Contents

  1. Our commitment
  2. Who we are
  3. Retention rules
  4. Safeguarding data during retention
  5. Disposal and destruction of data
  6. Associated Documents
  7. Acceptance
  8. Data Retention Schedule for customers

At Enable Ltd, we are committed to protecting the data and privacy of our customers by upholding the rules surrounding Data Protection and GDPR. We offer assurance to our customers that we will only collect and retain data for a legitimate purpose.

The policy sets out how long we will keep the data we have collected and the reasons why. This applies to all:

  • Data collected and stored digitally/electronically
  • Hard copy documents
  • Soft copy documents
  • Communications including emails and telephone calls

If you are unhappy in how your data is being stored please let us know. We will take all reasonable steps to ensure your complaint is dealt with efficiently and fairly

If you remain dissatisfied, you have the right to complain directly to the Information Commissioners Office (ICO) who can be contacted as follows:

Write to: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Email: www.ico.org.uk

Enable Ltd is a group of payroll and employment administration services comprising:

  • Nannytax and Nannytax Plus (Payroll Administration & HR Support
  • Stafftax and Stafftax Plus (Payroll Administration & HR Support)
  • Quartz Payroll (Payroll Administration)
  • Enable Payroll (Payroll Administration)
  • Enable Autoenrol (Workplace Pensions Administration)
  • Enable Insurance Services (Employers Liability Insurance)
  • Nannyinsure (Public Liability Insurance)

We are a registered company in England & Wales with Registration No: 455 2449 at 7th Floor, Telecom House, 125-135 Preston Road, Brighton, BN1 6AF and our Data Protection registration number is Z8318178.

If you have any questions about the personal data we hold for you or want more details on how long we will keep your data, you can contact us on +44 (0)20 3137 4409 or email dataprotection@enable.ltd.uk

Enable Ltd will only retain data for as long as required for a period that complies with legislative and regulatory requirements, or to achieve a business purpose. Where there is no legislative or regulatory requirement or business purpose, we will retain data for a minimum period of 30 days. The Data Retention Schedule for customers (Section 8) outlines what data we store, why we retain the data, and the period we will retain the data.

Enable Ltd fully complies with a Data Subject’s rights in line with the GDPR. When a Data Subject lawfully requests to withdraw their consent, or invokes the right to be forgotten, we will take all necessary steps required to comply with the request within a prescribed time. We will inform you once your request has been fulfilled whereupon this will be our last correspondence with you.

Please be aware that we may be unable to permanently delete or destroy the data following a request if there is a legal or regulatory requirement to retain the data. We will inform you of these reasons whilst processing your request.

We are committed to safeguarding and will take all reasonable technical and organisational precautions to prevent the loss, misuse, alteration, or exposure of your personal information. To provide our services, Enable Ltd collects and retains data in various ways and we have several safeguarding measures in place to ensure all data is safeguarded effectively.

Electronic data

Data that is retained electronically and digitally (including any soft copy document) is stored on several secure servers (including back-up servers) in a secure facility. Our servers are password protected, firewall protected, and our back-up servers are also encrypted. All servers containing personal data are only accessible by our internal IT personnel and the Senior Management team. All electronic payments you make to us will be encrypted using SSL technology.

Staff access to data via applications is regularly audited and are password protected. We have a strict internal unique user password policy to ensure that internal passwords are updated every 90 days matching strict criteria and are only known by the user.

Digital data

All our websites are protected with SSL certificates, a security technology which establishes an encrypted link between our web servers and a user’s web browser. This ensures all data passed between the we servers and browsers remain private and integral. Clients can verify this themselves by looking for a visual cue within their own web browser such as a lock icon or a green bar/tick (usually found in the address bar.)

Physical data

Data that is retained physically (hard copies) is only stored as a matter of necessity. Enable Ltd operates a strict Clear Desk policy that ensures all staff retaining documents containing personal data is stored in a locked facility whilst not in use. Any documents containing personal data that need to be stored physically for business or legislative purposes are only stored for a temporary period and will be filed digitally as quickly as possible and all hard copies securely destroyed.

Data exchanged via email

While we cannot take responsibility for the security of the internet, we do have in place security measures to safeguard sensitive information being sent via electronic mail. No personal details other than using a customer’s name as a salutation (and our service identifier code, if applicable) will be included in the main body of our emails. All attached documents containing sensitive information will be password protected so they can only be opened by the intended recipient.

If you are in receipt of an email that you become aware was not intended for you, you have a responsibility to notify the sender and delete the errant email immediately.

Data exchanged by telephone

Customers telephoning us will be asked to confirm their identity by answering selected security questions before our advisors will discuss details of their account. If you have nominated someone to liaise with us on your behalf we will required your express written authorisation to discuss your account with that person. We have a strict policy not to discuss any account or disclose any details to any caller who:

  • Has not been satisfactorily identified as the account holder
  • We have not been given express written authorisation to discuss the account with

This includes any of employees of our customers.

Data that you have access to

As a customer of Enable Ltd you are responsible for keeping safe your data and that of your employees, clients or candidates. The data in our Members Area and other private online areas, is password protected, with a unique password to each user. Your user details and password are confidential, used to keep your data secure. Other than when you log in, we will not ask you for your password. It is your decision if you choose to allow others access to your Members Area.

Where data has been stored for the required period and/or is no longer required for a lawful business purpose or legal requirements it will be erased or physically destroyed in a secure environment to prevent any recovery of the data

Disposal of electronic data

Enable Ltd routinely reviews all data held electronically or physically to decide whether to data processed has been held for the maximum time required for its purpose. When the data in question is no longer required to be retained it will be deleted from our systems (including both original files and back-ups, electronic and physical).

Disposal of physical data

Disposal of physical documents containing personal data is shredded internally and then placed in one of our locked recycling bins, of which only the Facilities Manager holds the key. Enable Ltd employs the services of a trusted and reputable external recycling supplier, who provide a secure document destruction service. Certificates of Destruction are provided and logged after each collection.

Disposal of other data

Disposal of other data (such as recorded telephone calls) are automatically deleted from all our servers after the required retention period outlined in the retention schedule below (section 8.) If you request to right to be forgotten, we can remove all phone calls associated with your telephone number manually from our phone server.

This Privacy Policy was last updated in April 2018. By using our services, you agree to the collection and use of your personal data and information as set out in this Privacy Policy. Any updates to our Privacy Policy will be made available on our websites and in our Members Areas. Please share any questions, concerns or comments you have about this policy by writing to:

The Data Protection Officer

Enable Ltd, 7th Floor, Telecom House, 125-135 Preston Road, Brighton, BN1 6AF

Our Data Protection Officer can also be emailed at dataprotection@enable.ltd.uk

Customer Relationship Management

Data Why we retain Retention Period
CRM Data including name, address, all contact detailes, service agreements, payment records To provide the service the customer has chosen Duration of the customer’s subscription to our services. Some records will be retained once your subscription with us has finished for the duration that is required, depending on the service the customer has chosen. See Below
Paper copies of subscriptions and renewals taken over the phone, including name, address, all contact details, payment records and identifier codes To keep as reference regarding customer queries and renewal reporting 1 month

 

Payroll

Data Why we retain Retention Period
Full and complete payroll records for employers (our customers) & their employees, including but not limited to:

  • Personal details
  • Salary Information
  • Identifier Codes
  • Forms and Declarations
To provide a payroll administration service acting on behalf of the customer as their payroll agent The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)
Copies of RTI submissions made to HMRC. These contain details regarding your employee’s earnings and deductions along with their full name, address and NI number and your PAYE scheme details To ensure that we have accurate records of payroll processed and submitted to HMRC The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)
Copies of communications between us and you. These may include but not limited to:

  • Call recordings
  • Email
  • Live chat transcripts
To support the accurate processing of payroll and for quality purposes The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)
Information relating to statutory payments. These may include but not limited to:

  • Employer bank details
  • Copies of MATB1 form
  • Requests for funding
To support the accurate processing of payroll and for quality purposes The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

 

Auto Enrolment & Workplace Pensions

Data Why we retain Retention Period
Workplace Pensions & Auto Enrolment records for employers (our customers) & their employees including but not limited to:

  • Personal Details
  • Salary and Pension Contributions Information
  • Pension Scheme Details
  • Identifier Codes
  • Forms and Declarations
To provide an auto enrolment administration service acting on behalf of the customer as their auto enrolment administrator 6 years as per legal requirement of The Pensions Regulator (TPR)
Copies of communications between us and you. These may include but not limited to:

  • Call recordings
  • Email
  • Live chat transcripts
To support the accurate processing of payroll and for quality purposes The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC)

 

Insurance

Our insurance policies are arranged by an external insurance provider, for whom Enable Ltd acts as an official Appointed Representative to provide insurance for our customers. Our insurance provider has their own customer policies to explain how data is managed in their organisation and how their conduct adheres to Data Protection, GDPR and Retention rules. Below is how Enable Ltd retains your data as an Appointed Representative. Please contact us if you would like access to the Data Protection policies of our insurance provider.

Data Why we retain Retention Period
Public Liability Insurance policies, including name, address, D.O.B and all contact details To provide the service the customer has chosen Permanent as instructed by insurance provider
CEmployers Liability Insurance policies, including name, address, D.O.B and all contact details To provide the service the customer has chosen Permanent as instructed by insurance provider
Copies of communications between us and you. These may include but not limited to:

  • Call recordings
  • Email
To support the accurate processing for insurance and for quality purposes Permanent as instructed by insurance provider

 

Human Resource & Employment Law

The employment law arm of the Nannytax and Stafftax service is provided to our customers by an external HR Consultancy, who have their own Data Protection policies regarding Privacy & Retention in place. Below is an overview of the data they may collect and retain to provide our customers with the HR service. Please contact us if you would like access to the Data Protection policies of our HR provider.

Data Why we retain Retention Period
The customer’s employer personal details: name, address, contact details Relationship management for HR services Duration of the customer’s subscription to our services
Personal details of the customer’s employee/s: name, address, contact details and terms of employment
  • To provide the customer with a Contract of Employments
  • To assist the customer in resolving any employment issues
Duration of the employee’s employment with the customer
Records pertaining to any employment dispute between the customer and their employee To assist the customer in the correct process and procedures for managing and employment issues As per legal requirement depending on the issue

 

Accounts & Finance

Data Why we retain Retention Period
Direct Debit mandates/ customer bank details For reference in case of investigation 7 Years
Purchase ledger invoices Audit requirement 7 Years
Bank documentation, including refunds Audit requirement 7 Years
Credit/ debit card details, card payment receipts To keep as reference regarding customer queries and renewal reporting 1 month

 

Marketing & Websites

Data Why we retain Retention Period
Google Analytics data, including but not limited to website users’

  • Location
  • IP address
  • Website user behaviour
To measure the performance and activity of our websites to make informed marketing decisions 3 months
Live Chat Transcripts
  • To assist website users with any queries they have
  • To measure the performance and activity of our websites and services to make informed business decisions
3 months
Customer feedback submitted via online forms To measure customer’s response to our service so that we can make improvements to our services 3 months
Client Marketing preferences To ensure that we respect your choice regarding if/how you would like to receive marketing material Permanent unless informed otherwise by customer
Cookie Acceptance To ensure that we respect your choice regarding our cookie notice (see our Website and Cookie Policy for more details) 5 years
Client Marketing preferences To ensure that we respect your choice regarding if/how you would like to receive marketing material Permanent unless informed otherwise by customer

 

Third Party Suppliers

Enable Ltd may work with or employ the services of selected external companies to provide a business function. We treat the data of any external company or organisation as we would of any of our customers.

Data Why we retain Retention Period
CRM Data including main contact name, business name, address, all contact details To manage the relationship, request services, and/or deliver a service Duration of the relationship between us and the third party
Any agreements or contracts including but not limited to:

  • Service Level
  • Non-Disclosure
As a record of our contract and to manage the relationship and as an Audit requirement 7 years or duration of the relationship
Invoice, payment details For accounting purposes 7 Years

 

Non-Customer Data

Data Why we retain Retention Period
Recorded Telephone calls
  • All telephone calls are recorded and stored as a business a whole and kept as per the legal requirement of payroll records
  • Non-customer calls may be referenced for training and quality purposes
1 year
Emails As a record of activity and correspondence, for reference 1 month, or as required for the purpose of conducting the necessary business
Live Chat Transcripts
  • To assist website users with any queries they have
  • To measure the performance and activity of our websites and services to make informed business decisions
3 months