Rhino Software Limited – Privacy Policy

Introduction

Rhino Software Ltd are committed to ensuring the privacy and security of personal data we process about you.  This privacy policy is applicable to the website “rhinoapps.com”, the “Making Tax Digital” service, and the Social Media accounts we use to engage with you under the Rhino brand.

The purpose of this Privacy Policy is to provide you with the information that we are required by Data Protection law to disclose about when and how we collect and process your personal data, and how you may exercise your data protection rights over that processing.

We are Rhino Software Ltd registered in England & Wales, company number 09379891, and for the purposes of UK Data Protection legislation, are a Data Controller of your personal data.   We are registered with the Information Commissioners Office, and should you wish to verify this, our registration number is ZA222361.

Should you wish to contact us to discuss the privacy or security of your personal data, you can do so by email at enquiries@rhinoapps.com

Our processing of personal data

When What Why How, Lawful Basis & Retention?
You contact us by telephone or email expressing interest in Rhino’s “Making Tax Digital” service Your name, business name, telephone number and/or email address, postal address, and whether you are a member of the Federation of Small Businesses (FSB) To respond to your enquiry and provide the information you are requesting from us.

To ascertain if you qualify for FSB discounted rates for a Rhino “Making Tax Digital” subscription.

With your consent, we will also use this information to keep you updated on Rhino’ “Making Tax Digital” service features and offers.

We collect this based on the information you provide to us during your call or email.

We process this data in the “Performance of a Contract” to respond to your direct enquiry.

We retain all enquiry information for a period of no more than 20 years.

You use our “Schedule and Appointment” feature of our website Your Name, Email Address, any guests you also wish to attend this appointment and any other information you volunteer. To book your appointment with a Rhino representative. Rhino use a third-party called “Calendly” to provide this service and you provide this information when completing the appointment request.

We process this data in the “Performance of a Contract” to book your appointment, and we retain details of such appointments for 20 years from the date they are made.

Create a Rhino “Making Tax Digital” Account through the Making Tax Digital App or via the the rhinoapps.com website Your name, business name, telephone number, email address, postal address, and whether you are a member of the Federation of Small Businesses (FSB) We need and will use these details to set up your account and provide the Rhino “Making Tax Digital” service, ensuring you pay the right subscription, and to identify you in the case of a support request. You provide these details to us during the account creation process, and during your use of the application.

We process this data in the “Performance of a Contract” to provide the Rhino “Making Tax Digital” subscription.

We retain this data for as long as your subscription remains active, and for up to 10 years after you cancel your subscription.

You contact us, or our appointed partners by telephone or email to obtain support in using the Rhino “Making Tax Digital” service Your name, business name, telephone number and/or email address, postal address, and whether you are a member of the Federation of Small Businesses (FSB) To identify you as a user of the Rhino “Making Tax Digital” service, validate your account and support your request We collect this based on the information you provide to us during your call or email, and through the information you have provided when creating your Rhino “Making Tax Digital” account.

We process this data in the “Performance of a Contract” to respond to your direct enquiry and retain all enquiry information for a period of no more than 10 years.

International Data Transfers

Like many cloud-based services, the Rhino “Making Tax Digital” platform is built upon cloud-infrastructure provided by leading Cloud Service Providers.  Access to this infrastructure is strictly controlled and limited to Rhino and its contracted development partner, for the sole purposes of providing the “Making Tax Digital” service, monitoring usage and performance, and carrying out maintenance work and upgrades to the application and infrastructure.

Rhino always strive to ensure that all personal data is held within cloud infrastructure hosted within the European Union and therefore subject to the EU General Data Protection Regulation, however this is not always possible.  Where it becomes necessary for data to be transferred outside the EU, we ensure and require those providers to enter into and agree, strict contractual clauses, and to adopt and maintain the highest standards of security in accordance with guidance from the National Cyber Security Centre and the UK Information Commissioners Office.

Security

Rhino regularly undertake rigorous security testing of our “Making Tax Digital” application and cloud infrastructure, engaging independent third-party security consultants to provide comprehensive testing, to reassure our service users, business partners and regulators that our platform and infrastructure are secure.  Our last such security audit was completed and certified on 22nd October 2021.

To limit risk and further protect our infrastructure, Rhino do not disclose publicly the cloud partners we work with in providing the “Making Tax Digital” service.  In the interests of transparency, we can however disclose that we are working with a leading cloud service provider for the provision of our cloud infrastructure.

If you have any questions around these arrangements, please direct them to us using the contact details above. Although any such information requests will not be unreasonably refused, Rhino reserves the right to maintain confidentiality where we reasonably feel any disclosure may place the “Making Tax Digital” platform at risk.

Confidentiality & Data Sharing

Where you subscribe to the Rhino “Making Tax Digital” service and are an unincorporated business, Rhino Software Ltd will be required by law to share with Her Majesty’s Revenue and Customs, data that is considered to be your Personal Data.

Rhino will additionally share personal data about you with our relevant partner organisations outlined below under the following conditions;

  • If you are a member of (or you tell us you are a member of) the Federation of Small Businesses (FSB), we will share your personal data with The National Federation of Self Employer and Small Businesses, for the purposes of validating your FSB membership and for the provision of support of the “Making Tax Digital” service by FSB.
  • Where Rhino partner with other third-party organisation to subsidise the cost of your “Making Tax Digital” subscription, or where a third-party organisation acts as lead generation and sales agents, we will share limited personal data with those third parties for performance reporting, sales analytics and commission or payment reconciliation.

Rhino will not sell, rent or lease your personal data to any other third-parties without your explicit consent, and considers that your use of the “Making Tax Digital” service, including all content of the service and your communications with Rhino or our service partners, are private and confidential.

Your Data Protection Rights

While using the Rhino “Making Tax Digital” service, you can ask us to;

  • provide you with a copy of or access to all information we hold about you (the right of access),
  • provide you with an export of your data that you can use to transfer to another provider (the right to data portability),
  • correct it if it is inaccurate (the right of rectification),
  • erase it (the right to erasure).

You may exercise these rights at any time via the Rhino MTD application.  As the processing of personal data is necessary for the provision of the “Making Tax Digital” service, you are not able to exercise your right to object or right to restrict processing whilst holding an active subscription.

Rhino do not undertake any processing which is classified as Automated Decision Making or Profiling.

When engaging with Rhino for more information about Rhino products or services, or for any other purpose that is not the creation, support and maintenance of a “Making Tax Digital” service account or subscription, you can ask us to;

  • provide you with a copy of or access to all information we hold about you (the right of access),
  • correct it if it is inaccurate (the right of rectification),
  • erase it (the right to erasure),
  • object to our use of your personal data for specific reasons such as marketing,
  • ask us to restrict the processing of your personal data for any reason.

The easiest way to exercise these rights is to contact our privacy team using the details in the “Who are we” section above.

If for any reason you feel your privacy rights are being breached, please let us put that right for you by contacting our privacy team using the details in the “Who are we” section above.  In the event that you still remain unhappy, you are of course entitled to raise your concern with the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner’s Office,  Wycliffe House,  Water Lane,  Wilmslow,  Cheshire,  SK9 5AF