Privacy policy

Introduction

Data protection is the fair and proper use of information about people.

At untied we want you to trust us and that starts with you trusting us to look after your data responsibly. We take your data seriously and as a minimum will comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This data privacy notice applies to data collection on the untied.io website or collected through a link to the website (eg Facebook, Google Ads, LinkedIn). Separate terms and conditions cover the use of untied by users and advisers.

This notice also sets out who we are, the information we collect, how we use it, our legal basis for doing so, sharing, storage, processing and security of your data, how long we keep data, your rights, automation and profiling, contacting untied, cookies, links and other technologies.

At untied we strive for simplicity and fairness so if anything is not clear, please ask.

Who are we?

The data controller is UT Tax Ltd trading as untied, registered in England at 10 Chertsey Road, Woking, Surrey, United Kingdom GU21 5AB with company number 11643855.

We may also act as a data processor for other data controllers.

When we refer to the untied app, this is a reference to the untied personal tax application (which is available on the Apple Store and Google Play) and associated services provided by untied including from the website with the home page at www.untied.io and other websites from time to time.

The law does not require untied to appoint a Data Protection Officer (DPO), and a Data Protection Officer has not been appointed. You can contact us at the above address or by email at compliance@untied.io.

What information do we collect and how do we use it?

We collect names and email addresses when you register to add you to our email newsletter, to personalise content and to send you generic content about UK personal taxes and filling in a tax return. We may also collect information when you sign up to a paid untied subscription, whether directly or through one of the app stores or services such as Paddle and Stripe which we use to manage subscriptions.

Sometimes we collect names, email addresses and market research data connected to your tax affairs through questionnaires. We use questionnaire data connected to your tax affairs to help us plan software features and marketing strategies for the untied app and to tailor information to you.

The untied app supports the management, simplification, optimisation and filing of your taxes. To achieve this untied uses financial and profile data provided to untied, including by you and through connecting to your bank or other third party accounts, and to your HMRC or other government records. The untied app also logs user activity which helps us to improve the user experience.

The untied app can also be set to automatically log journeys you make so that you can claim allowable mileage expenses to go on your tax return. If this feature is enabled untied will collect location data and other information provided by your device relating to the journey even when the app is closed or not in use. Location data collected in this way is used solely for determining journeys you make and to allow you to claim the mileage. We will only ever use location data collected by the app for providing functionality relevant to the core service and only when you opt-in by enabling this option in the app. We use third party APIs to help us determine journeys; this is done without sending personal identifiable information.

What legal basis do we have for processing your personal data?

We rely on your consent to process your personal data.

We also process your personal data to meet our legal compliance and regulatory responsibilities including under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

To maintain and verify the quality of our services, we may be subject to audits or assessments from professional third parties. This may be covered directly by consent, be part of a legal obligation or undertaken on the basis of legitimate interest.

When do we share personal data?

We will always treat personal data confidentially but sometimes we need to share it to deliver our service to you. We might disclose or share it with third parties which supply services to us or which process information on our behalf, for example to provide the untied newsletter or when we personalise our market research questionnaires. We also use third party professional services firms to audit and assess our services, systems, policies and procedures. In some cases, law may require that they are independent and therefore a data controller.

We manage our website, email content and lists using third-party processors called HubSpot, Mailchimp and SendGrid, verify phone numbers using Twilio, support users with Help Scout and we use Typeform for market research surveys. We use Paddle and Stripe to manage subscriptions. Data is stored with Google Cloud, Dropbox and Microsoft. Bank feeds and payments are provided by TrueLayer (including Truelayer Ireland), Yapily and Tink. We may also use review sites and app stores to ask for your opinion on untied. These sites include Reviews.io, Trustpilot and Google Reviews. We reserve the right to change suppliers and not seek new consent.

Where we are the data processor, third parties will act as sub-processors.

We only work with third parties that take their data protection obligations seriously and satisfy our requirements and promise to you. For example, third parties that are regulated by UK or EU data protection law or meet international data standards. Some third parties may also provide services directly to you, forming a direct relationship between you and them. 

Where we are processing your data on the basis of your consent, we will not sell your data or transfer your data to another data controller without your agreement. When we share data with third parties it is only to provide the services that you have consented to.

Except in the situations required by law or other regulation, untied will not pass, disclose, rent or sell your personal information (other than any personal information which is already publicly available) to any third party without your prior consent.

How does untied work with partners, advisors and other third parties?

untied works with partners and advisors that may provide special access to the untied app as part of their service. In these circumstances, you may be asked to consent to the sharing of certain aggregated and anonymised data to them, and this will be subject to their Privacy Policy and Terms.

untied services may also be embedded in the services of third parties or provided as part of a contract you have with them. We may adjust your data or apply simple logic to it to make it easier to read or understand - this is sometimes known as data manipulation. In some cases untied will be a data controller, in others untied will be a data processor on their behalf, and in others we and the third party will be independent data controllers. This will be subject to their Privacy Policy and Terms.

In addition, untied may give you the opportunity to obtain advice or support from a third party such as an accountant, other professional advisor or a trusted third party support service. This may be an existing helper or one that has partnered with untied. untied will be explicit what information will be shared, and you will invited to give permission for that third party to have the access that you are comfortable with.

Some untied services explicitly enable the transfer of data to a third party with your consent. In these cases, we will be clear about the identity of the party, the nature of the data being shared, the reason for the sharing and the duration of the permission for data to be shared.

Where untied is provided as part of your relationship with a helper, the details of the data to be made available to them may be included in the agreement you have with them.

Where do we store and process personal data?

When we share your information with third parties located outside of the UK which process information on our behalf (for example, email newsletter services) we ensure that they adhere to minimum standards. This is supported by contractual clauses or data transfer agreements. For example, if we transfer data outside the European Economic Area, we use data processor suppliers that have subscribed to the EU-US Privacy Shield Framework and ensure that data governance is controlled by contractual clauses or data transfer agreements.

These third parties may have incidental access to your information, but we will ensure that they keep your information secure and do not use it for their own purposes. We have ensured and will continue to ensure that all the services we use are compliant with applicable laws.

How do we secure personal data?

Your data is stored using trusted third-party specialist providers. Your data is protected by a password login that is only shared with those that need the data to provide our service and the data is backed up using secure servers.

How long do we keep your personal data for?

We will keep your personal data relating to your untied account as a user or adviser. This will be retained for at least as long as your untied subscription lasts. When an account or trial lapses, we may continue to keep your untied account data but take no responsibility for doing so. You should also be aware that lapsed accounts may be deleted from time to time. If you ask for your account to be deleted, you must confirm that untied will not be responsible for storing your records for statutory purposes, and will then permanently remove your account.

We will also keep your personal data for as long as you subscribe to the untied newsletter. We will clean the list at least twice a year to permanently remove all email addresses that have unsubscribed over the last six months.

We will keep anonymised market research and usage data for as long as it is useful to inform the product design and features and marketing of the untied app and always subject to the requirements of UK law or contractual obligations.

Deleting data

Deletion is subject to our legal compliance and regulatory responsibilities including under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which may require us to retain certain records after the end of any relationship with you.

All our emails contain an unsubscribe option and you can withdraw your newsletter consent by clicking on that option. We then deep clean the list at least twice a year to ensure that unsubscribers are permanently deleted.

If you want us to completely erase all your data sooner than that, please get in touch.

If you are or have been an untied user, you can contact us to completely erase all your user data. In asking us to delete data, you should bear in mind your statutory record keeping responsibilities.

Beta services

New services and functionality in development, testing and evaluation (which will typically be identified as in "beta") may be subject to specific collection, storage, processing. sharing and retention practices.

Your rights in relation to personal data

Under the GDPR, you have rights as a data subject.

You can withdraw consent using the unsubscribe option in our newsletter emails. You will continue to receive account related communications as part of our service to you.

To withdraw consent for us to act as a tax agent, you can email compliance@untied.io. You may also be able to remove such consent via HMRC. If you do so we request that you also advise us via compliance@untied.io so we can disable appropriate functionality and avoid connection or similar errors in your untied account.

You can request a copy of your data or the correction or deletion of your data by emailing compliance@untied.io.

There may be circumstances where untied is not able to delete your data where it is required to keep it by law. You can lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/

Anonymisation and aggregation of personal data

The GDPR does not apply to personal data that has been anonymised. This is personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This includes the use of aggregated personal data from which a user cannot be identified.

untied makes use of anonymised data including for statistical, research, and product development and improvement purposes.

Use of profiling and automated decision-making

Profiling’ means automated processing of personal data to evaluate certain personal aspects. untied may use profiling to make suggestions to you. This includes the option of taking advanced insights and recommendations based on people similar to you. This will require you to authorise the sharing of your data for such matching purposes. We may also give you further options in respect of your data.

untied will make automatic decisions based on information that you provide to untied. This will include tax deductions that you are entitled to. untied does not use profiling for automated decision-making.

How to contact us

If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint you can contact us at the above address or by email compliance@untied.io 

Use of cookies and other technologies

Cookies are small files which some websites transfer onto the hard drive of your computer, so that you are recognised – anonymously – the next time that you visit the site. untied.io uses cookies to remember you when you visit our site.

We use Google Analytics to better understand how our visitors use our site. This helps us understand things like where people come from, what search queries bring people to our site, what they do when they get here. All this information is used to help us improve the website and make sure we deliver the information people want. Google Analytics uses cookies to help provide meaningful reports. They do not collect personal data.

We also use cookies to test new content. Split testing is where we will compare multiple versions of a web page and see which one works best or which people prefer. A random variation may be served up the first time you visit the site and a cookie is used to store which version of the page you saw. This means next time you visit you will see the same page again.

All cookies used by untied.io are anonymous. They do not contain personal information or sensitive data and they are not shared.

Linking to other websites / third party content

Where we link to external sites and resources from our website this does not constitute endorsement and untied takes no responsibility for any linked website.