Email: email@example.com | Tel: 020 3137 4573
At Enable Ltd, we are committed to protecting the privacy of our customers; this policy sets out how we collect, use and safeguard your personal information and the conditions under which we may need to share your data. This policy also covers information we may use for our marketing and communication activities and your choices regarding these activities, your privacy rights and how the law protects you
Enable Ltd is a group of payroll and employment administration services comprising:
We are a registered company in England & Wales with Registration No: 455 2449 at Victoria House, 125 Queens Road, Brighton, East Sussex BN1 3WB and our Data Protection registration number is Z8318178.
Enable Ltd acts as a ‘Data Controller’ for any personal data you provide us with. This means we will determine the purpose for which any data will be processed and the manner in which it is processed. This is in respect of your personal data as a customer of ours.
We also act as a ‘Data Processor’. This means, on your behalf, we will process the employee/s’ personal data that you provide us with. In this capacity, customers of Enable Ltd are the ‘Data Controller’ for their employee/s’ information.
If you have any questions about the personal data we hold for you, or want more details on how we use your information, you can contact us by emailing firstname.lastname@example.org
We must have at least one or more of the following reasons to satisfy a ‘lawful basis’ to collect your data:
We collect and keep your data in order to provide you with the service you are paying us for.
The nature of our service is to act on your behalf with government authorities such as Her Majesty’s Revenue and Customs (HMRC) and The Pensions Regulator (TPR). Legislation dictates that certain full and complete employment records must be kept for a specified period of time. As your payroll and auto enrolment agent, we are required to uphold this on your behalf.
‘Consent’ means ensuring we offer you choice and control regarding your data, how it is used and how we do business with you.
A ‘legitimate interest’ means that we must have a clear and specific benefit or outcome in mind, relating to a business, service or commercial reason to use your information. We must always be mindful of what is right and best for you, and our legitimate interests must not conflict with this.
Some of our legitimate reasons are listed below:
Our customers and anyone we do business with will have the assurance that we will only collect personal information and data that we absolutely require to satisfy a lawful basis. Your data will only be used as required to perform functions specifically pertaining to our business.
Of course, you have the right not to share personal information with us (the ‘right to object’) or ask us to delete, remove or stop using your data (the ‘right to be forgotten’).
There may be official reasons why we continue to hold and use your data but if you believe we do not have a legitimate reason, please contact us to discuss why you think we should not be using it.
To provide the service you have chosen there will be information we will need, including personal information, so we can fulfil our contractual service obligations to you. If you choose not to provide the information we require, or withdraw your consent, it may prevent processes from taking place and may even result in us not being able to provide you with a service at all. Some of the information we ask for may be optional, and we will tell you if this is the case.
We may make ‘automated decisions’ based on your data. This means we may place you in smaller groups with other similar customers to research and study, learn about your needs and expectations in order to make business and service decisions. This helps us to manage our customer relationships and tailor our services and products to specific customer needs. You will always have the ‘right to object’ and the ‘right to access’ how we do this.
If you find you are unhappy in how we have used your personal information, please let us know. We will take all reasonable steps to ensure your complaint is dealt with efficiently and fairly.
If you remain dissatisfied, you have the right to complain directly to the Information Commissioners Office (ICO) who can be contacted as follows:
Write to: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We will process this data under the lawful basis of one or more of the following:
|Types||Example||Our purpose and legitimate interest|
|Contact Details||Your name, address, main telephone number and email address||To communicate information to you as part of our service|
|ID Documents||Examples may be copies of passport, driver’s licence, utility bills||To prove your identity and to uphold our obligations to Money Laundering regulations|
|Payment details||Debit/Credit Card details, bank details||To perform monetary transactions such as taking and making payments, collecting Direct Debits for services or pension contributions or processing refunds|
|Identifiers||Codes allocated to identify you such as PAYE Reference number, employee NI Numbers, Pension Scheme ID||To act on your behalf as your payroll and auto enrolment agent|
|Consents||Permissions and authorisations submitted by you. Examples would be HMRC forms or an opt-in to receive our newsletter||To allow us to perform the service you need to its most efficient, effective and fullest|
|Communications||Emails, letters, messages and telephone call||To allow us to keep a history of your activity with us so we can provide an informed, efficient and complete service, act upon any instruction you give us or deal with any issues|
We will process this data under the lawful basis of a legitimate interest.
|Types||Example||Our purpose and legitimate interest|
|Behavioural||How you use our service, the facilities we provide and the outcome||To communicate information to you as part of our service|
|Technological||The devices and technology you are using to access and use our service||To inform us so we can tailor our service to your needs and make improvements|
|Usage||How you use our service, how often you use our facilities||To inform us so we can tailor our service to your needs and make decisions on where to enhance the service for our customers|
|Communications||What we learn about you from any form of dialogue between us||To help us communicate with you better and to inform us so we can provide a more personal service to you|
We will process this data under the lawful basis of consent and/or a legitimate interest.
|Types||Example||Our purpose and legitimate interest|
|Contact Details||Email addresses, telephone numbers||We may send you newsletters on new products or services we have, promotions or contact you to invite you to enter competitions|
|Locational||Where you are such as your address, or your computer IP address||Information on where our clients are located contributes to a greater understanding of our client base|
|Social Demographic||Details of profession, nationality, education, household income, family set-up||To inform us so we have a greater understanding of our client base, so we can tailor our marketing and communications effectively|
|Survey Data||Opinions and views on our service, family, current affairs, life, interests, social relationships||To help us have a greater understanding to profile our client base so we can evolve with our customers and manage our customer relationships effectively|
You give it to us when you:
We collect it as part of the natural course of our service:
Via third parties we work with such as:
Via a third party connected to you who you have consented to share your data with us, such as:
* In order to collect necessary data, obtain consent and/or declarations we may use external online software providers such as a form builder. This will be made clear to you at the time and your consent to provide data in this way will be asked for. We only use providers who are themselves GDPR compliant and have a Privacy Statement in place. You have the ‘right to access’ and can request information regarding this at any time.
Your information will be made accessible to our employees, officers, agents or subcontractors as reasonably necessary to perform the service you have chosen. Under no circumstances will we sell your data. We will not, without your express consent or justifiable reason, share your data to a third party unconnected to our business.
We work with several suppliers and third-party organisations to provide our full range of services to you. It will be necessary for us to share some of your data with these organisations, so we can fully deliver our services. These will be made clear to you at the appropriate time and you will be asked for consent. For all third parties we work with, our own due diligence is carried out to ensure compliance with Data Protection and GDPR legislation.
All third parties we use are UK based or have data facilities in the EU and no data will be shared outside of the EU. Your information will only be shared with a third party where it is necessary, in order for us to provide a function of our service. Examples of external organisations are:
For more information on any of the external third party organisation we work with, you can contact us by emailing email@example.com
In rare cases, we may need to disclose your information if required to do so by law:
As a present or past customer of Enable Ltd
As a website user
We are committed to safeguarding and will take all reasonable technical and organisational precautions to prevent the loss, misuse, alteration or exposure of your personal information.
We will store all the personal information you provide on our secure (password and firewall protected) servers. All electronic payments you make to us will be encrypted using SSL technology. Of course, data transmission over the internet is known to be insecure, and we cannot guarantee the security of data in transit to us via the internet.
You are responsible for keeping your Members Area password and user details confidential. Other than when you log into the Members Area we will not ask you for your password.
Customers telephoning us will be asked to confirm their identity by answering selected security questions before our advisors will discuss details of their account. If you have nominated someone to liaise with us on your behalf we will required your express authorisation to discuss your account with that person. This includes any of your employees.
To provide the payroll and auto enrolment services you have chosen we will need to collect the personal information of your employee/s.
To provide an agency support service for recruitment agencies working with us we will need to collect the personal data of agency clients
In both these capacities, recruitment agencies and our customers become the ‘Data Controller’ and must comply with legislation and ensure that they have the consent of the data subject before disclosing any personal data to us.
Data may include but is not limited to:
By subscribing to any of our services that require personal data to be disclosed that it not your own, we will assume you have gained the necessary consent before submitting the data subject’s personal information to us.
The personal information we use for our marketing is what we have collected when you subscribe to our services and what you have consented to tell us. We may use your personal information to:
We can only include you in our marketing communications if you have explicitly consented (by ticking check-boxes provided on our forms we use to collect your data) or we have a business or commercial reason to do so – a legitimate interest.
If you have opted to receive marketing from us you can change your mind and withdraw consent at any time by contacting us, or using the opt-out functions provided. Likewise, if you’d like to start receiving marketing from us, you can notify us to include your details on our mailing lists
Whatever you choose to do, we will continue to send you service communications that pertain particularly to activity with your service subscription. These may be statements, notifications, updates or guidance. These communications form part of our service to you and are not part of marketing.
If you believe that any information we hold about you is incorrect or incomplete, you have the ‘right to rectification’. Please do let us know. We will take all reasonable steps to make changes where necessary to ensure accuracy, within the required one month of your notification.
You may instruct us to provide you with any personal information we hold about you:
We will require you to complete and submit a Subject Access Request (SAR) form before we release any data.
If an employee of one of our customers requires their personal data to be changed or updated, or the employee requests access to the data we hold about them, the request must first be made directly to their employer (our customer), who is the ‘Data Controller’ in the employer/employee relationship. The employer, as our customer, should then make the request to us within one month of the employee’s request.
As our contract for services is with the employer, we cannot take instruction from any of our customers’ employees without prior consent or instruction from their employer.
The Data Protection Officer
125 Queens Road
Brighton BN1 3WB
Our Data Protection Officer can also be emailed at firstname.lastname@example.org