Privacy Policy

CE Back Office Limited (“we”, “us”, “our”) is a UK Limited company (registration number 09813077) registered at 31 Wellington Road, Nantwich, Cheshire, CW5 7ED. This privacy policy covers how we will use, collect and process any personal information provided to us.

Summary

  • We are CE Back Office Limited, and you can contact us at payroll@cebackoffice.co.uk.
  • We process your data to provide our services to you, to meet our legal obligations, and for our legitimate interests.
  • We ensure that data is collected and used fairly and lawfully.
  • We only process your data for as long as we need to, and then we delete it.
  • We take steps to ensure that personal data is accurate and up to date.
  • We provide adequate training for all staff responsible for personal data and all staff are contractually bound to keep personal data confidential.
  • We do not sell or share your data with others unless they are providing a service which allow us to fulfil our contractual agreement (such as HM Revenue and Customers and Pension Providers), or unless you ask us to share your data.
  • We do not market to you without your consent and, if you give us your consent, you can withdraw it at any time.
  • We take security seriously, providing adequate security measures to protect personal data. We host our data on UK based data centres and ensure electronic and hard copy data is secure both when held and when deleted.
  • You’ve got lots of rights, including the right to complain to the Information Commissioner’s Office. If you need a hand in exercising your rights, feel free to contact us: payroll@cebackoffice.co.uk.

How we process your data

Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. In providing services agreed in our terms and conditions, CE Back Office Limited are acting as a Data Processor on behalf of our Client, the Data Controller. We will only process this data upon instruction from the Data Controller.

CE Back Office process personal data for the purpose of providing outsourced payroll services, timesheet software, and payroll consultancy. Accordingly, we handle personal data of Directors / Employers / Agency Workers / Sub Contractors to facilitate the payment of wages to such individuals. The key information that we process is shown below for your information:

Correspondence via Email

When contacting CE Back Office Limited via email your data will be kept indefinitely. Your email address will be stored for the purpose of carrying out our business.

This information is required in order to ensure we can communicate for the purpose of carrying out our services. Email of highly sensitive data will be sent encrypted and / or password protected.

We may also use your e-mail address to send you messages about our services which may include notifications about newly launched services, improvements to existing services, upcoming legislation changes as well as information about our services that you we believe you’ll find useful. If you would rather not receive these messages, please let us know or click the unsubscribe link in any of these e-mails.

We will not send you any other marketing messages unless you subscribe to our newsletter which you can do through our website or our portal. When you do this, you will be consenting with us to use your email address for this purpose. You may with draw this consent at any time by unsubscribing from the messages or contacting us.

Correspondence via Phone

When phoning CE Back Office Limited details of your phone number are recorded by our telecoms provider. Phone numbers will only be used for purpose of carrying out our services.

We may also use your phone number to contact you about our services which may include information about newly launched services, improvements to existing services, upcoming legislation changes as well as information about our services that you we believe you’ll find useful. If you would rather not receive such information, please let us know.

Correspondence via Post

Outgoing post will be marked private and confidential with a return to sender addressed to CE Back Office Limited. Postage of highly sensitive data will be sent recorded delivery and signed for.

We may also use your postal address to contact you about our services which may include information about newly launched services, improvements to existing services, upcoming legislation changes as well as information about our services that you we believe you’ll find useful. If you would rather not receive such information, please let us know.

Correspondence via Web Based Portal

Sharing of personal data in relation to our services will be shared with you and your employers / workers / sub-contractors via web-based portal. The ISO 27001 accredited portal allows secure access for individuals to access their payslip and from June 2018 clients can submit and access their payroll data.

We may also use your postal address to contact you about our services which may include information about newly launched services, improvements to existing services, upcoming legislation changes as well as information about our services that you we believe you’ll find useful. If you would rather not receive such information, please let us know.

Correspondence via SMS

Mobile data may be used for the purposes of providing our services. This could include contacting an individual regarding a payroll related query or sending SMS for net pay or e payslip login information. As part of this process mobile phone data may be shared with SMS providers.

We may also use your employee mobile data to contact them about our service updates which may include information about newly launched services, improvements to existing services, upcoming legislation changes as well as information about our services that you we believe you’ll find useful. For example, instructing workers on changes to pension contribution levels. If you would rather not receive such information, please let us know.

Company Data

CE Back Office hold company data including contact details, customer information and financial records as well as employee and worker data. All data held will only be used for the purpose of providing our services and will only be shared with third parties when required to carry out our services or to meet legal obligations.

Employee and Worker Data

Personal Data

We hold personal data including National Insurance Number, Address, Date of Birth, Job Title, sickness and absence records. Data is required for the purpose of processing payroll and may be shared with third parties in order for us to provide the services agreed or meet legal obligations.

Bank details

Bank details may be held for your employees / workers / sub-contractors to allow electronic payment of wages by either our Client or by CE Back Office on behalf of our client. This data may be shared with third parties including HM Revenue and Customs and our banking provider.

Email address

Email addresses may be held for your employees / workers / sub-contractors. Correspondence regarding payroll such as pension communication letters and e payslip log in information may be emailed to your employees / workers / sub-contractors. As part of this process email data may be shared with email providers.

Phone numbers

Phone numbers may be held for your employees / workers / sub-contractors. Such data will only be used for the purposes of providing our services which may include contacting an individual regarding a payroll related query or sending SMS for net pay or e payslip login information. As part of this process mobile phone data may be shared with SMS providers.

Third party processors

When providing our services, CE Back Office are required to share your data with third party processors. We maintain a list of all such third parties. Data is only shared on a need-to-have basis.

Professional services – We may share your details with professional service companies which includes our software providers.
Government Agencies – We may share your data with Government and associated agencies such as HM Revenue and Customs and the Department of Work and Pensions.
Pension Providers – We may share your data with your chosen Pension Provider. You should review their own privacy information.
Banking services – We may share your details with banking providers when processing worker payments on your behalf.
Technical support – We may share your data with our provider of IT support.
Communication services – We may share your details with companies who provide us with communication services such as email, telecom and SMS providers.
Cessation of Services

If you cease to use the services provided by CE Back Office Limited, your data will still be held for 7 years prior to the current payroll year. If you require data to be deleted, a copy of all data will be provided in a readable format so that the Client can meet legislative obligations of holding payroll records. Data will be deleted upon written request.

Correcting your personal data

It is important to us that the information we store is up to date and accurate. You may update your details at any time by contacting us.

Retention

We will retain personal data for 7.5 years. This is due to legislative requirement to maintain records for 6 PAYE years prior to the current PAYE year while allowing us a 6-month period to delete the personal data held.

Removal of your personal data

In some cases, you may be able to request that we remove your personal data from our systems. While some data will be removed, we are required to keep some data we hold for legislative compliance. Data will be held for 7 years prior to the current payroll year. After this period data will be deleted.

Your rights

You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.

Notification of data breaches

Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by e-mail to the main contact we associate with your account.

Electronic storage of data

No method of electronic storage can be 100% secure, however, we have sophisticated and detailed security & development policies that govern our systems & applications to help ensure your data is as secure as it can be.

Transferring your personal data internationally

Like many other organisations, we may use third parties in other countries to help us run our business. This may include countries outside the European Economic Area. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. If we transfer personal data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will use a mechanism which covers the requirements for the transfer of personal data outside the EEA, such as the European Commission approved standard contractual clauses.

Changes to our privacy policy

We may need to make changes to this privacy policy from time to time. All changes will be published to our websites and we recommend reviewing it to stay up to date. If we make any changes that we feel may affect your privacy rights, we will notify you by e-mail or by displaying the information within our customer portal.

Our lawful basis for data processing

Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data in our legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.

Where our processing is based on consent, you may withdraw consent at any time.

Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our services to you if you do not give us the data in question.

Disclosure of information to law enforcement agencies

We may disclose your information if we are requested to by any law enforcement agency where we believe we are required to comply with the request under any applicable laws.

Data protection authority

You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner’s Office (ICO) in the United Kingdom (our authority).

The ICO can be contacted at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.gov.uk.

Client Obligations

As a Data Controller, when sharing data with CE Back Office Limited you agree that you have the necessary permission to permit CE Back Office Limited in the processing of such data. In agreeing to use the services provided by CE Back Office, the Data Controller gives CE Back Office Limited the right to process the personal data provided for the purposes of fulfilling the contractual agreement. The Data Controller must also keep CE Back Office Limited updated with any changes to the data to ensure accurate date in maintained.

Audit

CE Back Office Limited shall make available all information reasonable necessary to demonstrate compliance with its processing obligations.

Contacting us

If you have any queries about our privacy policy feel free to contact us on 01270 899112 or email payroll@cebackoffice.co.uk.

Share This