01633 860 021 hello@zest.tax

Privacy Policy

Zest Tax Limited takes the protection and privacy of personal data seriously. Our Fair Processing Notice’s explain how we use, protect and store personal data before, during and after being a contact of ours.

Summary

  • We respect your personal data and take its security very seriously.
  • We only hold what data we need for the purpose for which we obtained it.
  • We delete your data when it has reached the end of its retention period.
  • You have privacy rights.
  • We are happy to answer your questions. Our contact details can be found at the end of this notice.
  • Do we transfer your personal data outside of the EU or EEA?

    Your data is kept in the EU or EEA.

    Do we use any automated decision making?

    We do not use any automated decision making.

    Technical security

  • All our computers are fully encrypted, as are our phones and tablets.
  • Our preference is to use encrypted email, but we appreciate that it may not be convenient for you to do so.
  • Our web servers store user data on encrypted storage volumes.
  • Retention periods

    Server logs are kept up to one year, after which they are deleted automatically.

    Your Rights

    You have several rights in respect of our processing of your personal data, these are:

  • Access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    1. we no longer need it
    2. if we are processing your personal data by consent and you withdraw that consent
    3. if we no longer have a legitimate ground to process your personal data or,
    4. we are processing your personal data unlawfully.
    5. To object to our processing if it is by legitimate interest.
    6. To restrict our processing if it was by legitimate interest.
    7. To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
    8. If you want to exercise any of these rights, please contact us using the details below.

      For more information about how we use your personal data, please read the notice that applies best to you:

    9. I am a prospective client or a client
    10. I am just browsing your website
    11. I am a supplier
    12. I am a prospective employee
    13. I am a visitor to the office
  • Contact us

    Pembroke House, Llantarnam Park Way, Cwmbran, NP44 3AU

    01633 860 021 or hello@zest.tax

    Contact us

    You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:

    Information Commissioner’s Office
    
Wycliffe House
    
Water Lane
    
Wilmslow

    Cheshire
    
SK9 5AF

    Telephone – 0303 123 1113 (local rate) or 01625 545 745

    Website – https://ico.org.uk/concerns

    Contact us

    You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:

    Information Commissioner’s Office
    
Wycliffe House
    
Water Lane
    
Wilmslow

    Cheshire
    
SK9 5AF

    Telephone – 0303 123 1113 (local rate) or 01625 545 745

    Website – https://ico.org.uk/concerns

    I am a prospective client or a client

    Our processing is either because we have a contract with you, you wish to have a contract with us, we have a legal obligation to process the data or the processing is a legitimate activity.

    When you are a client or wish to become a client of Zest Tax, we collect and process your personal data:

  • in order to fulfil our contract for services with you
  • where the activity is a legitimate one for a business.
  • We process the following data to provide you with tax services and to contact you:

  • Name
  • Address
  • Date of Birth (DOB)
  • Home phone
  • Mobile
  • Email address
  • Financial data
  • Employment data
  • Unique Tax Reference (UTR) number
  • You have the right to unsubscribe to our marketing at any time. If you do choose to unsubscribe, we will keep your name and email address on a suppression list so that we don’t email you again by accident. If you are on our suppression list, you will still receive communications that are necessary to the performance of your chosen services, or notifications to avoid you missing deadlines and/or incurring penalties.

    In order to provide you with the most appropriate services, we may need to process the personal data of your family members (name, address, DOB and other potential personal data or financial data).

    How long do we hold your personal data?

    In accordance with HMRC guidance, we will hold the personal data that was collected for the purposes of providing you with tax services, while you are a customer and for seven years. After this, it will be destroyed.

    If you have started the process to become a client and then change your mind before the engagement process is underway we will destroy it immediately. If the engagement process has commenced we will hold your data for six years, after which it will be destroyed.

    We will hold your name, email and phone number to send you marketing information for as long as you would like us to. If you withdraw your consent, we will hold this data for five years in a suppression list so that we don’t market to you against your wishes. This is a legitimate activity for us.

    Who do we share your personal data with?

    Depending on your chosen services and our requirements, we may share your personal data with the following recipients:

  • HMRC for the purpose of providing your chosen services and responding to requests for information
  • National Crime Agency, Action Fraud and any other competent and authorised body for the prevention, detection and investigation of money laundering, fraud or terrorist financing
  • Financial Conduct Authority (FCA) for the purposes of any business activity regulated by the FCA (including Consumer Credit and Money Services)
  • Financial Ombudsman Service (FOS) to resolve any complaint or dispute involving the FOS
  • Our software, technology applications, database providers (MailChimp, IRIS Software Ltd, Microsoft) necessary for recording, securing and updating your personal details and administering services internally as well as external communications

  • Companies that verify publicly available documents and information (e.g. Credit Reference Agencies, Home Office)
  • Information Commissioners Office in the event of a request for information or breach
  • Legal advisors and consultants
  • Insurance companies
  • Any third parties you give us consent to engage with on your behalf
  • Monzo Bank for the purpose of making payments.
  • I am just browsing your website

    What data we hold

    We generate log files from various servers. This will include an IP address assigned to you or to your internet service provider.

    Technical data

    We use the logs from our servers to help with our company’s security as well as to look at visitor behaviour, for example, which website pages get the most traffic or are the most popular.

    I am a supplier

    We collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients. The personal data is generally business card data and will include name, employer name, phone, email and other business contact details and the communications with us

    We use personal data for the following purposes under legitimate interest:

  • Receiving services
  • Providing professional services to clients
  • I am a prospective employee

    We ask for personal data from job candidates to assist us with our recruitment processes. If your application is successful and you become employed by us, this information will become part of your personnel/HR file. Please note that we only accept CVs for current vacancies. We do not accept CVs sent ‘on spec’ and they will be deleted upon receipt.

    What data we hold

    As a job candidate, we will process the following information about you:

  • Name, address, contact details and work history
  • Your passport
  • Information about you from a referee
  • We also generate log files from various servers when you access our website. This will include an IP address assigned to you or to your internet service provider.
  • We use your name, address, contact details and work history to assess your application. We are processing your personal data based on your consent. If you submit your CV to us, that is a clear affirmative action that indicates to us that you have consented to us processing your personal data. We will request information about you from your referees and will use this to assess your job application.

    We will process your passport in order to check that you have the right to work in the UK. If you would prefer not to provide this information, we will not be able to assess your application.

    Third parties

    We do not transfer your personal data to third parties except the following:

  • Companies that provide services to us – Our telephone service providers will get to see your phone number if we call you and our broadband supplier which could see your email address.
  • Cloud service providers – We use a few cloud service providers, such as our accountancy software, email providers, Google and Office 365.
  • In response to a court order – It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.

  • Retention periods

  • CVs sent ‘on spec’ – are deleted or shredded on the day that they are received
  • Candidates who are unsuccessful – personal data will be retained for 6 months in case of any Employment Tribunal Claims, after which the data will be destroyed.
  • I am a visitor to the office

    CCTV

    There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to investigate an incident). We use the CCTV images for the legitimate purposes of promoting security and safety of our personnel and members of the public, preventing and detecting crime and establishing, exercising and defending legal claims. We may disclose CCTV images to law enforcement bodies as requested and permitted by data protection law.

    Visitor records

    We require visitors to sign in using a device at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to investigate an incident).

    Our legal basis for processing personal data

    By law, we need a legal basis for processing personal data.
    We process your name because we have a legal obligation. You cannot enter our office without signing in using the device. This information is held securely. We need to know who is in the building for fire regulations.

    We process your image on CCTV because we have a legitimate interest in the safety and security of our staff and visitors.

    Who do we share visitor’s information with?

    We share visitor’s information with the following, when required:

  • The police or other law enforcement agencies if we must by law or court order
  • Emergency services
  • Our legal advisors
  • Our insurance providers, and
  • Our software and cloud service providers.