Data Retention Policy

Contents

  1. Our commitment

  2. Who we are

  3. Retention rules

  4. Safeguarding data during retention

  5. Disposal and destruction of data

  6. Associated Documents

  7. Acceptance

  8. Data Retention Schedule for customers

1. Our commitment

At Domestic Tax Ltd, we are committed to protecting the data and privacy of our customers by upholding the rules surrounding Data Protection and GDPR. We offer assurance to our customers that we will only collect and retain data for a legitimate purpose.

The policy sets out how long we will keep the data we have collected and the reasons why. This applies to all:

  • Data collected and stored digitally/electronically

  • Hard copy documents

  • Soft copy documents

  • Communications including emails and telephone calls

If you are unhappy in how your data is being stored please let us know. We will take all reasonable steps to ensure your complaint is dealt with efficiently and fairly

If you remain dissatisfied, you have the right to complain directly to the Information Commissioners Office (ICO) who can be contacted as follows:

Write to: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: www.ico.org.uk

2. Who we are

Domestic Tax Ltd is a group of payroll and employment administration services comprising of NannyPaye, BusinessPaye and ProCRB.

We are a registered company in England & Wales with Registration No: 04221878  at Suite One, Lowen House, Sandy Lane, Kingswood, Surrey, KT20 6ND and our Data Protection registration number is XXX.

If you have any questions about the personal data we hold for you or want more details on how long we will keep your data, you can contact us on 01737 816 320 or email [email protected]

3. Retention rules

Domestic Tax Ltd will only retain data for as long as required for a period that complies with legislative and regulatory requirements, or to achieve a business purpose. Where there is no legislative or regulatory requirement or business purpose, we will retain data for a minimum period of 30 days. The Data Retention Schedule for customers (Section 8) outlines what data we store, why we retain the data, and the period we will retain the data.

Domestic Tax Ltd fully complies with a Data Subject’s rights in line with the GDPR. When a Data Subject lawfully requests to withdraw their consent, or invokes the right to be forgotten, we will take all necessary steps required to comply with the request within a prescribed time. We will inform you once your request has been fulfilled whereupon this will be our last correspondence with you.

Please be aware that we may be unable to permanently delete or destroy the data following a request if there is a legal or regulatory requirement to retain the data. We will inform you of these reasons whilst processing your request.

4. Safeguarding data during retention

We are committed to safeguarding and will take all reasonable technical and organisational precautions to prevent the loss, misuse, alteration, or exposure of your personal information. To provide our services, Domestic Tax Ltd collects and retains data in various ways and we have several safeguarding measures in place to ensure all data is safeguarded effectively.

Electronic data

Data that is retained electronically and digitally (including any soft copy document) is stored on several secure servers (including back-up servers) in a secure facility. Our servers are password protected, firewall protected, and our back-up servers are also encrypted. All servers containing personal data are only accessible by our internal IT personnel and the Senior Management team. All electronic payments you make to us will be encrypted using SSL technology.

Staff access to data via applications is regularly audited and password protected. We have a strict internal unique user password policy to ensure that internal passwords are updated every 90 days matching strict criteria and are only known by the user.

Digital data

All our websites are protected with SSL certificates, a security technology which establishes an encrypted link between our web servers and a user’s web browser. This ensures all data passed between the servers and browsers remain private and integral. Clients can verify this themselves by looking for a visual cue within their own web browser such as a lock icon or a green bar/tick (usually found in the address bar).

Physical data

Data that is retained physically (hard copies) is only stored as a matter of necessity. Domestic Tax Ltd operates a strict Clear Desk policy that ensures all staff retaining documents containing personal data is stored in a locked facility whilst not in use. Any documents containing personal data that need to be stored physically for business or legislative purposes are only stored for a temporary period and will be filed digitally as quickly as possible and all hard copies securely destroyed.

Data exchanged via email

While we cannot take responsibility for the security of the internet, we do have in place security measures to safeguard sensitive information being sent via electronic mail. No unnecessary personal details will be included in the main body of our emails. All attached documents containing sensitive information will be password protected so they can only be opened by the intended recipient.

If you are in receipt of an email that you become aware was not intended for you, you have a responsibility to notify the sender and delete the errant email immediately.

Data exchanged by telephone

Customers telephoning us will be asked to confirm their identity by answering selected security questions before our advisors will discuss details of their account. If you have nominated someone to liaise with us on your behalf we will required your express written authorisation to discuss your account with that person. We have a strict policy not to discuss any account or disclose any details to any caller who:

  • Has not been satisfactorily identified as the account holder

  • We have not been given express written authorisation to discuss the account with

This includes any of employees of our customers.

Data that you have access to

As a customer of Domestic Tax Ltd you are responsible for keeping safe your data and that of your employees, clients or candidates. The data in our Members Area and other private online areas, is password protected, with a unique password to each user. Your user details and password are confidential, used to keep your data secure. Other than when you log in, we will not ask you for your password. It is your decision if you choose to allow others access to your Members Area.

5. Disposal and destruction of data

Where data has been stored for the required period and/or is no longer required for a lawful business purpose or legal requirements it will be erased or physically destroyed in a secure environment to prevent any recovery of the data

Disposal of electronic data

Domestic Tax Ltd routinely reviews all data held electronically or physically to decide whether to data processed has been held for the maximum time required for its purpose. When the data in question is no longer required to be retained it will be deleted from our systems (including both original files and back-ups, electronic and physical).

Disposal of physical data

Disposal of physical documents containing personal data is shredded internally and then placed in one of our locked recycling bins, of which only the Facilities Manager holds the key. Domestic Tax Ltd employs the services of a trusted and reputable external recycling supplier, who provide a secure document destruction service. Certificates of Destruction are provided and logged after each collection.

Disposal of other data

Disposal of other data (such as recorded telephone calls) are automatically deleted from all our servers after the required retention period outlined in the retention schedule below (section 8). If you request to right to be forgotten, we can remove all phone calls associated with your telephone number manually from our phone server.

6. Associated documents

  • Privacy Policy

  • Subject Access request Procedure

  • Service Terms and Conditions

  • Website and Cookie Policy

7. Acceptance

This Privacy Policy was last updated in April 2023. By using our services, you agree to the collection and use of your personal data and information as set out in this Privacy Policy. Any updates to our Privacy Policy will be made available on our websites and in our Members Areas. Please share any questions, concerns or comments you have about this policy by writing to:

The Data Protection Officer

Domestic Tax Ltd

121 Kingston Road

Leatherhead

Surrey

KT22 7SU

Our Data Protection Officer can also be emailed at [email protected].

8. Data retention schedule for customers

Customer relationship management

Data

Why we retain

Retention period

CRM Data including name, address, all contact details, service agreements, payment records

To provide the service the customer has chosen

Duration of the customer’s subscription to our services. Some records will be retained once your subscription with us has finished for the duration that is required, depending on the service the customer has chosen. See Below

Paper copies of subscriptions and renewals taken over the phone, including name, address, all contact details, payment records and identifier codes

To keep as reference regarding customer queries and renewal reporting

1 month

 

Payroll

Data

Why we retain

Retention period

Full and complete payroll records for employers (our customers) & their employees, including but not limited to:

  • Personal details

  • Salary Information

  • Identifier Codes

  • Forms and Declarations

To provide a payroll administration service acting on behalf of the customer as their payroll agent

The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

Copies of RTI submissions made to HMRC. These contain details regarding your employee’s earnings and deductions along with their full name, address and NI number and your PAYE scheme details

To ensure that we have accurate records of payroll processed and submitted to HMRC

The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

Copies of communications between us and you. These may include but not limited to:

  • Call recordings and/or notes

  • Emails

To support the accurate processing of payroll and for quality purposes

The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

Information relating to statutory payments. These may include but not limited to:

  • Employer bank details

  • Copies of MATB1 form

  • Requests for funding

To support the accurate processing of payroll and for quality purposes

The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

 

Auto enrolment & workplace pensions

Data

Why we retain

Retention period

Workplace Pensions & Auto Enrolment records for employers (our customers) & their employees including but not limited to:

  • Personal Details

  • Salary and Pension Contributions Information

  • Pension Scheme Details

  • Identifier Codes

  • Forms and Declarations

To provide an auto enrolment administration service acting on behalf of the customer as their auto enrolment administrator

6 years as per legal requirement of The Pensions Regulator (TPR)

Copies of communications between us and you. These may include but not limited to:

  • Call recordings and/or notes

  • Emails

To support the accurate processing of payroll and for quality purposes

The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

 

Human resource & employment law

The employment law section of the NannyPaye service is provided to our customers by an external employment law advice company, who have their own Data Protection policies regarding Privacy & Retention in place. Below is an overview of the data they may collect and retain to provide our customers with the employment law advice service. Please contact us if you would like access to the Data Protection policies of our employment law advice provider.

Data

Why we retain

Retention period

The customer’s personal details: name, address, contact details

Relationship management for legal advice

Duration of the customer’s subscription to our services

Personal details of the customer’s employee/s: name, address, contact details and terms of employment

  • To provide the customer with a Contract of Employment.

  • To assist the customer in resolving any employment issues

Duration of the employee’s employment with the customer

Records pertaining to any employment dispute between the customer and their employee

To assist the customer in the correct process and procedures for managing and employment issues

As per legal requirement depending on the issue

 

Accounts & finance

Data

Why we retain

Retention period

Direct Debit mandates/ customer bank details

For reference in case of investigation

7 Years

Purchase ledger invoices

Audit requirement

7 Years

Bank documentation, including refunds

Audit requirement

7 Years

Debit card details, card payment receipts

To keep as reference regarding customer queries and renewal reporting

1 month

 

Marketing & websites

Data

Why we retain

Retention period

Google Analytics data, including but not limited to website users’

  • Location

  • IP address

  • Website user behaviour

To measure the performance and activity of our websites to make informed marketing decisions

3 months

Client Marketing preferences

To ensure that we respect your choice regarding if/how you would like to receive marketing material

Permanent unless informed otherwise by customer

Cookie Acceptance

To ensure that we respect your choice regarding our cookie notice (see our Website and Cookie Policy for more details)

5 years

Third party suppliers

Domestic Tax Ltd may work with or employ the services of selected external companies to provide a business function. We treat the data of any external company or organisation as we would of any of our customers.

Data

Why we retain

Retention period

CRM Data including main contact name, business name, address, all contact details

To manage the relationship, request services, and/or deliver a service

Duration of the relationship between us and the third party

Any agreements or contracts including but not limited to:

  • Service Level

  • Non-Disclosure

As a record of our contract and to manage the relationship and as an Audit requirement

7 years or duration of the relationship

Invoice, payment details

For accounting purposes

7 Years

 

Non-customer data

Data

Why we retain

Retention period

Recorded Telephone calls

  • All telephone calls are recorded and stored as a business a whole and kept as per the legal requirement of payroll records

  • Non-customer calls may be referenced for training and quality purposes

1 month, or as required for the purpose of conducting the necessary business

Emails

As a record of activity and correspondence, for reference

1 month, or as required for the purpose of conducting the necessary business