Calceum

Privacy Policy

At Calceum, we are committed to keeping your personal information safe and secure, and handling it in accordance with our legal obligations. This Privacy Policy sets out the purposes for which we process your personal information, what rights you have in relation to that information, who we share it with and everything else we think is important for you to be aware of.

Please make sure you check it carefully and if you don’t agree with it, then unfortunately you shouldn’t visit www.calceum.com or its associated domains (our “Website”) or generally use our services (our “Services”). By using our Services, you confirm that you accept the way in which we process your personal information. This Privacy Policy forms part of our Website’s terms and conditions (“Terms”), and capitalised words and phrases in it have the same meaning as those in our Terms.

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

We act as a data controller and are responsible for your personal data in connection with our activities.

If you have any concerns, please feel free to contact us at privacy@calceum.com.

About Calceum

We are Calceum Limited, trading as Calceum (and referred to as ‘Calceum’, ‘we’, ‘our’ or ‘us’ in this Privacy Policy). Calceum Limited is a limited company incorporated in England and Wales, with registered company number 17240312 and registered address at Red Gables, West Common, Harpenden, England, AL5 2JQ.

Email address: privacy@calceum.com

About this Privacy Policy

This Privacy Policy applies to the personal information we collect about you through our Services, whether in person, by telephone, by post, via our Website or any other digital products, through our social media platforms, from third parties and when you otherwise communicate with us.

This Privacy Policy may change from time to time and, if it does, the up-to-date version will always be available on our Website. We will also tell you about any important changes to our Privacy Policy.

Personal information means any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier. This covers obvious information such as your name and contact details, but also less obvious information such as identification numbers, electronic location data and other online identifiers.

The personal information we collect

We may collect some or all of the following personal information, depending on how you use our Services:

  • Name (including title)
  • Email address
  • Telephone number
  • Business name and type
  • National Insurance number (where required for HMRC submissions)
  • Income, expense and transaction data (where you use our bookkeeping and tax management services)
  • Payment information
  • Data you may submit for technical support
  • Technical data, including IP address, login information, browser type and version, timezone setting, operating system and platform
  • Information about your visit, including pages viewed, time spent on pages, page interaction information (such as scrolling and clicks) and how you navigated to and from our Website

We collect personal information in the following ways:

  • Directly from you, when you register on our Website, subscribe to our services, connect your HMRC account, contact us for support, or correspond with us by phone, email or otherwise.
  • Automatically when you use our services, including technical and device information. Some of this information is collected in accordance with HMRC’s fraud prevention requirements.

In respect of all the personal information we collect, our overarching purpose is to enable us to deliver the best bookkeeping and tax management app for the self employed and landlords in the UK. We hold all personal information securely, and we use it to provide you with a reliable and customised experience.

How we use your personal information

Under applicable data protection laws, we must always have a lawful basis for using your personal information. Your personal information may be used for the following purposes:

  • To carry out our obligations arising from any contract between you and us, and to provide you with the services you request, including submitting tax data to HMRC on your behalf.
  • To comply with HMRC’s fraud prevention requirements by collecting and transmitting device information (such as your IP address, browser type, timezone and operating system) when making submissions. This is a statutory requirement and is not optional.
  • To provide you with information about other services that we offer that are similar to those you have already used or enquired about.
  • To provide you with information about services we feel may interest you. If you are a new user, we will only contact you by electronic means if you have consented to this.
  • To notify you about changes to our services.
  • To administer our Website and for internal operations, including troubleshooting, data analysis, testing, research and statistical purposes.
  • To improve our Website and ensure that content is presented in the most effective manner for you and your device.
  • To allow you to participate in interactive features of our services when you choose to do so.
  • As part of our efforts to keep our Website and Services safe and secure.

We only ever use your information in line with applicable data protection laws — in particular, the Data Protection Act 2018 (“DPA 2018”) and the UK General Data Protection Regulation (“UK GDPR”) (the DPA 2018 and UK GDPR together, the “Data Protection Legislation”). We only use your information where we have a legal basis to do so:

  • Consent — you have given us consent to process your personal information for a specific purpose that we have told you about.
  • Performance of our contract — processing your personal information is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
  • Legal obligation — processing your personal information is necessary for us to comply with a legal or regulatory requirement, such as submitting fraud prevention data to HMRC as required.
  • Legitimate interests — processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests.

We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications Regulations 2003 (PECR), and you will always have the opportunity to opt out of marketing communications.

When do we disclose your personal information?

We may disclose your information for certain purposes and to third parties, as follows:

  • HMRC: When we submit tax data to HMRC on your behalf, we are required by law to include certain device information (such as your IP address, browser type, timezone and operating system) as fraud prevention headers. This is a statutory requirement.
  • Third Party Providers: We use certain companies, agents or contractors (“Third Party Providers”) to perform services on our behalf or to help deliver our services to you, such as cloud hosting, payment processing and error monitoring. In the course of providing such services, these Third Party Providers may have access to your personal information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.
  • To protect legitimate interests: There are certain circumstances where we and our Third Party Providers may disclose and/or make use of your information where a disclosure would be necessary to: (a) satisfy any applicable law, regulation, legal process, or other legal or governmental request or requirement, (b) enforce applicable terms of use, including investigation of any actual or alleged breaches, (c) detect, prevent, or otherwise address illegal or suspected illegal activities (including payment fraud), security or technical issues, or (d) protect against harm to the rights, property or safety of Calceum, its members or the public, as required or permitted by law.
  • Transfers of our business: In connection with any corporate re-organisation, restructuring, external investment, merger or sale, or other transfer of assets, we will transfer information, including personal information, provided that the receiving party agrees to comply with our requirements as set out in this Privacy Policy relating to your personal information.

We do not sell your personal information. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions.

Communications

Marketing communications

We want to ensure that you are informed and aware of the best services we can offer you. By consenting to receive additional communications (by email or otherwise) from us, we will process your personal information in accordance with this Privacy Policy. We request consent when appropriate.

You can change your marketing preferences at any time by contacting us at privacy@calceum.com or changing your preferences on our Website.

Service communications

We may send you communications relating to service updates (e.g. service availability, scheduled maintenance) or customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can.

Data retention

We will not keep your personal information for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:

  • Financial and tax records — personal information relating to tax submissions, income, expenses and transaction data will be retained for no longer than seven years from the end of the relevant tax year, as required for tax, audit and accounting purposes.
  • Technical support — personal information relating to support queries will be retained for no longer than three years.
  • Payment information — any personal information relating to payment details will be deleted when there is no longer a legitimate reason to retain it.
  • Account data — if you close your account, we will delete your personal data within 30 days, except where we are required by law to retain it.

Any Third Party Providers that we engage will keep your personal information stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any Third Party Provider, we will make sure that they securely delete or return your personal information to us.

We may retain personal information about you for statistical purposes. Where information is retained for statistical purposes it will always be anonymised, meaning that you will not be identifiable from that information.

Security of your personal information

We are committed to securing and protecting your personal information, and we implement appropriate technical and organisational measures to help protect it. Your personal information is stored and processed within the United Kingdom using secure cloud infrastructure. We and our Third Party Providers implement policies to guard against unauthorised access and unnecessary retention of personal information in our systems.

We have procedures in place to manage any suspected personal data breach and will notify the relevant authorities where we are legally required to do so.

Unfortunately, the transmission of your personal information via the internet is not completely secure and although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to us over the internet and you acknowledge that any transmission is at your own risk.

Our Website (or any other digital products we may operate) may contain links to websites operated by third parties. This Privacy Policy only applies to the personal information that we collect from you and we cannot be responsible for personal information collected and stored by third parties. Please check the privacy policies of any third-party websites before you submit any personal information to them.

Your rights

Under the Data Protection Legislation, as a visitor of our Website and/or user of our Services, you are entitled to the following rights. There are circumstances in which your rights may not apply.

  • Right to be informed — to know how we collect and use your personal data. This Privacy Policy fulfils this obligation.
  • Right of access — to request a copy of the personal information we hold about you. This is known as a Subject Access Request and should be made in writing to privacy@calceum.com. We will respond within one calendar month.
  • Right to rectification — to request that we update any personal information that is inaccurate or incomplete.
  • Right to erasure — to request that we delete the personal information we hold about you. If we are providing services to you and you ask us to delete your information, we may be unable to continue providing those services.
  • Right to restrict processing — to request that we limit the way in which we process your personal information.
  • Right to object — to object to us using your personal data for a particular purpose or purposes.
  • Right to data portability — to request that we transfer your personal information to a third party in a structured, commonly used and machine-readable format.

For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us at privacy@calceum.com.

We may need to request specific information from you to help us confirm your identity before processing your request. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

There is not normally any charge for exercising your rights. We reserve the right to charge a fee for requests that are manifestly unfounded or excessive.

If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal information and privacy.

Cookies

Our Website uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our Website and also allows us to improve it. We may use the following types of cookies:

  • Strictly necessary cookies — required for the operation of our Website, such as cookies that enable you to log into secure areas or maintain your session.
  • Analytical/performance cookies — allow us to recognise and count the number of visitors and to see how visitors move around our Website, helping us to improve the way it works.
  • Functionality cookies — used to recognise you when you return to our Website, enabling us to personalise content and remember your preferences.

You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly.

General

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this Privacy Policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Privacy Policy will be governed by and interpreted according to English law and if necessary, by the English courts.