contact details), and
    you wish to withdraw your consent and there is no other ground under
    which we can process the personal data;
  • we are processing the personal data we hold about you on the
    basis of our legitimate interest, and you object to such processing.
    Please provide us with details as to your reasoning via our contact
    details so that we can assess whether there is an overriding interest
    for us to retain such personal data; or
  • you believe the personal data we hold about you is being
    unlawfully processed by us.

Also note
that you may exercise your right to restrict our processing the data whilst
we consider your request as described below.

Please
provide as much detail as possible on your reasons for the request to assist
us in determining whether you have a valid basis for us to erase your
personal data. Please note, however, that we may retain the personal data if
there are valid grounds under law for us to do so (e.g., for the defence of
legal claims or freedom of expression) but we will let you know if that is the
case.

Where you
have requested that we erase your personal data that we have made public and
there are grounds for erasure, we will use reasonable steps try to tell
others that are displaying the data or providing links to the data to erase
the personal data too.

4.    Restriction of Processing to Storage Only

Restriction of
Processing to Storage Only

You have a right to require us to stop processing
the personal data we hold about you other than for storage purposes in
certain circumstances. Please note, however, that if we stop processing the
personal data, we may use it again if there are valid grounds under data
protection law for us to do so (e.g., for the defence of legal claims or to
protect the rights and freedom of another person).

You may request we stop processing and just store
the personal data we hold about you if

  • you believe the
    personal data is not accurate for the period it takes for us to verify
    your claim;
  • we wish to erase
    the personal data as the processing we are doing is unlawful but you
    want us to retain the personal data for storage but not further process
    it;
  • we wish to erase
    the personal data as it is no longer necessary for our purposes, but you
    require it to be stored for the establishment, exercise or defence of
    legal claims; or
  • you have objected
    to us processing personal data we hold about you on the basis of our
    legitimate interest (please contact us via our contact details), and you
    wish us to stop processing the personal data whilst we determine whether
    there is an overriding interest in us retaining such personal data.

You may object where:

  • we are processing
    the data we hold about you based on our legitimate interest or public
    interest (please contact us via our contact details above and you object
    to such processing. Please provide us with detail as to your reasoning
    so that we can assess whether there is a compelling overriding interest
    in us continuing to process such data or we need to process it in
    relation to legal claims. Also note that you may exercise your right to
    request that we stop processing the data whilst we make the assessment
    on an overriding interest by ticking the box for that purpose on the
    Data Subject Rights Form.
  • we are processing
    the data based on historical/scientific research or statistics and you
    have a particular reason to object. Your right would not apply where we
    have been tasked with and it is necessary for us to undertake such
    processing in the public interest.

5.    Transfer
Mechanism

Transfer
Mechanism

  • Model Clauses: The
    personal data that we collect from you will be transferred to, stored at
    and/or processed by the relevant recipient under a written agreement
    incorporating the EU Commission’s model clauses for the transfer of
    personal data to third countries (the ”Model Clauses”), pursuant to
    Decision 2010/87/EU. A copy of these Model Clauses is available upon
    request.

Copyright © Expatux 2021. All Rights Reserved

Cyber Secure Plus
IASMElogo-selfcertified-2017_v3

Design and Develop by :