Privacy Policy

Last Updated: 12 June 2025

1. Introduction

Handy Tax Tools Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal data when you use our website and services (the "Services").

For the purpose of the UK General Data Protection Regulation (UK GDPR), the data controller is Handy Tax Tools Ltd, company number 16490924. If you have any questions about this privacy policy, please contact us at privacy@handy.tax.

2. Information We Collect

We may collect and process the following data about you:

• Account Information: When you register for an account, we collect your email address and a securely hashed version of your password.
• Tax Information: To use our Services, you will provide financial and tax-related data, such as your VAT registration number (VRN), and the figures required for VAT returns or invoices.
• HMRC Data: When you authorise us to connect to your HMRC account, we receive an authentication token from HMRC which allows us to retrieve your VAT obligations, liabilities, and payments on your behalf. We do not see or store your Government Gateway credentials.
• Communications: If you contact us for support, we will keep a record of that correspondence.
• Marketing Preferences: We will collect your preferences for receiving marketing communications from us. We will only send you marketing emails where you have provided explicit opt-in consent.
• Usage Data & Cookies: We use Google Analytics to understand how our visitors use the Site. This may include your IP address, browser type, device information, and pages visited. This data is aggregated and helps us improve our Services. We use essential cookies to maintain your session when you log in.

3. How We Use Your Information

We use the information we hold about you in the following ways:

• To provide, maintain, and improve our Services.
• To manage your account and communicate with you about service-related matters.
• To process your instructions to submit VAT returns to HMRC.
• To provide you with customer support.
• With your explicit consent, to send you newsletters or marketing emails about our new features and services.
• To monitor the usage of our Site and Services for security purposes and to improve user experience.

Our legal basis for processing your personal data is typically the performance of our contract with you (as set out in our Terms of Service). For marketing, our basis is your consent. For analytics and security, our basis is our legitimate interest in operating and improving our services securely.

4. Data Sharing and Third Parties

We do not sell your personal data. We will only share it with third parties in the following circumstances:

• HM Revenue & Customs (HMRC): We will share the VAT return data you provide with HMRC only when you explicitly instruct us to do so by submitting a return through our Service.
• Service Providers: We use third-party service providers for specific functions:
  • Google Analytics: To analyse website traffic. Google has its own privacy policy and is a participant in data privacy frameworks.
  • [Customer Support Platform]: In the future, we may use a third-party platform to manage customer support queries. We will update this policy accordingly.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this policy. We will retain and use your data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you close your account, your personal data, including draft returns and submission records, will be permanently deleted from our systems after a period of 180 days.

6. Your Data Protection Rights

Under UK data protection law, you have certain rights regarding your personal data:

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you wish to make a request, please contact us at privacy@handy.tax.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.