This itsettled mobile software application ("App") is brought to you by Itsettled Limited ("we", "our", and "us"), a limited liability company incorporated in England and Wales with registration number 12349749 and its registered office at Trym Lodge 1 Henbury Road, Westbury On Trym, Bristol, United Kingdom, BS9 3HQ.
This policy describes how we use personal data of:
a) Our clients ("Clients"); and
b) Representatives of our clients ("Client Representatives"),
who are individuals (ie natural persons) and not corporate bodies.
This policy therefore applies to information relating to sole traders and partnerships but not to information relating to limited liability companies. It also applies to representatives of clients, regardless of whether the client is a natural person or a corporate body, who are individual persons. This is because Data Protection Laws only apply to information relating to natural persons. Information relating to corporate bodies may still be protected by other laws such as confidentiality and we take those obligations seriously as well.
We are a controller of your information if you fall within one of the above categories, which means that we are responsible for looking after it. We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the Data Protection Laws.
We may also process information relating to customers of our clients. However, we are not controllers of this information as we only process it on the instructions of our clients, as their processors. Our clients are the controllers of such information therefore please refer any questions you may have relating to the use of this information to the relevant client who provided it to us.
If you have any questions in relation to this policy or generally how your personal data is processed by us please contact our [Manager/Data Protection Manager][other appropriate contact] by letter addressed to: [Manager/Data Protection Manager, insert address here]; or by email at [Company email].
Under the Data Protection Laws, we are required to explain what information we collect from you and how and why we use your personal information (the "processing activity"). We are also required to have a "lawful basis" on which to process your personal information. This is summarised in the table below.
Please note that where the same information is used for more than one purpose, and the relevant purposes have different retention periods, we will hold that information for the longer retention period.
We have determined, acting reasonably and considering the circumstances, that we are able to rely on legitimate interests as the lawful basis on which to process your personal information in certain circumstances (we have stated this above and set out our legitimate interests). We have reached this decision by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual.
We consider that it is reasonable for us to process your information for the purposes of our legitimate interests outlined above as: (a) we process your information only so far as is necessary for such purpose; and (b) it can be reasonably expected for us to process your information in this way.
We may disclose your personal data to:
other companies within our group, but only for the purposes specified in this policy;
if you are a Client, the Client Representatives you authorise;
if you are a Client, the debtors in relation to whom you use our services, to the extent required to provide the services;
if your are a Client Representative, the Client you represent;
prospective buyers and funders of our business or assets;
a third party who acquires our business, assets or a part of them which requires the transfer of personal data for its continued operation;
our app hosting, administration and development service providers;
our business IT service providers including providers of hosting services and enterprise software;
our payment services providers to process payments due to us;
our advisors and consultants including lawyers, accountants and financial advisors in order for them to advise us in relation to our business;
marketing services providers who send marketing on our behalf;
debt collection / claims handing agencies which we may engage to collect sums due to us;
fraud prevention agencies for the purposes of enforcing our rights and for detecting and preventing unlawful activities;
[credit reference agents]
law enforcement and regulatory agencies, including HMRC, in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law;
courts and tribunals where required for progressing claims;
administrators or liquidators in the event that our business goes into administration, liquidation or a similar procedure;
The information which we collect about you may be transferred outside the United Kingdom for the purposes of [insert purposes of transferring the data, e.g. to provide users with technical support]. Specifically, your data may be transferred to [insert name of third party company] who is based in [insert country outside of UK] which [is][is not] a country that the UK Secretary of State has deemed to have adequate security in place. [We have therefore incorporated contractual clauses, in accordance with the Data Protection Laws, into our contract with [data importer] to ensure the continued protection of your personal data.][Insert details of any measures taken to ensure protection of personal data transferred outside of the UK.]
We will use technical and organisational measures to safeguard your personal data, for example:
access to your account is controlled by a password and username that are unique to you;
we store your personal data on secure servers;
[payment details are encrypted using SSL technology];
You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. You may contact us using the details at the beginning of this Policy to exercise any of these rights.
In some instances, we may be unable to carry out your request, in which case we will write to you to explain why.
If you have any concerns regarding our processing of your personal data, or are not satisfied with our handing of any request may by you, or would otherwise like to make a complaint, please contact our [Manager/Data Protection Manager] in the first instance using the details at the start of this policy, so that they can do their very best to sort out the problem.
You can also contact the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk.