Privacy Notice for LTD

Grow your practice with engaging solutions

SHORT FORM

Client Engager Online Limited are the data controllers.

We collect the data you or your employer give us on signing up and as we develop our working relationship including from your colleagues, LinkedIn and other sources.

We use your personal data to set up and manage our relationship with your employer, to carry out required checks, to meet professional obligations and to comply with the law. This may include informing HMRC, your employer, the police and others.

Your data is stored and processed on the systems we use including cloud based systems. We endeavour to only use UK based systems but will notify you if this changes.

We share data with our insurers, external parties we use to provide us with services and various local and national authorities.

We keep your data for the period we have a relationship with your employer plus 7 years unless there are reasons to retain it for longer.

You have the right of access to data, to rectify it, challenge or block its use, to its erasure, move it to another provider and to withdraw consent. You can access these rights by contacting us above.

We do not use automated profiling. We will need to be able to contact you by text and email to use the Client Engager. We may update this notice at any time by publishing it on our website.

You can contact us by email to contact@engager.app.

Version 5  30/01/2024

LONG FORM

Introduction

The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.

Client Engager Online Limited are the data controller and we process personal data. The firm’s Data Protection Officer can be contacted via email at contact@engager.app.

We may amend this privacy notice from time to time by publishing it online.

The purposes for which we intend to process personal data

We intend to process personal data to enable us to provide our Client Engager service to you and your clients and:

  • To fulfil our obligations under relevant laws in force from time to time (legal obligation).

  • To use in the investigation and/or defence of potential complaints and legal proceedings (legitimate interest).

  • To enable us to invoice you for our services (contractual right).

  • To manage our infrastructure to deliver the service and to manage our relationship with you and your employer (legitimate interest).

  • To contact you with newsletters, updates and information about other services we provide which may be of interest to you (legitimate interest).

  • To contact you about other services or products of ours or third parties where you have consented (consent).

The legal bases for our intended processing of personal data

Our intended processing of personal data has the following legal bases:

  • Where at the time you gave consent.

  • The processing is necessary to carry out pre-contractual steps at your request

  • The processing is necessary for the performance of our contract.

  • The processing is necessary for compliance with legal obligations to which we are subject.

  • The processing is necessary for the purposes of our and others legitimate interests.

It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide our services.

Persons/organisations to whom we may give personal data

We may share your personal data with:

  • Your employer, their legal and other advisers and insurers and other parties they engage
  • DigitalOcean and Amazon AWS who host data as our sub-processor, TextLocal and Text Global who provide the text reminder service to your clients, Stripe and Crezco who are our payment processors, and QuickBooks, Armalytix, Companies House, Xama Technologies if you activate their links in our system
  • HMRC
  • any third parties with whom your employer requires or permits us to correspond
  • subcontractors
  • your clients
  • tax insurance providers
  • professional indemnity insurers
  • Our professional indemnity insurers, their lawyers and other advisers
  • Our legal and other advisers and parties they engage

If the law allows or requires us to do so, we may share your personal data with:

  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (“ICO”)

We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you and/or your employer and for our and others legitimate interests including of society as a whole. If you ask us not to share your personal data with such third parties we may need to cease to act.

We use certain other Cloud based systems including DigitalOcean, Office 365, Text Global, Text Local, Stripe and, where selected by you, Quickbooks.

Transfers of personal data outside the EEA

Your personal data will be processed by us in the UK or EEA. However, external service providers may deliver their services from outside those locations. You may also select additional services in your dashboard. Please see the links to their privacy notices below.

Where we or you therefore use services that host personal information outside the United Kingdom or European Union or other approved countries only reputable suppliers that have gone through information security due diligence, have contractual clauses about the required standard of data processing, and meet legally approved requirements that your information is looked after to a standard as if it were in the UK will be accessible. For more information about this please contact us using the Contact Us section below.

Essential to use Client Engager

Stripe – payment processing
https://stripe.com/en-gb/privacy

Textlocal – text messaging functionality
https://www.textlocal.com/legal/privacy/

Text Global – text messaging functionality
https://textglobal.co.uk/privacy/

DigitalOcean – customer data storage and processing
https://www.digitalocean.com/legal/privacy-policy

Amazon AWS – customer data storage and processing
https://aws.amazon.com/privacy/

Microsoft Office 365 – cloud storage for company mailboxes, internal and shared documents
https://privacy.microsoft.com/en-gb/privacystatement

Crezco – payment processing
https://www.crezco.com/privacy-policy

Optional – you may also use: Intuit QuickBooks – for client syncing, invoicing
https://www.intuit.com/privacy/

Armalytix – fetching bank statements
https://prod-web.armalytix.com/PRIVACY_POLICY

Companies House
https://resources.companieshouse.gov.uk/serviceInformation.shtml

Xama Technologies – AML services
https://xamatech.com/privacy-policy/

Retention of personal data

We retain all of our records for 7 years after the end of the business relationship with your employer unless your employer asks us to retain it lawfully for a longer period or there is some other legal hold on the data. If you notify us that you have left the employment of your employer we will delete it on the same basis as set out above as your identity may be relevant for investigatory purposes.

Requesting personal data we hold about you (subject access requests)

You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).

Please provide all SARs by email to contact@engager.app.

To help us provide the information you want and deal with your request more quickly, you should include enough details to enable us to verify your identity and locate the relevant information. For example, you should tell us:

  1. your date of birth
  2. your name and employer name
  3. what type of information you want to know

We may require you to send a copy of:

  • your passport or a copy of your driving licence; and
  • a recent utility bill.

DPA 2018 requires that we comply with a SAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).

We will not charge you for dealing with a SAR unless it becomes necessary and is permitted by law.

You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.

Putting things right (the right to rectification)

You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.

Deleting your records (the right to erasure)

In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website (www.ico.org.uk). If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable, we will supply you with the reasons for refusing your request.

The right to restrict processing and the right to object

In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.

Obtaining and reusing personal data (the right to data portability)

In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional adviser. Further information is available on the ICO website (www.ico.org.uk).

The right to data portability only applies:

  • to personal data an individual has provided to a controller;
  • where the processing is based on the individual’s consent or for the performance of a contract; and
  • when processing is carried out by automated means

We will respond to any data portability requests made to us without undue delay and within one month. We may extend the period by a further two months where the request is complex or a number of requests are received but we will inform you within one month of the receipt of the request and explain why the extension is necessary.

Withdrawal of consent

Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.

Please note:

  • the withdrawal of consent does not affect the lawfulness of earlier processing
  • if you withdraw your consent, we may not be able to continue to provide services to you
  • even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data)

Automated decision-making

We do not intend to use automated decision-making in relation to your personal data.

Complaints

If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to contact@engager.app

If you are not satisfied with our response, you have a right to lodge a complaint with the ICO (www.ico.org.uk).