untied privacy policy
Introduction
Data protection is the fair and proper use of information about people.
We want you to trust untied and that starts with you trusting us to look after your data responsibly. We take your data seriously and as a minimum will comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
This data privacy policy applies to data collected via untied Software and Services subject to our Terms and Conditions of Use (“untied’s Terms”) as well as equivalent terms for advisers or other third parties. It also applies to data collection on the untied.io website or collected through a link to the website (eg Facebook, Google Ads, LinkedIn).
In this notice you will see details of who we are, the information we collect, how we use it, our legal basis for doing so, sharing, storage, processing and security of your data, how long we keep data, your rights, automation and profiling, contacting untied, cookies, links and other technologies.
At untied we strive for simplicity and fairness so if anything is not clear, please ask.
When we refer to the untied Software, this relates to the untied online tax services, tax applications, data management, websites, online tools, application programming interfaces (APIs) and other services delivered directly or in conjunction with third parties including from the website with the home page at www.untied.io.
The Services include the data-gathering, income tax estimation and calculation, preparation and tax return submission capability made available through the untied Software including the content, features, tools, data, storage, support and integrations.
The Documentation refers to the related online and/or electronic documentation made available by us to you in relation to your use of the untied Software and the Services.
Who are we?
The data controller is UT Tax Ltd trading as untied, registered in England at 10 Chertsey Road, Woking, Surrey, United Kingdom GU21 5AB with company number 11643855.
Together with any subsidiary, sibling or parent companies, untied is part of the UT Tax Group.
Contacting us
We have not appointed a Data Protection Officer (DPO). If you have any questions about this privacy notice or issues arising from it, you can contact us by email at compliance@untied.io.
What information do we collect and how do we use it?
We collect names and email addresses when you register to add you to our email newsletter, to personalise content and to send you generic content about UK personal taxes and filling in a tax return.
We may also collect information when you use the untied Software or Services and when you pay for untied whether directly or through one of the app stores or services such as Paddle and Stripe which we use to manage payments, usage and subscriptions.
Sometimes we collect names, email addresses and market research data connected to your tax affairs through questionnaires. We use questionnaire data connected to your tax affairs to help us design software features and marketing strategies for the untied Software and Services and to tailor information to you.
The untied Software and Services supports the management of your taxes and tax information. It may include simplification, optimisation and filing of your taxes. To achieve this untied uses financial and profile data provided to untied, including by you and through connecting to your bank or other third party accounts, and to your HMRC or other government records. The untied Software also logs user activity which helps us to improve the user experience.
When installed on a mobile device, untied Software can also be set to automatically log journeys you make so that you can claim allowable mileage expenses to go on your tax return. If this feature is enabled untied could collect location data and other information provided by your device relating to the journey even when the untied Software is closed or not in use. Location data collected in this way is used solely for determining journeys you make and to allow you to claim the mileage. We will only ever use location data collected by the untied Software for providing functionality relevant to the core service and only when you opt-in by enabling this option. We use third party APIs to help us determine journeys; this is done without sending personal identifiable information.
We may adjust your data or apply logic to it to make it easier to read or understand - this is sometimes known as data manipulation.
What legal basis do we have for processing your personal information?
We rely on your consent to process your personal information.
We also process your personal information to meet our legal compliance and regulatory responsibilities including under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
To maintain and verify the quality of our services, we may be subject to audits or assessments from professional third parties. This may be covered directly by consent, be part of a legal obligation or undertaken on the basis of legitimate interest.
When do we share personal information to help us deliver our service to you?
We will always treat personal information confidentially but sometimes we need to share it to deliver our service to you. This includes disclosing or sharing it with third parties which supply services to us or which process information on our behalf, for example to provide the untied newsletter or when we personalise our market research questionnaires. We also use third party professional services firms to audit and assess our services, systems, policies and procedures. In some cases, law may require that they are independent and therefore a data controller.
We only work with third parties that take their data protection obligations seriously and satisfy our requirements and promise to you. For example, third parties that are regulated by UK or EU data protection law or meet international data standards. Some third parties may also provide services directly to you, forming a direct relationship between you and them.
We manage our website, email content and lists using third-party processors called HubSpot, Webflow, Mailchimp, Brevo and SendGrid, verify phone numbers using Twilio, support users with Help Scout and we use Typeform for market research surveys. We use Paddle and Stripe to manage subscriptions. Data is stored with Google Cloud, AWS (Amazon), Dropbox and Microsoft. Bank feeds and payments are provided by TrueLayer (including TrueLayer Ireland), Tink and Plaid. We may also use other tools including ClickUp, Jira, Notion, Retool and Trello, and accounting, admin and filing platforms from IRIS and Xero to manage tasks relating to our service to you. We may also use review sites and app stores to ask for your opinion on untied. These sites include Reviews.io, Trustpilot and Google Reviews. We reserve the right to change suppliers and not seek new consent.
We may also act as a data processor for other data controllers. Where we are the data processor, third parties will act as sub-processors.
Group companies
To provide the untied Software, Services or Documentation, we may share your personal information with other companies in the UT Tax Group who may act as joint data controllers or as data processors on our behalf.
Should you have or form relationships with other companies in the UT Tax Group, unless you expressly request otherwise, identify verification and other anti-money laundering results may be shared with them to allow you to receive similar services from them.
Giving consent to share data with third parties
Except in the situations required by law or other regulation, untied will not pass, disclose, rent or sell your personal information (other than any personal information which is already publicly available) to another data controller without your prior consent.
You can choose to give consent for us to share your data with a third party. Such third parties include accountants, advisers and other parties you may have a relationship with.
You may also be asked to give us permission to share limited data to verify your entitlement to access special pricing or terms – for instance to demonstrate membership of an organisation or having accounts with a specific financial institution.
We will be clear about the identity of the party, the nature of the data being shared, the reason for the sharing and where applicable the duration of the permission for data to be shared. Where relevant this will be subject to that third party’s Privacy Policy and Terms as well as untied’s Terms and this privacy notice.
Where do we store and process personal information?
We principally store and process your data in the UK and European Economic Area (EEA).
We may transfer your personal information to third parties located outside of the EEA to process information on our behalf. This includes for email and other communication services and web hosting.
If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA, we will ensure that safeguards are in place so that a similar degree of protection is given to your personal information as is given to it within the EEA. We will also ensure that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as ‘derogations’ under the data protection legislation). This will be supported by contractual clauses or data transfer agreements.
To meet these requirements for parties in the US, we use data processor suppliers that have subscribed to the EU-US Data Privacy Framework (DPF) with data available through a UK-US Data Bridge.
These third parties may have incidental access to your information, but we will ensure that they keep your information secure and do not use it for their own purposes. We have ensured and will continue to ensure that all the services we use are compliant with applicable laws.
How do we secure personal information?
Your data is stored using trusted third-party specialist providers. Your data is protected by a password login that is only shared with those that need the data to provide our service and the data is backed up using secure servers.
How long do we keep your personal information for?
We will keep your personal information relating to your untied account as a user or adviser. This will be retained for at least as long as your untied usage lasts and you continue to pay the applicable licence fees. We also offer specialist data retention services for a defined period.
When an account or trial lapses, we may continue to keep your untied account data but take no responsibility for doing so. You should also be aware that lapsed accounts may be deleted from time to time. If you ask for your account to be deleted, you must confirm that untied will not be responsible for storing your records for statutory purposes, and will then permanently remove your account.
We will also keep your personal information for as long as you subscribe to the untied newsletter.
We will keep anonymised market research and usage data for as long as it is useful to inform the design, features and marketing of the untied Software and Services and always subject to the requirements of UK law or contractual obligations.
Deleting data
Deletion is subject to our legal compliance and regulatory responsibilities including under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which may require us to retain certain records after the end of any relationship with you.
If you are or have been an untied user, you can contact us to completely erase all your user data. In asking us to delete data, you should bear in mind your statutory record keeping responsibilities.
Beta services
New services and functionality in development, testing and evaluation (which may be identified as in "beta" or in other ways) may be subject to specific collection, storage, processing. sharing and retention practices.
Your rights in relation to personal information
Under the GDPR, you have rights as a data subject.
You can withdraw consent using the unsubscribe option in our newsletter emails. You will continue to receive account related communications as part of our service to you.
To withdraw consent for us to act as a tax agent, you can email compliance@untied.io. You may also be able to remove such consent via HMRC. If you do so we request that you also advise us via compliance@untied.io so we can disable appropriate functionality and avoid connection or similar errors in your untied account.
You can request a copy of your data or the correction or deletion of your data by emailing compliance@untied.io.
There may be circumstances where untied is not able to delete your data where it is required to keep it by law. You can lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/
Anonymisation and aggregation of personal information
The GDPR does not apply to personal information that has been anonymised. This is personal information rendered anonymous in such a manner that the data subject is not or no longer identifiable. This includes the use of aggregated personal information from which a user cannot be identified.
untied makes use of anonymised data including for statistical, research, and development and improvement purposes.
Security
We take appropriate technical and organisational measures to meet the key security principle of the UK GDPR to process personal information securely.
Use of profiling and automated decision-making
‘Profiling’ means automated processing of personal information to evaluate certain personal aspects. untied may use profiling to make suggestions to you. This includes the option of taking advanced insights and recommendations based on people similar to you. This will require you to authorise the sharing of your data for such matching purposes. We may also give you further options in respect of your data.
While profiling may be used for suggestions, it is not used for automated decision-making. Instead, you need to provide information directly to untied for decisions to be made including in relation to tax deductions that you are entitled to.
How to contact us
If you have questions or concerns about our privacy practices or your personal information, or if you wish to file a complaint, you can contact us at the above address or by email at compliance@untied.io.
Use of cookies and other technologies
Cookies are small files which some websites transfer onto the hard drive of your computer, so that you are recognised – anonymously – the next time that you visit the site. untied.io uses cookies to remember you when you visit our site.
We use Google Analytics to better understand how our visitors use our site. This helps us understand things like where people come from, what search queries bring people to our site, what they do when they get here. All this information is used to help us improve the website and make sure we deliver the information people want. Google Analytics uses cookies to help provide meaningful reports. They do not collect personal information.
We also use cookies to test new content. Split testing is where we will compare multiple versions of a web page and see which one works best or which people prefer. A random variation may be served up the first time you visit the site and a cookie is used to store which version of the page you saw. This means next time you visit you will see the same page again.
All cookies used by untied.io are anonymous. They do not contain personal information or sensitive data and they are not shared.
Linking to other websites / third party content
Where we link to external sites and resources from our website this does not constitute endorsement and untied takes no responsibility for any linked website.