WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data about you:
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
The General Data Protection Regulation (GDPR) is effective from 25th May 2018. It requires us to provide detailed information about processing of data that can identify a living person. This includes email addresses, businesses that operate as sole traders, and also the IP address of your device. We are required to tell you which lawful basis apples when we process your information and this is referred to below using the phrases Contract, Legal Obligation, Consent and Legitimate Interest.
VISITOR OF OUR WEBSITE
When someone visits www.doreming.com we collect log information that includes the time, the file being accessed and the IP address of the visitor’s device. We do this to ensure network and information security, which is a Legitimate Interest for the purposes of the GDPR, and we keep the logs for 3 months.
CUSTOMERS AND SUPPLIERS
We store customer names, billing addresses and VAT information in order to enter into a Contract and we retain this for 6 years after the end of the Contract. We may occasionally post items to the billing address of current customers, to thank them for their custom, in the Legitimate Interest of maintaining good customer relationships. Please let us know if you object to this.
We keep financial and accounting records, which in some cases can identify a living person. This is to meet our Legal Obligations.
LINKS TO OTHER WEBSITES
DATA COLLECTED WITHIN OUR ONLINE PAYROLL SERVICE
When someone opens an online payroll account on our website, we collect information that falls into these categories:
Payroll information. For the purposes of the GDPR, the employer is the data controller and we act as a processor. This information is stored and processed on your behalf and not used for any other purpose. If you require support, our personnel may view your data (with your permission) in order to answer your questions. We keep system backups for one month and these are only used to recover from physical or technical incidents that would otherwise prevent you from processing the data, for your purposes. At any time, you can close your account, which will delete your payroll data.
Employee ID code. This is your login username and we also use it to contact you about your account. This is necessary to provide the service under our Contract and we retain it for as long as we retain the payroll information.
Activity logs. When you are logged into the site, a record of your activity is stored, including your account, the time, which page you accessed and the browser version you used. This information may be used in order to investigate specific problems with your account, as part of the support provided under our Contract. The logs are retained for 3 months.
Optional information. When you first open an account, we ask a few optional questions which we use to analyse the effectiveness of our marketing. You can also enter a contact name and telephone number, so we can contact you. These are held on the basis of your Consent and will be removed when the account is closed. Customer suggestions, testimonials and other feedback are also held on the basis of Consent. If you wish to withdraw your Consent for any of these items, please contact us.
Other information related to your account. Options that you have selected within your account and notes that our staff had made against your account are processed in order to fulfil our Contract with you, and are retained for as long as the payroll information.
None of the collected information is passed to third parties, unless we are required to do so by UK or EU law, or you explicitly choose to send it using the features of our site. These include the following options.
To electronically send payroll and contact information directly to HMRC.
To electronically send payroll data to your online accounting system or your pension provider.
To send payslips by email.
HOW DOES [Doreming ltd] USE PERSONAL INFORMATION?
[Doreming ltd] may keep and use personal information we collect from or about you to provide you with access to this web site or other products or services, to respond to your requests, to bill you for products/services you purchased, and to provide ongoing service and support, to contact you with information that might be of interest to you, including information about products and services of ours and of others, or ask for your opinion about our products or the products of others, for record keeping and analytical purposes and to research, develop and improve programs, products, services and content.
Personal information collected online may be combined with information you provide to us through other sources We may also remove your personal identifiers (your name, email address, social security number, etc). In this case, you would no longer be identified as a single unique individual. Once we have de-identified information, it is non-personal information and we may treat it like other non-personal information. Finally, we may use your personal information to protect our rights or property, or to protect someone’s health, safety or welfare, and to comply with a law or regulation, court order or other legal process.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us.
If you made a purchase or asked for information from us about our goods or services.
You agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
Most emails, including all emails to and from customers, are kept for up to 2 years, for dealing with the query and providing context for ongoing queries. This serves our Legitimate Interest of maintaining good relationships. Some emails from suppliers, business partners and government bodies, contain information relevant to an agreement or a technical matter, and these are retained for a period consistent with the Legitimate Interest served by each email.
Records of letters and other items posted to customers are kept for up to 2 years, in the Legitimate Interest of maintaining good customer relationships.
We share your personal data within our group of companies which involves transferring your data outside the European Economic Area (EEA).]
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
STORAGE OF DATA
The data we collect is kept securely within the United Kingdom. It is not transferred outside the UK except if you choose the option to send data to an online accounting system or pension provider outside the UK, or to email payslips outside the UK.
This site contains links to other sites that provide information that we consider to be interesting. [Doreming ltd] is not responsible for the privacy practices or the content of such websites.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Cookies are small text files which are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Our website uses only one cookie. It is a session cookie used to remember that you are logged into the website. The cookie is automatically removed when you close your browser or log out of our website.
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at email@example.com In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not carry out automated decision making or any type of automated profiling.
EMPLOYEES AND JOB APPLICANTS
YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
In relation to data about you, for which we are the data controller, the GDPR requires us to inform you of the rights listed below. Please note that employees of organisations whose payrolls are processed on our system should exercise their rights via their employers, who are the data controllers.
You have the right to ask us for access to and rectification or erasure of personal data or restriction of processing.
You have the right to object to processing information on the basis of Legitimate Interest.
You have the right to data portability for the data that you provided about yourself on the basis of Consent or Contract.
You have the right to withdraw your Consent at any time, without affecting the lawfulness of earlier processing.
Contact Information for Complaints or Concerns: If you have any complaints or concerns about the Company or If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
Postal address: Level 39 One Canada Square, Canary Wharf, London, E14 5AB
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com
This policy was last updated in May 2018.