Privacy Policy

Cut My Tax is a project of the Tax Reform Council. This privacy policy is that of the Tax Reform

Council and its projects such as Cut My Tax.

Overview

The Tax Reform Council (“the TRC”) understands that your privacy is important to you and that

you care about how your personal data is used, and will only collect and use personal data in

ways that are described here, and in a manner that is consistent with our obligations and your

rights under the law.

This policy applies both to our websites and to any of our activities.

General

The TRC (and trusted partners acting on our behalf) use your personal data:

• to pursue our objectives

• to provide goods and services to you;

• to make tailored websites available to you;

• to enable us to work with each other to help achieve particular policy objectives

• to manage any registered account(s) that you hold with us;

• to verify your identity;

• for crime and fraud prevention, detection and related purposes;

• with your agreement, we also use your personal data to contact you electronically about

products, services, concepts and policies which we think may interest you;

• for promotional and marketing purposes and to tailor and personalise products and

services;

• to train and manage our people and develop products and services;

• for customer insight and market research purposes – to better understand your needs;

• to enable us to manage customer service interactions (including refunds) with you, and

• where we have a legal right or duty to use or disclose your information (for example in

relation to an investigation by a public authority or in a legal dispute).

Promotional communications

The TRC uses your personal data for electronic marketing purposes (with your consent) and may

also send you postal mail to update you on the latest TRC products and services. You have the

right to opt out of receiving promotional communications at any time, by making use of the

“unsubscribe” link in emails or by contacting us via the contact channels set out in this policy.

Sharing data with third parties

In order to make certain services available to you, we may need to share your personal data

with some of our service providers, particularly for delivery of goods and services and

communications with you.

The TRC only allows its service providers to handle your personal data when we have confirmed

that they apply appropriate data protection and security controls. We also impose contractual

obligations on service providers relating to data protection and security, which mean they can

only use your data to provide services to the TRC and to you, and for no other purposes.

Aside from our service providers, the TRC will not disclose your personal data to any third party,

except as set out below. We will never sell or rent our customer data to other organisations for

marketing purposes.

We may share your data with:

• email service providers (such as Microsoft, Mailchimp and Mailjet) where necessary for

communications

• payment processing providers when necessary for making payments

• other service providers needed to assist in the carrying out TRC functions

• government bodies, regulators, law enforcement agencies, courts/tribunals and insurers

where we are required to do so in order to comply with our legal obligations or to

exercise our legal rights (for example in court cases), or for the preventions, detection

and investigation of crime or prosecution of offenders, and to safeguard and protect our

employees, customers or other individuals

To deliver products and services to you, it is sometimes necessary for the TRC to share your data

outside of the European Economic Area. This will typically occur when service providers are

located outside of the EEA, or if you are based outside of the EEA. These transfers are subject to

special rules under data protection laws. If this happens, we will ensure that the transfer will be

compliant with data protection law and all personal data will be secure.

In addition to the above, and with your explicit opt-in consent, we may share your data with

third parties to facilitate customised ad campaigns on other platforms (such as Facebook).

How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy.

Different retention periods apply for different types of data, however the longest we will

normally hold any personal data is six years.

What personal data do we collect?

The TRC may collect the following information about you:

• your name, date of birth and gender;

• your contact details: postal address including billing and delivery addresses, telephone

numbers (including mobile numbers) and email address;

• purchases, orders, donations and subscriptions made by you;

• your online browsing activities on our websites

• your social media usernames

• your username and password(s) when this functionality is created;

• your communication and marketing preferences;

• your profession;

• your location;

• your policy interests;

• the body of your message, when you use our websites to send messages to others;

• your correspondence and communications with the TRC and its campaigns, and

• other publicly available personal data, including any which you have shared via a public

platform (such as a Twitter feed or Facebook page).

This list is not exhaustive and, in specific instances, we may need to collect additional data for

the purposes set out in this policy. Some of the above personal data is collected directly, for

example when you set up an online account on our website, or send an email to us. Other

personal data is collected indirectly, for example your browsing, purchasing or donation activity.

We may also collect personal data from third parties who have your consent to pass your details

to us, or from publicly available sources.

Children’s Information

Another aspect of our priority is adding protection for children while using the internet. We

encourage parents and guardians to observe, participate in, and/or monitor and guide their

online activity.

The TRC does not knowingly collect any Personal Identifiable Information from children under

the age of 16. If you think that your child provided this kind of information on our website, we

strongly encourage you to contact us immediately and we will do our best efforts promptly to

remove such information from our records.

How we protect your data

Our security measures include encryption of data, penetration-testing of systems and security

controls which protect our systems from external attack and unauthorised access.

Your rights

You have the following rights:

• the right to ask for a copy of personal data that we hold about you;

• the right (in certain circumstances) to request that we delete personal data held on you,

where we have no legal reason to retain it;

• the right to ask us to update and correct any out-of-date or incorrect personal data that

we hold about you;

• the right to opt out of any marketing communications that we may send you and to

object to us using or holding your personal data if we have no legitimate reason to do

so;

• the right (in certain circumstances) to ask us to “restrict processing of data”, which

means that we would need to secure and retain the data for your benefit but not

otherwise use it (the right to restrict processing); and

• the right (in certain circumstances) to ask us to supply you with some of the personal

data we hold about you in a structured machine-readable format and/or to provide a

copy of the data in such a format to another organisation (the right to data portability).

If you wish to exercise any of the above rights, please contact us using the contact details set

out below.

Legal basis for using data

Generally, the TRC collects and uses customers’ personal data because it is necessary for:

• the pursuit of our legitimate interests (as set out below);

• the purposes of complying with our duties and exercising our rights under a contract for

the sale of goods to a customer, or

• complying with our legal obligations.

In general, we only rely on consent as a legal basis for processing personal data in relation to

sending direct marketing communications to customers and other stakeholders via email or text

message. Customers have the right to withdraw consent at any time. Where consent is the only

legal basis for processing, we will cease to process data after consent is withdrawn.

Our legitimate interests

The normal legal basis for processing customer data, is that it is necessary for the legitimate

interests of the TRC, including:

• pursuing the interests of our organisation in running our activities, including campaigns,

events and the production of publications so that you know about them and can engage

with them

• selling and supplying goods and services to our customers;

• protecting customers, employees and other individuals and maintaining their safety,

health and welfare;

• promoting, marketing and advertising our activities, products and services;

• promoting our objectives, as explained on our websites

• sending promotional communications which are relevant and tailored to individual

customers;

• understanding our customers’ behaviour, activities, preferences, and needs;

• improving existing products and services and developing new products and services;

• complying with our legal and regulatory obligations;

• preventing, investigating and detecting crime, fraud or anti-social behaviour and

prosecuting offenders, including working with law enforcement agencies;

• handling customer contacts, queries, complaints or disputes (including managing

refunds);

• protecting the TRC, its employees and customers, by taking appropriate legal action

against third parties who have committed criminal acts or are in breach of legal

obligations to the TRC;

• handling any legal claims or regulatory enforcement actions taken against the TRC;

• fulfilling our duties to our customers, colleagues, and other stakeholders.

Cookies

Our websites use cookies and similar technologies such as pixels and beacons to provide social

media features and to analyse traffic to the site. This includes information about browsing

behaviour by people who access our websites. It also includes information about pages viewed,

products purchased, the customer journey around our websites and whether marketing

communications are opened. We also share information about your use of our site with our

trusted social media, advertising and analytics partners. Detailed information is set out in

our Cookie Policy.

Data protection officer

Our Data Protection Officer helps us to ensure we protect the personal data of our customers

(and others) and comply with data protection legislation.

If you have any questions about how the TRC uses your personal data that are not answered

here, or if you want to exercise your rights regarding your personal data, please contact our

Data Protection Officer using the following means:

• email, at contact@taxreformcouncil.org, or

• post, at Data Protection Officer, The Tax Reform Council, Suite 2193, Unit 3A, 34-35

Hatton Garden, Holborn, London, EC1N 8DX UK

You have the right to lodge a complaint with the Information Commissioner’s Office. Further

information, including contact details, is available at https://ico.org.uk.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Updates

We may update this policy from time to time. You are strongly encouraged to read this policy

and check back regularly. This policy was last updated in August 2022.

Contact