Privacy policy 2.0 - UK

Privacy policy 2.0 - UK

November 2018

BOKIO PRIVACY POLICY

Bokio AB (“Bokio” / “we” / “us” / “our”) is a company incorporated in Sweden, with an office address at Bokio AB, Kungsgatan 42, 411 15, Gothenburg, Sweden. Bokio is committed to protecting and respecting your privacy.

When you access www.bokio.co.uk (our “website”), or use any other Bokio Service, Bokio will collect, store and process certain data. This privacy policy (“Privacy Policy”) sets out the basis on which any personal data collected from you, or that you provide to Bokio, will be processed by Bokio. Please read the following carefully to understand how we will use your personal data.

Bokio is a data controller. For the purposes of data protection legislation in the UK, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.

Who this policy applies to. This Privacy Policy applies to all “Users” of all “Bokio Services”, including all “User Data” (as each term is respectively defined in the Bokio T&Cs which can be read here www.bokio.co.uk/gdpr

You should read this policy. It is important that you read and retain this policy, together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.

  1. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, AND HOW DO WE USE IT?

    1. When you use any Bokio Service, including when you share information with Bokio or upload data into our website, you may provide Bokio with the following types of personal data. We collect this personal data where it is necessary in order for us to provide the Bokio Services to you or where it is necessary for the purposes of legitimate interests pursued by us. We may collect and process such personal data in accordance with this Privacy Policy, for the following purposes:

      a) Contact data: This may include name, address, email address and telephone number. We use this information so that we can communicate with you. This information is also necessary in the proper administration of payroll, invoicing and bookkeeping services.

      b) Profile data: When registering an account with Bokio, you have the ability to provide information about yourself including uploading a photograph and selecting language preferences.

      c) Payment data: We will collect payment details from you if you access any of the Premium Features of the Bokio Service (as defined in the Bokio T&Cs).

      d) Session data: This includes your device’s unique identifier details, IP address, hashed passwords, device operating system, time zone setting and time/date of access requests, and information around data transmitted. We may also capture other analytics information (including through use of cookies) regarding use of our website and our app such as pages viewed and traffic patterns. The purpose of collecting session data is to administer, maintain and improve the Bokio Services.

      e) Invoice data: This includes any data contained on an invoice, such as company names, company numbers, contact details (as described above), VAT numbers, receipts and invoice amounts.

      f) Financial data: This information includes national social security numbers, salaries, bonuses, expenses, tax codes, tax rates, benefits, information around absences, and details of payments made or received.
  1. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

    1. We may need to share personal data with selected third parties in the following limited circumstances:

      a) Your staff: In carrying out certain Bokio Services (for example payroll administration), it may be necessary to share certain personal data with your employees, staff and other contractors. This exchange of information is necessary for the completion of the Bokio Services.

      b) Your customers: In carrying out certain Bokio Services (for example invoice administration), it may be necessary to share certain personal data with your customers. This exchange of information is necessary for the completion of the Bokio Services.

      c) Your business affiliates: In carrying out certain Bokio Services (for example invoice administration), it may be necessary to share certain personal data with your business affiliates, such as suppliers, creditors and debtors. This exchange of information is necessary for the completion of the Bokio Services.

      d) Third party service providers: In carrying the Bokio Services we may share personal data with the providers of certain IT systems and services (including email services and marketing tool providers) that we use to build, host, administer and maintain the Bokio Services. Additionally, certain personal data may be shared by Bokio in the normal course of business, including with our back office personnel, external legal, accounting, financial or other professional service providers, or parties facilitating payment services (including but not limited to our banks and direct debit service providers).

      e) To comply with legal or regulatory requests: If we are under a duty to disclose or share personal data in order to comply with any legal or regulatory obligation, we may share personal data with a regulator or law enforcement agency, for example HMRC.

      f) Prospective buyers or sellers: In the event that Bokio buys or sells any business or assets, we may disclose certain personal data to the prospective buyer, investor or seller of such business or assets. So far as possible we will share anonymised data with the other parties before any such transaction completes. If Bokio (or substantially all of Bokio’s assets) is acquired by a third party, personal data held by Bokio, or within such assets, may be transferred to such third party.
  1. TRANSFERS OF YOUR PERSONAL DATA

    1. We will not transfer your personal data outside of the EEA, except to selected third parties that we have instructed to help us provide services to you, for example if we utilise cloud-based platforms to store data, which may involve use of geographically distributed data centres.

    2. Where such transfers are to a country outside the European Union, we rely on one of the European Commission’s adequacy decisions (for example, relying on a Privacy Shield certification where the transfer contains a US entity) or we will use reasonable efforts to put in place appropriate safeguards to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the Privacy Shield for US companies.

    3. If there are any other circumstances (for example where we are not processing your personal data in relation to the Bokio Services) which would require us to transfer your personal data outside of the EEA, we will seek your consent to transfer your personal data outside of the EEA. In the event of such a transfer, where applicable, we will put appropriate safeguards in place to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission, or where applicable, relying on a Privacy Shield certification where the transfer involves a US entity.
  1. DATA RETENTION

    1. We take appropriate measures to ensure that your personal data is kept secure. We will store your personal data for as long as is necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, financial and good-practice requirements.

    2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    3. In some circumstances you can ask us to delete your data: see clause 6 below for further information.

    4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

    5. You can also log into our website and manually delete certain personal data which has been submitted to Bokio.
  1. SECURITY

    We have put in place safeguards to prevent your personal data from being lost, used or accessed in an unauthorised way. We limit access to your personal data to those employees, agents or contractors who have a business need to access it. We have a security policy, which you can read here. www.bokio.co.uk/gdpr
  1. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS

    1. As a result of us collecting and processing your personal data, you have the following legal rights:

      a) to access personal data held about you;

      b) to request us to make any changes to your personal data if it is inaccurate or incomplete;

      c) to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;

      d) to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means and is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party; or (iii) steps taken at your request prior to entering into a contract with us;

      e) to object to, or restrict, our processing of your personal data in certain circumstances;

      f) if we use your personal data for direct marketing, to ask us to stop and we will comply with your request;

      g) if we use your personal data on the basis of having a legitimate interest, to object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;

      h) to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and

      i) to lodge a complaint with a data protection supervisory body, which at present is the Information Commissioner’s Office.

    2. To exercise any of your rights set out above please contact Bokio.

    3. We try to respond to all legitimate requests within one month. Occasionally it may take us longer where your request is particularly complex, in such cases, we will keep you updated on timescales. Such requests will be responded to free of charge, but a small administration fee may apply where requests are excessive.
  1. CHANGES TO THIS PRIVACY POLICY

    We reserve the right to update this Privacy Policy at any time, and we will provide you with a new Privacy Policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.
  1. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA

    1. If you have any questions or comments about this Privacy Policy or your personal data, or if you want to exercise any of your rights, including as set out in clause 6 above, or you wish to withdraw your consent where we have stated we are processing your personal data based on your consent, then please contact Bokio.

    2. Bokio’s contact details. You can contact Bokio using the following details:

      Email: support@bokio.co.uk