Contents
- Our commitment
- Who we are
- Retention rules
- Safeguarding data during retention
- Disposal and destruction of data
- Associated Documents
- Acceptance
- Data Retention Schedule for customers
At Enable Ltd, we are committed to protecting the data and privacy of our customers by upholding the rules surrounding Data Protection and GDPR. We offer assurance to our customers that we will only collect and retain data for a legitimate purpose.
The policy sets out how long we will keep the data we have collected and the reasons why. This applies to all:
- Data collected and stored digitally/electronically
- Hard copy documents
- Soft copy documents
- Communications including emails and telephone calls
If you are unhappy in how your data is being stored please let us know. We will take all reasonable steps to ensure your complaint is dealt with efficiently and fairly
If you remain dissatisfied, you have the right to complain directly to the Information Commissioners Office (ICO) who can be contacted as follows:
Write to: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Email: www.ico.org.uk
Enable Ltd is a group of payroll and employment administration services comprising:
- Nannytax and Nannytax Plus (Payroll Administration & HR Support
- Stafftax and Stafftax Plus (Payroll Administration & HR Support)
- Quartz Payroll (Payroll Administration)
- Enable Payroll (Payroll Administration)
- Enable Autoenrol (Workplace Pensions Administration)
- Enable Insurance Services (Employers Liability Insurance)
- Nannyinsure (Public Liability Insurance)
We are a registered company in England & Wales with Registration No: 455 2449 at 7th Floor, Telecom House, 125-135 Preston Road, Brighton, BN1 6AF and our Data Protection registration number is Z8318178.
If you have any questions about the personal data we hold for you or want more details on how long we will keep your data, you can contact us on +44 (0)20 3137 4409 or email dataprotection@enable.ltd.uk
Enable Ltd will only retain data for as long as required for a period that complies with legislative and regulatory requirements, or to achieve a business purpose. Where there is no legislative or regulatory requirement or business purpose, we will retain data for a minimum period of 30 days. The Data Retention Schedule for customers (Section 8) outlines what data we store, why we retain the data, and the period we will retain the data.
Enable Ltd fully complies with a Data Subject’s rights in line with the GDPR. When a Data Subject lawfully requests to withdraw their consent, or invokes the right to be forgotten, we will take all necessary steps required to comply with the request within a prescribed time. We will inform you once your request has been fulfilled whereupon this will be our last correspondence with you.
Please be aware that we may be unable to permanently delete or destroy the data following a request if there is a legal or regulatory requirement to retain the data. We will inform you of these reasons whilst processing your request.
We are committed to safeguarding and will take all reasonable technical and organisational precautions to prevent the loss, misuse, alteration, or exposure of your personal information. To provide our services, Enable Ltd collects and retains data in various ways and we have several safeguarding measures in place to ensure all data is safeguarded effectively.
Electronic data
Data that is retained electronically and digitally (including any soft copy document) is stored on several secure servers (including back-up servers) in a secure facility. Our servers are password protected, firewall protected, and our back-up servers are also encrypted. All servers containing personal data are only accessible by our internal IT personnel and the Senior Management team. All electronic payments you make to us will be encrypted using SSL technology.
Staff access to data via applications is regularly audited and are password protected. We have a strict internal unique user password policy to ensure that internal passwords are updated every 90 days matching strict criteria and are only known by the user.
Digital data
All our websites are protected with SSL certificates, a security technology which establishes an encrypted link between our web servers and a user’s web browser. This ensures all data passed between the we servers and browsers remain private and integral. Clients can verify this themselves by looking for a visual cue within their own web browser such as a lock icon or a green bar/tick (usually found in the address bar.)
Physical data
Data that is retained physically (hard copies) is only stored as a matter of necessity. Enable Ltd operates a strict Clear Desk policy that ensures all staff retaining documents containing personal data is stored in a locked facility whilst not in use. Any documents containing personal data that need to be stored physically for business or legislative purposes are only stored for a temporary period and will be filed digitally as quickly as possible and all hard copies securely destroyed.
Data exchanged via email
While we cannot take responsibility for the security of the internet, we do have in place security measures to safeguard sensitive information being sent via electronic mail. No personal details other than using a customer’s name as a salutation (and our service identifier code, if applicable) will be included in the main body of our emails. All attached documents containing sensitive information will be password protected so they can only be opened by the intended recipient.
If you are in receipt of an email that you become aware was not intended for you, you have a responsibility to notify the sender and delete the errant email immediately.
Data exchanged by telephone
Customers telephoning us will be asked to confirm their identity by answering selected security questions before our advisors will discuss details of their account. If you have nominated someone to liaise with us on your behalf we will required your express written authorisation to discuss your account with that person. We have a strict policy not to discuss any account or disclose any details to any caller who:
- Has not been satisfactorily identified as the account holder
- We have not been given express written authorisation to discuss the account with
This includes any of employees of our customers.
Data that you have access to
As a customer of Enable Ltd you are responsible for keeping safe your data and that of your employees, clients or candidates. The data in our Members Area and other private online areas, is password protected, with a unique password to each user. Your user details and password are confidential, used to keep your data secure. Other than when you log in, we will not ask you for your password. It is your decision if you choose to allow others access to your Members Area.
Where data has been stored for the required period and/or is no longer required for a lawful business purpose or legal requirements it will be erased or physically destroyed in a secure environment to prevent any recovery of the data
Disposal of electronic data
Enable Ltd routinely reviews all data held electronically or physically to decide whether to data processed has been held for the maximum time required for its purpose. When the data in question is no longer required to be retained it will be deleted from our systems (including both original files and back-ups, electronic and physical).
Disposal of physical data
Disposal of physical documents containing personal data is shredded internally and then placed in one of our locked recycling bins, of which only the Facilities Manager holds the key. Enable Ltd employs the services of a trusted and reputable external recycling supplier, who provide a secure document destruction service. Certificates of Destruction are provided and logged after each collection.
Disposal of other data
Disposal of other data (such as recorded telephone calls) are automatically deleted from all our servers after the required retention period outlined in the retention schedule below (section 8.) If you request to right to be forgotten, we can remove all phone calls associated with your telephone number manually from our phone server.
- Privacy Policy
- Website & Cookie Policy
- Subject Access Request Procedure
- Service Terms & Conditions and/or Service Level Agreement (where applicable)
This Privacy Policy was last updated in April 2018. By using our services, you agree to the collection and use of your personal data and information as set out in this Privacy Policy. Any updates to our Privacy Policy will be made available on our websites and in our Members Areas. Please share any questions, concerns or comments you have about this policy by writing to:
The Data Protection Officer
Enable Ltd, 7th Floor, Telecom House, 125-135 Preston Road, Brighton, BN1 6AF
Our Data Protection Officer can also be emailed at dataprotection@enable.ltd.uk
Customer Relationship Management
Data | Why we retain | Retention Period |
---|---|---|
CRM Data including name, address, all contact detailes, service agreements, payment records | To provide the service the customer has chosen | Duration of the customer’s subscription to our services. Some records will be retained once your subscription with us has finished for the duration that is required, depending on the service the customer has chosen. See Below |
Paper copies of subscriptions and renewals taken over the phone, including name, address, all contact details, payment records and identifier codes | To keep as reference regarding customer queries and renewal reporting | 1 month |
Payroll
Data | Why we retain | Retention Period |
---|---|---|
Full and complete payroll records for employers (our customers) & their employees, including but not limited to:
|
To provide a payroll administration service acting on behalf of the customer as their payroll agent | The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC) |
Copies of RTI submissions made to HMRC. These contain details regarding your employee’s earnings and deductions along with their full name, address and NI number and your PAYE scheme details | To ensure that we have accurate records of payroll processed and submitted to HMRC | The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC) |
Copies of communications between us and you. These may include but not limited to:
|
To support the accurate processing of payroll and for quality purposes | The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC) |
Information relating to statutory payments. These may include but not limited to:
|
To support the accurate processing of payroll and for quality purposes | The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC) |
Auto Enrolment & Workplace Pensions
Data | Why we retain | Retention Period |
---|---|---|
Workplace Pensions & Auto Enrolment records for employers (our customers) & their employees including but not limited to:
|
To provide an auto enrolment administration service acting on behalf of the customer as their auto enrolment administrator | 6 years as per legal requirement of The Pensions Regulator (TPR) |
Copies of communications between us and you. These may include but not limited to:
|
To support the accurate processing of payroll and for quality purposes | The current tax year and 6 years prior as per legal requirement of Her Majesty’s Revenue & Customs (HMRC) |
Insurance
Our insurance policies are arranged by an external insurance provider, for whom Enable Ltd acts as an official Appointed Representative to provide insurance for our customers. Our insurance provider has their own customer policies to explain how data is managed in their organisation and how their conduct adheres to Data Protection, GDPR and Retention rules. Below is how Enable Ltd retains your data as an Appointed Representative. Please contact us if you would like access to the Data Protection policies of our insurance provider.
Data | Why we retain | Retention Period |
---|---|---|
Public Liability Insurance policies, including name, address, D.O.B and all contact details | To provide the service the customer has chosen | Permanent as instructed by insurance provider |
CEmployers Liability Insurance policies, including name, address, D.O.B and all contact details | To provide the service the customer has chosen | Permanent as instructed by insurance provider |
Copies of communications between us and you. These may include but not limited to:
|
To support the accurate processing for insurance and for quality purposes | Permanent as instructed by insurance provider |
Human Resource & Employment Law
The employment law arm of the Nannytax and Stafftax service is provided to our customers by an external HR Consultancy, who have their own Data Protection policies regarding Privacy & Retention in place. Below is an overview of the data they may collect and retain to provide our customers with the HR service. Please contact us if you would like access to the Data Protection policies of our HR provider.
Data | Why we retain | Retention Period |
---|---|---|
The customer’s employer personal details: name, address, contact details | Relationship management for HR services | Duration of the customer’s subscription to our services |
Personal details of the customer’s employee/s: name, address, contact details and terms of employment |
|
Duration of the employee’s employment with the customer |
Records pertaining to any employment dispute between the customer and their employee | To assist the customer in the correct process and procedures for managing and employment issues | As per legal requirement depending on the issue |
Accounts & Finance
Data | Why we retain | Retention Period |
---|---|---|
Direct Debit mandates/ customer bank details | For reference in case of investigation | 7 Years |
Purchase ledger invoices | Audit requirement | 7 Years |
Bank documentation, including refunds | Audit requirement | 7 Years |
Credit/ debit card details, card payment receipts | To keep as reference regarding customer queries and renewal reporting | 1 month |
Marketing & Websites
Data | Why we retain | Retention Period |
---|---|---|
Google Analytics data, including but not limited to website users’
|
To measure the performance and activity of our websites to make informed marketing decisions | 3 months |
Live Chat Transcripts |
|
3 months |
Customer feedback submitted via online forms | To measure customer’s response to our service so that we can make improvements to our services | 3 months |
Client Marketing preferences | To ensure that we respect your choice regarding if/how you would like to receive marketing material | Permanent unless informed otherwise by customer |
Cookie Acceptance | To ensure that we respect your choice regarding our cookie notice (see our Website and Cookie Policy for more details) | 5 years |
Client Marketing preferences | To ensure that we respect your choice regarding if/how you would like to receive marketing material | Permanent unless informed otherwise by customer |
Third Party Suppliers
Enable Ltd may work with or employ the services of selected external companies to provide a business function. We treat the data of any external company or organisation as we would of any of our customers.
Data | Why we retain | Retention Period |
---|---|---|
CRM Data including main contact name, business name, address, all contact details | To manage the relationship, request services, and/or deliver a service | Duration of the relationship between us and the third party |
Any agreements or contracts including but not limited to:
|
As a record of our contract and to manage the relationship and as an Audit requirement | 7 years or duration of the relationship |
Invoice, payment details | For accounting purposes | 7 Years |
Non-Customer Data
Data | Why we retain | Retention Period |
---|---|---|
Recorded Telephone calls |
|
1 year |
Emails | As a record of activity and correspondence, for reference | 1 month, or as required for the purpose of conducting the necessary business |
Live Chat Transcripts |
|
3 months |