Knowledge Base



Need more help?

For more help in choosing the right products please email us at:

support@taxcalc.com

Legal Notices

Download this as a PDF


RECENT UPDATES

  • Added Section 3.14 to describe usage of MS Clarity on the website, including masking of identifying data. Renumbered the remainder of Section 3.
  • Added Section 6.4.4 to describe data collected from the app, to manage instance, credit or allotment consumption.

TaxCalc Privacy Policy (2024-06-27)

1 INTRODUCTION

1.1 At Acorah Software Products Limited ('ASPL'), we are committed to protecting your privacy and this Privacy Policy tells you how we collect, use and disclose your personal data. This Privacy Policy has been drafted to comply with the legal standards that currently exist in the United Kingdom and will be modified as ASPL determines is necessary to satisfy or exceed legal requirements. We reserve the right to modify this Privacy Policy at any time by notifying our customers, via the main ASPL website (www.taxcalc.com), of a new or revised Privacy Policy.

1.2 If you would like further information on this Privacy Policy or about ASPL’s use of your personal data, we encourage you to contact compliance@taxcalc.com. For details concerning your rights under the General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA18) and other applicable legislation, contact the Information Commissioner’s Office (ICO) (https://ico.org.uk).

1.3 Please note that this Privacy Policy covers data management where ASPL qualifies as the Data Controller under the GDPR and the DPA18 (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/), except where otherwise noted.

1.4 Where lawful bases of processing are noted (for example, contract, legal obligation or consent), ASPL in all ways manages individual rights in relation to these lawful bases in line with the ICO’s guidance on the GDPR and the DPA18 (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/).

1.5 Where a lawful basis of consent is noted in this Privacy Policy, You have the right to withdraw that consent.

1.6 You have the right to lodge a complaint with the ICO as the supervisory authority if you have an issue in relation to our treatment of Your data.

1.7 ASPL may use certain third-party service providers to help us fulfil your requests and maintain our business practices. In these instances, these third-party service providers are under a contractual duty to restrict their use of personal data to the limited purpose(s) specified by ASPL, which at all times shall be consistent with this Privacy Policy.

2 PERSONAL DATA

2.1 ”Personal data" (as defined by the GDPR and the DPA18) means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

2.2 Personal data that can be used to identify you as an individual includes your:

  • name
  • mailing address
  • telephone number
  • credit card number
  • email address
  • personally identifying information we collect via cookies
  • log-in credentials (of customer account)
  • IP address.

Examples of non-personal data include:

  • business name (when the business is a corporate entity)
  • business entity type (e.g. LLP, Limited Company, etc.)
  • website address
  • marketing preferences
  • non-personal information provided in communications with ASPL
  • non-personal information about your computer and about your visits to and use of the TaxCalc website.

2.3 No sensitive personal data (as defined by the GDPR and the DPA18) is collected by ASPL. However, sensitive personal data of subjects of an AML search may be processed by TaxCalc’s systems when You use the AML service – in any such usage ASPL is purely the Data Processor and does not use or retain any data processed for ASPL's own purposes.

2.4 We collect your personal data through a number of sources, including:

2.4.1 visits to and use of the TaxCalc website (e.g. browser type and version, operating system, referral source, length of visit, page views and website navigation paths, etc.) – see Section 3 for details

2.4.2 TaxCalc website registration & purchasing – see Section 4 for details

2.4.3 telephone calls, emails and other communications with our Sales or Support teams – see Section 5 for details

2.4.4 TaxCalc software usage – see Section 6 for details

2.4.5 usage of the CloudConnect service (though in this instance ASPL is the Data Processor rather than Data Controller) – see Section 7 for details

2.4.6 other specific sources (see Section 8 for details), such as surveys, photoshoots and CV submissions.

2.5 personal data gathered directly from customers during purchase ordering, website registration or enquiries are centrally managed in a bespoke Customer Relationship Management System (CRMS). These actions in regard to personal data are performed on the lawful basis of contract as described in the GDPR and the DPA18 and may be used by ASPL in the interests of ongoing staff training, incident investigations and product or process development. This personal data is kept for the duration of any ongoing business or software usage, and for six years thereafter. Typical uses include:

  • updating you as to the status of your order
  • alerting you to important product revisions or updates to an ASPL product/service you have purchased, normally via email or the TaxCalc application (please note that it is not possible to opt out of these ‘service level’ communications)
  • ensuring that you are properly registered to receive technical support.

2.6 Unless otherwise specified in this Privacy Policy, your personal data will not be transferred to a third party for their independent use without your express consent. ASPL does not give trade references and does not 'sell on' or share your personal details beyond the limited circumstances described within this policy.

2.7 You should be aware that there are very limited instances under law in which we may be required to disclose the personal data of our customers. If such an instance arises, we shall only release that personal data as required by law. These actions in regard to personal data are performed on the lawful basis of legal obligation as described in the GDPR and the DPA18.

2.8 ASPL only acquire personal data in accordance with a lawful basis, as defined in the GDPR and the DPA18. Any data received via a third party will be rigorously assessed to ensure GDPR and DPA18 adherence and handled as per this Privacy Policy, though please be aware that third parties will have their own privacy and data collation terms.

3 USE OF THE TAXCALC WEBSITE 

This Section covers the personal data collection and usage that occurs when using the TaxCalc website.

3.1 Our website uses cookies to improve your user experience. Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device, enabling online shopping carts, remembering choices you have made and so on. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu. For a video about cookies visit https://www.google.com/policies/technologies/cookies/.

The cookies used on this website have been categorised in accordance with the ICO UK Cookie guide. Lists of all the cookies used on this website are set out here.

3.2 Category 1: Strictly Necessary Cookies

  • PHPSESSID – used as an index to record session data on our server (e.g. current order number); expires 20 (twenty) minutes following the end of the session or when the browser is closed, whichever is sooner
  • PHPKBSESSID – used as an index to record session data on our server when using the Knowledge Base area of the website; expires 20 (twenty) minutes following the end of the session or when the browser is closed, whichever is sooner
  • OldBrowserWarning – used to advise if the user’s browser is so old it will be functionally impaired in viewing the website; expires 20 (twenty) minutes following the end of the session or when the browser is closed, whichever is sooner

Category 1 cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services like the shopping basket cannot be provided. Category 1 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we genuinely cannot run the website effectively without them. Nevertheless, you can contact compliance@taxcalc.com to object to this processing.

If you do not wish to accept these cookies and would like to purchase an ASPL product or service, you may complete most transactions by calling us on 0345 5190 882.

3.3 Category 2: Performance Cookies

  • utma, __utmb, __utmc, and __utmz – required by Google Analytics; expires 26 (twenty-six) months after last visit to website.

Category 2 cookies collect information about how you use the website, for instance which pages you go to most often and if you get error messages from web pages. These cookies don’t collect information that identifies you and all information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the website works. Category 2 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we wish to maintain the performance integrity of our website. You can directly control the collection of Performance Cookies via the Cookie Settings option in our the TaxCalc website’s footer area.

A summary of Google’s scope of data and usage parameters for data collected can be found here: https://policies.google.com/privacy#infocollect.

3.4 Category 3: Functionality Cookies

  • email – holds customer’s email address (which is used as the login/account name); expires 2 (two) years after last visit to website.
  • OptanonAlertBoxClosed – remembers if you have closed the Cookie Preferences Alert Box.
  • OptanonConsent – records a user’s consent and preferences for cookie settings.
  • _dc_gtm_UA-40403013-1 – this cookie is associated with Google Tag Manager and remembers your decisions in regard to targeting and analytics (as described in Category 4).

Category 3 cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. Category 3 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we wish to maintain the functionality and easy usability of our website. You can directly control the collection of Functionality Cookies via the Cookie Settings option in the TaxCalc website’s footer area.

3.5 Category 4: Targeting or Advertising Cookies

  • Google cookies – gac, gads, DSID, FLC, AID, TAID and exchange_uid; expires 2 (two) years after last visit to website.
  • LinkedIn cookies – bizo_bzid, _bizo_cksm, _bizo_np_stats; expires 6 (six) months after last visit to website.
  • Facebook (including Instagram) cookies – Pixel; expires 180 (one hundred and eighty) days after last visit to website.
  • Twitter cookies – Universal Website Tag; expires 90 (ninety) days after last visit to website.
  • AdRoll cookies – __utmb; expires 26 (twenty-six) months after last visit to website.
  • Reddit cookies – rdt_uuid (Pixel), expires 90 (ninety) days after last visit to website.

Category 4 cookies are implemented on the lawful basis of legitimate interest as described in the GDPR and the DPA18. You can directly control the collection of Targeting or Advertising Cookies via the Cookie Settings option in the TaxCalc website’s footer area.

When you visit our website we use these cookies to collect information about your activities that may personally directly or indirectly identify you. This information may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We may use the information we collect to serve you more relevant advertisements (referred to as ‘Retargeting’) or to measure ‘Conversions’ on our site. This information can include where you saw the ads we serve you and what ads you clicked on.

3.5.1 We use Google’s third party audience data, such as interests and commonly visited websites, to better understanding the behaviour of our customers. For example, you may see our ads on other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.

3.5.2 We use social network cookies from LinkedIn, Twitter, Reddit and Facebook (including Instagram). These cookies may store anonymous demographic and conversion data from the relevant social network. For example, LinkedIn data can include company size, industry, job function and seniority level but does not include any personally identifiable information.

3.5.3 We use AdRoll to place cookies on your browser for targeted advertising purposes. These cookies track device and browser information, as well as activity on the TaxCalc website, to help target our ads based on information AdRoll have collected.

3.6 ASPL uses a third party processor (OneTrust) to manage cookie management in our website. OneTrust are a Data Processor as detailed in their own privacy policy.

Please note that OneTrust’s servers are located outside the United Kingdom (UK) and the European Economic Area (EEA) and as such data gathered will likely leave the UK and the EEA as it is processed. OneTrust have rigorous protections in place, as described in their privacy policy.

3.7 There are general options (unrelated to ASPL) available for opting out of various web services’ automated collection of information. Examples on how to do this can be found at http://www.youronlinechoices.com/uk/.

3.8 The TaxCalc website’s essential operating system processes functional data in order to operate, which may include data determined to be personal data (for example, IP addresses). These functions are not based on cookies. Any personal data collected in this manner by the fundamental website logging are performed on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as such logging is required for the website’s continued operation. It will also be automatically deleted within four weeks. Nevertheless, you can contact compliance@taxcalc.com to object to this processing.

3.9 When entering an address into our website, we offer the ability to lookup Your address using a postcode. This functionality is provided by sharing the postcode with a third party application programming interface (API) provided by AFD Software Limited (http://www.afd.co.uk/) based in the Isle of Man.

3.10 We may use a third party processor (Unbounce) to implement website advertising / landing pages that can collect personal contact information from prospective customers. The data is only collected if the data subject opts in and provides the information. In addition to contact information, Unbounce may collect additional information such as IP address, date and time, operating system and device type information. Unbounce are a Data Processor and do not use the personal contact information (lead data) collected for their own purposes (as detailed in their privacy policy).

Please note that Unbounce’s servers are located in the European Economic Area (EEA) and as such data gathered will likely leave the UK as it is processed. We have a specific agreement with Unbounce to treat any personal data gathered with maximum adherence possible to UK data protection regulations.

3.11 ASPL uses a third party (SmartVault) that manages the ‘Document Manager powered by SmartVault’ product. SmartVault Software Ltd’s own EULA, Privacy Policy and Terms of Service govern SmartVault’s agreements with You and their usage of Your data. See Sections 6.8 and 6.9 for more details.

3.12 ASPL uses a third party (Equifax) that manages the Anti-Money Laundering Identity Checking Service. See the Equifax Customer Licence (ECL) for more details.

3.13 ASPL uses a third party (CoSchedule) to help administer our social media accounts. Therefore, metrics gathered by your interaction with our social media accounts (LinkedIn, Twitter and Facebook (including Instagram)) will be processed through CoSchedule’s infrastructure, the treatment of which is described in their privacy policy. 

3.14 ASPL uses a third party (Microsoft Clarity) to record website user behaviour. Website areas or fields that contain or could contain sensitive or personally identifying data are masked to ensure that no data of this type is recorded.

3.15 Any personal data or other information that is collected by, or which you choose to provide any third party website will be subject to the privacy policy of the operators of the third party website. ASPL is not responsible for the use or protection of personal data you disclose to a third party website operator, even if reached from an TaxCalc website.

3.16 Any site that is an ASPL co-branded website will clearly identify both ASPL and the third party, and any personal data or other information collected through these co-branded sites may be collected and used by both ASPL and the third party unless otherwise stated on that co-branded site.

3.17 The TaxCalc website may provide links to third party websites. If you click on a banner advertisement or third party link, the "click" will take you off the TaxCalc website. Once you leave any the TaxCalc website, any information that you provided to us remains with us and is not forwarded to the next site to which you have linked. Further details of links to other websites can be found in the Website Disclaimer.

4 TAXCALC WEBSITE REGISTRATION & PURCHASING

This Section covers the personal data collection and usage that occurs when registering on the TaxCalc website and purchasing TaxCalc products and/or services.

4.1 Certain personal data, such as names, contact details and online identifiers, are required for us to supply products and services that you have requested, carry out an agreement with you or take any steps that you have requested. These actions in regard to personal data are performed on the lawful basis of contract as described in the GDPR and the DPA18.

4.2 We are obliged to record your IP address by HMRC as an online merchant, in order to determine your country of purchase under the EU VAT MOSS Regulations. To determine this information your IP address is shared with a third party application programming interface (API) provided by Maxmind Inc. (https://www.maxmind.com/en/home) based in the USA. These actions in regard to personal data are performed on the lawful basis of legal obligation as described in the GDPR and the DPA18 and ASPL only retain the data for the duration of the ordering process.

4.3 When purchasing the ‘Document Manager powered by SmartVault’ product, there is an initial transfer of data from TaxCalc to SmartVault to help set up the account. This includes Your: name, company name, email address and phone number. The account activation process is handled by SmartVault and TaxCalc does not receive any data submitted during said activation process.

4.4 We may also use your personal data for the following direct marketing purposes. These actions in regard to personal data are performed on the lawful basis of consent as described in the GDPR and the DPA18.

Examples include where you have given us appropriate permission to:

  • advise you about new ASPL products and services, as well as special discounts on ASPL products and services
  • provide business, sector and market-relevant news updates
  • advise you about offers from other companies that ASPL feels may be of interest to you, such as AccountingWEB, ICAEW, ICPA, Accountex, AAT. (In these instances, ASPL forwards the offer to you.)

Additionally, the following contact methods have been separated out for the purposes of direct marketing consent:

  • via email (ASPL’s default contact method)
  • via telephone
  • via mail

4.5 The permissions described in Section 4.4 regarding use of your personal data can be managed in the Your TaxCalc Account area of the TaxCalc website. If you want to give or withdraw your consent to receiving marketing materials in any medium, simply notify ASPL (see Privacy Policy Questions, Updating Your Personal Data and Preference Notifications, below). If you advise ASPL that you do not want to receive any Marketing materials at all, ASPL shall not be able to provide you with information concerning special discounts and offers for which you may be eligible, advisories regarding new products or services that may be of interest to you or warnings regarding impending government deadlines.

4.6 ASPL uses third party processors (Pure360 and Campaign Monitor) to implement our email campaigns. The third party processors do not use the email addresses stored for their own purposes; they are purely Data Processors.

Please note that Campaign Monitor’s servers are located outside the United Kingdom (UK) and the European Economic Area (EEA) and as such data gathered will likely leave the UK and the EEA as it is processed. We have a specific agreement with Campaign Monitor to treat any personal data gathered with maximum adherence possible to UK data protection regulations.

Both Pure360 and Campaign Monitor use tracking technologies to monitor the performance of the email campaigns (for example, if an email was opened or not), which is in turn provided to ASPL (described in Campaign Monitor’s Privacy Notice and Pure360’s Licence Agreement). It is possible to object to this processing by not consenting to or opting out of our marketing email channels (see Section 4.4).

4.7 ASPL may also upload email addresses in hashed format to social media platforms (Facebook (including Instagram), Twitter, LinkedIn and the intermediary Adroll) in order to help target specific ad campaigns to sectors. These actions in regard to personal data are performed on the lawful basis of legitimate interest as described in the GDPR and the DPA18, as we wish to specify the relevance of any material users may encounter. You may disable this by logging into Your TaxCalc Account on the TaxCalc website and unticking the ‘Online advertising’ tickbox.

4.8 By default, data is retained for as long as you are an ASPL customer and for a further seven years thereafter. However, your account will be marked as dormant following four years’ inactivity and you will not be contacted following this time for Additional Purposes.

4.9 Credit/debit card and Direct Debit payments

4.9.1 ASPL uses Trust Payments Limited (formerly Secure Trading) to handle card payments, who are audited by the Payment Card Industry Security Standards Council (PCI-SSC). In the case of a Pay By Instalment Arrangement (and only when specifically arranged as such under our Terms & Conditions of Sale), ASPL only acquires an authorised token from the card payment processor for use in recurring payments – your full card details are still only held with Trust Payments Limited.

4.9.2 ASPL uses Access Paysuite Limited to handle Direct Debit payments and these payments operate under the Direct Debit Guarantee. Direct Debit payments always operate as a Pay By Instalment Arrangement (as described in our Terms & Conditions of Sale). As required by Bacs, ASPL will retain Your Direct Debit details on our systems and share these details with Access Paysuite Limited.

4.10 ASPL uses third parties for the purpose of lead generation. However, non-company data (i.e. data pertaining to individuals) is filtered out during the process and deleted.  Only company data is then retained by ASPL.

5 TELEPHONE CALLS, EMAILS AND OTHER COMMUNICATIONS TO OR FROM ASPL

This Section covers the personal data collection and usage that occurs when:

  • contacting or being contacted by ASPL to support TaxCalc products and/or services
  • contacting or being contacted by ASPL to sell or market TaxCalc products and/or services
  • contacting or being contacted by ASPL in relation to other circumstances, such as interacting with TaxCalc at an online event (for instance a webinar) or physical event (for instance a trade show).

5.1 During the course of investigating a technical issue or answering a query, pertinent notes will be kept on your CRMS file to record the process and resolution. These notes will be treated as per Section 1.5.

5.2 Any databases, XBRL files, tax returns or sets of accounts sent to us during the course of investigating a technical issue, and any information contained therein, will be destroyed following the resolution of your technical issue. A note will be kept on your file to record the resolution. Should you use our 'Upload a File to TaxCalc' facility in the My Account area of the website, any files uploaded (by yourself or ASPL) will remain available for a maximum of 14 (fourteen) calendar days before automatic deletion (though you may delete any uploaded files at any time manually).

5.3 In order to provide you with support on any technical issues that you may encounter, we may carry out the following to help diagnose and remedy the issue:

  • Ask to initiate a debug log. This collects 'debugging' information from your computer and TaxCalc, including login strings and configuration data. This is used to help locate, diagnose and troubleshoot operating problems.
  • Ask for you to send a health check. This gathers information about your computer itself, such as its name, OS version details, installed programs and the like. This is also used to help locate, diagnose and troubleshoot operating problems.
  • Ask for you to send an anonymised tax return directly from the TaxCalc software. You also have the option to send us the tax return without anonymising the data, should you wish. This is normally used to help deal with specific tax return issues.
  • Ask to access your system via a remote login service. This service will be provided by a third party under license with and operated by ASPL. The third party will also abide by their own Privacy Policy. ASPL may record these sessions for up to 12 (twelve) weeks. This kind of service is used to remotely navigate your computer in order to troubleshoot complex issues, as well as to securely transfer files between TaxCalc and yourself.
  • Ask to access your CloudConnect database directly. This kind of service is used to directly assess and troubleshoot complex CloudConnect database issues.
  • Liaise with and transfer data, including personal data, with the third party SmartVault, specifically in relation to issues related to the Document Manager powered by SmartVault service.
  • Liaise with and transfer data, including personal data, with the third party Equifax, specifically in relation to issues related to the Anti-Money Laundering Identity Checking Service.

In any of these situations, TaxCalc remains the Data Processor maintaining the service or product on the instruction of the Data Controller.

5.4 In the event that you contact us or we contact you, calls (including videoconferencing calls and contributing to webinar events) may be recorded and/or live monitored to:

  • help train ASPL staff;
  • establish the facts in the event of a complaint, either by a customer or a member of staff, and so assist in resolving it;
  • assist in quality control to identify any issues in processes, with a view to improving them;
  • assist in identifying and developing product modules;
  • allow for a distributable recording of webinars;
  • provide evidence of your order or transaction with us;
  • ensure that we comply with relevant regulatory procedures;
  • prevent or detect crime, and protect the interests of national security;
  • investigate the unauthorised use of and secure the effective operation of our telecommunications system.

5.5 Certain personal data, such as names and contact details, may inevitably be recorded as a matter of course during calls. These actions in regard to personal data are performed on the lawful basis of legitimate interest as described in the GDPR and the DPA18.

  • 5.5.1 As far as is feasible, we recommend using virtual or blurred backgrounds during videoconferencing calls, to minimise accidental personal data collection.
  • 5.5.2 Call recordings are kept for up to 6 months, unless specifically stated otherwise.
  • 5.5.3 Image/Audio Use Agreement: Where you have specifically agreed to it, for example by registering for a TaxCalc online event that includes the capacity for ‘calling in’, the following rights and permissions are given to Acorah Software Products Ltd (“ASPL”). ASPL has the right and permission to take, use, re-use, publish, and republish photographic portraits/pictures and recorded image/voice of you or in which you may be included. The parameters will be described in your specific agreement. You waive any right that you may have to inspect the finished product or products or other matter that may be used in connection with them or the use to which they may be applied. You agree to hold harmless ASPL and all persons acting with ASPL’s permission or authority, from any liability by virtue of any alteration, whether intentional or otherwise, that may occur or be produced in the taking of such photographic portraits/pictures and recorded image/voice, as well as any publication of them, including without limitation any claims for libel or violation of any right of publicity or privacy. Any personal data collected by ASPL in this way is done so under the lawful basis of contract and will be kept for a period of five years. Usage of personal data for marketing purposes is under the lawful basis of consent, where you consent to its usage in media (including websites, social media, emails, computer applications and physical marketing) for a period of three years.

5.6 ASPL uses third party processors in relation to telephone calls, videoconferncing call and hosting webinars.

  • 5.6.1 Overline and TelcoSwitch are used for the provision of telephone calls and to store telephone call recordings. These third party processors do not use any data stored for their own purposes; they are purely Data Processors as described in the Overline and TelcoSwitch Privacy Policies. Please note that TelcoSwitch’s telephony servers are located inside the United Kingdom (UK) and as such data gathered will remain within the UK as it is processed. All data is encrypted while in transit and at rest. Call recordings are kept for up to 6 months, unless specifically stated otherwise.
  • 5.6.2 Microsoft Teams is used for the provision of videoconferencing calls and hosting webinars, and to store videoconferencing call and webinar recordings. Microsoft is an independent Data Controller as described in their Privacy and Microsoft Teams documentation.

5.7 ASPL uses a third party processor (Signable) for the purpose of processing electronic signatures for its own business purposes. Signable are a Data Processor as detailed in their own privacy policy.

6 TAXCALC SOFTWARE USAGE

This Section covers the personal data collection and usage that occurs when using the TaxCalc products and/or services.

6.1 Personal data can be included within data gathered about your systems once you have purchased a product via the licensing mechanic. This data is collected whenever the app licenses, typically when the app is opened or updated and connected to the internet. This data includes your type of operating system and its version, your IP and MAC addresses, size and schema version details of your database and details of your operating environment. Where there is personal data involved these actions are performed on the lawful basis of contract as described in the GDPR and the DPA18.

6.2 When licensing software products via the internet, any information collected in this process will be transmitted over a secure connection to our servers. The anti-piracy routine generates a unique key that is transmitted to our server during the activation process and is used to identify the computer upon which you run your TaxCalc software. All data contained within the key is encrypted.

6.3 At no stage will ASPL hold for posterity any information that you enter into the TaxCalc software (such as the contents of a tax return, filing credentials, accounting information and so on), other than in the specific role of Data Processor in a CloudConnect Service (see Section 7 for more details). You are responsible for keeping appropriate copies of your own data.

6.4 To help us improve our products and services and develop new ones, we also create aggregate pseudonymised data from Your usage of the product, that may use your personal data but in a manner that does not automatically identify you as an individual. Some of this information will be collected by third party processors as detailed within this Privacy Policy. Where there is personal data involved these actions are performed on the lawful basis of contract as described in the GDPR and the DPA18. Data collected may include:

6.4.1 System Information, such as: operating system & platform information such, print settings, hardware and architecture information such as screen resolution, graphics card and CPU type, geographical information and Java environment information.

6.4.2 Product Usage Information, such as: the number of users, what modules are opened/closed over time, page usage statistics and executable action metrics covering how areas of modules are interacted with (not the content), and the number of concurrent users within modules.

6.4.3 Analytics Information, such as: the number of clients and contacts recorded, the number of clients in relation to each module, the number of HMRC API Fetch Requests performed (not the content), the number and types of tax return and fields that you have used (not the content).

6.4.4 Exception: Note that where data is being collected to track consumption of instances, credits or allotments (as per Sections 2.4, 2.7 and 3.2 of the EULA), this specific data collection is applied to a relevant account and is not therefore aggregate or pseudonymised.

6.5 We create obfuscated data sets extrapolated from CloudConnect databases, for the purposes of performance testing and quality assurance (including testing data integrity and architecture resilience). These data sets are entirely obfuscated using data masking methodology and contain no personally identifying information.

6.6 ASPL uses a third party processor (Signable) to implement its esigning service. Signable are a Data Processor as detailed in their own privacy policy.

On occasion, ASPL will interrogate the data transmitted via the Signable API in order investigate and resolve customer queries regarding the service. This necessarily includes accessing any personal data included within a given API call and/or envelope. This is only ever performed as an individual assessment and any information contained therein, will be destroyed following the resolution of your technical issue. A note will be kept on your file to record the resolution. 

6.7 When using TaxCalc eSign and TaxCalc Communications Centre products, be aware of the Taxcalc eSign and Communications Centre Acceptable Use Policy (eAUP) which can be found in Section 7.8 of the End User Licence Agreement.

6.8 On occasion, ASPL will interrogate the data held with or transmitted to or from SmartVault, in order to investigate and resolve customer queries regarding the service. This necessarily includes accessing any personal data included within a given document and its metadata. This is only ever performed as an individual assessment and any information contained therein, will be destroyed following the resolution of your technical issue.  A note will be kept on your file to record the resolution.

6.9 You remain the Data Controller for personal data uploaded to SmartVault, with ASPL acting as Data Processor for the purposes set out in Sections 3.11 and 4.3. The GDPR and the DPA18 defines both Data Controller and Data Processor as applicable terms. Please ensure you are familiar with SmartVault Software Ltd’s own Privacy Policy.

6.10 HM Revenue & Customs perform Transaction Monitoring (TxM) to assist them in fraud prevention and to protect taxpayers from infringement of their personal data. In order to do this HMRC have mandated that software providers generate and submit audit data to HMRC, as part of any submission or request for information using the Making Tax Digital API services (for example, submission of MTD VAT Returns and MTD Self Assessment). The audit data requested consists of machine data from the workstation used to make the submission. Some of this data may be classified as Personally Identifiable Information as per the GDPR definitions. Examples of the data sent are listed below:

a. Public IP address

b. Public Port

c. Device ID

d. User ID

e. Timezone

f. Local IP

g. Screen Resolution

h. Window Size

i. User Agent

HM Revenue & Customs treat this information as described in their Transaction Monitoring Privacy Notice.

ASPL act as Data Controller for this information as per the GDPR and the DPA18 and it is performed under the lawful basis of legal obligation. The data is generated at the point of submission on your workstation and is then discarded; none of the information gathered in this manner is retained by ASPL.         

6.11 As a recognised Gold Partner with Microsoft, you should be aware that there are very limited instances under our contract where we are required to disclose if, during the course of our business, it is discovered that a customer is violating a Microsoft licence agreement or does not have sufficient Microsoft licences. These actions in regard to personal data are performed on the lawful basis of contract as described in the GDPR and the DPA18.

6.12 ASPL limits the processing of data by third parties wherever possible. The TaxCalc program itself runs on Windows, Mac and Linux operating systems (OS). ASPL is not responsible for additional privacy stipulations and policies of the parent companies of these OS providers when using their operating systems.

6.13 All names and companies listed in the demonstration database for the TaxCalc product are fictitious. No identification with actual persons or companies is intended or should be inferred.

6.14 Where you choose to use API services, TaxCalc may collect audit data on your usage of that API.

  • 6.14.1 Where there is personal data involved these actions are performed on the lawful basis of contract as described in the GDPR and the DPA18. This audit data:
    • 6.14.1.1 will consist of metadata regarding the operation of the API, such as usage event times, relevant user IDs, success metrics and equipment identification data.
    • 6.14.1.2 may be shared with the relevant API provider.
  • 6.14.2 On occasion, ASPL will interrogate the data transmitted via API services in order to investigate and resolve customer queries regarding the service. This necessarily includes accessing any personal data included within a given API data transfer. This is only ever performed as an individual assessment, and any information contained therein will be destroyed following the resolution of your technical issue. A note will be kept on your file to record the resolution.

7 CLOUD CONNECT DATA

This Section covers the personal data collection and usage that occurs when using the TaxCalc Cloud Connect service.

7.1 ASPL is the Data Processor with regard to personal data within the scope of the Cloud Service Agreement (CSA), and processes personal data solely for the purpose of the provision of the Services under the CSA. For more details, please review the Cloud Service Agreement Attachment 3: Data Protection.

7.2 ASPL uses Mythic Beasts Limited to provide main server provision and AWS to provide backup server provision, respectively, for our Cloud Connect Service, under licence with and operated by ASPL.

 

8 OTHER DATA COLLECTION AND USAGE

This Section covers the personal data collection and usage that occurs in other circumstances.

8.1 Surveys: ASPL may ask you to participate in a survey or provide additional personal data that will enable us to better understand and serve your needs.

8.1.1 Any information request marked as optional gives you the freedom to decide whether to respond and you will also be given the option to either supply information anonymously (to be used as aggregate data only) or not (in which case it is supplied on the lawful basis of consent). Please keep in mind that all information you choose to provide may be used to personalise and improve our customer service operations. Whether aggregate or not, the data will only be kept for three years.

8.1.2 ASPL occasionally uses a third party processor (Survey Monkey Inc.) to implement our surveys. Survey Monkey Inc. are a Data Processor as detailed in their own privacy policy.

Please note that Survey Monkey Inc’s servers are located outside the United Kingdom (UK) and the European Economic Area (EEA) and as such data gathered will likely leave the UK and the EEA as it is processed. Survey Monkey Inc. have rigorous protections in place, as described in their privacy policy.

8.2 Images: ASPL may ask you to participate in a photo shoot, video interview or similar. In these instances we will always ask you to complete either an IRF (image/audio release form, for a one-off occasion) or a MRF (model release form, for ongoing engagements). The details are contained within each form but both include an agreement under the lawful basis of contract for personal data processing and agreements under the lawful basis of consent for marketing. You can email compliance@taxcalc.com to enquire or make changes to these data protection agreements.

8.3 ASPL may engage third party services such as Experian B2B Prospector that will send marketing content to their own database of businesses on our behalf. Please note receipt of content from Experian B2B Prospector is managed via their own privacy policy and consent options. ASPL does not obtain any personal information directly from Experian B2B Prospector and changes to your Experian contact subscriptions will not affect your ASPL contact preferences.

8.4 In the case of visitors identified by our website analytics as using business IP addresses, we may also use publicly available information on those businesses to contact them and offer further aid in reviewing and purchasing TaxCalc products. This does not apply to personal customers or consumers, only businesses and practices registered with Companies House.

8.5 If you submit a Curriculum Vitae via the TaxCalc Careers page at https://www.taxcalc.com/careers, please be aware that we will retain this information for up to 6 (six) months and then remove it from our systems. These actions in regard to personal data are performed on the lawful basis of consent as described in the GDPR and the DPA18.

9 PROTECTION OF PERSONAL DATA

9.1 All personal data is collected and stored in a secure manner and is used strictly in relation to this policy, any other applicable ASPL policies (such as Terms & Conditions of Sale, EULA and/or CSA) and your stated privacy preferences. 

9.2 For a full description, please see the Information Security Policy.

10 PRIVACY POLICY QUESTIONS, UPDATING YOUR PERSONAL DATA AND PREFERENCE NOTIFICATIONS

10.1 We encourage you to provide feedback on, and to ask questions about, this Privacy Policy, as well as to review and update your personal data as maintained by ASPL.

10.2 Our ICO registration reference is Z896266X and our registered Data Protection Officer is Ian Belcher. The registered address is TaxCalc, Rubra One, Mulberry Business Park, Fishponds Road, Wokingham, RG41 2GY. Tel: 01189364855, Email: compliance@taxcalc.com

10.3 Our online Information Security Policy covers our security stance and provides details of the measures taken to protect personal and non-personal data. 

10.4 At any time you may change your preferences as to the use of your personal data or receipt of Marketing Materials. You may also as an individual request copies of the personal data held by ASPL, though some types of information may not be disclosed to individuals where exemptions under law apply (e.g. information relating to third parties in particular circumstances).

All such communications and inquiries should be sent to compliance@taxcalc.com or mailed to the Compliance Team, Acorah Software Products Limited, Rubra One, Mulberry Business Park, Fishponds Road, Wokingham, RG41 2GY. Please be sure to include sufficient information for us to verify your identity, locate your file (if applicable) and respond to your inquiry. You should also include your mailing address if you would like us to send you any written materials.

10.5 ASPL reserves the right to take reasonable steps to verify any requests for personal data it receives.

 

Copyright ©2024 Acorah Software Products Limited. All Rights Reserved.