IPPEX Global is committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal data is handled. During the course of our activities we will collect, store and process personal data about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of UK data protection laws, IPPEX Global Ltd (IPPEX) is a data controller for the data we collect and a data processor in respect to the IPPEX Global Payroll Hub.
Data protection principles
When processing your information, we will endeavour to comply with the six enforceable principles of good practice. However, IPPEX Cloud provides a container service for employers to manage employees PI data on behalf of their employees in respect of their payroll. Your personal data will be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner that ensures appropriate security.
Information you give to us
You may give us information (such as your names, addresses, vehicle registration number, financial information and other sensitive personal information related to payroll activities) by:
- filling in forms on our Global Payroll Hub website,
- giving a third-party permission to share it with us,
- uploading of data files directly to the Global Payroll Hub
We may use the information you give to us for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
Purposes for which we will use the information you give to us
We will track activity profiles of users interacting with the IPPEX Global Payroll Hub to enable us to highlight any suspicious activities in respect of the employee data we hold for payroll processing.
It will be necessary for our legitimate business interests, namely the auditing and reporting in respect to suspicious activity or data breach.
We will maintain a contact database of users so that we can notify users of planned maintenance in respect to the IPPEX Global Payroll Hub
We will only do this if you give us your consent by some specific, informed and unambiguous method.
We will maintain a contact database of users so that we can notify users of improvements or operational changes in respect of the IPPEX Global Payroll Hub.
We will only do this if you give us your consent by some specific, informed and unambiguous method.
As stated in the table above, it is a legal obligation for you to provide us with certain information. If you do not provide us with that information, we may be unable to provide the services or access to the IPPEX Global Payroll Hub may be suspended.
All other information you give us is given entirely as your discretion. However, if you do not provide that information, then benefits provided by the IPPEX Global Payroll bub may be impaired.
Information we collect about you from other sources
When you visit our website, we may collect information about you such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We may also collect information about you by conducting searches of public records (e.g. Companies House, electoral roll, DVLA database,), or in the process of confirming your identity via our online ID verification provider.
We may use the information we collect about you for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
Purposes for which we will process the information
Legal basis for the processing
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
It will be necessary for our legitimate business interests to ensure you receive the best experience possible when accessing and using our website.
To obtain further information about you, any organisation you represent, with a view to us entering into a contract with you or the organisation you represent.
It will be necessary for our legitimate business interests to ensure we are fully aware of all issues relating to the matter that is the subject of the services you have requested from us.
Disclosure of your information
You agree that we have the right to share your personal information with:
- our auditors and quality assurance assessors;
- Hubspot, SendInBlue, Microsoft Azure and other online cloud providers;
- selected third parties including:
- business partners, customers, suppliers and sub-contractors to the extent we reasonably consider that it is in your best interests for us to do so, or it is necessary for our legitimate business interests;
- IPPEX may share data with in-country payroll processing partners in connection with any business-related quotation request made through our websites.
We will disclose your personal information to third parties:
- in the event that we enter into negotiations to sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if IPPEX or substantially all of its assets are acquired by a third party, in which case personal data held by it about you will be one of the assets transferred to the third party; or
Where we store your personal data
All information you provide to us is stored on our secure hosting environment in the United Kingdom.
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
- All information will be protected in line with our ISO27001 policies and procedures.
- Entry controls. Restricted access to only authorised personnel.
- Secure lockable desks and cupboards.Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
- Methods of disposal.Paper documents are disposed of by shredding in a manner that ensures confidentiality.
- Equipment. Our internal policies require that individual monitors do not show confidential information to passers-by and that users lock or log-off from their computer when it is unattended.
Some of the data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by personnel operating outside the United Kingdom who work for us, our group companies or for one of our suppliers. This includes staff engaged in, among other things, payroll processing by submitting your data, you agree to this transfer, storing or processing. If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we will store your personal data
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
Length of time
Where we use/store your data because it is necessary for the performance of the contract between you and us
We will use/store your data for as long as it is necessary for the performance of the contract between you and us
Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject
We will use/store your data for as long as it is necessary for us to comply with our legal obligations
Where we use/store your data because it is necessary for our legitimate business interests
We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data for as long as it is necessary for the performance of the contract between you and us (or, if earlier, we no longer have a legitimate interest in using/storing your data)
Where we use/store your data because you have given us your specific, informed and unambiguous consent
We will use/store your data until you ask us to stop
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
- You have the right to object to us using/storing your information for direct marketing purposes.
If you wish to exercise any of your legal rights, please contact our chief information security officerby writing to the address at the top of this policy, or by emailing us at email@example.com.
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
We do not use automated decision-making processes.
Changes to our policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by post or email or via social media. Please check our website frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Chief Information Security Officer by writing to the address at the top of this policy, or by emailing us at firstname.lastname@example.org.