Who are we?
This website is operated by Ledgerscope Services Limited, a company registered in England (Company Number 10803032) and referred to either as Ledgerscope, we, our or us throughout this policy) with a registered office at Kemp House, 160 City Road, London, EC1V 2NX.
We provide a range of online services known as Movemybooks, Backupmybooks and Ledgerflow (the Services) from each of the following websites: movemybooks.co.uk, movemybooks.ca, backupmybooks.com and ledgerflow.net and/or any of the applications used for the purposes of accessing the Services (the Websites).
Ledgerscope is committed to protecting and respecting your privacy and complying with the applicable Data Protection Laws (meaning the Data Protection Act 1998 and, unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998).
The Services provided by Ledgerscope typically involve collection, transformation, display and onward transfer of accounting data, and we provide these services primarily to two types of Client: business owners and their accountants. The decision to have Ledgerscope process the data is made by the business owner, or their accountant, and it is they who are the Data Controller as defined by the General Data Protection Regulation ((EU) 2016/679) (GDPR).
Transfer of data outside the European Economic Area
Ledgerscope carries out the transfer of accounting data on the instructions of its Client, who is the Data Controller. Some of the third-party operators of a Source Platform and/or Destination Platform may be based outside the United Kingdom, and you will have your own data processing arrangements in place with them. Their processing of your personal data may involve a transfer of data outside the European Economic Area (EEA).
The legal mechanism (e.g. the Standard Contractual Clauses or SCCs) permitting the transfer of personal data internationally is between the Client and the new accounting software provider (the Destination Platform).
Each Destination Platform has taken steps to ensure compliance in this respect, and their respective privacy documentation refers to the SCCs (or other appropriate mechanism) as being in place to cover the international transfer of Client personal data:
– Xero’s privacy notice (https://www.xero.com/uk/data/xero-and-gdpr) and data processing addendum (https://www.xero.com/uk/legal/terms/data-processing) suggest that they rely on different legal mechanisms with regards to the international transfer of data, including the New Zealand adequacy decision and the SCCs.
– Intuit’s privacy statement (https://www.intuit.com/privacy/statement) also refers to the SCCs.
– Sage’s data protection addendum (https://www.sage.com/en-gb/legal/terms-and-conditions/product-and-service-terms-and-conditions/data-protection-addendum) refers to the SCCs.
Other than when transferring your accounting data between a Source Platform and a Destination Platform, we shall not transfer your personal information outside the EEA.
If a Client of Ledgerscope requires more information regarding the legal mechanism for the cross-border transfer of data, enquiries should be directed to the operator of the Destination Platform.
Third party links
Please note that this policy applies only to our Websites and not to the websites of other organisations to which we may provide links. Clicking on links to other websites may allow third parties to collect or share data about you. We are not responsible for the privacy policies or practices of such third-party sites and you should make your own enquiries in respect of them.
What information do we collect about you?
Personal data for the purposes of the UK’s data protection laws means information about an individual (rather than the name of a company or a partnership for example) from which that person can be identified.
The personal data we collect about you will fall into one of the following categories:
Identity information – information used to ensure we can identify the user of our Services which includes your full name, a username or other identifier when using our Websites;
Contact information – the details we need for getting in touch with you when providing our Services to you including your email address, telephone numbers and any billing or delivery address;
Financial and Payment details – whilst we do not collect or store your bank account or payment card details (as these are all processed by third party service providers), we do retain information about whether you have paid for our Services and details of the Services you’ve received so we can correctly manage your payments to us;
Profile and Usage data – the information about how you use our Websites and Services, your preferences in relation to the Websites, Services and technology used as well as any feedback we receive from you about our Services; and
Marketing and Communications details – information about how you prefer to communicate with us when we are performing our Services for you and also how you might wish to hear from us about our other Services and Websites.
This website is not intended for children and we do not knowingly collect data relating to children.
We do not collect what is known as ‘Special Categories of Personal Data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
Nor do we collect any information about criminal convictions and offences.
As noted above, we do not collect or store any of your information which is needed to make payment for our Services, which may include your bank account details or payment card details and details of the Services you’ve received, but this will all be information that you are asked to provide to one of the third party payment service providers that we use for this purpose.
What information do we collect that is not about you but is Client Data?
Each of our Services involves you providing us with financial or accounts related data (we call this the Client Data) which has been previously hosted on a third-party accounting system (the Source Platform) and for which you are requesting one of our Services (which might include transferring that Client Data to an alternative third-party accounting system (the Destination Platform).
The majority of Client Data that you will provide to us will not be ‘personal data’ as such term is defined in Data Protection Laws.
Because there is a possibility that some of the Client Data may include small items of personal data you acknowledge and agree that in respect of such Client Data you act either as a Data Controller or as a Data Processor and that, as a result, we act as a data processor and/or as a Sub-Data Processor in relation to any such Client Data which is also personal data. All terms used in this provision have the meanings given to them in the Data Protection Laws.
You understand and accept that in providing our Services to you we will make use of the services of and transfer data from and to the third-party operators of the Source Platform and Destination Platform with whom you will have your own data processing arrangements in place. They have not been appointed as third-party processors by us, but are acting as your third-party processors in relation to Client Data.
You will have entered or (as the case may be) will enter with these third-party processors into a written agreement substantially on that third party’s standard terms of business incorporating terms which are substantially similar to those set out in this section on the use of personal data. As between you and us, you shall remain fully liable for all acts or omissions of any third-party processor appointed by you in this way.
Client Data processed by us will be deleted by us 30 days after processing.
How and when do we collect personal information?
If you are a Client of Ledgerscope, we collect the personal information that you provide to us when you register as a Client or create an account on one of our Websites. If you use a form on our Websites, phone or email to contact us we will store included personal information.
You may also opt-in to receiving emails with the latest news and special offers from us in which case we will store provided personal information. Any marketing you receive from us will not relate to communications from or services of any third party, but will only relate to our Services and/or Websites and offers or updates relating to them. You can manage your preferences for what marketing emails you receive from us at any time by using the link in our emails titled “Manage your email preferences”.
As explained above, for the purposes of providing our Services we may also receive Client Data which could include some personal data about third parties. This Client Data will either be provided to us by you or by the third-party provider that you have identified as providing your Source Platform.
We do not collect personal information in any other way.
How is the information about you used?
We will only use your personal information for purposes you would reasonably expect. Primarily this will be to provide our Services to you, but also to facilitate our business processes such as accounting, marketing, record keeping and to generally manage your relationship with us. What this means is that your personal information will only ever be used by us in the following circumstances:
– to perform our contract for the Services that you have requested and purchased from us;
– to comply with a legal or regulatory compliance obligation; or
– because it is necessary for our legitimate interests and we have assessed that your interests and fundamental rights do not override our legitimate interests.
We do not rely on consent as a legal basis for our processing of your personal information.
Below we have explained the different purposes for which we will use the different types of personal data we may have about you and the specific lawful condition for our processing:
|Type of information||Purpose for which we use it||Lawful condition for processing|
Identity information; and
|To register your account with us as a new Client||
Perform our contract for the Service; and
Because it is necessary for our legitimate interests (where you are not an individual but a company, partnership or LLP with whom we have a contract)
Financial and payment details; and
Marketing and Communications details
To provide the Services requested; and
Manage your account and payments due
Perform our contract for the Service; and
Because it is necessary for our legitimate interests (to recover debts due to us)
Profile and Usage Data; and
Marketing and Communications details
|To administer and protect our business, our Services and Websites (which will include troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
Because it is necessary for our legitimate interests (to provide IT services, improve and keep our Websites updated, prevent fraud and ensure network security); and
To comply with legal or regulatory compliance obligations
Financial and payment details;
Profile and Usage Data; and
Marketing and Communications details
|To send you recommendations about our other Services and Websites which we believe may be of interest to you||Because it is necessary for our legitimate interests (to develop our Services and grow the business)|
Financial and payment details; and
Marketing and Communications details
|Archived records following the retention periods described below will be marked inactive and hidden from our active client relationship management system with restricted access controls added||
Because it is necessary for our legitimate interests (to meet our auditing requirements and for compliance purposes, maintenance of integrity of databases and service logs); and
To comply with legal or regulatory compliance obligations (including retention of transactional details for tax purposes)
Will my personal information be provided to third parties?
We may share your personal information with third parties but only in the strictly limited circumstances set out below.
– We will provide certain personal information to service providers with whom we work, where necessary to fulfil our commercial obligations to those providers. These are the third-party service providers who provide the Source Platform or Destination Platform, and so you also have a direct contractual relationship with them for the use they make of your personal data and/or Client Data (which may or may not include personal data of other individuals (as explained above)). It is therefore up to you to ensure that such parties maintain the same levels of security for your personal information as us and are bound by a legal agreement with you directly to keep your personal information private and secure.
– In certain circumstances we may share your personal information with affiliated companies and service providers who perform functions on our behalf and you may be asked to provide your information to those service providers for purposes such as processing payments, carrying out promotional services or data management, and our internet service provider (although we use HTTPS for our Websites so all interaction between an internet service provider and our Websites is encrypted). These third parties must at all times provide the same levels of security for your personal information as us and are bound by a legal agreement to keep your personal information private and secure. We do not allow these third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
– We may also supply your personal information to government bodies and law enforcement agencies but only: if we are required to do so by the requirements of any applicable law; if in our good faith judgment, such action is reasonably necessary to comply with legal process; to respond to any legal claims or actions; or to protect the rights of Ledgerscope, our Clients and the public.
– In specific circumstances we may need to share your personal information with professional advisers acting on our behalf or providing services to us including lawyers, bankers, auditors and insurers based in the United Kingdom and who provide consultancy, banking, legal, insurance and accounting services.
– We may also need to share your personal information with HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
How long will my personal information be retained?
We will only process personal information relating to Clients, individuals who have contacted us and people who choose to opt-in to us sending them emails with the latest news and special offers in the ways set out in this statement.
Following a period of 24 months from the date of the last Client request for Services or the last non-Client contact we will stop processing personal information and such individual’s information will be archived. Although archived and hidden by our systems from active engagement with this information, we will retain the information which relates to our provision of the Services as an inactive record, rather than deleting for the purposes of our auditing and legal compliance requirements.
We will process the information of people who opt in to emails with the latest news and special offers until such time as they unsubscribe.
Will I be sent information that I did not ask for?
To keep you informed about the latest news and special offers but only relating to our own Services we may contact you by email. If you do not wish to receive these emails you can unsubscribe using the link included with each email.
Any marketing you receive from us will not relate to communications from or services of any third party, but will only relate to our Services and/or Websites and offers or updates relating to them. You can manage your preferences for what marketing emails you receive from us at any time by using the link in our emails titled “Manage your email preferences”.
A cookie is a small text file that is sent to and stored on your computer. We use essential cookies served by our website hosting service and by Google for the purposes of analysing usage of our Websites. None of the cookies we use allow us to identify an individual user.
ga – Google cookie used to distinguish website users. (Expires after 2 years).
gid – Google cookie used to distinguish website users. (Expires after 24 hours).
gat – Google cookie used to throttle request rate. (Expires after 1 minute).
What security will exist?
We are committed to protecting the privacy of your personal data. We use appropriate standards of technology and operational security to protect personal information including a Secure Server (based in the EU) and network firewall connection. Operationally, access to personal information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Internet and data storage
The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our Websites is at your own risk.
What are my legal rights in relation to my personal information?
In specific circumstances (usually dependent on the lawful condition for processing that we have relied upon to deal with your personal information) you have legal rights under Data Protection Laws.
You have the right to:
– Request access to your personal data (this is usually known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your information in this way, but if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee or refuse to comply with your request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response;
– Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
– Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which we will tell you about, if applicable, at the time of your request;
– Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
– Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
– Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
– If we were ever to rely on consent for processing your personal information then you can withdraw that consent at any time. However, we do not currently rely on consent for any of our processing of your data. If ever applicable to you, this right will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of your legal rights at any time, please get in touch with us using the details provided below.
How to get in touch with us
Name of Contact: Matthew Steeples
Email Address: firstname.lastname@example.org
Postal Address: 160 City Road, London EC1V 2NX
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.