This notice explains what personal data (information) we will hold about you, how we collect it, and how we will use and may share information about you to provide services to you. We are required to notify you of this information, under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Who collects the information
Lily’s Payroll Limited (‘Company’) is a ‘data processor’ and gathers and uses certain information about you.
Data protection principles
The Company will comply with the following data protection principles when processing personal information:
- we will process personal information lawfully, fairly and in a transparent manner;
- we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
- we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;
- we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information are deleted or corrected without delay;
- we will keep personal information in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the information is processed; and
- we will take appropriate technical and organisational measures to ensure that personal information are kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Be informed about the collection and the use of your personal data
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data, i.e. data portability.
- Request restriction of your personal data being subject to automated decision making.
- Right to withdraw consent.
- Right to complain to the Information Commissioner.
About the information we collect and hold
The table set out in Part A of the Schedule below summarises the information we collect and hold about candidates, how and why we do so, how we use it and with whom it may be shared.
The table in Part B of the Schedule below summarises the additional information we collect and hold about clients,how and why we do so, how we use it and with whom it may be shared.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
Where information may be held
We may need to transfer your personal data outside of the United Kingdom for the purpose of storing your data on servers and for processing by overseas staff. Any transfer of your data will be subject to a Data Protection Act compliant contract that will safeguard your privacy rights and give you remedies in the unlikely event of a data breach.
How long we keep your information
Lily’s Payroll Limited (“the Company”) must maintain records of Clients for the purposes of providing and informing you of essential payroll services for individuals, including the processing of employee payslips and ensuring HMRC compliance. Clients typically require payroll services for extended periods, adapting to their evolving domestic employment needs. Therefore, it is reasonable to maintain Client records for 10 years to ensure the Company can swiftly and accurately assist the Client with the payroll service they require. This retention period is aligned with the average duration clients manage domestic staff employment, and the frequent need for ongoing payroll support and staff replacements over time. The 10-year retention period will commence from the most recent contact with the Company requesting services.
Should the Client request their information be removed from any Company databases, they must do so via email request to the Data Protection Officer at data@lilyspayroll.co.uk, and they will be notified of the completion of this process. This request must be made from the email address with which any service with Lily’s Payroll Limited was registered. Should they wish to register for services again, they will be required to complete new registration documents, thereby providing personal data to ensure the Company is able to efficiently service their needs.
The Company must maintain records of individuals requiring payroll services for the purpose of ensuring accurate and compliant payroll processing. Individuals typically require assistance with their payroll for an average of 10 years, reflecting the long-term nature of domestic employment. Therefore, it is reasonable to maintain records of employment details, personal contact information, and any other data required for the purpose of successfully providing payroll services securely to ensure the Company is able to swiftly and efficiently assist the Client with their ongoing payroll needs for 10 years.
If any data subject wishes to make a Subject Access Request, they may do so by emailing this request to data@lilyspayroll.co.uk from the email address they registered with the service. This will be fulfilled within one calendar month in line with applicable legislation and ICO guidelines.
Automated decision making
Personal data collected from individuals is used to accurately process payroll, ensure HMRC compliance, and provide relevant payroll services. This includes information related to employment history, tax codes, bank details, contact information, and other details necessary for efficient and compliant payroll management. The Company ensures that all data processing related to these services is conducted with human oversight and intervention. If an individual does not wish their personal data to be used in this way for the provision of payroll services, or wishes for it to be deleted, they can request this by emailing data@lilyspayroll.co.uk from the email address from which they registered with the service.
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, and compliance.
Use of cookies
A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. We use cookies on our website.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on our use of cookies, including a detailed list of your information which we and others may collect through cookies please see our Website cookie policy.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
How will we use the information about you?
We collect information about you so that we can:
- identify you and manage any accounts you hold with us;
- process your application;
- conduct research, statistical analysis and behavioural analysis;
- carry out customer profiling and analyse your preferences;
- if you agree, let you know about other products or services that may be of interest to you see ‘Marketing’ section below;
- detect and prevent fraud;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- carry out security vetting; and
- improve our services;
Marketing
We will send you information by email about our services which may be of interest to you. We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you complete our online enquiry form for the first time. If you have consented to receive such marketing from us and our group companies you can opt out at any time.
Your rights to correct and access your information and to ask for it to be erased
Please contact data@lilyspayroll.co.uk if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you, or if you have any questions about this notice. You also have the right to ask us for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Staff who have access to personal data have a unique user ID and password. If a member of staff leaves the Company their password is immediately changed and access to any database is disabled.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator if appropriate of a suspected data security breach where we are legally required to do so. We will notify the Information Commissioner within 72 hours of being made aware of any breach.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
It is noted that verbal transmission of personal data is subject to the same provisions, permissions and prohibitions as personal data transmitted electronically.
About the information we collect and hold
Part A: Individuals Using Payroll Service
This section outlines the personal data we collect from individuals who use our payroll service, why we collect it, and how it is used.
| Information We Collect | How we collect the information | Why we collect the information | How we use and may share the information |
|---|---|---|---|
| Your name and contact details (i.e., address, home and mobile phone numbers, email address) | From you | Legitimate interest: to provide accurate payroll services and communicate about your payroll. | To enable our team to contact you regarding your payroll, provide payslips, and address queries. |
| Details of your employment income, tax codes, and other payroll-related information | From you, in completed registration forms and via ongoing communications. | To enter into/perform the payroll service contract. To comply with our legal obligations (HMRC). | To accurately process your payroll, calculate tax and National Insurance, and issue payslips. |
| Your nationality and immigration status (where relevant for tax purposes) | From you and, where necessary, official documents. | To comply with our legal obligations (HMRC and Right to Work checks if applicable). Legitimate interest: to maintain accurate payroll records. | To carry out necessary compliance checks for payroll processing. Information may be shared with HMRC as required. |
| Details of any statutory deductions (e.g., student loans, court orders) | From you or official notifications (e.g., HMRC). | To comply with our legal obligations. | To accurately process payroll deductions as legally required. |
| Your racial or ethnic origin, sex, and sexual orientation, religious or similar beliefs* | From you, in a completed anonymised equal opportunities monitoring form (optional). | To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment). | To comply with our equal opportunities monitoring obligations and to follow our equality and other policies. |
| Information regarding your criminal record* (only if relevant to specific HMRC or regulatory requirements for payroll processing) | From you, in your completed registration form, where legally required. | To comply with our legal obligations. For reasons of substantial public interest where required by HMRC or other regulatory bodies related to payroll. | To make informed payroll processing decisions as required by law. Information shared with DBS and other regulatory authorities only if legally mandated for payroll-related checks. |
| Health Information* (only if it impacts tax or statutory pay, e.g., sick pay, disability adjustments) | From you during the registration or ongoing payroll process. | To comply with our legal obligations regarding statutory sick pay or other relevant payroll adjustments. | To ensure accurate calculation and processing of statutory payments where applicable. |
| Bank account details | From you, in your completed registration form. | To enter into/perform the payroll service contract. Legitimate interest: to facilitate direct payment of net salary/expenses. | To process payments to you and manage direct debits/standing orders related to payroll services. |
| Payslips and payroll information such as NI number | From us (generated) and from you (provided). | Legitimate interest: to meet our obligations in complying with HMRC requirements and providing your payroll service. | To enable us to share records with HMRC if and when required by HMRC, and to provide you with your payslips. |
| Recordings of phone calls (if applicable) | During phone calls. | Legitimate interest: to ensure quality control in the delivery of a service; fraud detection and prevention. | To protect clients and the company in matters of fraud and service delivery quality. |
| *The information marked is considered sensitive data for the purpose of the data protection laws. The information provided is securely stored and is not shared with any outside party whatsoever, unless legally required as specified above (e.g., HMRC). | |||
Part B: Clients (Employers Using Payroll Service)
This section outlines the personal data we collect from employers who use our payroll service, why we collect it, and how it is used.
| The information we collect | How we collect the information | Why we collect the information | How we use and may share the information |
|---|---|---|---|
| Your name and contact details (i.e., address, home and mobile phone numbers, email address) | From you | Legitimate interest: to provide essential payroll services and communicate about your payroll. | To enable our team to contact you regarding your payroll, provide updates, and address queries. |
| Description of the Services you require | From you | Legitimate interest: to enable us to tailor and provide the specific payroll services you need. | To accurately set up and manage your payroll account according to your requirements. |
| Information about your family and household (only if directly relevant to payroll setup, e.g., childcare vouchers, tax codes) | From you | Legitimate interest: to ensure accurate and compliant payroll processing for your domestic staff. | To accurately set up and manage your payroll account, including any family-related tax or benefit implications. |
| Invoices | From us | Legitimate interest: in order to meet our own obligations to HMRC and other regulatory bodies. | To enable us to comply with any record or audit requests from HMRC and other regulatory bodies. |
| Payslips and payroll information such as NI, PAYE reference, and other employer details | From you if you use our payroll service. | Legitimate interest: to meet our own obligations in complying with HMRC requirements and providing your payroll service. | To enable us to share records with HMRC if and when required by HMRC, and to provide you with your payroll reports. |
| Credit Card Information / Payment Details | From you over the phone or via secure online portal. | To process payments from you for our payroll services. | To enable us to process payments and continue to provide services to you. |
| Recordings of phone calls (if applicable) | During phone calls. | Legitimate interest: to ensure quality control in the delivery of a service; fraud detection and prevention. | To protect clients and the company in matters of fraud and service delivery quality. |
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it.
Staff who have access to personal data have unique user IDs and passwords. When staff leave the Company, their passwords are immediately changed and database access is disabled.
We will notify the Information Commissioner within 72 hours of being made aware of any data breach.
EU – Ireland Representative
Instant EU GDPR Representative Ltd
Adam Brogden
Email: contact@gdprlocal.com
Tel: +353 15 549 700
EU Dublin Address: INSTANT EU GDPR REPRESENTATIVE LTD 69 Esker Woods Drive, Lucan Co. Dublin Ireland
