- I. General
MY TAX BACK LIMITED trading as Tommy’s Tax Limited provides a service to claim tax back through an online application.
Personal data includes particulars on personal or factual circumstances of a specific or determinable individual person. This includes information such as name, address, telephone number, email address, National Insurance number, Unique Taxpayer Reference number, bank account details, employment / business information.
Information that cannot be linked to a specific or determinable individual is not considered as personal data.
Applicable Data Protection Law
Tommy’s Tax, as a registered entity in the UK and Republic of Ireland, are subject to the Regulations of the General Data Protection Regulation (GDPR) & UK GDPR as tailored by the Data Protection Act 2018.
Tommy’s Tax has put in place technical and organisational measures to protect personal data from unauthorised access, loss or misuse. Personal data is processed through systems which are operated by Tommy’s Tax or third party systems which have been accessed by Tommy’s Tax for appropriate security measures. Tommy’s Tax will modify and upgrade the security and data protection measures of the systems used as technological advances become available.
Data Subjects Rights
Tommy’s Tax respects the fundamental rights and freedoms of data subjects under GDPR. Under this regulation you have the right to:
- Be informed about and have access to your personal data which is processed (Right to be informed and Right of access according to Article 15 GDPR)
- Obtain the correction of inaccurate personal data (Right to rectification according to Article 16 GDPR)
- Obtain deletion of your personal data (Right to erasure according to Article 17 GDPR)
- Restrict processing (Right to restriction of processing according to Article 18 GDPR)
- Receive your personal data which is provided to us (Right to data portability according to Article 20 GDPR)
- Object to processing data on grounds relating to your particular situation based on legitimate interests or the performance of a task in the public interest (Right to object according to Article 21 GDPR)
Provided that the necessary legal requirements are fulfilled.
Withdrawal of Consent
Where your consent has been requested for the processing of your personal data, Tommy’s Tax informs you that you have the right to withdraw your consent at any time in the future, without affecting the lawfulness of the processing based on the consent before its withdrawal.
Exercising your Rights
If you want to exercise your rights as a data subject or withdraw an explicit consent given, please send a message to the Data Protection Officer of Tommy’s Tax explaining what right you want to exercise so that Tommy’s Tax can take the necessary further steps to respect your rights.
As an email may be sent via unencrypted means, Tommy’s Tax cannot guarantee the confidentiality of transmitted information. Therefore, if you wish to send a letter you may contact the Data Protection Officer at the address provided below.
Please be aware that we might ask for a proof of identity in order to verify and protect your information against unauthorised access.
Right to lodge a complaint
You have the right to lodge a complaint with the data protection authority of your country if you believe that your rights have been violated. For further information on the complaints process, please click here.
II. Client and HMRC Data
Data Categories, Purposes of Processing Personal Data and Legal Basis
In order to carry out the service of Tax Agent on behalf of our clients and communicating with the HMRC to obtain income tax refunds in the fulfillment of the contract with our clients, under Article 6(1)(b) GDPR, Tommy’s Tax needs clients’ data (name, address, phone number, email address, National Insurance number, Unique Taxpayer Reference number, proof of Identification document).
Client data transferred to Tommy’s Tax via the app or desktop site may be processed and recorded by various departments within Tommy’s Tax. This personal data is used by Tommy’s Tax only for the fulfillment of its contractual obligations and any further use is not permitted.
In some cases we may process data on consent basis (according to Article 7 GDPR) or because of our legitimate interest (according to Article 6(1)(f) GDPR) in particular the purpose of our Anti-Money Laundering obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
Compliance with the applicable statutory regulations on data protection is an original duty of Tommy’s Tax. The submission and transfer of data by a client to Tommy’s Tax is the responsibility of the client to which Tommy’s Tax will have responsibility once uploaded to the app or desktop site. Tommy’s Tax will adhere to all responsibilities under GDPR to protect such uploaded data and will process this data in line with GDPR when transferring any required data to the HMRC in fulfillment of its contractual obligations with the client.
Data Sharing and Recipients
Generally, Tommy’s Tax will only receive data from the client and will share that data with HMRC as a third party on the basis of fulfilling its contractual obligations on behalf of the client.
Tommy’s Tax will not sell or lease personal data to any third parties, however there are certain circumstances where GLS may share your personal data without additional notice to you. Parties which may receive your data include:
- Law enforcement personnel and agencies for the purpose of meeting national security requirements or as part of a legal process in order to protect our obligations under MLR 2017 or other regulations, or in furtherance of an investigation regarding a breach of Tommy’s Tax’ rules and policies, unauthorised access to or use of Tommy’s Tax equipment or systems, or any other illegal activity.
Retention and Erasure
Tommy’s Tax processes personal data as long as it is required for the purpose for which we use it. We will determine how long to retain the data based on the following requirements:
- Operational requirements: such as the length of time that information is needed in order to provide the service.
- Legal requirements: such as where Tommy’s Tax needs to retain records for a certain amount of time in order to comply with the law.
Archived data is recorded on storage media accessible only by authorised personnel of Tommy’s Tax. After the legal retention period has expired, the data is deleted.
- Collection, Processing and Use of Personal Data
Logging and IP
Each time a user accesses Tommy’s Tax app, data is saved in a log file. The following specific data is temporarily saved:
- IP number of the querying device
- Date and time of access
- Operating system with version
The logfile data is anonymously analysed for statistical purposes. Statistical reports are used to evaluate the usage of the Tommy’s Tax website. In particular, the order in which the pages are visited and the path taken between pages is shown. This is intended to give Tommy’s Tax an indication of how the usability of the website can be improved further. Tommy’s Tax website does not log data.
Tommy’s Tax app allows a user to log in using their Facebook credentials. The data shared between Facebook and Tommy’s Tax is the basic user information (name, email address and location). This information is used to facilitate the user to set up an account with Tommy’s Tax to facilitate obtaining their income tax refunds. Tommy’s Tax does not collect any other information from Facebook. If a user does not wish to share information from Facebook they should utilise the alternative email and phone number option for logging into the app.
- Identity and contact details of the Controller and Data Protection Officer
If you want to contact the Data Protection Officer please use the email address firstname.lastname@example.org.
If you contact us by unencrypted email, please note that Tommy’s Tax cannot guarantee the confidentiality of the transmitted information. Unencrypted emails can possibly be read by unauthorised third parties which are outside the control of Tommy’s Tax.
You may also contact Tommy’s Tax by sending a letter to:
Data Protection Officer
c/o Tommy’s Tax
Kingfisher House Business Centre
21-23 Elmfield Road
- Updates to this Data Protection information
Tommy’s Tax may, in its sole discretion, update this information by posting an amended version on this site and on other Tommy’s Tax platforms.
This information was last updated on 14th June 2022.