User Research Privacy Notice
“We”, “us” and “our” for the purposes of this notice means FreeAgent Central Limited, a member of NatWest Group plc and a data controller for the purposes of data protection law.
This privacy notice sets out the basis on which any personal information about you will be processed by us. This privacy notice may be updated from time to time and we will communicate any changes to you.
Personal information and User Research data that we collect about you
We will collect and process various types of personal information and User Research data about you. This includes information that FreeAgent collects when it carries out research to test and improve services, both internally and in order to identify potential improvements for the future, and any recording or note-taking weʼll need to make. We will only collect information that you provide directly to us, and we will not source information from third parties.
When we say “personal data”, we mean any information that relates to and identifies a living person. Examples of this personal data include name, email address, contact number, as well as any correspondence sent by you when you contact us
Further to this, we will also process the following information about your business, which may or may not be considered personal data depending on the type of business you have:
Background information about your business or accountancy practice such as:
- Structure of your business
- Client/customer base
Information about your work routine/habits
The User Research data may include:
- Notes from research sessions
- Photos, audio and video recordings of you and/or your screen
- Information used in prototypes or test versions of services
- Any surveys that you refer to or respond to
Uses of your personal information
We collect and use your personal data to fulfil our User Research requirements. All the processing we carry out is underpinned by a set of processing conditions. These are the legal bases under which we have the authority to collect, use and store your personal information. The following is a summary of how these could apply to you within the FreeAgent service.
We need some personal data from you to invite you to User Research sessions. We only process your customer data with your consent. You can withdraw your consent at any time.
We will use personal data discussed with us to improve the services, products and functionality. We will do this where it is in our legitimate interests to do so, and without prejudicing your interests or fundamental rights and freedoms. Examples include:
- Carrying out research by asking for your opinion, details of your workflow and your understanding of our product to help us implement appropriate changes in FreeAgentʼs current and future products
- Contacting you to carry out any follow-up research
- Contacting you to invite you to participate in future research
We will share your data if weʼre required to do so by law - for example, by court order, or to prevent fraud or other crime.
We will not: - sell or rent any of your data to third parties - share your data with third parties for marketing purposes
If you contact us with a query, we may also store your data to aid our response to your request and any similar requests in the future.
The recording of our conversations helps us analyse the interview and refer back to the things you tell us. The recording may be shared within FreeAgent to highlight areas in the research.
FreeAgent has no requirement to collect or process any special categories of personal data, as defined under GDPR and the Data Protection Act 2018, in order to provide the service. In addition, we do not knowingly collect or solicit any personal data from anyone under the age of 18 or knowingly allow such persons to register for a FreeAgent account. FreeAgent is not directed at children under the age of 18. In the event that we learn that we have collected personal data from a child under the age of 18 without verification of parental consent, we will delete that information as quickly as possible.
Disclosure of your information to third parties
We would never need to share your personal information with third parties and no recordings containing personal information will be shared with third parties, ever.
We will occasionally share information with colleagues in the NatWest Group (including our suppliers and other NatWest Group companies) but before we do that, we will anonymise your personal information.
Retention of personal information
Your information will be retained in line with our internal records management policies and retention schedules. Your information will typically be retained for up to two years from when it was collected.
We will, from time to time, have to transfer your information to third parties or organisations in other countries. This will only happen on the basis that any party that we pass your information to will protect it in the same way that we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so when:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately
- the transfer has been authorised by the relevant data protection authority
- we have entered into a valid contract with the third party or organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected
Deleting your data
How we store your data
We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your personal data secure once it has been transferred to our systems. We adopt appropriate, industry-standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction.
Where we utilise third parties to help our User Research, we will always ensure that, as a minimum, the security policies and confidentiality arrangements of those third parties adhere to the same requirements that we impose and expect.
We are bound by the UKʼs Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR) and fully respect the rights of individuals in compliance with the EU GDPR. FreeAgent does not sell, rent or share data with any third party unless previously agreed as part of any contractual arrangement (or any legal or regulatory requirement).
For further details of the security measures we have implemented, please see our security features page.
What are your rights?
Right to access your personal data
You can ask us to confirm if we are processing your personal data and you may request a copy of your personal data by contacting us at firstname.lastname@example.org.
Right to change or withdraw your consent
Where you have given us consent to make use of your personal data for any of the purposes outlined in this notice, you may withdraw that consent by contacting us at email@example.com.
Right to rectification
If you need to update out-of-date or inaccurate information we hold about you, please contact us at firstname.lastname@example.org.
Right to erasure
If you would like us to delete your information, please contact us at email@example.com.
Right to object
In certain circumstances, you may object to our processing of your personal data. If this is the case, please contact us at firstname.lastname@example.org.
Right to restrict processing
You can ask us to restrict the processing of personal data we hold about you in certain circumstances. If you wish to do so, please contact us at email@example.com.
Right to make a complaint
You may make a complaint about our data processing activities to a supervisory authority. In the UK this is the Information Commissioner's Office (ICO). Further details can be found on their website.
If you have any queries relating to this Privacy Notice or FreeAgentʼs use of your data, please contact us at firstname.lastname@example.org. Alternatively, our office address is noted above.
FreeAgent Privacy Officer
One Edinburgh Quay