1. Who we are

SmartC Digital LTD is a company registered in the United Kingdom, providing accounting and tax compliance software solutions, including integrations with HMRC for Making Tax Digital (MTD).

ICO registration number: ZB982564

2. Data we collect

• Identification data: name, company name, address, email, phone number.
• Account information: login credentials, authentication tokens.
• Financial information: invoices, receipts, transaction records, tax records.
• Usage data: log files, device identifiers, IP address, and browser type.
• Documents uploaded: PDFs, CSVs, receipts, or invoices necessary for accounting purposes.

3. Sources

• Directly from you when you register, use our software, or contact us.
• From HMRC when you authorise SmartC to access your tax information via OAuth 2.0.
• From third-party services integrated into SmartC (e.g., payment providers, banks, or accounting platforms).
• From cookies and analytics tools to improve user experience.

4. How we use data

• To provide, maintain, and improve our services.
• To file tax returns and submit financial data to HMRC under MTD.
• To manage billing, subscriptions, and user accounts.
• To comply with legal and regulatory obligations.
• To enhance security, monitor usage, and prevent fraud.

5. Legal basis for processing

• Contractual necessity: to deliver our services to you.
• Legal obligation: to comply with UK tax and data protection laws.
• Legitimate interests: to improve our services and prevent misuse.
• Consent: where required, e.g., for marketing communications.

6. Sharing your data

We may share your data with:

• HMRC, when you authorise us to file or retrieve tax information.
• Service providers who support our infrastructure (e.g., AWS for hosting).
• Professional advisers (lawyers, accountants) when necessary.
• Regulators or law enforcement if required by law.

We do not sell your personal data.

7. HMRC Processing

SmartC integrates with HMRC systems under Making Tax Digital (MTD). When you authorise SmartC, we may process and transmit the following data to HMRC:

• Self Assessment submissions (SA100).
• VAT returns and obligations.
• Construction Industry Scheme (CIS) data.
• Property Income records.

SmartC uses OAuth 2.0 for authentication with HMRC. We do not store your HMRC login credentials. Any access tokens are securely encrypted and used only for authorised communications with HMRC APIs.

8. International transfers

All customer data is primarily stored in the UK. If data is transferred outside the UK or EEA, we ensure appropriate safeguards such as adequacy decisions or standard contractual clauses (SCCs) are in place.

9. Security

• Encryption (in transit and at rest), firewalls, access controls, and penetration testing.
• Access to customer data is restricted based on role-based access controls (RBAC).

10. Data retention

We retain your data only as long as necessary for providing our services and to comply with legal obligations. Typically, tax-related data is retained for at least 6 years, in line with HMRC requirements.

11. Your rights under UK GDPR

• Right to access your data.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten").
• Right to restrict or object to processing.
• Right to data portability.
• Right to lodge a complaint with the ICO.

12. Cookies

We use cookies to improve the user experience, analyse site usage, and ensure platform security. You can manage cookie preferences through your browser settings.

13. Contact & complaints

You may also contact the Information Commissioner's Office (ICO) if you are unsatisfied with our response.

14. Changes

We may update this Privacy Policy from time to time. Any updates will be published on our website, and significant changes will be notified directly to customers where appropriate.