Privacy Policy

Learn how we protect your data, use cookies, and comply with UK GDPR regulations.

Introduction

This Privacy Policy explains how Taxworld ("we", "our", "us") collects, uses, and protects personal data when you use our UK website www.taxworld.co.uk and its subdomains.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We do not use analytics cookies or tracking technologies at this time.

1. Who We Are (Data Controller)

Taxworld
123 Buckingham Palace Road, London, SW1W 9SH, United Kingdom
Contact: online contact form

We determine the purposes and means of processing personal data for visitors of www.taxworld.co.uk.

2. Personal Data We Collect

We collect the following personal data:

  • Contact details: name, email, phone number, company name.
  • Address information: street address, city, county, postcode, country.
  • Financial information: IBAN and account holder name (used for GoCardless payments).
  • Account credentials: username and hashed password when logging in through app.taxworld.ie.
  • Technical data: IP address, device type, browser type (via security logs).

3. Data Collected via Website Forms

We collect personal data when you submit forms on www.taxworld.co.uk and its subdomains (for example, contact enquiries, publication requests, registrations, or membership enquiries).

Depending on the form, the data collected may include:

  • Name
  • Email address
  • Phone number
  • Company name
  • Address details (where required for fulfilment or delivery)

Form submissions are delivered to our internal email inboxes for processing and are retained only for as long as necessary, in line with our retention policy.

We do not store passwords or payment details through website forms.

4. User Accounts on app.taxworld.ie

After registration, we may create a user account within our own system at app.taxworld.ie. We store:

  • Email
  • Secure hashed and salted passwords
  • Profile/account information

Passwords are never stored in plain text. Data is hosted in a secure MySQL database on DigitalOcean in an EU datacenter.

5. Payments (GoCardless)

We use GoCardless to process bank payments. Financial information is transmitted securely to GoCardless and not stored in our own systems beyond initial transmission.

GoCardless acts as a processor and complies with the UK GDPR and FCA requirements.

  • Contract: processing registrations, creating user accounts, providing services, processing payments.
  • Legitimate interests: site security, fraud prevention, internal administration, responding to enquiries.
  • Consent: marketing communications.

7. Security and Cloudflare

Cloudflare provides DDoS protection, security, and content delivery. It processes:

  • IP address
  • Browser/device metadata
  • Security event logs

Cloudflare cookies are strictly necessary and do not require consent under PECR.

8. Data Retention

  • Form submissions: up to 3 years.
  • Account data: retained while the account is active.
  • Financial records: retained for at least 6 years for legal and accounting purposes.

9. International Transfers

Some of our processors (such as Cloudflare or GoCardless) may transfer personal data outside the UK. Where this occurs, it is protected using appropriate safeguards, such as:

  • UK International Data Transfer Agreement (IDTA)
  • UK Addendum to EU Standard Contractual Clauses

10. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Data portability

11. Complaints

You may lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk

12. Contact Us

For privacy enquiries, please contact us via our online contact form.