Keeping your data secure and maintaining your privacy is a significant responsibility and one that we take very seriously. We’ve written this policy to help you understand “what” personal information we collect, “how” we process it, “where” it is stored and how you can access or request deletion of your personal data.
When we refer to “Personal Data” we mean any data held on our system that directly or indirectly identifies an individual. This includes information that you have entered onto the system or have granted access to via a third-party integration.
We may also collect Personal Data about you in relation to how you use your account, i.e. where you are logging in from, how often you log in and what specific features you routinely use. This helps us to tailor your user experience and enhance security.
We comply with current UK Data Protection Legislation which implements the European Community’s Directive 95/46/EC and Directive 2002/58/EC, including, but not limited to, the DPA and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
From 25th May 2018 this will incorporate Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”).
Information you provide
This includes the Personal Data you provide, or somebody else provides on your behalf when completing any of the following activities:
- Registering a new QuickFile or Forum account
- Submitting information or uploading data within a QuickFile or Forum account
- Subscribing to a mailing list
- Ordering a standalone product or service
- Initiating a support request or submitting information on our “contact us” form.
- Completing a product referral form
- Completing an online survey or questionnaire
The information may include the following types of direct or indirect Personal Data:
- Your name
- Your contact information (e.g. phone, email, address etc)
- Employee details
- Personal Data contained within receipts and invoices
- Personal Data contained within uploaded files
- Personal Data contained within bank account transactions or other merchant service transactions
Our service is not intended for anyone under the age of sixteen, and we do not knowingly collect or solicit personal data pertaining to children. In the event we have collected and identified data for anybody under the age of sixteen without parental consent, we will proceed to delete this information as quickly as possible.
QuickFile do not collect or process special categories of personal data, as defined under GDPR.
Information we collect
We also collect information about how you use your account, this helps us to deliver a more customised user experience, identify trends and improve security. Some of this data may be “Personal Data”, in cases where it can be used to identify a person. Here is the information we collect and how it is used:
- Login dates and IP addresses - This allows us to understand how you are using QuickFile and identify unusual access patterns.
- Account usages statistics - This includes things like how much time you spend on the website and which features you use. This helps us to optimise your user experience and make you aware of specific features that may be of interest to you.
- Website traffic - This includes general information on how you found our website, which referring site you arrived from (e.g. Google, Facebook etc), and what device or browser you are using. This helps us to improve our marketing strategies and tailor our website for different devices.
- Order history - This information includes a record of any orders you place. This helps us to fulfill our obligations to you and provide accurate financial records when requested.
- Email opens and bounces - We track when the emails we send are opened or bounced. This allows us to optimise our mailing list by delisting addresses that are inactive or unresponsive.
Information provided to us by third-parties
In some cases we may receive Personal Data that has been passed to us by a third-party such as a payment processor or bank. This information is only received when you explicitly consent to share your information with us.
Financial Data you enter into QuickFile
In addition to Personal Data you may also enter Financial Data into the QuickFile website. This can include sales invoices, estimates, purchase invoices, uploaded receipts and bank transactions.
The Financial Data you provide QuickFile is used as part of the service we offer you, in order to compile accounting information, generate financial reports and deliver other functionality you would expect from us as an accounting software platform. We will not pass this information onto any third-party without your consent.
In order to safeguard your information we ask that you take great care to ensure your password remains private and take all reasonable steps to protect your account from unauthorised access. We also ask that when providing the Personal Data of others, that you do so with full consent and in accordance with current Data Protection Legislation.
How we use your Personal and Financial Data
In this section we explain how your Personal and Financial Data is used by QuickFile.
To provide a service
First and foremost your Personal Data and Financial Data will be used to provide you with a stable and reliable service. We will use your Personal Data to provide you access to the QuickFile service and from time to time to contact you by email, SMS, post, phone or social media concerning your account or any related matters that may be of interest to you.
You may choose to share your Personal Data and Financial Data with your own accountant or a third-party accountant you engage on the QuickFile website. You may also elect to use a third-party Marketplace Application to provide additional functionality for your account. Your data will only be shared with your explicit consent, although we do ask that you carryout appropriate due diligence before granting any third-party access to your account.
To improve our service
We will use your Personal Data and Financial Data to improve our service to you. This can be through administering support, tracking feature usage, collaborating on beta development or resolving bugs. We may from time to time rely on trusted outsourcing partners to help with some of these tasks. In such cases we will always perform thorough risk assessment and establish strong privacy controls for any outsourcing partner.
To monitor trends
We collect anonymised data about how people use the QuickFile website. This includes collecting information on the number of visitors, what pages or features are accessed, which country visitors are connecting to the website from, browser types, display size and average viewing times. We may occasionally share this anonymised data with our community, although we will never include specific Personal Data here or any information that would identify you or your business.
Keeping you informed
We will occasionally contact you by email, SMS, post, telephone or social media to let you know about new features, forthcoming changes and relevant industry news. You reserve the right to opt-out from this type of correspondence at any time. You can either click the unsubscribe link or contact us 3 and we will arrange that for you immediately.
We may also send you non-promotional notifications to update you on specific activity or events in your account. This may include when one of your customers queries or pays an invoice. It may also include reminders relating to your subscription or account status. If you prefer not to receive these types of notifications, we ask you to close your QuickFile account.
Exporting your Data
Upon request we can provide you with an export of your Personal Data and Financial Data in a universal machine readable format. You may also schedule a recurring export of your data on a weekly or monthly interval. These can be delivered by email or copied into your own Dropbox account. These exports do not contain file contents such as receipts and image scans, this type of data can be exported separately from your Document Management 2 area upon request. Due to the multi-tenanted design of our software, we are unable to restore your account to a specific point-in-time from a previously issued data export.
Deleting your Data (Right to Erasure)
Upon request we will physically delete all Financial Data entered into your account. This can be instructed from the Account Settings section in your account, under the option “Clear all data in your account 3”.
From May 25th 2018, under the provisions of Article 17 of the GDPR Legislation, you also have the right to request that any Personal Data (Notwithstanding those exemptions listed under Article 17, Paragraph 3) be permanently deleted. Upon receipt of such a request we will take all reasonable steps to ensure that this is completed in an expeditious manner.
Depending on your jurisdiction you will likely be obligated to retain all business accounting records for a set period of time. We advise you to execute a backup of your account before instructing any deletion of your Financial Data. Once we have received a request to delete your data we will be unable to reverse this process.
We don’t store credit or debit card details
We use a third-party payment processor (Worldpay UK Ltd) to collect credit and debit card payments for annual subscriptions and related products and services. We never directly collect or store payment card information on our servers.
Other ways in which we may share your data
In this section we explain a number of other circumstances in which we may share your Personal Data or Financial Data.
Third-party web services
In some cases it will be necessary to share Financial Data or Personal Data with a third-party web service you have authorised to work with your QuickFile account. This may be something like passing invoice information to a third-party payment processor like PayPal or Stripe. It may also include the export of your data to a document storage service like Dropbox.
In these cases data will be shared only on the basis that you have provided explicit consent and that you have completed the necessary authorisation for us to pass data to each of these web services. When we work with a third-party web service in this way, we always make sure that your data is only sent over a secure encrypted connection.
In order to provide a robust and reliable service, we depend on a number of cloud service providers to carry out key operations within our business. This includes things like document storage, payment processing, email processing, marketing assistance, social media management and website security.
Whenever we entrust your data with an outsourcing partner, we always carry out thorough due diligence and ongoing monitoring to ensure that appropriate privacy controls are in place and maintained at all times.
We publish a full list of data sub-processors and provide more details on the relevant privacy safeguards for data transfers outside of the EEA here 9.
Sale of business assets
We reserve the right to share Personal Data with a prospective buyer of business assets. This would be subject to the terms of a Non Disclosure Agreement.
Law enforcement disclosures
We reserve the right to share Personal Data with law enforcement agencies, if the restriction of such information may prejudice an investigation into unlawful activity. Such exemptions will be sought under current Data Protection Legislation and QuickFile will have no legal liability for such disclosures.
Keeping your data secure
We recognise the responsibility to ensure that your data is kept safe and secure at all times. We will ensure that whenever your Financial Data or Personal Data is passed to and from our servers, that it is done so on a secure, encrypted connection. This may be when you are accessing data on the Website or when we are required to exchange data with third-party services. You can read more about our data security policies here 17.
We also ask that you ensure your password remains private and take all reasonable steps to protect your account from unauthorised access.
You own all of the Financial Data you enter into QuickFile. More specifically we recognise the owner of an account and the data contained therein as the individual or entity that controls access to the email supplied as part of your login credentials.
In cases where a dispute arises between personnel within your organisation or a third-party (such as an accountant or bookkeeper), we will play no role in arbitrating such disputes and will acknowledge the email owner as the account holder.
Should a dispute over account ownership arise, we ask that you resolve this by establishing control over the QuickFile login email address via your hosting company or IT service provider. When you have relinquished control over the login email address, you may then proceed to initiate a password reset to regain access to an account.
You have the right to unsubscribe from any promotional materials that we may send from time to time, by way of email, SMS, post, phone or any other medium. You will also receive general notifications about account activity such as when an invoice is paid by your client or when a subscription is due for renewal. If you would also wish to cease receiving this type of correspondence we ask that you close your QuickFile account.
Right to Erasure - You have the right to request that your Personal Data is deleted (notwithstanding those exemptions allowed under GDPR and the current UK DPA). You will be able to request removal of all applicable Personal Data and Financial Data from the “Account Deletion 3” section within your account.
Right to Rectification - You have the right to request that any incorrect Personal Data we hold about you is corrected, if that information is inaccurate or incomplete. If you are unable to make the necessary rectification from within your account please contact us 3.
Right to Data Portability - You have the right to request a machine readable export of all Personal Data we hold about you. This will be delivered as a ZIP file containing multiple CSV files.
Right to Object - In certain circumstances you may object to our processing of your personal data. If you wish to lodge an objection, then please contact us 3.
Right to restrict processing - You can request that we restrict the processing of personal data we hold about you in certain circumstances. If you wish to lodge such a request, then please contact us 3.
Right to lodge a complaint - You have the right to make a complaint about our data processing activities to a supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Further details can be found on their website at https://ico.org.uk. We do however ask that you first contact us with any concerns you may have before you escalate a complaint.
Where you in turn are acting as a Data Controller, we will endeavour to make all reasonable efforts to assist you in the identification, rectification, extraction, or deletion of any Personal Data you have provided to us in the capacity of a data processor.