EEuroTaxAgentLegal Centre

Data protection

Privacy Notice

Version 2.3.2 · Effective date: to be confirmed before production launch

1. Controller

The controller is the legal person identified in the production configuration of EuroTaxAgent. Before launch, the site operator must publish its full legal name, postal address, registration details where applicable, and privacy contact email.

2. Information processed

The public comparison service is designed to operate without requiring visitors to create an account. Server security logs may contain IP address, timestamp, requested path, user-agent and security-event information. Administrator accounts process username, password-derived hashes, session identifiers and audit events. Contact information is processed only when a person contacts the operator.

3. Purposes and lawful bases

Information is processed to provide and secure the service, prevent abuse, maintain auditability, respond to enquiries and comply with legal obligations. The operator must document the applicable lawful basis for each processing activity before production launch.

4. Retention

Security logs, administrator audit records, backups and correspondence must be kept only for documented periods proportionate to their purpose. Production retention periods must be inserted into the operator's records of processing and this notice.

5. Recipients and processors

Hosting, infrastructure, email, monitoring and backup providers may act as processors. A current list of processors, their locations and transfer safeguards must be maintained by the operator.

6. International transfers

Where personal data is transferred outside the UK or EEA, the operator must use an applicable adequacy decision or appropriate safeguards and provide the required information.

7. Rights

Depending on the applicable law, individuals may have rights of access, correction, deletion, restriction, portability, objection and withdrawal of consent. See the Data Rights page.

8. Security

EuroTaxAgent uses access controls, password hashing, secure sessions, audit logging, rate limiting, HTTPS deployment controls and backups. No internet service can guarantee absolute security.

9. Complaints

Individuals may contact the operator and may also complain to the competent supervisory authority, including the UK Information Commissioner's Office where UK data protection law applies.

10. Changes

Material changes will be identified by a new version and effective date. Historical versions should be retained by the operator.