OUR PRIVACY POLICY

Image with blue background with a light purple gradient

WELCOME TO GTC’S PRIVACY POLICY

This Privacy Notice tells you what to expect in relation to your personal information which is collected, handled, and processed by Global Tax Consulting.

Global Tax Consulting is committed to respecting our customers’ privacy, protecting their personal information from misuse and complying with privacy laws. Global Tax Consulting values its reputation and aims to maintain high ethical standards in the conduct of our business affairs.



If you have any questions about this policy, please email hello@globaltaxconsulting.co.uk with the subject line Privacy Policy.

THE DATA WE COLLECT

We collect data to enable us to provide professional services to our clients. Personal data may include financial or non-financial information including contact details, payroll data, tax identifiers, information about business activities, investments, financial interests, and any other relevant data necessary for us to provide our services. The legal basis for holding the data is to enable us to carry out our contractual obligations.

HOW LONG WE HOLD THE DATA

We will retain the data for as long as is required for the purposes for which it was intended. This will reflect any legal or regulatory time limits, which is generally six years. Data is then deleted or destroyed.

WHERE DO WE HOLD THE DATA

Electronic data is stored on cloud-based facilities in the EEA in multi-tenant datastores in Amazon Web Services-controlled data centres. All personal data is processed in accordance with EU Data Protection Laws including EU’s General Data Protection Regulation and the United Kingdom’s Data Protection Act 2018.



Note that Global Tax Consulting is operated remotely and data may be accessed by staff outside the UK & EEA.

YOUR RIGHTS

You have the right to ask for a copy of the information about you that we hold. If you would like to make a request for information please email hello@globaltaxconsulting.co.uk.

In addition to this right of access, you have the following rights: erasure, restriction of processing, objection, and data portability.

CONCERNS

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioners Office at www.ico.org.uk.

Security of your
data   is priority

At Global Tax Consulting, we treat your privacy with the same care and confidentiality as your finances — safeguarding your personal and financial information every step of the way.

Introduction
Who we are
How we collect data
Purposes processing personal data
Legal bases for our processing of personal data
Sharing personal data with third parties
Transfers of personal data outside the UK
Retention of personal data
Your data protection rights
How we protect your data
How to contact us
Complaints
Changes to this Privacy Notice
Introduction

Global Tax Consulting is committed to protecting personal data. This privacy notice sets out our reasons for collecting personal data, how we use it, and the rights of individuals. It applies to personal data provided by you or by others. We will process personal data only for the purposes described in this notice or as stated at the point of collection. You can change your preferences at any time by emailing

hello@globaltaxconsulting.co.uk.
Who we are

Global Tax Consulting (and “we”, “us”, or “our) is a company registered in England and Wales, with its registration address at Hartlepool Enterprise Centre, Hartlepool, TS24 8EY. We are the data controller within the meaning of the UK GDPR and we process personal data in accordance with the UK GDPR and the Data Protection Act 2018.  Where we act as a data processor on behalf of a data controller (for example, when processing payroll), we provide an additional schedule setting out the required information as part of that agreement. That additional schedule should be read in conjunction with this Privacy Notice.

How we collect data

We may collect personal data either from our clients or from third parties in accordance with this Privacy Notice. The categories of personal data we collect include

Identification information

(E.g. name, gender, nationality, Unique Tax Reference Number, National Insurance number)

Contact details

(E.g. name, mobile telephone numbers, email and postal address

Income, taxation and other financial-related details

(E.g. employment, salary, taxes, and bank detail)

Investments and other financial interests

(E.g. investment interests, pensions, assets)

The purposes for which we process personal data

We process personal data for the following purposes:

To enable us to supply professional services to you as our client.

To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended (“MLR 2017”)).

To comply with professional obligations to which we are subject as a member of ATT. To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.

To enable us to invoice you for our services and investigate/address any attendant fee disputes that may have arisen.

To contact you about other services we provide which may be of interest to you if you have consented to us doing so

The legal bases for our processing of personal data

We may rely on the following legal bases for processing your personal data:

Consent (Art. 6(1)(a)):  Only where we ask for it (e.g., contacting you about other services we provide, and other optional communications). Where we rely on consent, you may withdraw it at any time; this will not affect processing carried out before withdrawal.

Contract (Art. 6(1)(b)): Where processing is necessary to enter into and perform our engagement with you (e.g., collecting identification, income/financial information, and family/dependent information to provide accurate tax advice and filings, collecting contact details to enable us to contact you to deliver our services, and collecting payment details to enable us to invoice you for our services).

Legal obligation (Art. 6(1)(c)): Where we must process data to comply with laws to which we are subject (including anti-money laundering regulations and related record-keeping, tax and accounting rules, regulatory requests, and any obligations we are subject to as a member of professional bodies). Legitimate interests: Where necessary for our legitimate interests (and those of our clients) and where these are not overridden by your interests or rights, for example to: to investigate/address any attendant fee disputes and to defend us against any complaints and legal claims; verify identity and run conflict/duplicate checks beyond what is strictly mandated; manage our practice (quality assurance, training, auditing, supplier management);  maintain IT and information security, prevent fraud and misuse of services; establish, exercise or defend legal claims; and keep appropriate business records.

Sharing personal data with third parties

We engage certain third parties to process personal data on our behalf, including to host our client portal, manage documents, messaging, e-signatures and billing. . These processors only process personal data under our instructions and are bound by contract. In particular, we use TaxDome (client-portal and practice management platform) to collect and store client information and documents.  We may also share your personal data with the following third parties either to provide services to you or to fulfil our legal or professional obligations:

HMRC

Subcontractors

ID verification companies

Our professional body Association of Tax Technicians (ATT) and/or the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS) in relation to practice assurance and/or the requirements of MLR 2017 (or any similar legislation).

Any third parties with whom you require or permit us to correspond

An alternate appointed by us in the event of incapacity or death

Tax insurance or professional indemnity insurance providers

If the law allows or requires us to do so, we may share your personal data with:

The police and law enforcement agencies

Courts and tribunals

The Information Commissioner’s Office (ICO)

We may need to share your personal data with the third parties identified above in order to comply with our legal obligations, including our legal obligations to you. If you ask us not to share your personal data with such third parties we may need to cease to act.

Transfers of personal data outside the UK

In the course of providing services to you and processing personal data, we may disclose personal data to other firms in our network, a regulatory body or a third party, which includes IT/service providers and subcontractors.  We use TaxDome (hosted on AWS) to collect and store client information and documents.

According to TaxDome, data may be stored based on firm location and involves AWS infrastructure; where any transfer outside the UK occurs, we rely on the EU Standard Contractual Clauses and the UK Addendum/IDTA incorporated into TaxDome’s Data Processing Amendment (DPA). From time to time our staff may need to access personal data while travelling outside the UK.

Where this happens, we use appropriate protections such as VPN and multi-factor authentication. IWe will ensure any restricted transfer complies with UK adequacy regulations and/or Article 46 of the UK GDPR and will review our international transfer arrangements at least annually and whenever circumstances change. You can request a copy or summary of these safeguards by contacting

hello@globaltaxconsulting.co.uk.

Retention of personal data

We keep personal data only for as long as necessary for the purposes set out in this notice, including to meet legal, regulatory, tax and accounting requirements, and to establish, exercise or defend legal claims. Unless a longer period is required by law or by other exceptions below, we retain engagement files, including deliverables, working papers, and correspondence, for six (6) years from the end of the matter or financial year to which they relate.

We retain customer due-diligence and transaction-monitoring records for five (5) years after the end of our business relationship or the date of an occasional transaction, and delete them at the end of that period unless an exception applies under the Money Laundering Regulations (e.g., required by law or for legal proceedings). We may retain specific records beyond the periods above where required by law, where HMRC enquiries are ongoing, or where needed to establish, exercise or defend legal claims.

We review retention periodically and securely delete or anonymise data when no longer needed.  When we transfer your data to our data processors, their retention schedule applies. TaxDome retains data while the account is active and for as long as necessary to provide its service. It typically deletes within 90 days after account termination. We require DBSL to observe our data retention policy and schedule set out above.  You are responsible for retaining information that we send to you (including details of capital gains base costs and claims and elections submitted) and this will be supplied in the form agreed between us. Documents and records relevant to your tax affairs are required by law to be retained by you as follows:

Individuals, trustees and partnerships:

Wth trading or rental income: five years and 10 months after the end of the tax year;

Otherwise: 22 months after the end of the tax year.

Cookies

Our website uses essential cookies and, with your consent, marketing cookies and analytics cookies.  You can accept, reject, or set preferences on cookies via your browser settings. For the most up-to-date details of each cookie, please visit:

hello@globaltaxconsulting.co.uk.

Your data protection rights

You have the following rights to your personal data:

Right of access

Right to rectification

Right to erasure

Right to restriction of processing

Right to object to processing

Right to data portability

Right to withdraw consent

Please see further information about these rights, when they are available and how to exercise them below. We do not charge a fee for handling your request to exercise the rights above.

Right of access

Right to rectification

Right to erasure

Right to restriction of processing

Right to object to processing

Right to data portability

Right to withdraw consent

How we protect your data

We take appropriate technical and organisational measures to protect personal data, as required by Article 32 UK GDPR, having regard to the nature of the data and the risks of processing. In particular:

Access control & authentication: Staff accounts use multi-factor authentication (2FA). Access is granted on a least-privilege basis and reviewed periodically.

Secure remote access: When accessing systems from outside our premises, staff connect via a virtual private network (VPN).

Supplier security: We use TaxDome as our client portal and practice management platform. According to TaxDome, it maintains SOC 2 Type II controls and industry-standard security on AWS. We bind all processors by contract to implement appropriate security and to process data only on our instructions.

Confidentiality: We ensure that persons authorised to process personal data are subject to confidentiality obligations.

Retention & deletion: We retain personal data only as long as necessary for the purposes set out in this notice and then securely delete or anonymise it.

Monitoring & review: We review our measures at appropriate intervals and after material changes to our processing, systems, or risks.

If we become aware of a personal data breach, we will assess the risk to individuals and, where required, notify the ICO within 72 hours and inform affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms. No method of transmission or storage is completely secure; however, we aim to maintain a level of security appropriate to the risk

US Privacy Supplement

This section applies only to the extent required by United States law and is intended to provide additional information for individuals in the United States.

What we collect and why

We collect the categories of personal information described in this Privacy Notice for the purposes explained above. We do not sell or share personal information for cross-context behavioural or targeted advertising.

Your US state privacy rights

Depending on your state of residence, you may have rights to:

Request access to, or a portable copy of, your personal information.

Request deletion or correction of your personal information.

Opt-out of the sale or sharing of personal information or of targeted advertising (we do not sell or share your data).

Appeal our decision if we decline to act on a request.

You may exercise these rights by contacting us at  hello@globaltaxconsulting.co.uk. We will verify and respond to your request as required by applicable law (normally within 45 days, extendable once where reasonably necessary). You will not be discriminated against for exercising these rights.

Sensitive data

Where required by state law (e.g., in Virginia, Colorado, Connecticut, or Texas), we will obtain your consent before processing “sensitive data,” and we handle any children’s data in accordance with the Children’s Online Privacy Protection Act (COPPA) where applicable.

How to contact us

If you have questions about this supplement or wish to exercise your rights, please email  hello@globaltaxconsulting.co.uk.

Complaints

If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to hello@globaltaxconsulting.co.uk.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office at https://ico.org.uk to report concerns you may have about us. The ICO’s address:

Changes to this Privacy Notice

We may amend this privacy notice from time to time. When we make material changes, we will notify you by email, by posting a prominent notice on our website, or by otherwise making a copy of the amended privacy notice available to you.