Mobile Apps: Operated by CoreAdviz Digital Finance Ltd (also referred to as ‘CoreAdviz® or ‘us’ “our” or ‘we’) and partner company – CoreAdviz Limited,
Services: any of our products or services (including support services) which may be accessible via the Website, Apps, third party platform (like Google Analytics, JotForm, MailChimp, TypeForm, Zendesk LiveChat, Signable and cloud accounting applications), or otherwise. We will call them together our “Services.”
We confirm that we comply with the provisions of the Data Protection Act 1998 and aligned with EU General Data Protection Regulation (GDPR) when processing personal data about you and your business.
Defining Audiences, who is collecting data and Data processing officer
We are defining audiences on the basis of their level of interaction with us. Collectively, we can define all the audiences (Website Visitors, Leads, Clients and Customers) as “you” and “your” as required.
Website Visitors (also referred to as “Visitors”): If you have visited our website but have not interacted with us over the Live Chat option or filled any form sharing your details, then you will be referred to as a visitor.
Lead: If you have interacted and shared your details with us to get in touch with you, then you will be defined as a “Lead”.
Customer or Clients: If you are already availing our services, whether our free trial model or for paid services, then you are defined as our “Customer” or “Clients”.
CoreAdviz® acts as data Controller as defined in the directive and GDPR. For the purpose of the Data Protection Act 1998 (‘the Act’) that data controller is CoreAdviz Digital Finance Ltd, 7 Lucas Close Maidenbower, Crawley, West Sussex, RH10 7EY. In other circumstances we may be a data processor. We respect your right to privacy and will only process Personal Information you provide to us in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable privacy laws.
If you have any questions or concerns regarding this policy, please contact us. Data Protection Officer (DPO): Rajiv Singh (firstname.lastname@example.org ).
Scope and applicability
You explicitly agree that we may:
use web analytics tools (you can opt-out)
use ad targeting tools (you can opt-out)
contact you via e-mail (non-essential e-mails will not be sent unless you opt-in)
HOW WE GATHER AND USE INFORMATION
How and what information we gather
We also collect other information which does not personally identify you. All of this can include:
(i) Information That You Provide Us:
When you visit certain sections of the Services, completing a form on our website, signing up for Accounting and Consulting services, or at the time of registration / during course of subscription, we ask you to provide us with specific information, including (but not limited to):
- Contact information, such as your name, mailing address, billing address phone number and email address
- Unique identifiers such as personal / corporate tax reference & company account reference numbers, authorisation code, VAT Registration, Payroll PAYE reference, Account Office numbers, user name and password.
- financial information, such as your bank account numbers or similar information (in general, we do not share financial details with any 3rd parties subject to agreed engagement terms of services and to perform our duty related to legal compliances or special agreed consent of using financial information transmission for HMRC reporting under Making Tax Digital (“MTD”).
- about your business, or the business you intend to form, along with any previous trading information
- other personal details such as your marital status, date of birth, National Insurance No.
- any other information which you supply to us relevant for providing our services.
We also typically collect personal information about employees, workers and Sub-contractors through the application, payroll account office, recruitment or engagement process, payroll contract, either directly from individuals or sometimes from our client or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.
We will collect additional personal information in the course of the services you provide to us throughout the period to support ongoing services.
(ii) Services Usage Information:
When you use CoreAdviz® website or services, our servers automatically record information that your browser sends to every website you visit, such as time of day, browser type, page you visit, referring Web site address, geographical location and your IP address.
When you subscribe to our e-mail newsletter, you will be required to provide your e-mail address and to confirm your subscription by clicking “Subscribe” button.
We do not collect or store any credit or debit card information. However, the Internet is not in itself a secure environment. Although we will do our best to protect your personal data, users should only enter, or import data within a secure environment. This means that your browser must support the encryption security used in connection with our service. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We also collect and view data from third party tools such as
How we may use gathered information
We may use collected personal information for the following purposes:
- to provide services that you have requested and ensure your accounts is correctly configured; (set-up cloud account, HMRC portal services, Company house, secretarial, Payroll PAYE management and support)
- to process your service orders, perform billing and notify you of the status of your order;
- electronically verify your identity in order to comply with UK anti-money laundering and anti-terrorist funding regulations;
- to facilitate the renewal of subscriptions for services;
- to provide you with an effective customer service;
- for security, anti-piracy, and fraud prevention purposes;
- carry out our obligations arising from any contracts entered into between you and us and to provide the services you have engaged us to undertake for you;
- to provide you with information related to changes in services that you are using;
- to provide you with newsletters, special offers and other information where you have consented to receive it;
- to undertake any other promotional activities where you have consented to such promotional activities;
- to comply with or verify compliance with applicable laws, rules and regulations;
- to re-engage with you on Facebook using Facebook’s Custom Audiences feature, Twitter, Whatsapp or Instagram;
- we may regularly contact you electronically with CoreAdviz’s business advice content;
If you do not want to receive newsletters, special offers and other information that is not essential to the use of products and services that you have purchased or subscribed to you can easily opt-out from future communication at any time by clicking a link at the bottom of a message from us or web based enabled pop-up form or by sending an explicit unsubscribe request to email@example.com.
We may use collected non-personal information for the following purposes:
- to personalize and support your use of CoreAdviz® website and services;
- to improve our products, services, customer experience and advertising strategy;
- for security, anti-piracy, and fraud prevention purposes;
- to identify actions or transactions as originating through an affiliate marketing or referral program;
- for ad targeting;
- for statistical or research and analysis purposes; administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- improve our site to ensure that content is presented in the most effective manner for you and for your computer.
In addition, we may “de-identify” personal information by removing any information that identifies you specifically and use the rest for the purposes set forth above.
With whom the information may be shared
We may share your information with third-parties in following cases:
- To provide services delivered by our partners.We use other companies, which may include but not limited to present or future corporate affiliates, to provide joint services or certain services to us or on our behalf and help us to operate our business. In cases where it is necessary to deliver a service that is carried out by our third-party partner your information may be transmitted or made available to the partner which provides the service that you requested. For example, we may share your personal information with domain registrar when you order a domain name registration and we may share your e-mail address with Cloudflare when you choose to enable their website protection service you your website.
- Disclosure of Your Information – In order to carry out the Services of this engagement and for related purposes such as updating and enhancing our client records, analysis for management purposes and statutory returns, legal and regulatory compliance and crime prevention we may obtain, process, use and disclose personal data about you.
- To comply with legal requirements, cooperate with law enforcement, prevent crime, and protect legal rights or CoreAdviz, you and others.To the extent not expressly prohibited by applicable law, we may disclose the personal information we collect without notifying you when we, in good faith, believe disclosure is appropriate: (a) to satisfy any applicable law, regulation, legal process or enforceable governmental request; (b) to cooperate with law enforcement or other governmental investigations (without necessarily requiring the law enforcement or government agency requesting the information to formally serve us with a subpoena); (c) to investigate, prevent, or take action regarding possible crime; (d) to enforce a contract; to protect and defend the rights or property of CoreAdviz, its corporate affiliates, and their respective employees, clients and partners and agents, other users or the public in general; or (e) act in situations involving potential threats to the personal safety of any person.
We also have a duty under section 330 of the Proceeds of Crime Act 2002 to report to the National Crime Agency (NCA) if we know, or have reasonable cause to suspect, that you or anyone connected with your business are or have been involved in money laundering. Failure on our part to make a report where we have knowledge, or reasonable grounds for suspicion, would constitute a criminal offence.
Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
How we use particularly sensitive personal information?
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
In limited circumstances, with your explicit written consent.
Where we need to carry out our legal obligations and in line with our data protection policy.
If it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme, and in line with our data protection policy.
Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else interests) and you are not capable of giving your consent, or where you have already made the information public. We may also process such information about members or former members in the course of legitimate business activities with the appropriate safeguards.
How long do we keep collected information?
We keep your personal information only as long as we need it for the purposes for which it was originally collected (or to which you have subsequently consented), and as permitted or required by applicable law.
Cookies and how we use them
For more information about cookies (including how to set browsers to reject cookies) please visit the website set up by the Interactive Advertising Bureau (Europe) at www.allaboutcookies.org.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. None of the cookies used by this website contain any personal information. Below is a detailed list of cookies that this website may set:
- Session cookies.These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for, like logging into your account, cannot be provided.
- Cookies that remember your choice.Some cookies used on this website allow the website to remember choices you make (such as your preferred language).
- Google Analytics cookies.These cookies are used to collect information about how visitors use our site. We use this information to compile reports and to help us improve the site. The cookies store information in an anonymous form.
- Ad targeting cookiesThese cookies are used to make advertising more effective and to show ads that are likely to be more relevant to you. You can opt out of receiving these cookies as described below.
How you can control cookies
You can control and opt-out of receiving cookies in several ways:
- By using private browsing mode.Most browsers offer private browsing mode (private window, incognito window or InPrivate window). Any cookies created while in private browsing mode are deleted after you close all browser windows.
- By modifying browser settings.You can usually modify your browser settings to disable cookies. However, by disabling cookies, or certain types of cookie, you may hinder your user experience on this and other websites, or prevent them from working entirely.
- By means of free tools.You can opt out of receiving particular ad targeting cookies as described below.
Ad targeting tools that we use
We may use third party ad targeting tools to re-engage with our visitors and customers.
For example, when you visit our page, Google or other ad publisher that we use may note this by saving a cookie in your web browser and then use it to serve more of our ads on their website and their advertising partner websites.
You can opt-out of the collection and use of information for ad targeting by means of one of the following free tools:
We use Google Analytics to understand how the site is being used in order to improve the user experience. User data is all anonymous. You can find out more about Google’s position on privacy as regards its analytics service at www.google.com
We may use Google Analytics’ Demographics and Interest Reporting features to view anonymous statistics about the demographics and interests of our visitors.
To opt out of this behaviour, install Google Analytics Opt-out Browser Add-on.
We use reputable third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to store your data and run CoreAdviz website and services.
Partial list of our data storage and processing technology providers includes: Amazon Web Services, Google Drive, GoDaddy, Smart Hosting, Ms OneDrive, Zapier, Doc-Hub, Signable.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect online. Our website has OV (Organisation validated) SSL protection.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Statement. You should exercise caution and look at the privacy statement applicable to the website in question.
On our website we use links to ‘social sites’ – Twitter, Facebook, Google+, LinkedIn and others.
When you click on these links these sites are likely to be collecting information about what you are doing all around the internet by setting one or more of their own cookies.
In some cases, these sites will be registering the fact that you are visiting CoreAdviz® and the specific pages you are on, even if you don’t click on the link if you are logged into their services, like Google and Facebook.
CoreAdviz is not responsible for the data generated by or processed by such third parties. Therefore, you should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt-out, or delete, such information.
Your rights related to your personal information
If you are a data subject according to EU GDPR (e.g. you are an EU citizen and you are giving us your private data), you have the following rights related to your personal information:
- Right to access information [Data Subject Access Request (DSAR)].You have a right to receive information about why and how your personal data is processed. You have a right to receive a copy of your personal data stored by CoreAdviz, free of charge, in a commonly used electronic format.
- Right to rectification (erasure).You have the right to obtain rectification of inaccurate personal data without undue delay, and to have incomplete personal data completed.
- Right to be forgotten.You have a right to withdraw your consent to personal data processing and have your personal data erased without undue delay whenever the data is no longer necessary (a) for service provision, (b) for billing and (c) to satisfy any applicable law, regulation, legal process or enforceable governmental request.
- Right to restriction of processing.You have the right to have processing of your personal data restricted where you object to it and CoreAdviz has no legitimate grounds to continue the processing, where you contest the accuracy of the data, where the processing is unlawful, or where you require it to establish, exercise or defend legal claims.
- Right to object.You have the right to object at any time to the processing of data, except when this is required for a task in the public interest or where there are compelling legitimate grounds for the processing. You can also object to processing performed for direct marketing purposes.
- Right of data portability. The right to receive certain personal data in a structural, commonly used format, i.e.; CSV
- Right not to be evaluated on the basis of automated processing. Right to not be subject to decisions made automatically that produce legal effect.
- Other rights according to GDRP.For details, please refer to GDRP website.
You can exercise the right at any time by contacting us at firstname.lastname@example.org. EU data protection legislation gives EU citizens the right to access information held about you. You may at any time request details of Personal Information which we hold about you, which we will supply on verification of your identity and subject to payment of the standard £10 charge (if the request is unfounded or excessive or additional copies are requested or else fee doesn’t apply) under the Data Protection Act 1998. If you believe that any information we are holding on you is incorrect or incomplete, you can change this in your user account. Alternatively, you may email us and we will promptly correct any information found to be incorrect within 30 days.
You can find detailed information about your rights under UK Data Protection legislation on the UK Information Commissioner’s website at www.ico.gov.uk.
Cancellation of Service
If you cancel your subscription to your Accounting service, we maintain your personal or business data on our system for accounting purposes and provide you with an export of your data. You can exercise your rights to completely remove or deleted from cloud accounting system.
Please read our Terms of Service
@ Copyright CoreAdviz Digital Finance Ltd 2017