Book your demo today
BOOK YOUR DEMO TODAY

Privacy Policy

Operating your own Umbrella PAYE Company is easy with Umbrella In A Box!

Umbrella In A Box Ltd Privacy Policy

At Umbrella In A Box Ltd (“We”) are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For collecting data covered by The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) we are registered under ICO registration number ZA782272.

The purpose of this policy is for you to understand what data we collect, why and what we do with the data. We aim to comply with the principles set out in Article 5 of the GDPR. Article 5(1) requires that personal data shall be:  

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide by filling in an enquiry form on our site. We will use this information to send answers to your enquiries only. We may also ask for further information if you are reporting problems with our website. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these emails.
  • Information that you provide by registering to use our site, subscribing to our service, posting material or requesting further services. This will be stored: on the WordPress database, Hubspot or iContact list. You have the right to withdraw consent at any time by deleting your account.
  • Information that you provide by filling in a newsletter request form on our site. This is provided by Hubspot or iContact. This will be stored: on our Hubspot or iContact account. You have the right to withdraw consent at any time – unsubscribe at the bottom of the next newsletter.
  • If you contact us by email, we will keep a record of that correspondence. This will be stored: on our email system. You have the right to withdraw consent at any time by asking us to delete these mails.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. This will be stored: on our Google Analytics account – see Cookies below for further information.

Data we collect:

To fulfil our obligation to you either as an enquirer or as a client of Umbrella In A Box Ltd, we will require the below information:

  • Your main contact details: name, phone number and email address
  • Further details necessary to the services required which may include but are not limited to company details (registration number, address, VAT and banking information), employee details for payroll (when providing a fully managed service)

To fulfil our obligation on behalf of our clients using our fully managed payroll software, we will require the below information from employees:

  • Your main contact details: name, phone number and email address in order to communicate with you
  • Payroll information: NI number, bank details any previous work information (P45 or P60) in order to legally verify your identity and accurately pay monies to you and process tax and NIC deductions on your behalf.

This information along with any documentation is stored securely and used only for the purpose for which it is required.

 

IP addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Where we store your personal data

All information you provide to us is stored on our servers (see above: Information we may collect from you). We have computer safeguards such as firewalls and data encryption to protect your information. We also operate from a secure office building protected by alarms and covered by constant CCTV surveillance. The transmission of any personal data is done so in an encrypted manner using a Secure Sockets Layer (SSL).

Though we adhere to as many technical and organisational measures possible to safeguard your personal data, we unfortunately cannot guarantee the security of any personal data that you transfer over the internet to us.

Uses made of the information

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent by signing/accepting your contract of employment with us. You are able to remove your consent at any time. You can do this by contacting a Director
  • We have a contractual obligation
  • We have a legal obligation
  • We have a legitimate interest

 

We use information held about you in the following ways:

  • To reply to your enquiries
  • To provide you with information on our service that you request from us, where you have consented to be contacted for such purposes.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To fully manage your company on your behalf if requested
  • To provide multiple services to you seamlessly from various providers

 

You have the right to withdraw consent at any time.

Disclosure of your information

We may disclose your personal information to members of our company for administration purposes and to our partners should you require additional services.

We use third-party suppliers to process limited personal data in order to provide additional services to you upon request. None of these are located outside of the EEA. These include but are not limited to:

  • Limited company set up and management
  • Accounting services
  • Marketing services
  • Business Development
  • Website creation, development and management services
  • Business Insurances

When you have elected specific services, you will be required to consent to sharing your contact details and other relevant information in order to facilitate your request. When we share personal data with these companies, we do so in a secure manner, require them to keep it safe and ask that they do not use your data for their own marketing purposes. You should note that each individual company will have a separate privacy notice that can be viewed on their website.

The only other reason we may share your information with an outside organisation would be if the law or a public authority says we must share this personal data.

Your rights

Under the Data Protection Law, you have the following rights:

Right to be Informed – this is a key transparency requirement under the UK GDPR. You have the right to be informed about the collection and use of your personal data. As outlined in this policy, we will provide you with a clear concise information about what we do with your personal data.

Right of Access – to see the personal data we hold about you. This is called a Subject Access Request. If you would like a copy of the personal data we hold about you, contact the HR Director.

The law allows us to charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data. Should this be the case, our policy is a fee of £10.

Right to Rectification – We want to make sure that the personal data we hold about you is accurate, complete and up to date. If any of the details are incorrect, please let us know and we will amend, update or complete them.

Right to Erasure – in certain circumstances, you are able to exercise your “Right to be forgotten”. Requesting this service will result in the removal of all correspondence and data points that we hold on you as a company, including the request itself. To contact our data controller directly please make an enquiry to the operations director.

Right to Restriction of Processing – in certain circumstances, you have the right to ask us to restrict the processing of your information.

Right to Object to Processing – in certain circumstances, you have the right to object to the processing of your personal data

Right to Data Portability – in certain circumstances, you have the right to ask that we transfer the information you gave us to another organisation, or to you.

Rights to Automated Decision Making and Profiling – We do not conduct decision making and profiling which relies solely on automation. All decision making processes involve human involvement.

You are not required to pay any charge for exercising your rights. (Except for a ‘reasonable’ administrative fee where an access request is found to be manifestly unfounded or excessive, or if an individual requests further copies of their data). If you make a request, we have one month to respond to you.

 

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be sent using our usual contact methods.

How to Complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

 

Have any questions about how we work and what you get?
We’ve got all the answers you need.

Company Registered Number: 12040247