top of page

Privacy Policy

Privacy Policy for DataOwl

Privacy Policy

At Data Owl Ltd (“we, “us, “our” “DataOwl”), we value and respect the privacy of our clients, customers, and website visitors. This Privacy Policy outlines how we collect, use, store, and protect your personal information in compliance with applicable privacy laws. We are committed to maintaining transparency and safeguarding your data, ensuring that your personal information is handled with the utmost care and security. By using our services or visiting our website, you agree to the practices described in this policy.

Important information and who we are

Purpose of this privacy notice

 

This privacy notice is designed to inform you about how we collect and process your personal data, including data provided through your use of this website or when you sign up for our newsletter. We encourage you to read this notice in conjunction with any other privacy or fair processing notices we may provide at specific times when we collect or handle your personal data, so you can fully understand how and why your information is being used. Please note that this privacy notice complements, but does not replace, those other notices.

 

If you have any questions regarding this privacy notice or wish to exercise any of your legal rights, please contact us at info@dataowl.tax

 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection (www.ico.org.uk). However, we would appreciate the opportunity to address any concerns you may have before you approach the ICO, so please reach out to us first.

 

It is important that the personal data we hold about you is accurate and up to date. Please notify us if your personal details change during your time with us.

 

Third-party links

 

This website may contain links to third-party websites, plug-ins, and applications. By clicking on these links or enabling these connections, you may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. When you leave our website, we recommend that you review the privacy notice of any other site you visit.

 

The data we collect about you

 

Personal data, or personal information, means any information about an individual from which that person can be identified.

 

The personal data we collect depends on our relationship with you. We collect personal data about our clients (including prospective and former clients) people associated with them and our suppliers.

 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data includes first name, last name, previous names, marital status, date of birth, gender, family details, job title, trustee status, your relationship to business/organisations and username.

  • Contact Data includes email address, address and telephone numbers.

  • Financial Data includes bank or payment card details, details of income, records of loans, personal liabilities, government identifiers, records of ownership of assets/shares, grants applied for and future beneficiaries of income from pensions and trusts.

  • Transaction Data includes payment history and credit status.

  • Technical Data includes internet protocol (IP) address browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

  • Professional Data includes any information we may collect in the course of providing our services to you.

  • Image Data includes images collected by CCTV at our sites.

 

We also collect and use Aggregated Data such as statistical or demographic data for internal purposes.

 

Occasionally, we may collect Special Categories of Personal Data about you, which may include information such as your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health details, and genetic or biometric data. This information is typically collected indirectly during a professional engagement with a client. For example, when providing financial planning services or obtaining insurance quotes on behalf of our clients, we may receive health-related information about our clients or individuals associated with them. Special Category Personal Data is subject to enhanced security measures and protection.

 

We do not typically provide services directly to children. Sometimes we are given their information when a child is set up (by a client) as a beneficiary of a trust or when a child is named when their parent or legal guardian is a client receiving our consultancy and/ or financial planning/ tax services.

We do not actively collect any information about criminal convictions and offences.

 

If you fail to provide personal data

 

If we are required by law or by the terms of a contract with you to collect certain personal data, and you fail to provide that information when requested, we may not be able to fulfil our obligations under the contract or proceed with the service (such as responding to an enquiry). In such cases, we may need to cancel the service you have with us, but we will inform you if this becomes necessary.

 

How is your personal data collected?

 

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity Data, Contact Data, Financial Data, Transaction Data, Marketing and Communications Data and Professional Data by providing it to our staff in meetings, filling in forms or by corresponding with us by phone, email, post, fax or SMS. This includes personal data you provide when you:

    • volunteer it to us in the course of using our services;

    • submit an enquiry; or

    • request our newsletter to be sent to you.

  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. Please see our cookie policy for further details.

  • Public sources. We may collect your Identity Data from public sources such as Companies House, ID Global, FAME system, and other software’s and websites which we may use to verify identification details and obtain company information during the on-boarding process. Personal data may also be obtained from social media.

  • Third Parties: We may collect your Identity Data and Financial Data from other professional service providers, such as previous accounting firms, financial service and product providers, and HMRC. If you are an individual connected to one of our business clients or prospective clients, we may also collect your Identity Data to help us provide our services or enter into an engagement. Similarly, if you are a family member or another individual associated with one of our individual clients or prospective clients, we may collect your Identity Data to deliver our services or facilitate an engagement.

  • We may also collect your Image Data when you visit our site.

 

How we use your personal data

 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • to make contact with you for the first time (for example, where you have made an enquiry to our offices);

  • where we need to perform the contract we are about to enter into or have entered into with you;

  • to promote our business services;

  • to run and collaborate with clients in running training workshops and seminars;

  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

  • to allow users to log on to the Document Exchange area of one of our websites or portals or when you make a payment online;

  • to send you information and/ or invitations to you that we think may of be of interest to you and doing so is in accordance with the law;

  • to engage, pay and deal with our suppliers or prospective suppliers;

  • to administer the security of our information systems and websites and troubleshoot errors, monitor the effectiveness of changes and generally make sure our website works well for you;

  • where we need to comply with a legal or regulatory obligation, including in relation to money laundering; and

  • as a data processor on behalf of our clients where we provide payroll services (in this case, the data controller is our client and their privacy notice will apply).

 

In most cases, we do not rely on consent as there is a legal basis for processing your personal data, except when it comes to sending third-party direct marketing communications via email or text message. You have the right to withdraw your consent for marketing at any time by contacting us.

 

Where permitted by law, and in line with the purposes outlined in this privacy notice, we may process personal data without the individual's knowledge.

 

Personal Data we process about you

 

If you are a prospective customer, we may process the following:

  • First name;

  • Last name;

  • Job title;

  • Company name;

  • Web site address;

  • Email address;

  • Telephone number;

  • Dietary requirements (if you are attending an event where food is provided);

  • Banking details (if relevant to the service);

  • Tax filing details (if relevant to the service);

  • Any further personal data that you choose to provide in your initial enquiry;

  • Any further personal data that you choose to provide during subsequent discussions whether by phone, email or letter.

 

If you are a personal or sole trader customer, we may process the following:

  • Your name, home address and date of birth;

  • Name, home address and date of birth of any family members, advocates or other beneficiaries and connected parties;

  • Employment status;

  • Financial details such as salary, other income and investments, tax status and debt level.

 

If you are a business customer, we also process the following:

  • Company name and registration number;

  • Business type and industry sector;

  • Name, business address, job title, email address and telephone number(s) of all employees who may engage directly with us;

For officers of the company, beneficial owners and persons of significant control:

  • Contact details (name, home address);

  • Date of birth;

  • PEP (Politically Exposed Persons) status;

  • SIP (Special Interest Person) status.

 

If we are providing payroll services or tax return services for your employees, we will process the following personal data concerning your employees:

  • Contact details (name and address);

  • Unique identification number such as National Insurance (NI) number, Unique Taxpayer Reference (UTR) or social security number;

  • Salary, tax and deduction information.

 

If you are a supplier, we process the following:

  • Company name and registration number;

  • Business type and industry sector;

  • Company address(es);

  • Company telephone number(s);

  • Name, address, job title, email address and telephone number(s) of all employees who may engage directly with us.

 

If you contact us concerning employment whether by letter, email, LinkedIn or via our careers pages you may provide:

  • Your Curriculum Vitae (CV) containing personal data;

  • Further personal data in a covering letter.

 

If you visit one of our websites, we collect information about your computer:

  • IP address (where available);

  • Geographic location (if you allow this when prompted by your browser);

  • Operating system;

  • Browser type;

  • To enable our systems to recognise your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy.

 

If you receive marketing emails from us and interact with them, we collect:

  • Time you received the email;

  • Time you opened the email;

  • Device you used to open the email;

  • Geographical location when you opened the email;

  • Which parts of the email you interacted with.

 

If you use social media accounts which are registered using the same email address you have provided to us elsewhere, our systems enable us to link your social media accounts to your email address and so we process:

  • Links to any social media accounts you use.

 

Purpose for the processing and the lawful basis for the processing

 

We provide a wide range of business services. Most of these services require us to process personal data to provide advice and deliverables. The lawful basis for processing personal data for the purpose of providing services to our customers depends upon the context. We use one or more of the following legal bases for processing:

  • Processing necessary for the performance of a contract, or steps taken to enter into a contract with our customers;

  • To address our legitimate interests;

  • To satisfy a legal obligation.

 

Complying with any requirement of law, regulation or a professional body of which we are a member

 

As a provider of professional services, we are bound by legal, regulatory, and professional obligations. To ensure compliance with these requirements, we maintain records that may include personal data. For instance, as part of our customer due diligence procedures to comply with anti-money laundering regulations, we conduct searches to identify politically exposed persons, individuals or organizations with heightened risks, and to ensure there are no issues—such as sanctions or criminal convictions (including those of company directors and beneficial owners)—that would prevent us from working with a particular customer. Where no legal obligation exists, we process personal data based on our legitimate interest in fulfilling our regulatory obligations.

 

If you wish to become our customer (and periodically thereafter), we have a legal obligation to verify your identity. We do not need to obtain your consent to do this because it is a legal obligation imposed upon us. However, we are obliged to inform you that this will take place. We may achieve this by:

  • performing a search with a credit reference agency. This will leave a footprint on your credit file as evidence that the check has taken place. This footprint is not the same as a credit check footprint and has no impact at all on your credit rating. It just leaves a footprint that proves we have satisfied the legal obligation to verify your identity. Even when these identity checks are performed periodically their repetition has no impact on your credit rating; and/or

  • evaluation of traditional ID-check documents (passport, driver’s licence etc) and the use of an electronic signature complying with the European Union Trusted Lists (EUTL).

 

Administering, managing and developing our businesses and services

We process personal data to run our business. This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services.

 

Such processing includes:

  • managing our relationship with customers;

  • developing our businesses and services (such as identifying customer needs and improvements in service delivery);

  • maintaining and using IT systems;

  • hosting or facilitating the hosting of events; and

  • administering and managing our websites.

 

Recruitment

 

The lawful basis for processing personal data for the purpose of recruitment is our legitimate interest to develop our business.

 

When an applicant becomes an employee, their personal data is processed subject to our Internal Privacy Policy.

 

Business Development and marketing

 

The initial lawful basis for processing personal data for business development purposes is our legitimate interest in growing our business through sales and marketing activities.

 

When we first reach out to an individual or organisation, we will obtain their consent to process their personal data before proceeding further. We keep a record of the consent provided.

 

For electronic marketing messages sent to existing customers regarding similar products or services to those they have already purchased, we rely on the "soft opt-in" mechanism approved by the UK’s Information Commissioner and similar frameworks in other EEA countries. This allows us to send marketing messages to existing customers as long as they include an "opt-out" option.

 

When sending electronic marketing messages to specific individuals, we rely on consent as the lawful basis. We retain evidence of the consent given.

 

We retain personal data collected through our business development activities for as long as we believe our products and services may be relevant to prospective customers. Individuals or organisations can request to be removed from our business development system at any time.

 

Procurement of services from suppliers

The lawful basis for processing personal data for the purpose of procurement is our legitimate interest to maintain efficient and effective procurement processes.

 

Cookies

 

You can configure your browser to block all or certain cookies, or to notify you when websites set or access cookies. Please be aware that if you disable or refuse cookies, some features of this website may not be accessible or may not work as intended. For more details on the cookies we use, please refer to www.dataowl.tax/cookie-policy

 

Change of purpose

 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

 

Disclosures of your personal data

 

We may have to share your personal data with the parties set out below:

  • Our clients.

  • Governmental or similar bodies including Companies House, the Charity Commission, the Financial Conduct Authority and HMRC.

  • Providers of financial services and products.

  • Providers of insurance products.

  • Police and security services.

  • External third parties for the purpose of conflict checks and work referral, or where necessary for providing a comprehensive service to you. 

  • Third parties who carry out services on our behalf, which involve the processing of personal data, such as IT service providers.

  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

International Transfers

 

Some of our external third parties may be based outside the UK or European Economic Area (“EEA”) so their processing of your personal data may involve a transfer of data outside the UK or EEA.

Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK or European Commission; and/or

  • Where we use certain service providers, we may use specific contracts approved by the UK or European Commission which give personal data the same protection it has in Europe

 

Data Security

 

We have implemented appropriate security measures to protect your personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. Additionally, access to your personal data is restricted to employees, agents, contractors, and other third parties who need it for business purposes. They are only permitted to process your data under our instructions and are bound by confidentiality obligations. We also have procedures in place to handle any suspected personal data breaches and will notify you, as well as any relevant regulators, if required by law.

 

Data retention

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data can be requested from us at info@dataowl.tax

Your legal rights

 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. For more information on Your Legal Rights, please see below.

  • Request access to your personal data.

  • Request correction of your personal data.

  • Request erasure of your personal data.

  • Object to processing of your personal data.

  • Request restriction of processing your personal data.

  • Request transfer of your personal data.

  • Right to withdraw consent.

 

If you wish to exercise any of the rights outlined above, please contact us. You will not be charged a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is deemed to be clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with your request.

 

What we may need from you

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page.


Contact

 

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@dataowl.tax

Date

This statement was created on 7 November 2024. 

bottom of page