Privacy Policy

Business Tax Centre Ltd is committed to protecting the identity and privacy of our users. We will only use information collected in the process of transactions in a strictly lawful manner in accordance with the General Data Protection Regulations.

By purchasing from us, your details will be entered into our customer database. We will never sell or otherwise share your name, email address, or other personal information with any other business, marketing campaign, or any third party without your permission.

We may however, send you information from time to time detailing our product updates and special offers. You may opt-out of receiving these notifications at any time (see “Your Rights” below)

If paying by credit card online, you will be forwarded to our completely secure Payment Page. Users should be aware that Business Tax Centre Limited retains no information relating to clients' debit or credit card details. This information is never known to us and is only retained by the Merchant Service Provider.

After registering for this service, we guarantee that you will be logging into a secure environment at all times, and all personal details entered on this site are encrypted using internationally recognized SSL (Secure Sockets Layer) protocols. All Transactions are Connection Encrypted: High-Grade Encryption (AES-256 256 bit).

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

General Data Protection Regulations (Regulation (EU) 2016/679) GDPR from 25th May 2018: Registration No. Z8795873

Please note that from 25th May 2018 Client firms will have to be compliant with GDPR this means that they will have to update or create new policies and procedures for processing personal data.

Definitions

The Regulation provides a definition of twenty-six of the relevant terms, including the following (GDPR Article 4 – Definitions):

  • 1 "personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • 2 "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  • 7 "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

  • 8 "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

For the purposes of GDPR and the DPA we are Joint Data Controllers with our Clients.

Under GDPR your legal basis for processing Customer Data (i.e. Personal Data) is “Legal Obligation”, because the processing of Personal Data is necessary for the compliance with legal obligations in The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, and the Proceeds of Crime Act 2002, as well as The Companies Act  2006 it is very likely that you will also have to comply with the UK and/or other Financial Sanction Regimes.

You do not need "Consent" to run SmartSearch checks on Personal Data but you must inform the Data Subject that a check will be undertaken to comply with the Money Laundering Regulations.

Consent is needed for an officer of a company to be a Director or a Person of Significant Control, as part of any incorporation application consent for these roles must be sought and given. This is done by ticking the appropriate consent box as part of the application.   The system will store the time and date this consent was given.

For all other orders we require instruction in writing setting out the requirements of that order, the data that will be processed and who is authorising customer, which in most cases will be the authorising agent of the underlying beneficial owners.

Our Data Retention policy states we will hold Personal Transactional Data on your Customers for 5 years from the date the transaction or order is completed or run, or 5 years from the date that you cease to be a customer, at which point the data is deleted. This mirrors the requirements under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Personal Data We Hold and Process on Your Firm and/or Your Clients

We may also hold personal information about your firm and or your clients such as names, email addresses, IP address, residential addresses and contact notes etc. We need this information to provide the Company Secretarial and SmartSearch services to you and your firm. The legal basis for us holding this Personal Data under GDPR is Contractual where the processing of Personal Data is necessary for the performance of a transaction to which the individual or the firm is a party.

E-Filing Formation and Secretarial Software
We have listed below Personal Identifiable Information which will may have been collected and will be anonymised by the eFiling software when time frames for record keeping compliance have been reached.
Customer Information
First and last name
Date of Birth
Order Information
Acceptance email
Rejection email
Cashback cheque payee and address
Delivery name and address
Transaction & Billing Information
Cheque payee name and address
First and last name
Address
Telephone number(s)
Lead Information (if appl.)
Contact name
Email address
Telephone number(s)
Address
Date of Birth (where provided)
Name on Card (where provided)
Companies House Forms
Person(s) Name
Person(s) Address
Date of Birth
Residential Address
Service Address (if not purchased)
Other General Data
Address(es)
Email address(es)
Telephone number(s)

Explanation of Business Tax Centre Ltd as Joint Data Controllers

DEFINITIONS

In this agreement the terms as specifically defined have the meanings assigned. "Data Protection Legislation" means any applicable legislation or regulation in force in the United Kingdom from time to time including the Data Protection Act 1998 (or any subsequent legislation including the General Data Protection Regulation (Regulation (EU) 2016/679)) or any regulations or statutory instruments (or similar) made under such legislation.

In processing of Personal Data supplied by our clients Business Tax Centre Ltd are (joint) data controllers for the following reasons; a data controller (either alone or jointly with other persons) determines the purpose for which and the manner in which any personal data is or is to be processed. Activities such as the interpretation, significant decision making and exercising professional judgement of the data must be carried out by a data controller, which in this case is Business Tax Centre Ltd.

When a data controller discloses personal data to another data controller (as in this case) each has full DPA/GDPR responsibility because both parties will exercise control over the purpose for which and the manner in which the data is processed. Business Tax Centre Ltd is a commercial organisation, supplying Company Secretarial, compliance services and Anti-Money Laundering checks through SmartSearch, they are a processor of data with their own defined policies for GDPR which are distributed directly to our end user customers.  

Your Rights

You can ask us to update or remove your personal information, or if you are a professional such as an Accountant or other regular user you will need to contact us in order to remove any specific company's and/or officer record from the system in order to comply with your own GDPR procedures. This can be done by by emailing businesstax@btc-nw.co.uk or by writing to us at our customer services address below. However, please note that Business Tax Centre Ltd is unable to enter into a data processing agreement with our Clients. If we did then we would have to process the data in accordance with their instructions, delete the data upon their request, comply with their security instructions, use of sub-contractors etc, etc. All of these are decisions that Business Tax Centre make and will continue to make to comply with Business Tax Centre’s obligations for compliance to the appropriate Regulations.

You also have the right to request a copy of any personal information we hold about you. To do this, simply write to us at the following address, enclosing a cheque for £10 payable to Business Tax Centre Ltd to cover our administration costs:-

Customer Services (Data Subject Request)

Business Tax Centre Limited
Suite 14c Link 665 Business Centre, Todd Hall Rod, Haslingden BB4 5HU