Introduction
This Privacy Policy ("Policy") governs the collection, use, storage, and protection of personal and financial data by SSF Global ("we," "us," or "our") in compliance with the UK Data Protection Act 2018, the General Data Protection Regulation (GDPR), and other applicable laws. By engaging with our services, you ("Client" or "User") consent to the practices outlined herein.
Scope of Data Collection
We collect and process the following categories of data:
-
Personal Data:
Includes but is not limited to names, email addresses, telephone numbers, and IP addresses.
-
Financial Data:
Encompasses bank statements, payment histories, payroll records, donor reports (for charities), and HMRC Gift Aid data.
-
Sensitive Data:
Refers to financial information required for accounting services, including tax filings and compliance reporting.
Purposes of Data Processing
Your data is processed for the following purposes:
-
Service Delivery:
To provide accounting, digital marketing, and other outsourcing services as agreed in our contracts.
-
Legal Compliance:
To fulfill obligations under UK Charity Commission and HMRC regulations.
-
Marketing:
To send promotional materials, subject to your explicit consent.
Legal Basis for Processing
Under GDPR Article 6, we process your data based on the following legal grounds:
-
Contractual Necessity:
To perform our obligations under service agreements.
-
Legal Obligations:
To comply with UK tax and charity laws.
-
Legitimate Interests:
To improve our services and communicate with clients.
-
For sensitive financial data, we rely on GDPR Article 9(2)(b) (processing necessary for the performance of a contract).
Financial Data Confidentiality and Security
We implement stringent measures to ensure the confidentiality, integrity, and security of your financial data:
-
Access Controls:
Financial data is accessible only to authorized personnel bound by confidentiality agreements.
-
Encryption:
All financial data, including bank statements, is encrypted.
-
Non-Disclosure Agreements (NDAs):
All employees and third-party processors handling financial data are required to sign NDAs.
-
No Unauthorized Sharing:
Financial data is never sold, shared, or disclosed except as necessary for service delivery (e.g., HMRC filings) or as required by law.
Cross-Border Data Transfers
To deliver our services, we may transfer your data outside the UK or European Economic Area (EEA). In such cases, we implement safeguards to ensure compliance with GDPR and protect your data, including:
-
Standard Contractual Clauses (SCCs):
Approved by the European Commission for international data transfers.
-
Adequacy Decisions:
Ensuring the recipient country provides an adequate level of data protection.
Data Breach Notification
In the event of a data breach that affects your personal or financial data, we will:
Data Retention Periods
We retain your data in accordance with legal and operational requirements:
-
Bank Statements:
7 years (to comply with HMRC tax audit requirements).
-
General Financial Data:
3 years following the termination of our contractual relationship.
-
Marketing Data:
Until you withdraw your consent or opt out of communications.
Your Rights Under GDPR and UK Law
You have the following rights regarding your data:
-
Access:
To request a copy of your data.
-
Rectification:
To correct inaccurate or incomplete data.
-
Erasure:
To request deletion of your data, subject to legal obligations.
-
Restriction:
To limit the processing of your data under certain conditions.
-
Objection:
To object to processing for direct marketing purposes.
-
Data Portability:
To receive your data in a structured, commonly used format.
To exercise these rights, please contact us at info@ssfglobal.co.uk. We will respond within 30 days of receiving your request.