Privacy Policy

  • Information about NannyPaye

    In this privacy notice, ‘we’, 'us’ and ‘our’ mean NannyPaye.
    Domestic Tax Ltd is a group of services comprising:
    • NannyPaye (Payroll/Pension Administration & Employment Law Support)
    • BusinessPaye (Payroll/Pension Administration & Employment Law Support)
    • ProCRB (DBS Checking Umbrella Body)
    We are a registered company in England & Wales with Registration No: 4221878 at Suite One, Lowen House, Sandy Lane, Kingswood, Surrey, KT20 6ND.
    Our Data Protection registration number is XXXX.

  • Scope of our privacy notice

    This privacy notice applies to anyone who interacts with us about our products and services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services.
    This privacy notice applies to you if you ask us about, buy or use our services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone, and so on). We will provide you with further information or notices if necessary, depending on the way we interact with each other.
    If you have any questions about this, please contact us at

  • How we collect personal information

    We collect personal information from you and from third parties (anyone acting on your behalf, for example, Personal Assistant's, Spouses and so on). Please see below for more information.

    Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.

    You give it to us when you:
    • subscribe to any of our services
    • email us or send us a message in the Client Area, or send us a letter
    • talk to us by telephone
    • input any information into your Client Area account
    • complete any of our in-service forms (such as a Contract Request Form)
    • complete a customer survey
    • take part in any of our promotions or competitions
    • contact us via our Social Media platforms

    We collect it as part of the natural course of our service:
    • in letters, emails and telephone calls
    • by liaising with authorities on your behalf such as HMRC or NEST Pensions for example
    • by performing transactions such as service payments, direct debits
    • by your completion of online forms so we can deliver documents, obtain consent or a required declaration

    Via third parties we work with such as:
    • nanny agencies or domestic recruitment agencies who may refer you to us, or other clients whom you have given permission for us to allow them to provide and access information on your account with us
    • our Employment Law provider
    • local authorities

    Via a third party connected to you who you have consented to share your data with us, such as:
    • another payroll provider
    • an accountant
    • payroll management company
    • PA
    • a financial advisor
    • solicitor

    Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.

    We only use providers who are themselves GDPR compliant and have a Privacy Statement in place. You have the ‘right to access’ and can request information regarding this at any time.

  • Domestic Tax Ltd acts as a ‘Data Controller’

    • We will determine the purpose for which any data will be processed and the manner in which it is processed.
    • This is in respect of your personal data as a customer of ours.

  • Domestic Tax Ltd acts as a ‘Data Processor’

    • On your behalf, we will process the employee/s’ personal data that you provide us with.
    In this capacity, customers of Domestic Tax Ltd are the ‘Data Controller’ for their employee/s’ information.

  • How long we keep your data

    As a present or past client of Domestic Tax Ltd, we will retain your data for a minimum of three years in line with HMRC guidelines.

    If you would like more information about how long we will keep your information for, please contact us at

  • What we use your personal information for

    We collect and retain your information to fulfil a contract we have with you. We collect and keep your data in order to provide you with the service you are paying us for when it is our legal obligation to do so.
    The nature of our service is to act on your behalf with government authorities such as Her Majesty’s Revenue and Customs (HMRC), The Pensions Regulator (TPR) and The Disclosure and Barring Service (DBS).
    Legislation dictates that certain full and complete employment records must be kept for a specified period of time. As your agent, we uphold this on your behalf as we have been given explicit consent by you, without this consent we could not meet these obligations for you.
    ‘Consent’ means ensuring we offer you choice and control regarding your data, how it is used and how we do business with you.

  • Legitimate Interest

    A ‘legitimate interest’ means that we have to have a clear and specific benefit or outcome in mind, relating to a business, service or commercial reason to use your information. We must always be mindful of what is right and best for you, and our legitimate interests will not conflict with this.

    Some of our legitimate reasons are listed below:
    • To manage our relationship with you and deliver a service to you.
    • To act on your behalf with organisations such as Her Majesty’s Revenue & Customs (HMRC) and The Pensions Regulator (TPR).
    • To process information with The Disclosure and Barring Service (DBS).
    • To respond to any queries or complaints, and to show we treated you fairly.
    • To maintain records in accordance with government rules that we must adhere to.
    • To make informed business decisions about the service we are providing, to support development and progression.
    • To have a greater understanding of our customers, their requirements and preferences.

    Our customers and anyone we do business with will have the assurance that we will only collect personal information and data that we absolutely require to satisfy a lawful basis.

    Your data will only be used as required to perform functions specifically pertaining to our business.

  • Our commitment to your privacy

    At Domestic Tax Ltd, we are committed to protecting the privacy of users of our website and our customers.

    This policy details how we collect, use and safeguard your personal information and the conditions under which we may need to share your data.

    This policy also covers your choices for how we use your data for marketing and communication activities, your privacy rights and how the law protects you
    • We will always safeguard your personal data, keeping it safe and private.
    • We will not sell your data.
    • We will not give your information to a third party who is not strictly related to the provision of our service to you.
    • We will be transparent about why we collect your data, how it is used and stored, your rights in having access to your data and your choice to have your data removed.

    Please be aware that by using our website and/or any of our services you are agreeing to our Privacy Policy.

    We may change this policy occasionally, for this reason we suggest you check back regularly to ensure you are happy with any updates.

    This policy covers the General Data Protection Regulations (GDPR) changes that come into effect on 25th May 2018.

  • How long we keep your information

    As a present or pastclient of Domestic Tax Ltd we retain your data for a minimum of three years in line with HMRC regulations.

  • Marketing and preferences

    We may use your personal information to send you marketing by post, by phone, through social media and by email.

    We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.

    If you don’t want to receive emails from us, you can always contact us to update your contact preferences.

    You have the right to object to direct marketing. Please see the section about your rights for more details.

    Whatever you choose to do, we will continue to send you service communications that pertain particularly to activity with your service subscription. These may be statements, notifications, updates or guidance. These communications form part of our service to you and are not part of marketing.

    We retain your contact details in order to send you updates on the industry and changes that may affect you.

    We retain your location information in order to gain a broad spectrum of where our client base is located which gives us a greater understanding of our client base.

  • Service Provision

    We will process this data under the lawful basis of one or more of the following:
    • A contractual obligation
    • A legal obligation
    • A legitimate interest

    We keep your contact details (name, address, email, telephone number etc) to communicate information to you as part of our service.

    We keep copies of your identity documents to prove your identity and meet the Money Laundering regulations.

    We take your payment details to perform monetary transactions such as taking and making payments and confimring your direct debit details to necessary providers (such as NEST or HMRC).

    We retain your references/Identifier codes such as HMRC Account references, NEST Identifier and employee codes in order to act on your behalf and submit your data to the relevant authorities such as HMRC, TPR or NEST.

    We retain copies of communication between yourself and us to allow us to keep a history of your account with us and to provide you with an efficient and complete service.

  • Sharing your information

    We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice. Under no circumstances will we sell your data. We will not, without your express consent or justifiable reason, share your data to a third party unconnected to our business.

    We work with several suppliers and third-party organisations to provide our full range of services to you. For all third parties we work with, our own due diligence is carried out to ensure compliance with Data Protection and GDPR legislation.

    Examples of third parties who we may share your information with are:
    • Our telephone services provider.
    • Our internet services provider.
    • Our IT support provider.
    • Our secure website hosting provider.
    • Email and Customer Relationship Management software provider
    • Payroll software provider
    • Online payments software provider
    • Banks
    • Online software providers for newsletters, forms and surveys
    • UK government bodies for payroll and pensions
    • Pension scheme providers
    • Employment Law advisors
    • Local authorities

    If we share your personal information, we will make sure appropriate protection is in place to protect your personal information in line with data-protection laws.

    In rare cases, we may need to disclose your information if required to do so by law:
    • In connection with any legal proceedings or prospective legal proceedings;
    • In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
    • To the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
    • To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

  • Security of your data

    We are committed to safeguarding and will take all reasonable technical and organisational precautions to prevent the loss, misuse, alteration or exposure of your personal information.

    We will store all the personal information you provide on our secure (password and firewall protected) servers. All electronic payments you make to us will be encrypted using SSL technology. Of course, data transmission over the internet is known to be insecure, and we cannot guarantee the security of data in transit to us via the internet.

    You are responsible for keeping your Client Area password and user details confidential. Other than when you log into the Client Area we will not ask you for your password.

    Customers telephoning us will be asked to confirm their identity before our advisors will discuss details of their account. If you have nominated somebody to liaise with us on your account with your permission we will require your initial authorisation to discuss your account with that person. This includes any of your employees.

  • Your employees’ personal information

    To provide the payroll and auto enrolment services you have chosen we will need to collect the personal information of your employee/s.

    In this capacity, our customers become the ‘Data Controller’ and must comply with legislation and ensure that they have the consent of the data subject before disclosing any personal data to us.

    Data may include but is not limited to:
    • Title and full name
    • Date of Birth
    • National Insurance Number
    • Contact Details
    • Hours of work and rate of pay
    • Tax information

    By subscribing to any of our services, any personal data that you disclose to us that is not your own, we will assume you have gained the necessary consent before submitting the data subject’s personal information to us.

  • Your Rights

    You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. For more information, see below.

    You have the following rights (certain exceptions apply).
    • Right of access: the right to make a written request for details of your personal information and a copy of that personal information
    • Right to rectification: the right to have inaccurate information about you corrected or removed
    • Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
    • Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
    • Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
    • Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
    • Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of Bupa’s use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service
    • Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.

    Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
    If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
    In order to exercise your rights please contact

  • Data protection contacts

    If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact us at

    You also have a right to make a complaint to your local privacy supervisory authority. The supervisory authority is the Information Commissioner:

    Information Commissioner's Office
    Wycliffe House
    Water Lane
    Cheshire, United Kingdom
    SK9 5AF
    Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)