Our Privacy Promise:
At Dataplan we understand that protecting personal data is vital to all of us.
Our privacy promise sets out the universal standards we shall apply to the personal data you entrust us with.
Transparency - We will be transparent about the data we collect and agree with you on how that data will be used.
Control - Your personal data will be respected at all times, putting you in control of how that data is processed.
Trust - We will protect the data that you entrust to us ensuring we collect, process and store personal data using appropriate security measures and ensuring compliance with data protection standards.
If you’d like to know more, read our full Privacy Policy below.
Our Privacy Policy
Who we are:
Dataplan, Dataplan Payroll and Dataplan Education are trading names of:
Dataplan Payroll Limited
1 Prince Albert Gardens
Grimsby
DN31 3AG
Company Number: 06475128
ICO Registration Number: Z1267672
Our Data Protection Officer:
We have appointed a Data Protection Officer (DPO), who can be contacted in the following ways should you have any questions or feedback about how we manage, share and look after your data:
Mail: Data Protection Officer
Dataplan Payroll Limited
1 Prince Albert Gardens
Grimsby
DN31 3AG
Email: dpo@dataplan.co.uk
The data we hold:
This section tells you what personal data we may collect and how we use it:
- When you use our services or contact us we collect:
o Your Personal Details. Such as title, name, gender, address, phone numbers, email address, NI number;
o Employment related data such as job title, pay information, bank accounts, tax, pensions, deductions;
o Online identifiers, such as: your IP address, cookie information, traffic data, location data, weblogs, page functionality tracking and other communication data.
o Other information captured over the internet including preferences and interests customer surveys etc.
- Communications
Email & Post
o Users receiving inbound emails and post will assess the nature and relevance of the data contained therein, make decisions on whether to securely store or delete
o All information received containing personal data will be archived ensuring the capability of demonstrating compliance with applicable law and contract performance in accordance with our data retention policy
Telephone calls
o We may record calls, both inbound and outbound, as we use them for training and compliance purposes. We find it useful to listen again to conversations, as part of our continuous improvement
o Sometimes, we need to listen a recorded call if there are any uncertainties that we need to clarify.
o Calls are recorded and stored on our premises, and not on any third party cloud platform. The server on which our telephony platform runs has full disk encryption.
o We delete the recordings from our computers as soon as we have decided that we will no longer need to listen to them again. In most cases, recordings are removed from the server automatically 30 days from being recorded.
- Customer Portal Access
We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.
- CCTV
o We may record CCTV in and around the premises at 1 Prince Albert Gardens, Grimsby for maintaining the security of our staff and operations.
How we use your data:
- To provide you with a payroll service:
We use the information we hold about you and your business — both personal and otherwise to give you the best possible service where ever we can.
We also use your information to bill you and keep track of payments that you make.
(Legal basis: GDPR Art. 6(b): this is necessary to deliver the service to you.)
- To carry out Identity Check checks:
We may need to carry out an ID check on you before you become a client.
If you would prefer not to provide this information, then we may not be able to act for you.
(Legal basis: GDPR Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)
- To understand sources of money:
We may need to ask questions about the source of your money, to discharge our regulatory obligations relating to proceeds of crime and terrorist funding.
If you would prefer not to provide these information, then we will not be able to act for you.
(Legal Basis: GDPR Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)
- To Improve and enhance our services:
We may use the logs from our servers to assist in our information and cyber security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
(Legal Basis: GDPR Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. GDPR Art. 6(f): strategy planning is a legitimate, and sensible, thing for a business to do.)
Sharing your data:
We may disclose information about you to any of our employees for the purposes as set out in this privacy policy.
In addition, we may disclose your personal information:
a) to the extent that we are required to do so by law;
b) To the extent that you ask us to provide information to 3rd parties including HMRC, The Pension Regulator, Government Office and your Pension Schemes in connection with any legal proceedings or prospective legal proceedings;
c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
d) to auditors appointed by us and tasked with ensuring compliance with relevant accreditations, certifications and applicable law, such as ISO27001.
e) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
f) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
g) direct correspondence received by the Provider from a Data Subject, may be disclosed to the Customer to support, validate and identify where necessary.
Except as provided in this privacy policy, we will not provide your information to third parties.
How we look after your data:
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable security measures and controls, such as meeting the requirements of ISO27001.
- We will always take appropriate technical and organisational precautions to prevent the loss, misuse, alteration or unauthorised access of your personal information.
- We always ensure your data is secure and encrypted where appropriate and in line with our ISO27001 policies.
- We will continually test, audit and monitor our compliance with ISO27001 Information Security standards and relevant Data Protection regulations.
Where we process your data:
We do not store, transfer or process data outside the European Economic Area (EEA) unless the nature of processing data requires it (for example, where we are securely emailing a party who is based outside the EEA, or because you have chosen to use an web browser or other communications service which routes data outside the EEA).
How long do we hold your data?
We are required to hold personal data to demonstrate compliance with your service level agreement and applicable law.
We have developed sophisticated systems to ensure that only the most accurate, currently available and up to date information is processed while maintaining the ability to access historic data.
We hold your information only as long as necessary in our live systems and archive data where possible, typically after completion of a tax year end.
After 7 years Personal Data will be permanently deleted unless there is a requirement under applicable law to retain it (in which case we will continue to maintain an archive of the data).
Your rights;
You have lots of rights in relation to how we process your personal data. The relevant rights are:
- To get access to your personal data and information about our processing of it;
- In some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes;
- Object to our processing for strategy planning purposes;
If you want to exercise any of these rights, please just contact us.
Not Happy or Concerned?
If you feel that Dataplan has not upheld your rights, we ask that you contact our Data Protection Officer so that we can try and help – their details can be found in the “Our Data Protection Officer” section.
If you are not satisfied with our response, or believe we are not processing your data in accordance with the law you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Their details are supplied below:
Address: Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
How to contact us:
Dataplan Payroll Limited
1 Prince Albert Gardens
Grimsby
DN31 3AG
Telephone: 03331 123 456
Email: dpo@dataplan.co.uk