Data protection is the fair and proper use of information about people.
At untied we want you to trust us and that starts with you trusting us to look after your data responsibly. We take your data seriously and as a minimum will comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
This data privacy notice applies to data collection on the untied.io website or collected through a link to the website (eg Facebook, Google Ads, LinkedIn). Separate terms and conditions cover the use of untied by users and advisers.
This notice also sets out who we are, the information we collect, how we use it, our legal basis for doing so, sharing, storage, processing and security of your data, how long we keep data, your rights, automation and profiling, contacting untied, cookies, links and other technologies.
At untied we strive for simplicity and fairness so if anything is not clear, please ask.
Who are we?
The Data Controller is UT Tax Ltd trading as untied, registered in England at 10 Chertsey Road, Woking, Surrey, United Kingdom GU21 5AB with company number 11643855.
When we refer to the untied app, this is a reference to the untied personal tax application (which is available on the Apple Store and Google Play) and associated services provided by untied including from the website with the home page at www.untied.io.
The law does not require untied to appoint a Data Protection Officer as it has taken the decision that it does not require one under the law but you can contact us at the above address or by email firstname.lastname@example.org
What information do we collect and how do we use it?
We collect names and email addresses when you register to add you to our email newsletter, to personalise content and to send you generic content about UK personal taxes and filling in a tax return.
Sometimes we collect names, email addresses and market research data connected to your tax affairs through questionnaires. We use questionnaire data connected to your tax affairs to help us plan software features and marketing strategies for the untied app and to tailor information to you.
The untied app supports the management, simplification, optimisation and filing of your taxes. To achieve this untied uses financial and profile data provided to untied, including by you and through connecting to your bank or other third party accounts, and to your HMRC or other government records. The untied app also logs user activity which helps us to improve the user experience.
The untied app can also be set to automatically log journeys you make so that you can claim allowable mileage expenses to go on your tax return. If this feature is enabled untied will collect location data and other information provided by your device relating to the journey even when the app is closed or not in use. Location data collected in this way is used solely for determining journeys you make and to allow you to claim the mileage. We will only ever use location data collected by the app for providing functionality relevant to the core service and only when you opt-in by enabling this option in the app.
What legal basis do we have for processing your personal data?
We rely on your consent to process your personal data.
All our emails contain an unsubscribe option and you can withdraw your newsletter consent by clicking on that option. We then deep clean the list at least twice a year to ensure that unsubscribers are permanently deleted.
If you want us to completely erase all your data sooner than that, please get in touch.
If you are or have been an untied user, you can contact us to completely erase all your user data. In asking us to delete data, you should bear in mind your statutory record keeping responsibilities.
When do we share personal data?
We will always treat personal data confidentially but sometimes we need to share it to deliver our service to you. We might disclose or share it with third parties which supply services to us or which process information on our behalf, for example to provide the untied newsletter or when we personalise our market research questionnaires.
We manage our website, email content and lists using third-party processors called HubSpot, Mailchimp and SendGrid, verify phone numbers using Twilio, support users with Help Scout and we use Typeform for market research surveys. We may also use review sites and app stores to ask for your opinion on untied. These sites include Reviews.io, Trustpilot and Google Reviews. We reserve the right to change suppliers and not seek new consent.
We only work with third parties that take their data protection obligations seriously and satisfy our requirements and promise to you. For example, third parties that are regulated by UK or EU data protection law or meet international data standards. Some third parties may also provide services directly to you, forming a direct relationship between you and them.
We will not sell your data or transfer your data to another data controller without your agreement. When we share data with third parties it is only to provide the services that you have consented to.
Except in the situations required by law or other regulation, untied will not pass, disclose, rent or sell your personal information (other than any personal information which is already publicly available) to any third party without your prior consent.
How does untied work with partners, advisors and other third parties?
In addition, untied may give you the opportunity to obtain advice from a third party such as an accountant or tax advisor. This may be an existing advisor or one that has partnered with untied. untied will be explicit what information will be shared, and you will invited to give permission for that third party to have the access that you are comfortable with.
Some untied services explicitly enable the transfer of data to a third party with your consent. In these cases, we will be clear about the identity of the party, the nature of the data being shared, the reason for the sharing and the duration of the permission for data to be shared.
Where do we store and process personal data?
When we share your information with third parties located outside of the UK which process information on our behalf (for example, email newsletter services) we ensure that they adhere to minimum standards. This is supported by contractual clauses or data transfer agreements. For example, if we transfer data outside the European Economic Area, we use data processor suppliers that have subscribed to the EU-US Privacy Shield Framework and ensure that data governance is controlled by contractual clauses or data transfer agreements.
These third parties may have incidental access to your information, but we will ensure that they keep your information secure and do not use it for their own purposes. We have ensured and will continue to ensure that all the services we use are compliant with applicable laws.
How do we secure personal data?
Your data is stored using trusted third-party specialist providers. Your data is protected by a password login that is only shared with those that need the data to provide our service and the data is backed up using secure servers.
How long do we keep your personal data for?
We will keep your personal data relating to your untied account as a user or adviser. This will be retained for at least as long as your untied subscription lasts. When an account or trial lapses, we may continue to keep your untied account data but take no responsibility for doing so. You should also be aware that lapsed accounts may be deleted from time to time. If you ask for your account to be deleted, you must confirm that untied will not be responsible for storing your records for statutory purposes, and will then permanently remove your account.
We will also keep your personal data for as long as you subscribe to the untied newsletter. We will clean the list at least twice a year to permanently remove all email addresses that have unsubscribed over the last six months.
We will keep anonymised market research and usage data for as long as it is useful to inform the product design and features and marketing of the untied app and always subject to the requirements of UK law or contractual obligations.
Where your untied subscription is set up solely to share data with a third party, we will retain your personal data for no more than 60 days.
Your rights in relation to personal data
Under the GDPR, you have rights as a data subject.
You can withdraw consent using the unsubscribe option in our newsletter emails. You will continue to receive account related communications as part of our service to you.
To withdraw consent for us to act as a tax agent, you can email email@example.com. You may also be able to remove such consent via HMRC. If you do so we request that you also advise us via firstname.lastname@example.org so we can disable appropriate functionality and avoid connection or similar errors in your untied account.
You can request a copy of your data or the correction or deletion of your data by emailing email@example.com.
There may be circumstances where untied is not able to delete your data where it is required to keep it by law. You can lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/
Anonymisation and aggregation of personal data
The GDPR does not apply to personal data that has been anonymised. This is personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This includes the use of aggregated personal data from which a user cannot be identified.
untied makes use of anonymised data including for statistical, research, and product development and improvement purposes.
Use of profiling and automated decision-making
Profiling’ means automated processing of personal data to evaluate certain personal aspects. untied may use profiling to make suggestions to you. This includes the option of taking advanced insights and recommendations based on people similar to you. This will require you to authorise the sharing of your data for such matching purposes. We may also give you further options in respect of your data.
untied will make automatic decisions based on information that you provide to untied. This will include tax deductions that you are entitled to. untied does not use profiling for automated decision-making.
How to contact us
If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint you can contact us at the above address or by email firstname.lastname@example.org
All cookies used by untied.io are anonymous. They do not contain personal information or sensitive data and they are not shared.
Linking to other websites / third party content
Where we link to external sites and resources from our website this does not constitute endorsement and untied takes no responsibility for any linked website.