MTD Guru ("we," "our," or "us") is committed to protecting the privacy of our clients and website visitors. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you visit our website, mtdguru.com (the "Site"), or engage with our tax consultancy services, in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.
1. Information We Collect
We may collect personal information from you in various ways, including, but not limited to, when you:
• Visit our Site
• Fill out a contact form
• Request our services
• Subscribe to our newsletter
• Interact with our content
The types of personal information we may collect include:
• Contact Information: Name, email address, postal address, phone number.
• Financial Information: Details relevant to your tax situation, which may include income, expenses, bank details, National Insurance number, tax reference numbers, and other financial records. This information is considered sensitive and is collected only when you engage us for tax consultancy services.
• Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Usage Data: Information about how you use our website, products, and services.
• Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
2. How We Use Your Information and Our Lawful Bases for Processing
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
• To Provide Services (Contractual Necessity): We process your contact and financial information to fulfil our contractual obligations to you, such as preparing and filing tax returns, providing tax advice, and managing your account. Without this data, we cannot provide our services.
• To Comply with Legal Obligations (Legal Obligation): We process certain personal data to comply with our legal and regulatory obligations, for example, maintaining accurate client records as required by HMRC and other regulatory bodies.
• To Improve Our Website (Legitimate Interests): We process technical and usage data to understand how our users interact with our Site and to enhance user experience. This processing is based on our legitimate interest in improving our services and website functionality, provided your rights and freedoms are not overridden.
• To Communicate with You (Legitimate Interests/Consent): We use your contact information to respond to your inquiries and send you important service updates. For direct marketing communications (e.g., newsletters), we will rely on your explicit consent where required, or on our legitimate interests to promote our services where applicable law permits.
• For Business Operations (Legitimate Interests): For internal record keeping, data analysis, and to improve our business offerings. This is based on our legitimate interests in managing and growing our business, ensuring that your rights and interests are protected.
3. Disclosure of Your Information
We may share your personal information with third parties in the following circumstances:
• With Your Consent: We will share your information when we have your explicit consent to do so.
• Service Providers: We may share your information with trusted third-party service providers who assist us in operating our business and providing our services (e.g., accounting software providers, cloud storage, IT support, HMRC). These providers are contractually obligated to protect your information, adhere to UK GDPR standards, and use it only for the specific purposes for which it was disclosed.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., HMRC, a court, or other government agency).
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.
• Professional Advisers: We may share your information with professional advisers such as lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services, who are themselves bound by confidentiality.
We will never sell or rent your personal information to third parties for their marketing purposes.
4. International Transfers
We do not generally transfer your personal data outside of the UK. However, should it be necessary to transfer your personal data outside the UK (e.g., if a service provider uses servers in another country), we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government.
• Where we use certain service providers, we may use specific contracts approved by the UK government which give personal data the same protection it has in the UK.
5. Data Security
We implement appropriate technical and organisational security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, secure storage solutions, and regular security audits. While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Typically, we retain client records and financial data for a period of six years after the relevant tax year-end, plus the current tax year, to comply with HMRC record-keeping requirements. Other data may be retained for shorter periods as appropriate. After this period, your personal data will be securely deleted or anonymised.
7. Your Legal Rights under UK GDPR
Under certain circumstances, you have the following rights under UK data protection laws in relation to your personal data:
• The right to be informed: You have the right to be informed about how we collect and use your personal data. This Privacy Policy serves to fulfil that right.
• The right of access: You have the right to request access to your personal data (commonly known as a "data subject access request").
• The right to rectification: You have the right to request correction of inaccurate personal data we hold about you.
• The right to erasure ("right to be forgotten"): You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
• The right to restrict processing: You have the right to request the suspension of the processing of your personal data in certain scenarios.
• The right to data portability: You have the right to request the transfer of your personal data to you or to a third party.
• The right to object: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• The right to withdraw consent: Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you wish to exercise any of these rights, please contact us using the details below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
8. Cookies
Our Site may use "cookies" to enhance user experience. Cookies are small files placed on your hard drive for record-keeping purposes and to track information about you. We use both session cookies (which are temporary and expire when you close your browser) and persistent cookies (which stay on your device until you delete them or they expire). We use these to remember your preferences, analyse website traffic, and for security. You may choose to set your web browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
9. Third-Party Websites
Our Site may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.