GDPR

Personal Data GDPR

We are committed to protecting your personal data in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulations (GDPR).

We process personal data for several purposes and the means of collection, lawful basis of
processing, use, disclosure, and retention periods for each purpose may differ.

Our policy is to collect only the personal data necessary for agreed purposes and we ask clients to
only share personal data where it is strictly needed for those purposes. We collect personal data
from our clients or from third parties acting on the instructions of the relevant client.

We process personal data to provide services such as payroll, tax returns and various other reports,
general or specific business, advice as part of the range of services we offer. We also process
personal data in the administration and management of our business and marketing.

Your business contact details are used to provide you with information about our services and other
information which we think will be of interest to you unless you tell us not to.
We are subject to legal, regulatory, and professional obligations. We need to keep certain records to
demonstrate that our services are provided in compliance with those obligations and those records
may contain personal data.

Personal data processed is kept by us for as long as is considered necessary for the purpose for
which it was collected (including as required by applicable law or regulation). In the absence of
specific legal, regulatory or contractual requirements, our retention policy period for records and
other documentary evidence created in the provision of services is to keep records for as long as we
act for you plus 6 years (longer if the law requires us to do so).

We take the security of your data we hold seriously. We have a policy including procedures and
training in place covering data protection, confidentiality and security and regularly review the
appropriateness of the measures we have in place to keep the data we hold secure.

We will only share personal data with others when we are legally permitted to do so and where you
have provided us with permission to do so in writing. When we share data with others, we put
contractual arrangements and security mechanisms in place to protect your data. We use third
parties to help us run our business. As a result, personal data may be transferred securely.

Under the DPA (2018) and GDPR, Individuals have certain rights over their personal data and
data controllers are responsible for fulfilling these rights:

Access to data
You have a right to access your personal data held by us and you can exercise that right by
contacting us below. Our aim is to respond a request promptly and within the legally
required limit of 40 days.
Update of personal data
If you wish to update personal data submitted to us, please contact us below. Once we are
informed that any personal data held by us is no longer accurate we will make changes based
your updated information.

Where we hold data based on consent, individuals have a right to withdraw consent at any
time. To withdraw consent to our processing of your personal data please contact us.


Other Rights
This statement is intended to provide information about what personal data we collect about
you and how it is used. As well as rights of access and amendment referred to above, individuals
may have other rights in relation to the personal data we hold, such as a right to erasure/deletion,
to restrict or object to our processing of personal data and the right to data portability. For further
information on these rights please contact us below.


Complaints
If you do want to complain about our use of your personal data, please contact us below with
the details of your complaint. You also have the right to register a complaint with the
Information Commissioner’s Office (“ICO”). For further information on your rights and how to
complain to the ICO, please refer to their website.


Contacting us about your data
If you have any questions about this privacy statement or how and why we process personal
data, please contact us.

Boris Software Limited

Mark Humphrey
Director