2 Important information and who we are
Our website is not intended for children and we do not knowingly collect data relating to children.
My Digital Accounts is made up of My Digital Accounts Limited (Company Number: 9514480) with its registered office at Suite 8 Springfield House, Water Lane, Wilmslow, SK9 5BG and its wholly owned subsidiaries, My Texas Limited (Company Number: 11317996) and My Digital Tax Account Limited (Company Number: 10079728) and My Digital Accounts Private Limited, a company incorporated in India with corporate identity number U74999TN2018PTC122615.
You have the right to make a complaint at any time to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third party links
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
As part of our services, we may direct you to third party websites which provide payment collection services. Accessing those services may allow those third parties to collect or share data about you.
3 The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect different categories of personal data from you depending on how you interact with us, as follows.
3.1 Information that we collect when you use our website including when you use our website to access our services
In using our website, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes your name, the company you work for, title, date of birth and gender, government gateway number and national insurance number.
Contact Data includes your address, email address and telephone numbers.
Technical Data includes internet protocol (IP) address, geographical location, time zone settings, browser plug-in type and version, operating system and other technology on the devices you use to access our website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
Usage Data includes information about how you use our website including referral source, length of visit, page views and navigation history and how you use our products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We do not collect any Special Categories of Personal Data about you when you visit our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3.2 Information we collect as part of our recruitment process
We may collect, use, store and transfer personal data about you which we have obtained as part of our recruitment process and which we have grouped together as follows:
Identity Data includes your first name, maiden name, last name, the company you work for and your position at that firm, your marital status, title, nationality, date of birth and gender.
Contact Data includes home address, email address and telephone numbers.
Recruitment Data includes, in addition to the above, information supplied by you and/or obtained by us in connection with employment opportunities at My Digital Accounts including:
- Information contained in your CV;
- Information contained in documentation to support your right to work in the UK;
- Information supplied on application forms, interview assessment forms or during an interview;
- your work history;
- academic records;
- specific job requirements i.e. location, role, salary etc.;
- any other work-related information that you provide i.e. education or training certificates;
- information obtained from your referees; and
- any other information that you may chose to provide to us.
We may collect certain Special Categories of Personal Data about you during the recruitment process such as your race or ethnicity or if you consider yourself to have a disability or health condition. You are not obliged to provide this information to us if you do not want to. We do not envisage that we will process information about criminal convictions.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision making.
3.3 Information we collect when you engage with us in relation to our services or otherwise in the ordinary course of our business
In engaging with us in relation to our services and/or in the ordinary course of our business we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes your first name, maiden name, last name, the company you work for and your position at that firm, any other connections that you may have at that firm, your marital status, title, date of birth and gender.
Visual Data includes copies of passports, driving licences or other identification documentation or photographic images.
Contact Data includes billing address, delivery address, home address, email address and telephone numbers. This may include contact details of individuals who work for or on behalf of our clients.
Financial Data includes bank account details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Usage Data includes information about how you use our products and services.
Profile Data includes purchases or orders made by you, your interests, preferences, feedback and survey responses.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Any other information that you may choose to provide to us either in relation to you or in relation to any other person.
We do not collect any Special Categories of Personal Data about you when you engage with us in relation to our services or otherwise in the ordinary course of our business (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with services). In this case, we may have to cancel the product or service you have with us but we will notify you if this is the case at the time.
4 How is your personal data collected
We use different methods to collect data from and about you including through:
Direct interactions. The majority of your personal data will be supplied by you. You may give us your Identity, Visual, Contact, Financial and Recruitment Data by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- enter into a contract with us for our products or services;
- apply for a job with us or otherwise contact us speculatively in relation to potential employment opportunity and when you progress with our recruitment process;
- interact with us in any way;
- request marketing to be sent to you; or
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see About Cookies for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
Technical Data from analytics providers (such as Google based outside the EU).
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU and search information
- Identity, Contact and Recruitment Data from recruitment agencies where we have been contacted by a recruitment agency who is putting you forward for an employment opportunity with us or from referees who you have nominated during the recruitment process.
- Identity, Contact and Recruitment Data from publicly available sources i.e. LinkedIn or from third parties who may recommend you to us as someone who may be interested in working with us.
5 How we use your personal data
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you (including verifying your identity) or as part of our recruitment process, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
We will rely on your consent to process the Special Categories of Personal Data mentioned above during the recruitment process. By signing the consent form, you have given you consent to the processing of the Special Categories of Data mentioned above. Otherwise, we do not generally rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
If we collect and/or use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our business and communicate with you as necessary to provide our services to you, to facilitate recruitment or for our legitimate commercial interest including, but not limited to:
- facilitating the recruitment process including checking the information that we collect as part of the recruitment process with third parties or against other information held by us;
- if you are successful in your job application and take up employment with us, the information we obtain as a result of the recruitment process will be used in the administration of your employment with us. We may also use this information if there is a complaint or legal challenge relevant to this recruitment process;
- responding to your queries;
- registering you as a new client;
- where we need to perform the contract we are about to enter into or have entered into with you;
- improving our platform, products and services;
- supporting our business operations;
- unless you tell us otherwise, undertaking marketing of any or all of the services that we provide and which we consider may be of interest to you;
- for the purposes of detecting or preventing illegal activities or otherwise where we need to comply with a legal obligation; or
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
We will use your Identity and Contact Data to contact you if you have expressed an interest in our services.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us to stop sending you marketing messages at any time by clicking on the “unsubscribe” or “opt‑out” link in the marketing e-mails that we send you.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience, our recruitment process or other transactions or interactions with us.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6 Providing your personal data to others
We may also share your personal data with the parties set out below for the purposes set out below:-
- other companies in the My Digital Accounts group and who are based in India and provide IT and system administration services.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we are required to disclose such information by law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7 International transfers of your personal data
In this Section 7, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
We share your personal data within the My Digital Accounts group which may involve transferring your data outside the European Economic Area (EEA). Transferring data to some of our external third party service providers who process your personal data may also involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8 Retaining and deleting personal data
This Section 8 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax accounting and other requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In relation to personal data that we obtain as part of your recruitment process with us, in the event that you are unsuccessful in your application, your CV and other personal data gathered as part of that recruitment process, including recruitment checks and interview notes, may be held for up to 12 months.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data: see your rights below for further information.
9 Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10 Your rights
In this Section 10, we have summarised the rights that you have under data protection law.
Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information (commonly known as a data subject access request). That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by visiting your profile when logged into the website.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed, although we may need to verify the accuracy of the new data you provide to us.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. We will notify you at the time of request if we are unable to comply with your request. Where we are not able to comply with your request of erasure for specific technical reasons, we will advise you of this and agree appropriate alternative arrangements with you i.e. anonymising the data.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time that you withdraw your consent.
You may exercise any of your rights in relation to your personal data by written notice to us.