- We are committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we will handle your personal data.
- Our website incorporates privacy controls which affect how we will process your personal data. We do not use any client or client employee data for any purposes other than those contracted in our services agreements.
- This document was created using a template from SEQ Legal (http://www.seqlegal.com).
- How we use your personal data
- In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you or your employer, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
- Any data provided to us for the purpose of providing our services (including but not limited to payroll processing services) will be used only for that purpose.
- If you use our website (www.yourportico.com) for submission of data for the purposes of us delivering a service to you, your data will be stored and processed in accordance with the policies of www.yourportico.com. Data received in other formats will be processed in accordance with the services contracted between us and you or your employer. These services are considered essential for the running of your or your employer’s business and for you of your employer to be compliant with statutory regulations. You or your employer have contracted for us to maintain such compliance and process the data received by us for that purpose only.
- The legal basis for this processing is consent by you either as the employer to remain compliant with legislation and obligations as an employer under defined government requirements (including, but not limited to HMRC requirements) or you as the employee under the conditions of your employment so that you are paid lawfully under the present government regulations.
- We may process your or your employees’ personal data that is provided in the course of the use of our services ("service data"). The service data may include personal information required to process payroll and related services in a manner compliant with statutory regulations and to ensure that you or your employees are legally allowed to work in the UK. The source of the service data is you or your employer. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent.
- We may process information contained in any enquiry you submit to us regarding products and/or services ("enquiry data"). The enquiry data may be processed for the purposes of providing an agreed service to you or responding to your enquiry. The legal basis for this processing is consent.
- We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
- We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely providing the named services to our clients and communicating with users of our services.
- We may process any of your personal data identified in the other provisions of this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
- In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- Please do not supply any other person's personal data to us, unless we prompt you to do so or it is necessary in order for us to perform the services contracted between us and you or your employer.
- Providing your personal data to others
- We will not disclose your personal details to any third parties without your prior written consent with the exception of those third parties and government agencies to whom the supply of such data is essential for us to perform the agreed services.
- We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
- Financial transactions relating to our services are or may be handled by a payment services provider or be processed on software licensed from a third party. Such service provider will only be used when necessary for the performance of the agreed services. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing. You can find information about payment processing for payroll from BACS.
- In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- International transfers of your personal data
- In this Section 5, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
- We and our other group companies have offices and facilities in the United Kingdom and the Republic of India. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to the Republic of India, will only be done when absolutely necessary for the performance of our agreed services. In such cases, each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
- The hosting facilities for our website and all data servers and back-ups are situated in the United Kingdom.
- You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
- Retaining and deleting personal data
- This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
- Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- We will retain and delete your personal data as follows:
(a) personal data held for the purposes of processing payroll for you or your employer will be retained for a minimum of three years following the date on which it was processed.Data will only be deleted at the specific request, in writing, by the company with whom we have directly contracted services.
(b) every twenty-four months, data relating to the tax year of two years prior to the current tax year may be archived from our active servers. Archived servers are off-line servers and not accessible remotely.
- In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) data will be held for the statutory minimum of three years; and/or
(b) the period of retention of data used to process any individual’s payroll will be retained until such a time as the company with whom we have contracted for payroll services specifically requests for such data to be deleted.
- Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- We may update this policy from time to time by publishing a new version on our website.
- You should check this page occasionally to ensure you are happy with any changes to this policy.
- We may notify you of changes to this policy by by email or through the private messaging system on our website.
- Your rights
- You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
(a) the payment of a fee to be agreed; and
(b) the supply of appropriate evidence of your identity; and/or
(c) confirmation from your employer with whom we contracted services.
- We may withhold personal information that you request to the extent permitted by law.
- You may instruct us at any time not to process your personal information for marketing purposes.
- In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
- About cookies
- A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
- Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
- Cookies that we use
- For our up-to-date cookies policy relating to the use of our websites, please visit those websites.
- Our details
- The websites we own include: www.yourportico.com; www.payrollbureau.co.uk; www.ppay.co.uk; www.topsource.co.uk; www.topsource.in
- We are registered in England and Wales under registration number 4626779.
- Our principal place of business is at 4th Floor Marlborough House, 10 Earlham Street, London WC2H 9LN
- You can contact us:
(a) by post, using the postal address given above;
(b) [using our website contact for;
(c) by telephone, on the contact number published on our website from time to time; or
(d) by email, using the email address published on our website from time to time.
- When contacting us, we may require that certain information or requests are submitted only in writing.
- Data protection officer
- Our data protection officer's contact details are: Richard J Lynch, contactable at the address above.