Privacy Policy | 11TaxAssist – UK VAT Filing Software

1. Who we are

11TaxAssist Ltd (company no. 16416027) is the data controller for personal data processed via our websites, products and services unless stated otherwise.

Registered address: 6 Alexander Court, Baker Street, Reading, England, RG1 7XZ.
Email:[email protected].

2. Scope of this policy

This notice explains how we collect, use, share and protect personal data in accordance with the UK GDPR, the Data Protection Act 2018, and other applicable UK laws. It covers data processed when you visit our website, contact us, or use our services.

3. The data we collect

We may collect and process the following categories of data:

• Identity & contact data: name, email, telephone, postal address
• Business data: company name, job title
• Financial & tax data: tax references, invoices, payment details
• Usage & technical data: IP address, device/browser info, log files, cookie identifiers
• Communications: enquiries, support requests and feedback

We collect data directly from you and, where lawful, from third parties such as HMRC, Companies House, banks and payment processors.

4. Purposes and lawful bases

We process personal data to provide our services, comply with legal obligations, manage payments, protect systems, and–with your consent–send marketing communications.

We do not use automated decision–making that produces legal or similarly significant effects without explicit consent.

5. Your UK GDPR rights

You have the right to access, rectify, erase, restrict or object to processing, and to data portability. Where processing is based on consent you may withdraw consent at any time. To exercise your rights contact us (see Contact section).

6. Sharing your data

We share personal data only where necessary, under contracts imposing confidentiality and security obligations (data processors). Typical recipients include:

• Public authorities: HMRC, Companies House (where required by law).
• Payment processors & banks: to collect and manage payments.
• IT & cloud providers: website hosting, email, storage, security/CDN (including Cloudflare)
• Professional advisers: legal, accounting, insurance (where necessary)

We do not sell your personal data

7. International transfers

Some providers may process data outside the UK/EEA. Where this occurs, we implement appropriate safeguards such as UK International Data Transfer Addendum to the EU Standard Contractual Clauses (SCCs), or rely on adequacy regulations, and apply additional technical and organisational measures where appropriate.

Cloudflare (CDN & security)

We use Cloudflare for TLS termination, WAF/DDoS mitigation and content delivery. Cloudflare may process limited operational and security metadata across its global network. We have a data processing agreement in place and rely on appropriate transfer mechanisms. TLS keys are managed securely, and traffic between Cloudflare and our origin uses Full (strict) encryption

8. Security of your data

We implement defence–in–depth security measures including:

• TLS (HTTPS) in transit and, where appropriate, encryption at rest
• WAF, DDoS mitigation, and bot protections (via CDN)
• Access controls, MFA, logging, patching and vulnerability management
• Supplier due diligence and data processing agreements

9. Data retention

We retain personal data only as long as necessary for the purpose collected and to meet legal or accounting requirements. Typical retention periods:

When retention ends, data is deleted or irreversibly anonymised.

10. Cookies & similar technologies

We use cookies for core site functionality and security, and–where you consent–analytics/performance cookies. You can control cookies via your browser and/or our consent banner.

11. Contact us

12. Complaints

You can lodge a complaint with the Information Commissioner's Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: ico.org.uk. Tel: 0303 123 1113. We'd appreciate the chance to resolve your concerns first – contact us at [email protected].