epayrollUK Ltd is committed to protecting your privacy when you use our on-line, telephone or other services (“Services”). In this policy we explain how and why we collect your information, what we do with it and what controls you have over our use of it.

From time to time, we add or change functions, features or products to our Web Site or add or change Services. This, and our commitment to protecting the privacy of your personal information, may result in periodic changes to this Privacy Policy. As a result, please remember to refer back to this Privacy Policy regularly to review any amendments.
Any questions regarding our Privacy Policy should be directed to Dianne Spruit.

General Data Protection Regulation 2018

Data is information which is stored electronically, on a computer, or in certain paper-based filing systems.
Data subjects for the purpose of this policy include all living individuals about whom we or you hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data.
Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal data can be factual (such as a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour.
Data controllers are the people who or organisations which determine the purposes for which, and the way, any personal data is processed. They have a responsibility to establish practices and policies in line with the Act. epayrollUK Ltd is the data controller of all personal data used in relation to this site.
Data users include employees and others whose work involves using personal data. Data users have a duty to protect the information they handle by following our privacy policy at all times.
Data processors include any person who processes personal data on behalf of a data controller.
Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Sensitive personal data includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive personal data can only be processed under strict conditions and will usually require the express consent of the person concerned.

What Data Do We Collect and How Do We Use It?

We use information held about you and the information you provide in relation to third party personal data, in the following ways:
• To process payroll operations, including and not limited to Pension, Holiday entitlement, HMRC related financials
• To contact you to ensure payroll operations are carried out in a timely and accurate manner
• to ensure that our websites are presented in the most effective manner for those who visit and use them and for their computer or internet connected device

With Whom Is this Information Shared?

epayrollUK Ltd will not share, sell, or rent your personal information to third parties. However, we may disclose your personal information to third party suppliers who provide services on our behalf.
epayrollUK Ltd may disclose personal information if required to do so by law or if it believes that such action is necessary to protect and defend the rights, property or personal safety of company name and its Web Sites, visitors to the Web Sites and customers of our Services.
Our Web Site contains links to the sites of third parties. When you visit these sites, we suggest that you read their privacy policies. epayrollUK Ltd is not responsible for the privacy policies or the content of such sites. We would only sell or rent your personal information to a third party either as part of a sale of the assets of epayrollUK Ltd, having ensured that steps have been taken to ensure that your privacy rights continue to be protected.

Security

epayrollUK Ltd must ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. Data subjects may apply to the courts for compensation if they have suffered damage from such a loss.
The GDPR requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor if the data processor agrees to comply with those procedures and policies, or if the data processor puts in place adequate measures itself.

Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:

Confidentiality means that only people who are authorised to use the data can access it.

Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on our central computer system instead of individual PCs.
Security procedures include:
Methods of disposal. Paper documents are sent for confidential destroying. All personal data or other sensitive data stored on any medium including but not limited to DVD, USB memory sticks, external hard drives, the cloud, or portable devices should be deleted when they are no longer required.
Equipment. Data users should ensure that individual monitors and other devices do not show confidential information to passers-by and that they log off from their PC when it is left unattended and that computers automatically lock after a set period when not used.

epayrollUK Ltd places a great importance on the security of all information associated with our customers. We have security measures in place to attempt to protect against the loss, misuse, and alteration of customer data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information. While we cannot ensure or guarantee that loss, misuse, or alteration of data will not occur, we use our best efforts to prevent this.

Where Is this Information Stored?

Information which you submit via our Web Sites or our telephone services is stored on a computer located in the European Economic Area. This is necessary to process the information and to send you any information you have requested. Information submitted by you may be transferred by us to our other offices and to reputable third-party suppliers, which may be situated outside the European Economic Area. Not all countries outside the EEA have data protection or privacy laws. In addition, if you use our Services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those Services.

Providing information over the telephone

Any person dealing with telephone enquiries will be careful about disclosing any personal information held by us. In particular, we will:
• Check the caller’s identity to make sure that information is only given to a person who is entitled to it.
• Suggest that the caller put their request in writing if they are not sure about the caller’s identity and where their identity cannot be checked.
No-one should be bullied into disclosing personal information.

Use of Cookies

Cookies are pieces of information that a Web Site transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that. However, you may not be able to take full advantage of a Web Site if you do so. First party cookies are specific to the server that created
them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web. Third party cookies are added by scripts added to the website, examples include Facebook and YouTube. Although they do identify a user’s computer, cookies do not personally identify customers or passwords. Credit card information is not stored in cookies.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout

Information About Products and Services

It is very important to us that we provide you with the highest level of service. In order to help us do this, from time to time epayrollUK Ltd may send you details of our products and services which we think may be of interest to you. If at any time you do not wish to receive these details, please e-mail us at unsubscribe@epayrolluk.co.uk

Legislative Framework

The Organisation will monitor this policy to ensure it meets statutory and legal requirements. Training on the policy will include these aspects.

Ensuring the Effectiveness of the Policy

All Directors and staff will receive a copy of the privacy policy. Existing and new workers will be introduced to the privacy policy via induction and training. The policy will be reviewed annually, and amendments will be proposed and agreed by the Directors.

Non-adherence

Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.