Privacy Policy

Learn how we protect your data, use cookies, and comply with UK GDPR regulations.

Introduction

This Privacy Policy explains how Taxworld ("we", "our", "us") collects, uses, and protects personal data when you use our UK website www.taxworld.co.uk and its subdomains.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

Taxworld
123 Buckingham Palace Road, London, SW1W 9SH, United Kingdom
Contact: online contact form

We determine the purposes and means of processing personal data for visitors of www.taxworld.co.uk.

2. Personal Data We Collect

We collect the following personal data:

  • Contact details: name, email, phone number, company name.
  • Address information: street address, city, county, postcode, country.
  • Financial information: IBAN and account holder name (used for GoCardless payments).
  • Account credentials: username and hashed password when logging in through app.taxworld.ie.
  • Technical data: IP address, device type, browser type (via security logs).
  • Analytics data: usage behaviour collected via Statcounter (only with consent).

3. Data Collected via EngageBay Forms

We use EngageBay-hosted registration and enquiry forms. EngageBay collects:

  • Name
  • Email
  • Phone number
  • Address details
  • Company name
  • IBAN / account holder information (if required)

Data submitted through EngageBay is forwarded securely to our internal team. EngageBay does not store or process user passwords.

EngageBay acts as our data processor.

4. User Accounts on app.taxworld.ie

After registration, we may create a user account within our own system at app.taxworld.ie. We store:

  • Email
  • Secure hashed and salted passwords
  • Profile/account information

Passwords are never stored in plain text. Data is hosted in a secure MySQL database on DigitalOcean in an EU datacenter.

5. Payments (GoCardless)

We use GoCardless to process bank payments. Financial information is transmitted securely to GoCardless and not stored in our own systems beyond initial transmission.

GoCardless acts as a processor and complies with the UK GDPR and FCA requirements.

  • Contract: processing registrations, creating user accounts, providing services, processing payments.
  • Legitimate interests: site security, fraud prevention, internal administration, responding to enquiries.
  • Consent: analytics cookies (Statcounter) and marketing communications.

7. Cookies and Analytics

We use Statcounter for analytics only if you provide consent through our cookie banner. Statcounter places analytics cookies to measure usage and performance.

See our Cookies Policy for full details.

8. Security and Cloudflare

Cloudflare provides DDoS protection, security, and content delivery. It processes:

  • IP address
  • Browser/device metadata
  • Security event logs

Cloudflare cookies are strictly necessary and do not require consent under PECR.

9. Data Retention

  • Form submissions: up to 3 years.
  • Account data: retained while the account is active.
  • Financial records: retained for at least 6 years for legal and accounting purposes.
  • Analytics data: kept according to Statcounter’s retention settings.

10. International Transfers

When personal data is transferred outside the UK (e.g., via EngageBay or GoCardless), it is protected using:

  • UK International Data Transfer Agreement (IDTA)
  • UK Addendum to EU Standard Contractual Clauses

11. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Request correction
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Data portability

12. Complaints

You may lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk

13. Contact Us

For privacy enquiries, please contact us via our online contact form.