GDPR Compliance

Your data, your rights

Our Commitment

TaxStats Ltd is fully committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We believe data protection is a fundamental right, not just a compliance checkbox.

As a company that handles sensitive financial information, we hold ourselves to the highest standards of data security and privacy.

Your Data Rights

Right to Access

Request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification

Request correction of inaccurate or incomplete personal data at any time.

Right to Erasure

Request deletion of your personal data, subject to legal retention requirements.

Right to Portability

Receive your data in a structured, machine-readable format to transfer elsewhere.

Right to Object

Object to processing of your data for direct marketing or legitimate interests.

Right to Restrict

Request limitation of processing while we verify accuracy or legal basis.

Data Controller Information

  • Data Controller: TaxStats Ltd
  • Registered Address: United Kingdom
  • ICO Registration Number: ZB123456
  • Data Protection Officer: dpo@taxstatsai.com

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contractual Necessity

Processing required to provide our tax filing services, including document processing, tax calculations, and HMRC submissions.

Legal Obligation

Processing required to comply with UK tax law, anti-money laundering regulations, and financial services requirements.

Legitimate Interests

Processing for fraud prevention, service improvement, and security purposes, balanced against your privacy rights.

Consent

Processing for marketing communications and optional analytics, which you can withdraw at any time.

Data Protection Measures

We implement comprehensive technical and organisational measures:

  • End-to-end encryption for all sensitive data
  • Regular security audits and penetration testing
  • Strict access controls and authentication
  • Employee training on data protection
  • Data minimisation principles
  • Privacy by design in all new features
  • Regular data protection impact assessments
  • Incident response and breach notification procedures

International Transfers

Your data is primarily stored and processed within the UK. Where international transfers occur (e.g., to cloud infrastructure providers), we ensure:

  • Adequate country status or approved certifications
  • Standard Contractual Clauses approved by the UK ICO
  • Supplementary technical measures where required
  • Regular review of transfer mechanisms

Data Retention

We retain personal data only as long as necessary:

  • Tax records: 7 years (HMRC requirement)
  • Account data: Duration of account plus 2 years
  • Transaction logs: 6 years
  • Marketing preferences: Until withdrawn
  • Analytics data: 26 months (anonymised)

Exercising Your Rights

To exercise any of your data rights:

  1. Log in to your account and go to Settings → Privacy
  2. Use the self-service tools for common requests
  3. Or email our DPO at dpo@taxstatsai.com
  4. We will respond within 30 days

We may need to verify your identity before processing requests to protect your data from unauthorised access.

Complaints

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

However, we'd appreciate the chance to address your concerns first—please contact our DPO before escalating to the ICO.