Privacy Policy
AYEback is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you interact with our website and services, in compliance with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018.
By using the PAYEback website or services, you consent to the data practices described in this policy.
1. Who We Are
PAYEback ("we", "us", "our") is a UK-based company dedicated to helping employees reclaim overpaid work-related expenses. Our registered office is located at [Your Office Address].
If you have any questions about this Privacy Policy, please contact us:
Email: hello@payeback.co.uk
2. What Data We Collect
We may collect and process the following types of personal data:
Identity Data: First name, last name, title, and date of birth.
Contact Data: Address, email address, and phone number.
Employment Data: Details of your employment history, employer, job title, and related work information.
Financial Data: HMRC tax records, salary information, and work-related expenses for processing claims.
Technical Data: IP address, browser type, operating system, and other technical data about how you use our website.
Usage Data: Information about how you use our website and services, including time spent on pages and interaction data.
Marketing Data: Your preferences in receiving marketing communications and feedback.
3. How We Use Your Data
We will only use your personal data when we have a lawful basis to do so. The main purposes for which we use your personal data are:
To process your work-related expense claims: We use your identity, contact, and employment data to submit claims on your behalf to HMRC.
To communicate with you: We use your contact details to respond to your inquiries, provide service updates, and send important notices.
To improve our services: We use usage data and feedback to better understand user needs and improve our website.
To comply with legal obligations: We may process your data to meet legal, regulatory, or compliance obligations.
We do not use your data for automated decision-making or profiling.
4. Legal Basis for Processing
We rely on the following lawful bases to process your data:
Consent: Where you have explicitly given us consent (e.g., signing up for newsletters).
Contractual Obligation: Where processing is necessary for the performance of a contract (e.g., providing our services).
Legal Obligation: Where we are required to process your data by law.
Legitimate Interest: Where processing is in our legitimate interest (e.g., improving our services) and does not override your rights.
5. How We Share Your Data
We will not sell, rent, or lease your personal data to third parties. However, we may share your data with:
Service Providers: Third-party service providers (such as IT support, payment processors) that assist us in operating the website and providing our services.
HMRC: To process claims on your behalf, we share your financial and employment data with HMRC.
Legal and Regulatory Authorities: Where required by law or in response to legal processes.
All third parties we engage are required to protect your personal data and only process it in accordance with our instructions.
6. Data Retention
We will retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for legal, accounting, or reporting requirements.
Claim Data: Retained for [X years] to comply with tax laws and allow follow-up claims.
Marketing Data: Retained until you withdraw your consent or opt out of marketing communications.
7. Your Data Protection Rights
Under the GDPR, you have the following rights concerning your personal data:
Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request that we correct any inaccuracies in your personal data.
Right to Erasure (Right to be Forgotten): You can request that we delete your personal data where there is no legal reason for us to retain it.
Right to Restrict Processing: You can request that we limit the processing of your personal data in certain circumstances.
Right to Data Portability: You can request that we transfer your personal data to another organisation or to you, where technically feasible.
Right to Object: You can object to us processing your personal data, where we are doing so based on legitimate interests or direct marketing.
To exercise any of these rights, please contact us at hello@payeback.co.uk. We may ask for further information to confirm your identity before processing your request.
8. Data Security
We have implemented appropriate security measures to protect your personal data from accidental loss, misuse, or unauthorised access. These measures include encryption, access controls, and secure storage systems.
While we strive to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk.
9. Cookies
Our website uses cookies to enhance your browsing experience. Cookies are small files placed on your device to collect information about your use of our website. For more information on how we use cookies, please refer to our Cookie Policy.
10. International Data Transfers
We may transfer your personal data outside the UK or European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your data, such as ensuring that the recipient country has an adequate level of data protection or using standard contractual clauses approved by the European Commission.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Please check this page periodically to stay informed about how we are protecting your data.
12. Complaints
If you have any concerns about our use of your personal data, please contact us at hello@payeback.co.uk. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection, at www.ico.org.uk.
