This is the privacy notice of Stanley Tax Associates Limited trading as STax. In this document, “STax”, “we”, “our”, or “us” refer to Stanley Tax Associates Limited.
Our company number is: 07691766, registered in England and Wales.
Our registered head office is: 16-17 Queens Road, Brighton, BN1 3WA.
This notice is to inform you of our policy governing all information that we record about you. It sets out the conditions under which we may process any information that we collect from you or that you provide to us. It covers information that could identify you, this is known as personal data. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
We undertake to preserve the confidentiality of all information you provide to us.
Our policy complies with UK law accordingly implemented, including that required by the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website. www.staxuk.com is not used for 3rd party advertising.
The legal basis on which we process information about you
STax collects and uses clients’ personal data because is it necessary for:
• the pursuit of our legitimate commercial interests;
• the purposes of complying with our duties and exercising both your and our contractual obligations;
• complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to clients via email or text message.
Clients have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of STax, including:
• selling and supplying services to our clients;
• protecting clients, employees, other individuals and maintaining their safety, health and welfare;
• promoting, marketing and advertising our products and services;
• improving existing products and services and developing new products and services;
• complying with our legal and regulatory obligations;
• preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
• handling customer contacts, queries, complaints or disputes;
• protecting STax, its employees and clients, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us and our staff;
• effectively handling any legal claims or regulatory enforcement actions taken against us; and
• fulfilling our duties and obligations to our clients, colleagues and other stakeholders.
Information we process because we have a contractual obligation with you
In order to carry out our obligations under contract we must process the information you give us. Some of this information may be personal information.
STax may collect the following information about you:
• your name, age, date of birth and title;
• your contact details: postal address, telephone numbers (including business, personal & mobile numbers) and e-mail address;
• proof of identity and address in line with Anti Money Laundering Regulations 2017;
• feedback and survey responses, and
• your correspondence and communications with us.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Other publicly available personal data, including public records held by Her Majesty’s Land Registry (HMLR).
Some of the above personal data is collected directly, for example when you engage with us. Other personal data is collected indirectly, for example information given to us by an introducer.
We may also collect property and financial information from third parties who have your consent via a Letter of Authorisation to pass your details to us e.g. your solicitor, accountant and your tenants (if applicable).
This list is not exhaustive and in specific instances, we may need to collect additional data for the purposes set out in this notice.
Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, our products and services, you provide your consent to us to process information that may be personal information.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by contacting STax using the contact details below.
Information we process because we have a legal obligation
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order, this may include your personal information.
Cookies are small text files that are placed on your computer or other devices such as smartphones or tablets by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
How we protect your data and maintain your privacy
STax is committed to keeping your personal data safe and secure. Our security measures include:
• encryption of data;
• implementing risk management and data impact assessment analysis;
• regular cyber security assessments of all service providers who may handle your personal data;
• security controls which protect our IT infrastructure from external attack and unauthorised access;
• internal policies setting out our data security approach and training for staff.
Our service providers and suppliers.
In order to make certain services available to you, we may need to share your personal data with some of our service partners, these can include, cloud storage and IT providers.
STax only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to STax and to you, and for no other purposes.
Other third parties
Aside from our service providers, STax will not disclose your personal data to any third party unless we are legally obliged to do so. We will never sell or rent our customer data to other organisations for marketing purposes.
We may share your data with Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers to:
• comply with our legal obligations;
• exercise our legal rights (for example in court cases);
• assist in the prevention, detection, investigation of crime or prosecution of offenders; and
• assist in the protection of our employees and clients.
To deliver a full range of services to you, it may be necessary for STax to share your data outside of the European Economic Area. This will typically occur when service providers, e.g. cloud services, are located outside the EEA (Third Country) or if you are based outside the EEA. These transfers are subject to special rules under data protection legislation and regulations, for example, the EU – US Privacy Shield.
If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice will be to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed from the link below:
How long we hold your personal data
We have a legal obligation under the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR) that we will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of data.
Due to the work we do and the connection it has to Her Majesty’s Revenue and Customs (HMRC), the law requires us to keep your records for a minimum of 6 years plus current, otherwise known as 6 years +1.
Also, as our work is property and tax related our records may be identified as having historic value. The HMRC guidance on this is as follows:
“Records must only be retained beyond the default HMRC retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value. The disposal periods for records retained for extended duration must be included within line of business retention schedules.
The maximum retention period for HMRC records identified as having historic value is defined as 20 years after the last entry in the record, with an additional one calendar year for final review and transfer or destruction”.
You can still exercise your ‘Right to Erasure’, but please contact us for advice with regards to the retention of your documents.
Access to your personal information
You have a number of rights under the Data Protection Act and the General Data Protection Regulations 2018, they are:
• the right to ask what personal data that we hold about you at any time;
• the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
• the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
After receiving the request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
Removal of your information
If you wish us to remove personally identifiable information, please contact us at the details given below.
Verification of your information
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
• to provide you with the services you have requested;
• to comply with other law, including for the period demanded by our tax authorities;
• to support a claim or defence in court.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website.
If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
Phone us on: – 020 7147 9940
email us at: – email@example.com
Write to us at: – STax, 16-17 Queens Road, Brighton, BN1 3WA
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk
What is a Cookie?
Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular client and website and can be accessed either by the web server or your computer, smart phone or tablet. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
What is in a Cookie?
Each cookie is effectively a small lookup table containing pairs of values. Once the cookie has been read by the code on the server or client computer, the data can be retrieved and used to customise the web page appropriately.
When are Cookies Created?
Writing data to a cookie is usually done when a new web page is loaded – for example after a ‘submit’ button is pressed the data handling page would be responsible for storing the values in a cookie. If the user has elected to disable cookies then the write operation will fail, and subsequent sites which rely on the cookie will either have to take a default action or prompt the user to re-enter the information that would have been stored in the cookie.
Why are Cookies Used?
Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage. Storing the data on the server without using cookies would also be problematic because it would be difficult to retrieve a particular user’s information without requiring a login on each visit to the website.
If there is a large amount of information to store, then a cookie can simply be used as a means to identify a given user so that further related information can be looked up on a server-side database. For example, the first time a user visits a site they may choose a username which is stored in the cookie, and then provide data such as password, name, address, preferred font size, page layout, etc. – this information would all be stored on the database using the username as a key. Subsequently when the site is revisited the server will read the cookie to find the username, and then retrieve all the user’s information from the database without it having to be re-entered.
How Long Does a Cookie Last?
The time of expiry of a cookie can be set when the cookie is created. By default, the cookie is destroyed when the current browser window is closed, but it can be made to persist for an arbitrary length of time after that.
How Secure are Cookies?
There is a lot of concern about privacy and security on the internet. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. Whilst it is possible that this information could be made available to specific third-party websites, this is no worse than storing it in a central database. If you are concerned that the information you provide to a web server will not be treated as confidential then you should question whether you actually, need to provide that information at all.
How to Manage cookies
If using Internet Explorer, for example you select Tools then choose Internet Options. On the general tab you will see a section titled Browser History. Click Settings then choose View Files
If you’re using a browser other than Internet Explorer, you can visit the following cookie pages on each browser Web site to find out how to manage your cookies when using Firefox, Opera, or Safari.
• Firefox: Firefox Help: Firefox’s Cookie Options
• Opera: Security, Privacy and Cookies in Opera
• Safari: Safari Help Managing cookies
Depending on what cookies you disable, websites may not operate as well as if cookies were enabled.