- Our commitment
- Who we are
- Why we collect and keep your data
- Your rights
- The Types of information we collect
- How we Collect data
- Disclosure of your data
- How long we keep your information
- Security of your data
- Your employee/s’ personal information
- Updating and accessing your personal information
- Updating the information of our customers’ employee/s
- Associated documents
1) Our commitment
At Enable Ltd, we are committed to protecting the privacy of our customers; this policy sets out how we collect, use and safeguard your personal information and the conditions under which we may need to share your data. This policy also covers information we may use for our marketing and communication activities and your choices regarding these activities, your privacy rights and how the law protects you.
- Always safeguard your personal data, keeping it safe and private.
- Never sell your data.
- Never pass your information on to a third party who is not critically related to the provision of our service. (See Section 7. Disclosure of your data
- Always offer you choices regarding our marketing, in what you want to receive, when and how.
- Always be open and transparent about why we collect your data, how it is used and stored, your rights in having access to your data and your choice to have your data removed.
2) Who we are
Enable Ltd is a group of payroll and employment administration services comprising:
- Nannytax and Nannytax Plus (Payroll Administration & HR Support
- Stafftax and Stafftax Plus (Payroll Administration & HR Support)
- Quartz Payroll (Payroll Administration)
- Enable Payroll (Payroll Administration)
- Enable Autoenrol (Workplace Pensions Administration)
- Enable Insurance Services (Employers Liability Insurance)
- Nannyinsure (Public Liability Insurance)
We are a registered company in England & Wales with Registration No: 455 2449 at Victoria House, 125 Queens Road, Brighton, East Sussex BN1 3WB and our Data Protection registration number is Z8318178.
Enable Ltd acts as a ‘Data Controller’ for any personal data you provide us with. This means we will determine the purpose for which any data will be processed and the manner in which it is processed. This is in respect of your personal data as a customer of ours.
We also act as a ‘Data Processor’. This means, on your behalf, we will process the employee/s’ personal data that you provide us with. In this capacity, customers of Enable Ltd are the ‘Data Controller’ for their employee/s’ information.
If you have any questions about the personal data we hold for you, or want more details on how we use your information, you can contact us by emailing email@example.com
3) Why we collect and keep your data
We must have at least one or more of the following reasons to satisfy a ‘lawful basis’ to collect your data:
- To fulfil a contract we have with you
We collect and keep your data in order to provide you with the service you are paying us for.
- When it is our legal obligation to do so
The nature of our service is to act on your behalf with government authorities such as Her Majesty’s Revenue and Customs (HMRC) and The Pensions Regulator (TPR). Legislation dictates that certain full and complete employment records must be kept for a specified period of time. As your payroll and auto enrolment agent, we are required to uphold this on your behalf.
- When you give us explicit consent to do so.
‘Consent’ means ensuring we offer you choice and control regarding your data, how it is used and how we do business with you.
- For our legitimate interests
A ‘legitimate interest’ means that we must have a clear and specific benefit or outcome in mind, relating to a business, service or commercial reason to use your information. We must always be mindful of what is right and best for you, and our legitimate interests must not conflict with this.
Some of our legitimate reasons are listed below:
- To manage our relationship with you and deliver a service to you
- To act on your behalf with organisations such as Her Majesty’s Revenue & Customs (HMRC) and The Pensions Regulator (TPR)
- To respond to any queries or complaints, and to show we treated you fairly
- To maintain records in accordance with government rules that we must adhere to
- To make informed business decisions about the service we are providing, to support development and progression
- To have a greater understanding of our customers, their requirements and preferences
Our customers and anyone we do business with will have the assurance that we will only collect personal information and data that we absolutely require to satisfy a lawful basis. Your data will only be used as required to perform functions specifically pertaining to our business.
4) Your rights
Of course, you have the right not to share personal information with us (the ‘right to object’) or ask us to delete, remove or stop using your data (the ‘right to be forgotten’).
There may be official reasons why we continue to hold and use your data but if you believe we do not have a legitimate reason, please contact us to discuss why you think we should not be using it.
To provide the service you have chosen there will be information we will need, including personal information, so we can fulfil our contractual service obligations to you. If you choose not to provide the information we require, or withdraw your consent, it may prevent processes from taking place and may even result in us not being able to provide you with a service at all. Some of the information we ask for may be optional, and we will tell you if this is the case.
We may make ‘automated decisions’ based on your data. This means we may place you in smaller groups with other similar customers to research and study, learn about your needs and expectations in order to make business and service decisions. This helps us to manage our customer relationships and tailor our services and products to specific customer needs. You will always have the ‘right to object’ and the ‘right to access’ how we do this.
If you find you are unhappy in how we have used your personal information, please let us know. We will take all reasonable steps to ensure your complaint is dealt with efficiently and fairly.
If you remain dissatisfied, you have the right to complain directly to the Information Commissioners Office (ICO) who can be contacted as follows:
Write to: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
5) The types of information we collect
Our Reason: Service Provision
We will process this data under the lawful basis of one or more of the following:
- A contractual obligation
- A legal obligation
- A legitimate interest
|Types||Example||Our purpose and legitimate interest|
|Contact Details||Your name, address, main telephone number and email address||To communicate information to you as part of our service|
|ID Documents||Examples may be copies of passport, driver’s licence, utility bills||To prove your identity and to uphold our obligations to Money Laundering regulations|
|Payment details||Debit/Credit Card details, bank details||To perform monetary transactions such as taking and making payments, collecting Direct Debits for services or pension contributions or processing refunds|
|Identifiers||Codes allocated to identify you such as PAYE Reference number, employee NI Numbers, Pension Scheme ID||To act on your behalf as your payroll and auto enrolment agent|
|Consents||Permissions and authorisations submitted by you. Examples would be HMRC forms or an opt-in to receive our newsletter||To allow us to perform the service you need to its most efficient, effective and fullest|
|Communications||Emails, letters, messages and telephone call||To allow us to keep a history of your activity with us so we can provide an informed, efficient and complete service, act upon any instruction you give us or deal with any issues|
Our Reason: Service Research, Improvements & Development
We will process this data under the lawful basis of a legitimate interest.
|Types||Example||Our purpose and legitimate interest|
|Behavioural||How you use our service, the facilities we provide and the outcome||To communicate information to you as part of our service|
|Technological||The devices and technology you are using to access and use our service||To inform us so we can tailor our service to your needs and make improvements|
|Usage||How you use our service, how often you use our facilities||To inform us so we can tailor our service to your needs and make decisions on where to enhance the service for our customers|
|Communications||What we learn about you from any form of dialogue between us||To help us communicate with you better and to inform us so we can provide a more personal service to you|
Our Reason: Marketing and Market Research
We will process this data under the lawful basis of consent and/or a legitimate interest.
|Types||Example||Our purpose and legitimate interest|
|Contact Details||Email addresses, telephone numbers||We may send you newsletters on new products or services we have, promotions or contact you to invite you to enter competitions|
|Locational||Where you are such as your address, or your computer IP address||Information on where our clients are located contributes to a greater understanding of our client base|
|Social Demographic||Details of profession, nationality, education, household income, family set-up||To inform us so we have a greater understanding of our client base, so we can tailor our marketing and communications effectively|
|Survey Data||Opinions and views on our service, family, current affairs, life, interests, social relationships||To help us have a greater understanding to profile our client base so we can evolve with our customers and manage our customer relationships effectively|
6) How we collect data
You give it to us when you:
- subscribe to any of our services or purchase an insurance product
- email us or send us a message in the Members Area, or send us a letter
- talk to us by telephone
- use the Instant Chat facility on our websites
- input any information into your Members Area account
- complete any of our in-service forms (such as a Contract Request Form)
- complete a customer survey
- take part in any of our promotions or competitions
- contact us via our Social Media platforms
We collect it as part of the natural course of our service:
- in letters, emails and telephone calls
- by liaising with authorities on your behalf such as HMRC or NEST Pensions for example
- by performing transactions such as service payments, direct debits
- by your completion of online forms so we can deliver documents, obtain consent or a required declaration*
Via third parties we work with such as:
- nanny agencies or domestic recruitment agencies who may refer you to us
- concierge services
- our insurance providers
- our HR provider
- marker researchers we engage
- local authorities
Via a third party connected to you who you have consented to share your data with us, such as:
- another payroll provider
- an accountant
- payroll management company
- a financial advisor
* In order to collect necessary data, obtain consent and/or declarations we may use external online software providers such as a form builder. This will be made clear to you at the time and your consent to provide data in this way will be asked for. We only use providers who are themselves GDPR compliant and have a Privacy Statement in place. You have the ‘right to access’ and can request information regarding this at any time.
7) Disclosure of your data
Your information will be made accessible to our employees, officers, agents or subcontractors as reasonably necessary to perform the service you have chosen. Under no circumstances will we sell your data. We will not, without your express consent or justifiable reason, share your data to a third party unconnected to our business.
We work with several suppliers and third-party organisations to provide our full range of services to you. It will be necessary for us to share some of your data with these organisations, so we can fully deliver our services. These will be made clear to you at the appropriate time and you will be asked for consent. For all third parties we work with, our own due diligence is carried out to ensure compliance with Data Protection and GDPR legislation.
All third parties we use are UK based or have data facilities in the EU and no data will be shared outside of the EU. Your information will only be shared with a third party where it is necessary, in order for us to provide a function of our service. Examples of external organisations are:
- Telephone provider
- Email and Customer Relationship Management software provider
- IT & Tech support providers
- Payroll software provider
- Website support, including ‘Click to Chat’
- Online payments software provider
- Online software providers for newsletters, forms and surveys
- UK government bodies for payroll and pensions
- Pension scheme providers
- HR consultancy
- Insurance policy provider
- Domestic recruitment agencies
- Local authorities
For more information on any of the external third party organisation we work with, you can contact us by emailing firstname.lastname@example.org
In rare cases, we may need to disclose your information if required to do so by law:
- In connection with any legal proceedings or prospective legal proceedings;
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- To the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
8) How long we keep your information
As a present or past customer of Enable Ltd
- Please refer to our separate Retention Policy.
As a website user
9) Security of your data
We are committed to safeguarding and will take all reasonable technical and organisational precautions to prevent the loss, misuse, alteration or exposure of your personal information.
We will store all the personal information you provide on our secure (password and firewall protected) servers. All electronic payments you make to us will be encrypted using SSL technology. Of course, data transmission over the internet is known to be insecure, and we cannot guarantee the security of data in transit to us via the internet.
You are responsible for keeping your Members Area password and user details confidential. Other than when you log into the Members Area we will not ask you for your password.
Customers telephoning us will be asked to confirm their identity by answering selected security questions before our advisors will discuss details of their account. If you have nominated someone to liaise with us on your behalf we will required your express authorisation to discuss your account with that person. This includes any of your employees.
10) Your employees’ personal information
To provide the payroll and auto enrolment services you have chosen we will need to collect the personal information of your employee/s.
To provide an agency support service for recruitment agencies working with us we will need to collect the personal data of agency clients
In both these capacities, recruitment agencies and our customers become the ‘Data Controller’ and must comply with legislation and ensure that they have the consent of the data subject before disclosing any personal data to us.
Data may include but is not limited to:
- Title and full name
- Contact Details
- Date of Birth
- National Insurance Number
- Tax history
- Hours of work and rate of pay
By subscribing to any of our services that require personal data to be disclosed that it not your own, we will assume you have gained the necessary consent before submitting the data subject’s personal information to us.
The personal information we use for our marketing is what we have collected when you subscribe to our services and what you have consented to tell us. We may use your personal information to:
- Send you our customer newsletter
- Tell you of any relevant offers and products
- Invite you to take part in a competition we may be running
- Ask you to help our research by completing a survey
We can only include you in our marketing communications if you have explicitly consented (by ticking check-boxes provided on our forms we use to collect your data) or we have a business or commercial reason to do so – a legitimate interest.
If you have opted to receive marketing from us you can change your mind and withdraw consent at any time by contacting us, or using the opt-out functions provided. Likewise, if you’d like to start receiving marketing from us, you can notify us to include your details on our mailing lists
Whatever you choose to do, we will continue to send you service communications that pertain particularly to activity with your service subscription. These may be statements, notifications, updates or guidance. These communications form part of our service to you and are not part of marketing.
12) Updating and accessing your personal information
If you believe that any information we hold about you is incorrect or incomplete, you have the ‘right to rectification’. Please do let us know. We will take all reasonable steps to make changes where necessary to ensure accuracy, within the required one month of your notification.
You may instruct us to provide you with any personal information we hold about you:
- Email: email@example.com
- Write to: Enable Ltd, Victoria House, 125 Queens Road, Brighton BN1 3WB
We will require you to complete and submit a Subject Access Request (SAR) form before we release any data.
13) Updating the information of our customers’ employee/s
If an employee of one of our customers requires their personal data to be changed or updated, or the employee requests access to the data we hold about them, the request must first be made directly to their employer (our customer), who is the ‘Data Controller’ in the employer/employee relationship. The employer, as our customer, should then make the request to us within one month of the employee’s request.
As our contract for services is with the employer, we cannot take instruction from any of our customers’ employees without prior consent or instruction from their employer.
14) Associated documents
The Data Protection Officer
125 Queens Road
Brighton BN1 3WB
Our Data Protection Officer can also be emailed at firstname.lastname@example.org