At Umbrella In A Box Ltd (“We”) are committed to protecting and respecting your privacy.
This policy (together with our terms of use and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For collecting data covered by The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) we are registered under ICO registration number ZA782272.
The purpose of this policy is for you to understand what data we collect, why and what we do with the data. We aim to comply with the principles set out in Article 5 of the GDPR. Article 5(1) requires that personal data shall be:
“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
Information we may collect from you
We may collect and process the following data about you:
Data we collect:
To fulfil our obligation to you either as an enquirer or as a client of Umbrella In A Box Ltd, we will require the below information:
To fulfil our obligation on behalf of our clients using our fully managed payroll software, we will require the below information from employees:
This information along with any documentation is stored securely and used only for the purpose for which it is required.
IP addresses
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
Where we store your personal data
All information you provide to us is stored on our servers (see above: Information we may collect from you). We have computer safeguards such as firewalls and data encryption to protect your information. We also operate from a secure office building protected by alarms and covered by constant CCTV surveillance. The transmission of any personal data is done so in an encrypted manner using a Secure Sockets Layer (SSL).
Though we adhere to as many technical and organisational measures possible to safeguard your personal data, we unfortunately cannot guarantee the security of any personal data that you transfer over the internet to us.
Uses made of the information
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
We use information held about you in the following ways:
You have the right to withdraw consent at any time.
Disclosure of your information
We may disclose your personal information to members of our company for administration purposes and to our partners should you require additional services.
We use third-party suppliers to process limited personal data in order to provide additional services to you upon request. None of these are located outside of the EEA. These include but are not limited to:
When you have elected specific services, you will be required to consent to sharing your contact details and other relevant information in order to facilitate your request. When we share personal data with these companies, we do so in a secure manner, require them to keep it safe and ask that they do not use your data for their own marketing purposes. You should note that each individual company will have a separate privacy notice that can be viewed on their website.
The only other reason we may share your information with an outside organisation would be if the law or a public authority says we must share this personal data.
Your rights
Under the Data Protection Law, you have the following rights:
Right to be Informed – this is a key transparency requirement under the UK GDPR. You have the right to be informed about the collection and use of your personal data. As outlined in this policy, we will provide you with a clear concise information about what we do with your personal data.
Right of Access – to see the personal data we hold about you. This is called a Subject Access Request. If you would like a copy of the personal data we hold about you, contact the HR Director.
The law allows us to charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data. Should this be the case, our policy is a fee of £10.
Right to Rectification – We want to make sure that the personal data we hold about you is accurate, complete and up to date. If any of the details are incorrect, please let us know and we will amend, update or complete them.
Right to Erasure – in certain circumstances, you are able to exercise your “Right to be forgotten”. Requesting this service will result in the removal of all correspondence and data points that we hold on you as a company, including the request itself. To contact our data controller directly please make an enquiry to the operations director.
Right to Restriction of Processing – in certain circumstances, you have the right to ask us to restrict the processing of your information.
Right to Object to Processing – in certain circumstances, you have the right to object to the processing of your personal data
Right to Data Portability – in certain circumstances, you have the right to ask that we transfer the information you gave us to another organisation, or to you.
Rights to Automated Decision Making and Profiling – We do not conduct decision making and profiling which relies solely on automation. All decision making processes involve human involvement.
You are not required to pay any charge for exercising your rights. (Except for a ‘reasonable’ administrative fee where an access request is found to be manifestly unfounded or excessive, or if an individual requests further copies of their data). If you make a request, we have one month to respond to you.
Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be sent using our usual contact methods.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Have any questions about how we work and what you get?
We’ve got all the answers you need.
Company Registered Number: 12040247