Privacy Policy

GDPR Compliant Privacy Policy                                                                                                                                 LAST UPDATED 24th May 2018

 

Introduction

 

This privacy policy discloses the privacy practices for CoreAdviz® websites and services. This privacy policy applies solely to information collected by the following:

 

Website: coreadviz.co.uk,

Mobile Apps: Operated by CoreAdviz Digital Finance Ltd (also referred to as ‘CoreAdviz® or ‘us’ “our” or ‘we’) and partner company – CoreAdviz Limited,

Services: any of our products or services (including support services) which may be accessible via the Website, Apps, third party platform (like Google Analytics, JotForm, MailChimp, TypeForm, Zendesk LiveChat, Signable and cloud accounting applications), or otherwise. We will call them together our “Services.”

 

By using this website, Apps and services provided by CoreAdviz® or submitting personal information to CoreAdviz® through this website or using any CoreAdviz® service, you are consenting to the collection, use, transfer, and disclosure of information as described in this privacy policy.

We confirm that we comply with the provisions of the Data Protection Act 1998 and aligned with EU General Data Protection Regulation (GDPR) when processing personal data about you and your business.

 

Defining Audiences, who is collecting data and Data processing officer

 

We are defining audiences on the basis of their level of interaction with us. Collectively, we can define all the audiences (Website Visitors, Leads, Clients and Customers) as “you” and “your” as required.

 

Website Visitors (also referred to as “Visitors”): If you have visited our website but have not interacted with us over the Live Chat option or filled any form sharing your details, then you will be referred to as a visitor.

Lead: If you have interacted and shared your details with us to get in touch with you, then you will be defined as a “Lead”.

Customer or Clients: If you are already availing our services, whether our free trial model or for paid services, then you are defined as our “Customer” or “Clients”.

 

CoreAdviz® acts as data Controller as defined in the directive and GDPR. For the purpose of the Data Protection Act 1998 (‘the Act’) that data controller is CoreAdviz Digital Finance Ltd, 7 Lucas Close Maidenbower, Crawley, West Sussex, RH10 7EY. In other circumstances we may be a data processor. We respect your right to privacy and will only process Personal Information you provide to us in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable privacy laws.

 

If you have any questions or concerns regarding this policy, please contact us. Data Protection Officer (DPO): Rajiv Singh (hello@coreadviz.co.uk ).

 

Scope and applicability

 

This Privacy Policy forms part of our Engagement letter, Terms & Conditions, which are available for viewing. Capitalised terms in this document shall have the same meaning as those used in our Primary Terms of Service or Privacy Policy unless stipulated otherwise.

You explicitly agree that we may:

 

process your data (according to this privacy policy and honoring your rights)

use cookies (you can opt-out of most cookies)

use web analytics tools (you can opt-out)

use ad targeting tools (you can opt-out)

contact you via e-mail (non-essential e-mails will not be sent unless you opt-in)

 

Direct links to some important parts of this privacy policy:

How we gather and use information

Cookies and how we use them

Ad targeting tools that we use

How we store your data

Your rights related to your personal information

 

HOW WE GATHER AND USE INFORMATION

 

How and what information we gather

 

We also collect other information which does not personally identify you.  All of this can include:

 

(i) Information That You Provide Us:

 

When you visit certain sections of the Services, completing a form on our website, signing up for Accounting and Consulting services, or at the time of registration / during course of subscription, we ask you to provide us with specific information, including (but not limited to):

 

  • Contact information, such as your name, mailing address, billing address phone number and email address
  • Unique identifiers such as personal / corporate tax reference & company account reference numbers, authorisation code, VAT Registration, Payroll PAYE reference, Account Office numbers, user name and password.
  • financial information, such as your bank account numbers or similar information (in general, we do not share financial details with any 3rd parties subject to agreed engagement terms of services and to perform our duty related to legal compliances or special agreed consent of using financial information transmission for HMRC reporting under Making Tax Digital (“MTD”).
  • about your business, or the business you intend to form, along with any previous trading information
  • other personal details such as your marital status, date of birth, National Insurance No.
  • any other information which you supply to us relevant for providing our services.

 

We also typically collect personal information about employees, workers and Sub-contractors through the application, payroll account office, recruitment or engagement process, payroll contract, either directly from individuals or sometimes from our client or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.

 

We will collect additional personal information in the course of the services you provide to us throughout the period to support ongoing services.

 

(ii) Services Usage Information:

 

When you use CoreAdviz® website or services, our servers automatically record information that your browser sends to every website you visit, such as time of day, browser type, page you visit, referring Web site address, geographical location and your IP address.

 

When you subscribe to our e-mail newsletter, you will be required to provide your e-mail address and to confirm your subscription by clicking “Subscribe” button.

 

When you register online or email or submitting contact form with us or using digital signature tool service (such as; 3rd party tool ‘Signable’), you may be redirected to an SSL-secured website operated by our trusted billing merchant or Direct Debit mandate provider (Stripe, PayPal, Pay Zone, GoCardless and affiliated companies) and there you will be required to provide personal information (including your credit card or bank details details) to our billing / direct-debit merchant. Information you provide to our billing / direct-debit merchant will be processed in accordance with its privacy policy and you are therefore advised to review such policy prior to entering data. CoreAdviz® will have access to your full name, company name, address and contact info, but not to your credit card or payment account access data.

 

We do not collect or store any credit or debit card information. However, the Internet is not in itself a secure environment. Although we will do our best to protect your personal data, users should only enter, or import data within a secure environment. This means that your browser must support the encryption security used in connection with our service. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

We also collect and view data from third party tools such as

 

Google Analytics: helps us to track the movement of a Visitor within our website and how much time is spent by that Visitor and along with other standard log information. They do not capture, store or use any personal identifiable data that you as a Lead or Customer share with us. You can visit Google’s Privacy Policy for more information by clicking here.

Zendesk LiveChat: Zendesk is a chat option which is used and operated by CoreAdviz®. Zendesk is legally not allowed to use any data that you have shared with us. You can visit Zendesk’s Privacy Policy on GDPR for more information by clicking here.

Jot Form / TypeForm: Jot Form or TypeForm is used to collect information which you as a Customer or Lead fill in the forms given on our website. The data that you share on the forms reside with us only and Jot Form or TypeForm is not legally authorized to use the data that you have shared with us. You can visit Privacy Policy on GDPR for more information by clicking here (Jot Form’s / TypeForm’s)

Cloud Accounting applications: FreeAgent, QuickBooks, WaveApps, Pandle, SAP, InformDirect and others are affiliated partner’s product is part of our service offering. The data you share on these applications are controlled and governed under privacy policy of respective website. Please read respective privacy policy by clicking on hyperlinked text.

Signable: this is cloud-based tool is used for digital signature service with fully automated workflow and audit log along with time stamp. You can visit Signable’s Privacy Policy on GDPR for more information by clicking here.

 

How we may use gathered information

We may use collected personal information for the following purposes:

  • to provide services that you have requested and ensure your accounts is correctly configured; (set-up cloud account, HMRC portal services, Company house, secretarial, Payroll PAYE management and support)
  • to process your service orders, perform billing and notify you of the status of your order;
  • electronically verify your identity in order to comply with UK anti-money laundering and anti-terrorist funding regulations;
  • to facilitate the renewal of subscriptions for services;
  • to provide you with an effective customer service;
  • for security, anti-piracy, and fraud prevention purposes;
  • carry out our obligations arising from any contracts entered into between you and us and to provide the services you have engaged us to undertake for you;
  • to provide you with information related to changes in services that you are using;
  • to provide you with newsletters, special offers and other information where you have consented to receive it;
  • to undertake any other promotional activities where you have consented to such promotional activities;
  • to comply with or verify compliance with applicable laws, rules and regulations;
  • to re-engage with you on Facebook using Facebook’s Custom Audiences feature, Twitter, Whatsapp or Instagram;
  • we may regularly contact you electronically with CoreAdviz’s business advice content;

 

If you do not want to receive newsletters, special offers and other information that is not essential to the use of products and services that you have purchased or subscribed to you can easily opt-out from future communication at any time by clicking a link at the bottom of a message from us or web based enabled pop-up form or by sending an explicit unsubscribe request to hello@coreadviz.co.uk.

We may use collected non-personal information for the following purposes:

  • to personalize and support your use of CoreAdviz® website and services;
  • to improve our products, services, customer experience and advertising strategy;
  • for security, anti-piracy, and fraud prevention purposes;
  • to identify actions or transactions as originating through an affiliate marketing or referral program;
  • for ad targeting;
  • for statistical or research and analysis purposes; administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • improve our site to ensure that content is presented in the most effective manner for you and for your computer.

 

In addition, we may “de-identify” personal information by removing any information that identifies you specifically and use the rest for the purposes set forth above.

 

With whom the information may be shared

 

We may share your information with third-parties in following cases:

  • To provide services delivered by our partners.We use other companies, which may include but not limited to present or future corporate affiliates, to provide joint services or certain services to us or on our behalf and help us to operate our business. In cases where it is necessary to deliver a service that is carried out by our third-party partner your information may be transmitted or made available to the partner which provides the service that you requested. For example, we may share your personal information with domain registrar when you order a domain name registration and we may share your e-mail address with Cloudflare when you choose to enable their website protection service you your website.
    • Disclosure of Your Information – In order to carry out the Services of this engagement and for related purposes such as updating and enhancing our client records, analysis for management purposes and statutory returns, legal and regulatory compliance and crime prevention we may obtain, process, use and disclose personal data about you.

 

  • In connection with corporate events.If a third party has acquired our business or specific assets through which you have provided information to us, for example, as the result of a sale, merger, reorganization, insolvency, dissolution or liquidation, your personal information may become owned by that company in compliance with applicable law. In that event, the acquiring company’s use of your personal information will still be subject to this privacy policy, any applicable supplemental privacy notices, and the privacy preferences you have expressed to us.
  • To comply with legal requirements, cooperate with law enforcement, prevent crime, and protect legal rights or CoreAdviz, you and others.To the extent not expressly prohibited by applicable law, we may disclose the personal information we collect without notifying you when we, in good faith, believe disclosure is appropriate: (a) to satisfy any applicable law, regulation, legal process or enforceable governmental request; (b) to cooperate with law enforcement or other governmental investigations (without necessarily requiring the law enforcement or government agency requesting the information to formally serve us with a subpoena); (c) to investigate, prevent, or take action regarding possible crime; (d) to enforce a contract; to protect and defend the rights or property of CoreAdviz, its corporate affiliates, and their respective employees, clients and partners and agents, other users or the public in general; or (e) act in situations involving potential threats to the personal safety of any person.

 

We also have a duty under section 330 of the Proceeds of Crime Act 2002 to report to the National Crime Agency (NCA) if we know, or have reasonable cause to suspect, that you or anyone connected with your business are or have been involved in money laundering. Failure on our part to make a report where we have knowledge, or reasonable grounds for suspicion, would constitute a criminal offence.

 

Do we need your consent?

 

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

 

How we use particularly sensitive personal information?

 

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

 

In limited circumstances, with your explicit written consent.

Where we need to carry out our legal obligations and in line with our data protection policy.

If it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme, and in line with our data protection policy.

Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

 

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else interests) and you are not capable of giving your consent, or where you have already made the information public. We may also process such information about members or former members in the course of legitimate business activities with the appropriate safeguards.

 

How long do we keep collected information?

 

We keep your personal information only as long as we need it for the purposes for which it was originally collected (or to which you have subsequently consented), and as permitted or required by applicable law.

 

Cookies and how we use them

 

For more information about cookies (including how to set browsers to reject cookies) please visit the website set up by the Interactive Advertising Bureau (Europe) at www.allaboutcookies.org.

 

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. None of the cookies used by this website contain any personal information. Below is a detailed list of cookies that this website may set:

  • Session cookies.These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for, like logging into your account, cannot be provided.
  • Cookies that remember your choice.Some cookies used on this website allow the website to remember choices you make (such as your preferred language).
  • Google Analytics cookies.These cookies are used to collect information about how visitors use our site. We use this information to compile reports and to help us improve the site. The cookies store information in an anonymous form.
  • Ad targeting cookiesThese cookies are used to make advertising more effective and to show ads that are likely to be more relevant to you. You can opt out of receiving these cookies as described below.
  • Third party service provider cookies.Cookies can be set by the following third party services used on this website: Google Analytics, Facebook Like Button, Twitter Follow button, Google +1 button, YouTube videos, Zendesk LiveChat, JotForm, TypeForm, Signable, FreeAgent, QuickBooks, SAP, WaveApps, Pandle, Qdos. Some of these cookies may be used to track your behaviour on other websites and we have no control over this as these cookies are not set by our own website. You can visit respective website to read their specific cookies policy. Facebook Cookie Policy and Google Cookie Policy provide more information on cookies set by Facebook and Google.

 

How you can control cookies

 

You can control and opt-out of receiving cookies in several ways:

  • By using private browsing mode.Most browsers offer private browsing mode (private window, incognito window or InPrivate window). Any cookies created while in private browsing mode are deleted after you close all browser windows.
  • By modifying browser settings.You can usually modify your browser settings to disable cookies. However, by disabling cookies, or certain types of cookie, you may hinder your user experience on this and other websites, or prevent them from working entirely.
  • By means of free tools.You can opt out of receiving particular ad targeting cookies as described below.

 

Ad targeting tools that we use

 

We may use third party ad targeting tools to re-engage with our visitors and customers.

 

This means that third parties, including Google AdWord and Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from our websites and elsewhere on the internet and use that information to provide measurement services and target ads.

 

For example, when you visit our page, Google or other ad publisher that we use may note this by saving a cookie in your web browser and then use it to serve more of our ads on their website and their advertising partner websites.

 

You can opt-out of the collection and use of information for ad targeting by means of one of the following free tools:

 

Google Analytics

 

We use Google Analytics to understand how the site is being used in order to improve the user experience. User data is all anonymous. You can find out more about Google’s position on privacy as regards its analytics service at www.google.com

 

We may use Google Analytics’ Demographics and Interest Reporting features to view anonymous statistics about the demographics and interests of our visitors.

 

To opt out of this behaviour, install Google Analytics Opt-out Browser Add-on.

 

Data Storage

 

We use reputable third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to store your data and run CoreAdviz website and services.

 

Partial list of our data storage and processing technology providers includes: Amazon Web Services, Google Drive, GoDaddy, Smart Hosting, Ms OneDrive, Zapier, Doc-Hub, Signable.

 

Security

 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Our website has OV (Organisation validated) SSL protection.

 

The information that we collect from you may be transferred to, stored and processed at a destination outside the European Economic Area (“EEA”) (including the USA).  It may also be processed by staff operating outside the EEA. By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

 

Links to other websites

 

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

Social Links

 

On our website we use links to ‘social sites’ – Twitter, Facebook, Google+, LinkedIn and others.

 

When you click on these links these sites are likely to be collecting information about what you are doing all around the internet by setting one or more of their own cookies.

 

 

In some cases, these sites will be registering the fact that you are visiting CoreAdviz® and the specific pages you are on, even if you don’t click on the link if you are logged into their services, like Google and Facebook.

 

CoreAdviz is not responsible for the data generated by or processed by such third parties. Therefore, you should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt-out, or delete, such information.

 

Your rights related to your personal information

If you are a data subject according to EU GDPR (e.g. you are an EU citizen and you are giving us your private data), you have the following rights related to your personal information:

  • Right to access information [Data Subject Access Request (DSAR)].You have a right to receive information about why and how your personal data is processed. You have a right to receive a copy of your personal data stored by CoreAdviz, free of charge, in a commonly used electronic format.
  • Right to rectification (erasure).You have the right to obtain rectification of inaccurate personal data without undue delay, and to have incomplete personal data completed.
  • Right to be forgotten.You have a right to withdraw your consent to personal data processing and have your personal data erased without undue delay whenever the data is no longer necessary (a) for service provision, (b) for billing and (c) to satisfy any applicable law, regulation, legal process or enforceable governmental request.
  • Right to restriction of processing.You have the right to have processing of your personal data restricted where you object to it and CoreAdviz has no legitimate grounds to continue the processing, where you contest the accuracy of the data, where the processing is unlawful, or where you require it to establish, exercise or defend legal claims.
  • Right to object.You have the right to object at any time to the processing of data, except when this is required for a task in the public interest or where there are compelling legitimate grounds for the processing. You can also object to processing performed for direct marketing purposes.
  • Right of data portability. The right to receive certain personal data in a structural, commonly used format, i.e.; CSV
  • Right not to be evaluated on the basis of automated processing. Right to not be subject to decisions made automatically that produce legal effect.
  • Other rights according to GDRP.For details, please refer to GDRP website.

 

You can exercise the right at any time by contacting us at hello@coreadviz.co.uk. EU data protection legislation gives EU citizens the right to access information held about you.  You may at any time request details of Personal Information which we hold about you, which we will supply on verification of your identity and subject to payment of the standard £10 charge (if the request is unfounded or excessive or additional copies are requested or else fee doesn’t apply) under the Data Protection Act 1998. If you believe that any information we are holding on you is incorrect or incomplete, you can change this in your user account. Alternatively, you may email us and we will promptly correct any information found to be incorrect within 30 days.

 

You can find detailed information about your rights under UK Data Protection legislation on the UK Information Commissioner’s website at www.ico.gov.uk.

 

Cancellation of Service

 

If you cancel your subscription to your Accounting service, we maintain your personal or business data on our system for accounting purposes and provide you with an export of your data. You can exercise your rights to completely remove or deleted from cloud accounting system.

 

Changes

 

We may periodically update this policy. When we do, we will post those changes on this page so that you are always aware of the information we collect, how we use it, and under what circumstances we disclose it. Please see the “LAST UPDATED” date at the top of this page to see when this Privacy Policy was last revised. Any amendments to this Privacy Policy will come into effect a reasonable period of time after this “LAST UPDATED” date (normally we consider 30 days to be a reasonable time period), so you should check this page from time to time to ensure that you are happy with any changes. After posting and will only apply to your personal information we hold if you use the site after the revised statement becomes effective.

 

Questions

If you have any questions about this privacy policy, please contact us.

 

Please read our Terms of Service

Use of the CoreAdviz service is subject to the CoreAdviz Terms of Service and this Privacy Policy should be read in conjunction with this.

 

If you have a question, comment or complaint about the CoreAdviz Privacy Policy please send it to hello@CoreAdviz.co.uk.

 

@ Copyright CoreAdviz Digital Finance Ltd 2017