PRIVACY POLICY

1.         Introduction

ExpatUX Ltd (“We”) are committed to protecting and respecting your privacy at all times. 

We are a private limited company established in England and Wales with company number 12570370 with registered address at Units 1 & 2, Bridge Road Business Park, Haywards Heath, RH16 1TX.  For the purposes of the Data Protection Act 2018 (“DPA 2018”) and any other applicable data protection laws (including the EU General Data Protection Regulation (the “EU GDPR”)), we are the data controller regarding any personal data that you have provided to us.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

The DPA 2018 gives data subjects (living individuals in respect of whom personal data is processed) enhanced rights and protections in relation to their personal data.  We have updated our Privacy Policy so we are completely clear as to what personal data we collect, why we collect that personal data and how we handle it. 

This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you or third parties provide to us.  Please read this Privacy Notice (“Notice”) carefully so that you understand your rights in relation to your personal data, and how we will collect, use, and process your personal data.

This Notice explains our policy in relation to:

• what information we collect about you;
• how we use your information;
• who we share your information with;
• where and how long we will keep your data;
• how we keep your information safe;
• your rights regarding the personal information you provide to us;
• technical information that we collect about you (including via the use of cookies on our website); and
• who you can contact if you have questions or complaints about how we process your personal data.

2.         Information we collect about you and how we use it

You and your employer provide certain information to us in relation to your personal circumstances and your employment which enables us to manage the data collection for tax compliance purposes and/or when contacting us online, by phone, email, post or any other engagement or correspondence that you or your employer may have with us.

You acknowledge that we may collect, use, process and transfer your personal data as set out in this Notice.

We reserve the right to change this Notice from time to time and you should therefore check this page frequently to ensure that you are happy with any changes. We will ensure that your personal data is handled in accordance with this Notice.

3.         What types of personal information do we collect about you

We hold the following personal information about you:

• personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number and identifiers such as national insurance number;
• marriage, partnerships and marital history, details of family and dependants;
• employment details such as employment and career history, recruitment and termination details, job title and job responsibilities, financial details such as income, salary, assets and investments, bank account details for tax compliance purposes, voluntary deductions, benefits, grants etc;
• technical information and other information about your visits to our website.

If you provide us with information about someone else, for example your family members and dependants, we will assume that you have their permission to do so. We will process their personal data in accordance with this Notice.  Please let them know you have provided their information to us and encourage them to read this Notice.

4.    How do we use your information

We will use your personal information for the purposes of tax compliance purposes.  We may receive information from third parties who collect your personal data and pass it on to us.  Where this is the case, the third party is responsible for obtaining the relevant consents from you to ensure you are happy with the ways in which your personal data will be used.

More information on the purposes for which we process your data and the legal bases for this processing can be found in additional information.

5.    Who we share your personal data with

We will never sell, rent or lease your personal information. We share your information with selected recipients as set out in this Notice. This includes sharing information with those who are involved in the tax compliance process, those who provide assistance to run the process, those who oversee the process, and those who may have a legal or regulatory right to request such information.

 6.    Where do we store your personal data

The information that we collect from you will be transferred to and stored at/processed in the UK/EEA. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Notice.

7.    Keeping your information safe

Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through this website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping such password confidential. Please do not share your password with anyone.

8.    How long will we keep your personal data

We will delete the data held in relation to you after 6 years, or earlier on request from your employer or yourself, subject to the following.  Your personal information may be held for longer where: (i) it is required by law or a court order; (ii) it is needed to establish, exercise, defend or pursue tax/ legal claims (iii) to deal with any queries relating to your tax affairs as necessary; and (iv) to protect the rights of another natural or legal person.

9.    Your rights regarding the personal information you provide to us

You have certain rights in relation to the personal information we hold about you, which we detail below. Some of these only apply in certain circumstances as set out below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before we respond to any of your requests. We must respond to a request by you to exercise those rights without undue delay and at least within one calendar month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us using the details at the end of this Policy.

 

 

Name of Rights	Right Description	How to make a complaint
right of information	You have the right to know the personal information we hold about you, how we use it, who we share it with and how long we keep your personal data.	Please contact us as soon as possible via the contact details at the end of this Policy
right of access	You have the right to know whether we process your personal information, and if we do, to access information we hold about you, how we use it and who we share it with. If you require more than one copy of information we hold about you, it is free of charge, unless we deem it necessary to charge you an administration fee. We may not provide you with certain personal information if providing it would interfere with a person’s rights and freedom (e.g., where providing the personal information would reveal information about another person) or where another exemption applies. Please See “how long will we keep your personal data”.
right to rectification	The accuracy of the information we hold about you is important to us. Under the DPA 2018 and EU GDPR, you have the right to access the information we hold about you and have any inaccuracies corrected. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data.
right to erasure	This is also known as the “right to be forgotten”. Please see below for more information about the circumstances in which you may request that we erase the personal data we hold about you.
right to data portability	You have the right to receive a subset of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another third party. If you wish for us to transfer the personal data to another third party, please ensure you detail that third party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with the rights and freedom of another person (e.g., where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).
restriction of processing to storage only	You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or to protect to right and freedom of another person. Please See “how long will we keep your personal data”.
make a complaint	You have a right to lodge a complaint with relevant data protection supervisory authorities. In the UK, it is the Information Commissioner’s Office (ICO).	Please contact ICO as soon as possible via here Please contact relevant data protection supervisory authorities via here

10.    Third Parties

We may share your personal data with a third party where it is necessary (i) for the performance of the services you have requested (ii) for us to comply with our legal obligations or (iii) for our legitimate business interest.

11.    Technical information (including cookies) that we collect about you

When you visit our website, we collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), time zone setting, your login information, browser type and version, browser plug-in types and versions, operating systems and platforms.

We use cookies to collect information about your browsing activities over time following your use of our services. This allows us to recognise and count the number of users and to see how users navigate on our website when they are using it. This helps us to improve the services we provide to you and the way our website works.

12.    Complaints

If you wish to make a complaint about how we process your personal data, please contact us using the contact details below and we will endeavour to deal with your request as soon as possible. This does not interfere with your right to raise a complaint with a relevant data protection supervisory authority.

13.    Representation for data subjects in the EU

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/17012529084

14.    Changes to our Privacy Notice

Any changes we make to our Privacy Notice in the future will be updated on this page. Please check back frequently to see any updates or changes to our Privacy Notice. Any changes to this Notice will become effective when we post the revised Privacy Notice on our website. Your use of the tax compliance service, following these changes means that you accept the revised Privacy Notice. It is your responsibility to ensure that you are aware of the latest version of this Notice.

15.    Contact

If you have any questions, comments or requests regarding any aspect of this Notice, please contact us as soon as possible using the details as follows:

 

Data Protection Officer

ExpatUX Ltd

Units 1 & 2, First Floor Bridge Road Business Park,

Bridge Road,

Haywards Heath,

West Sussex,

RH16 1TX

Additional Information

 

1.    Legal Bases of Processing

Category of Personal Data	Purpose for Processing	Legal Basis of Processing
personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number and identifiers such as national insurance number	In relation to any correspondence (including queries relating to your information provided during the tax compliance process) To notify you about our services and changes to our services To conduct surveys For internal record keeping To verify your identity, to prevent and detect fraud and to comply with our legal and regulatory obligations	Performance of a contract as required under Tax compliance services Legitimate interest to run an effective business
Personal details and family, lifestyle and social circumstances such as details about current marriage and partnerships and marital history, details of family and dependents	To carry out our obligations arising from any agreement that we have with, or concerning you	Performance of a contract as required under Tax compliance services
employment details such as employment and career history, recruitment and termination details, job title and job responsibilities, financial details such as income, salary, assets and investments, bank account details for tax compliance purposes, voluntary deductions, benefits, grants etc;	To comply with any present or future law, rule, tax legislation, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes To comply with any present or future requests received from you or your employer To comply with requests made by local and foreign regulators, governments and law enforcement authorities, and complying with any subpoena or court process, or in connection with any litigation	Performance of a contract as required under Tax compliance services Legitimate interests to run an effective business
Technical information and other information about your visits to our website	To improve the services we provide to you and the way our website and systems work	Legitimate interest to ensure our website and systems are operating effectively

 2.    Who Do We Share Your Personal Data With

The categories of recipients	Who do we share your personal data with
Categories of recipients	cloud and other data storage providers, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you, your employer or your employer’s tax adviser; legal and other professional advisers, to provide us with legal and other professional services (who in certain circumstances will also be ‘data controllers’); HMRC and other relevant Government bodies, to help deal with and ensure the tax compliance process is followed.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to
Categories of recipients	comply with a legal obligation, process or request; enforce our terms and conditions and other agreements, including investigation of any potential violation thereof; detect, prevent, investigate or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

 

3.    Your Right to Erasure

Right to Erasure

You may request that we erase the personal data we hold about you in the following circumstances

Right to Erasure

you believe that it is no longer necessary for us to hold the personal data we hold about you; we are processing the personal data we hold about you on the basis of your consent (please contact us via our contact details), and you wish to withdraw your consent and there is no other ground under which we can process the personal data; we are processing the personal data we hold about you on the basis of our legitimate interest, and you object to such processing. Please provide us with details as to your reasoning via our contact details so that we can assess whether there is an overriding interest for us to retain such personal data; or you believe the personal data we hold about you is being unlawfully processed by us. Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below. Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for us to erase your personal data. Please note, however, that we may retain the personal data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Where you have requested that we erase your personal data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the personal data too.

 

4.    Restriction of Processing to Storage Only

Restriction of Processing to Storage Only

You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g., for the defence of legal claims or to protect the rights and freedom of another person). You may request we stop processing and just store the personal data we hold about you if you believe the personal data is not accurate for the period it takes for us to verify your claim; we wish to erase the personal data as the processing we are doing is unlawful but you want us to retain the personal data for storage but not further process it; we wish to erase the personal data as it is no longer necessary for our purposes, but you require it to be stored for the establishment, exercise or defence of legal claims; or you have objected to us processing personal data we hold about you on the basis of our legitimate interest (please contact us via our contact details), and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data. You may object where: we are processing the data we hold about you based on our legitimate interest or public interest (please contact us via our contact details above and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest by ticking the box for that purpose on the Data Subject Rights Form. we are processing the data based on historical/scientific research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.

 

5.    Transfer Mechanism

Transfer Mechanism

Model Clauses: The personal data that we collect from you will be transferred to, stored at and/or processed by the relevant recipient under a written agreement incorporating the EU Commission’s model clauses for the transfer of personal data to third countries (the ”Model Clauses”), pursuant to Decision 2010/87/EU. A copy of these Model Clauses is available upon request.