Client Engager Online Limited are the data controllers.
We collect the data you or your employer give us on signing up and as we develop our working relationship including from your colleagues, LinkedIn and other sources.
We use your personal data to set up and manage our relationship with your employer, to carry out required checks, to meet professional obligations and to comply with the law. This may include informing HMRC, your employer, the police and others.
Your data is stored and processed on the systems we use including cloud based systems. We endeavour to only use UK based systems but will notify you if this changes.
We share data with our insurers, external parties we use to provide us with services and various local and national authorities.
We keep your data for the period we have a relationship with your employer plus 7 years unless there are reasons to retain it for longer.
You have the right of access to data, to rectify it, challenge or block its use, to its erasure, move it to another provider and to withdraw consent. You can access these rights by contacting us above.
We do not use automated profiling. We will need to be able to contact you by text and email to use the Client Engager. We may update this notice at any time by publishing it on our website.
You can contact us by email to email@example.com.
Version 5 30/01/2024
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.
Client Engager Online Limited are the data controller and we process personal data. The firm’s Data Protection Officer can be contacted via email at firstname.lastname@example.org.
We may amend this privacy notice from time to time by publishing it online.
The purposes for which we intend to process personal data
We intend to process personal data to enable us to provide our Client Engager service to you and your clients and:
The legal bases for our intended processing of personal data
Our intended processing of personal data has the following legal bases:
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide our services.
Persons/organisations to whom we may give personal data
We may share your personal data with:
If the law allows or requires us to do so, we may share your personal data with:
We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you and/or your employer and for our and others legitimate interests including of society as a whole. If you ask us not to share your personal data with such third parties we may need to cease to act.
We use certain other Cloud based systems including DigitalOcean, Office 365, Text Global, Text Local, Stripe and, where selected by you, Quickbooks.
Transfers of personal data outside the EEA
Your personal data will be processed by us in the UK or EEA. However, external service providers may deliver their services from outside those locations. You may also select additional services in your dashboard. Please see the links to their privacy notices below.
Where we or you therefore use services that host personal information outside the United Kingdom or European Union or other approved countries only reputable suppliers that have gone through information security due diligence, have contractual clauses about the required standard of data processing, and meet legally approved requirements that your information is looked after to a standard as if it were in the UK will be accessible. For more information about this please contact us using the Contact Us section below.
Essential to use Client Engager
Stripe – payment processinghttps://stripe.com/en-gb/privacy
Textlocal – text messaging functionalityhttps://www.textlocal.com/legal/privacy/
Text Global – text messaging functionalityhttps://textglobal.co.uk/privacy/
DigitalOcean – customer data storage and processinghttps://www.digitalocean.com/legal/privacy-policy
Amazon AWS – customer data storage and processinghttps://aws.amazon.com/privacy/
Microsoft Office 365 – cloud storage for company mailboxes, internal and shared documentshttps://privacy.microsoft.com/en-gb/privacystatement
Crezco – payment processinghttps://www.crezco.com/privacy-policy
Optional – you may also use: Intuit QuickBooks – for client syncing, invoicinghttps://www.intuit.com/privacy/
Armalytix – fetching bank statementshttps://prod-web.armalytix.com/PRIVACY_POLICY
Xama Technologies – AML serviceshttps://xamatech.com/privacy-policy/
Retention of personal data
We retain all of our records for 7 years after the end of the business relationship with your employer unless your employer asks us to retain it lawfully for a longer period or there is some other legal hold on the data. If you notify us that you have left the employment of your employer we will delete it on the same basis as set out above as your identity may be relevant for investigatory purposes.
Requesting personal data we hold about you (subject access requests)
You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).
Please provide all SARs by email to email@example.com.
To help us provide the information you want and deal with your request more quickly, you should include enough details to enable us to verify your identity and locate the relevant information. For example, you should tell us:
We may require you to send a copy of:
DPA 2018 requires that we comply with a SAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).
We will not charge you for dealing with a SAR unless it becomes necessary and is permitted by law.
You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.
Putting things right (the right to rectification)
You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.
Deleting your records (the right to erasure)
In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website (www.ico.org.uk). If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable, we will supply you with the reasons for refusing your request.
The right to restrict processing and the right to object
In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.
Obtaining and reusing personal data (the right to data portability)
In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional adviser. Further information is available on the ICO website (www.ico.org.uk).
The right to data portability only applies:
We will respond to any data portability requests made to us without undue delay and within one month. We may extend the period by a further two months where the request is complex or a number of requests are received but we will inform you within one month of the receipt of the request and explain why the extension is necessary.
Withdrawal of consent
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.
We do not intend to use automated decision-making in relation to your personal data.
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to firstname.lastname@example.org
If you are not satisfied with our response, you have a right to lodge a complaint with the ICO (www.ico.org.uk).