(Last updated February 2020)
Diagnostax Limited respects and values your privacy. We care about the way in which your personal data is treated and are committed to protecting it, ensuring compliance with legal obligations at all times. This privacy notice explains how we collect, use, store and share your personal data.
This privacy notice describes:
data controller and data processor
what personal information we collect about you
how we obtain your personal information
how we use your personal information
on what basis we use your personal information
how long we keep your personal information for
who we share your personal information with
how we protect your personal information
which countries we transfer your personal information to
your rights regarding your personal information
What Personal Information Do We Collect About You?
We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our services or as a result of your relationship with one or more of our staff and customers.
The personal information that we process includes:
basic information, such as your full name, date of birth, the company you work for and your title or position
contact information, such as your postal address, email address and phone number(s)
identification and background information provided by you or collected as part of our business acceptance processes and to meet legal obligations
financial information, such as information related to your financial affairs, for example, accounts or tax returns
technical information, such as information from your visits to our website, or social media, or applications or in relation to materials and communications we send to you electronically
information you provide to us for the purposes of attending meetings, events and training seminars
personal information provided to us by or on behalf of our customers or generated by us in the course or providing services to them
any other information relating to you which you may provide to us, such as your preferences in receiving marketing from us and our third parties
It is important that the personal information we hold about you is accurate and current. Please keep us informed at email@example.com if your personal information changes during your relationship with us.
Data Controller and Data Processor
Diagnostax Limited is both a data controller and a data processor.
We are a data controller in respect of personal information we collect from you. This means that we are responsible for deciding how we hold and process your personal information. We are a data processor in respect of personal information we process on behalf of our customers (who determine the purposes and means of processing your personal information) in the course of provision of our services.
Our Data Protection Officer (DPO) oversees compliance with data protection laws. Also, the DPO is responsible for overseeing questions in relation to this privacy notice. If you have any questions or complaints about this privacy notice, including any requests for further information or to exercise your legal rights, then please contact the DPO using the details below:
Data Protection Officer
4 Greek Street
How We Obtain Your Personal Information
We use different methods to collect information from and about you including:
we collect information from you as part of our business acceptance processes, and about you and others as necessary in the course of providing our services (where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you to provide services)
we collect your personal information while monitoring our technology tools and services, including our websites, social media and email communications sent to and from Diagnostax Limited.
we gather information about you when you provide it to us, or interact with us directly, for instance engaging with our employees or registering on one of our digital platforms or applications, for example when you subscribe to our mailing list, watch our demo videos, download our content, engage with us on social media and request marketing materials to be sent to you
we may collect information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources, such as Companies House and Linkedin.
How We Use Your Personal Information
We collect and process personal information about you in a number of ways, including during provision of services by us. We use this information:
to provide and improve our services to you and to our customers, including handling the personal information of others on behalf of our customers
to manage and administer our relationship with you and our customers
to provide information requested by you
to fulfil our legal, regulatory and risk management obligations
to prevent fraud, anti-money laundering, anti-bribery and to prevent or detect crime
to promote our services and direct marketing, including sending updates, publications and details of events
managing our business performance, assessing client satisfaction, monitoring the success of our campaigns and enhancing the client experience
to provide and improve this website
for the purposes of recruitment
We collect, use and hold personal information in the course of and in connection with the services we provide to our customers. We will process identification and background information as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering checks. We will also process personal information provided to us by or on behalf of our customers for the purposes of the work we do for them. The information may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see ‘Who we share your personal information with’ below.
Marketing and other emails
We use personal information to send you marketing material to promote our services where you have requested such information or purchased services from us. Also, we use personal information to understand whether you engage with us on social media, read the emails and other materials, such as downloads, newsletters, that we send you and whether and how you visit our website. We do this by using software that places a cookie on your device which tracks this activity and records it against your email address. Please see ‘Use of Diagnostax Limited website’ below for more information on cookies and how to manage and remove them. Removal of this cookie will not affect your experience on our websites.
We use a relationship management tool, to assess the strength of the relationship between individuals in Diagnostax Limited and our customers or potential customers based on the frequency of contact between them. We use that information order to assess, analyse and improve the services that we provide.
If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by emailing us at firstname.lastname@example.org.
Meetings, events and seminars
We will collect and process personal information about you in relation to your attendance at our offices or at an event or seminar organised by Diagnostax Limited or its business partners. We will only process and use special categories of personal information about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your information with IT and other service providers or business partners involved in organising or hosting the relevant event.
Use of Diagnostax Limited website
A number of facilities on our website invite you to provide us with personal information, such as the vacancy application facility in the ‘Contact us’ section of our website and our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal information and we only use that information for those purposes.
Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called ‘cookies’ on your device. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and therefore anonymous. Please also see ‘Marketing and other emails’ set out above.
Our website uses HubSpot, a marketing automation software that tracks and reports on the manner in which the website is used to assess, analyse and improve it as well as our services. HubSpot does this by placing small text files called ‘cookies’ on your device; collecting data such as landing pages visited, length of time spent on the site, form submissions and email interaction.
On What Basis Do We Use Your Personal Information
We use your personal information on the following lawful basis:
you have provided express consent
necessary to perform a contract, such as engaging with individuals and organisations to provide tax software and tax advisory/consultancy services
to comply with contractual, legal and regulatory obligations
necessary for legitimate business purposes – please see set out above ‘How We Use Your Personal Information’ for more detail
necessary for the establishment, exercise or defence of legal claims or proceedings
How Long We Keep Your Personal Information For
Your personal information will be retained in according to the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Diagnostax Limited’s business purposes.
Please be assured we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We review the personal data retained on a regular basis and delete any information which is no longer required for the purpose it was collected for.
Who We Share Your Personal Information With
Any information that you provide to us may be shared with and processed by any of our group companies.
We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them and insofar as we are permitted by law to do so, including:
our professional advisors, auditors, our insurers and insurance brokers
suppliers to whom we outsource certain services, such as technology service providers like case management services, developers etc.
service providers to Diagnostax Limited, including cloud and data room providers
third parties engaged in the course of the services we provide to customers and with their prior consent, such as members of our Professional Advisory Panel who are tax advisors/consultants
third parties involved in hosting or organising events or seminars
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to group entities or to third parties through which the business of Diagnostax Limited will be carried out.
How We Protect Your Personal Information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
We hold the Cyber Essentials Certification, an accreditation affirming and recognising the technical security controls we have in place to safeguard and protect your personal information. Cyber Essentials is a UK government backed information assurance scheme operated by the National Cyber Security Centre.
Which Countries We Transfer Your Personal Information
In order to provide our services, we may need to transfer your personal information to locations outside the jurisdiction of England and Wales. This may entail a transfer of your information from a location within the European Economic Area (the “EEA”). Please see ‘Who we share your personal information with’ for more detail on how the information may be shared with suppliers and third party service providers. Where this is the case, EU standard contractual clauses are in place between Diagnostax Limited and such suppliers and third party service providers that share and process personal data.
Your Rights Regarding Your Personal Information
The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You may also have the right to lodge a complaint in relation to Diagnostax Limited’s processing of your personal information with a local supervisory authority.
If you object to the processing of your personal information, or if you have provided your consent to the processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How We Use Your Personal Information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us at email@example.com