At Springboard IT (UK) Ltd (“Springboard IT”, “we”), we take protecting your privacy extremely seriously. It is really important to us that you trust us with your personal information, so we want to make sure that you understand what information we hold about you and how we collect, store and process it in order to provide our services to you.
What data do we collect in the product and what do we do with it?
The software collects and stores the Business Name, the usual place of doing business and the VAT Schemes that the business is part of in relation to a VAT Registered Business identified by its unique VAT Registration Number. The software can collect this information for multiple VAT registration numbers.
The software communicates with Her Majesty’s Revenue and Customs (HMRC) through their secure API. In the course of the communication no HMRC user names and passwords are entered in our software. The software facilitates the acquisition of an approval token that is provided by HMRC and reused and refreshed in the course of communicating with HMRC via their secure API. This token is never displayed and is stored in an encrypted format.
HMRC operates transaction monitoring capabilities and require us to send data to them for fraud prevention. This records how you connect to HMRC systems, and what you do whilst you are on them. They only monitor you when you are signed into their services, we send data to HMRC for them to process, you can find out more at HMRC Transaction Monitoring Privacy Notice
The software collects and stores VAT Return information as required by HMRC. It communicates that information to HMRC through their secure API and collects a confirmation code as proof of delivery of the data. This VAT return data transmitted the confirmation code is retained and stored by the software.
How we protect retained data
All the data the product retains is stored in an encrypted format on the local machine on which the software is installed, Decrypted data is only accessible from within the software. The data stored is never transmitted anywhere other than as required by the HMRC API. Copying of the encrypted data is under the sole control of the licensee or their operatives and is expected to be copied solely for the purposes of securing a backup of the data.
The licensee of the software is therefore the data controller in relation to the software.