Privacy Policy

Last Updated 2 November 2022

Privacy policy

Introduction

Clarity Operations Ltd respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request.

Definitions

  • Party responsible for processing personal data: Clarity Operations Ltd; with registered address at Suite 530, 105 London Street in United Kingdom and company registration number 11827104 (the “Controller”).
  • Data Protection Authority: The Data Protection Authority of United Kingdom.
  • Data Protection laws:
    • For European citizens or residents, the EU GDPR 2018; the EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation);
    • For UK citizens or residents, the UK GDPR 2020 and the UK Data Protection Act 2018
    • and/or the national laws of United Kingdom.

Collection of data

  • Your personal data will be collected by Clarity Operations Ltd and its data processors.
  • Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
  • An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The types of personal data we may process:

Business process Type Data subject Legal basis
Website Identification, Location Customers, Employees, Suppliers, Partners Consent
Email Identification, Financial, Date of Birth, Copy of ID, Location, Social Security Number, Contracts Customers, Employees, Suppliers, Partners Legitimate interest
Storage and exchange of documents Not applicable Not applicable Legitimate interest
Delivery of goods and services Identification, Financial, Location Customers Performance of a contract
Financial and business administration Identification, Financial, Date of Birth, Educational and employment history, Copy of ID, Health, Location, Social Security Number, Contracts Customers, Employees, Suppliers, Partners Legitimate interest
Marketing Identification, Financial, Location Customers, Suppliers, Partners Consent

Purposes

Clarity Operations Ltd processes personal data for one or more of the following purposes:

  • Customer, employee, contractor, partner or supplier management
  • Business and financial administration
  • Direct marketing
  • Delivery of goods or services
  • Work planning

How we collect, store or otherwise process your data:

The following business processes describe how we may collect, store or otherwise process the types of personal information set out in the table above:

  • Collection of cookies, subscription to newsletter or filling out the contact form on the website(s);
  • Analyse trends and profiles, for our legitimate interest to aim to enhance, modify, personalise and improve our services and communications for the benefit of our customers;
  • Process and respond to support requests, enquiries and complaints received from you through use of business email;
  • Provide services and products requested and/or purchased by you and to communicate with you about such services and/or products. We do this as necessary in order to carry out a contract with you and in accordance with our legitimate interest to operate a business;
  • Carry out administrative activities such as invoicing and collecting payments either locally on devices or using cloud-services;
  • Store and exchange personal information contained in documents through email and cloud-services;
  • Marketing and customer acquisition through email or using cloud-services.

Sharing data with third parties

We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your Personal Data outside United Kingdom. If we do, you can expect a similar degree of protection in respect of your Personal Data.

We will only share your Personal Data with third parties in accordance with the GDPR and as outlined in the legal justification table above.

We share your personal data with the following enterprise third parties. We also share your data with SME third parties, details of which are available upon request. You will be notified when we have engaged with a new third party recipient of your personal data.

AWS

Function Application hosting
Business process Delivery of goods or services, Software tools and applications
Data categories Identification, Financial, Location, Software tools and applications, Business data
Data subjects Customers
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

Microsoft Office 365

Function Email provider, Document storage service, Office software
Business process Email, Storage of paper documents, Digital storage of documents, Administration, Software tools and applications
Data categories Identification, Date of Birth, Location, Social Security Number, Contracts, Business data
Data subjects Customers, Employees, Suppliers, Partners
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

Stripe

Function Payment processing software
Business process Delivery of goods or services, Software tools and applications
Data categories Identification, Financial, Location
Data subjects Customers
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

Xero

Function Bookkeeping software
Business process Administration, Software tools and applications
Data categories Identification, Date of Birth, Location, Social Security Number, Business data, Technical data
Data subjects Customers, Employees, Suppliers
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

Canva

Function Marketing tool
Business process Production of content
Data categories Identification, Software tools and applications
Data subjects Customers, Employees, Suppliers, Partners
Security measures

Dext

Function Other software suite
Business process Digital storage of documents, Administration, Software tools and applications
Data categories Identification, Financial, Location, Contracts, Software tools and applications, Business data
Data subjects Suppliers
Security measures N/A

Hubspot

Function Website hosting, Document storage service, CRM, Marketing tool, Task management or work planning, Appointment scheduling tool
Business process Website, Digital storage of documents, Delivery of goods or services, Administration, Marketing, Software tools and applications
Data categories Identification, Financial, Location, Contracts, Software tools and applications, Business data, Technical data
Data subjects Customers, Suppliers, Partners
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

Intercom

Function Customer service software, Marketing tool
Business process Marketing, Software tools and applications
Data categories Identification, Location, Software tools and applications, Business data, Technical data
Data subjects Customers
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

Slack

Function Other software suite
Business process Administration, Software tools and applications
Data categories Identification, Location, Software tools and applications, Business data, Technical data
Data subjects Customers, Employees, Suppliers, Partners
Security measures Physical security such as access controls, clean desk policy and CCTV; Access controls and prevention of unauthorised access on the basis of roles and strong authentication methods; All data is encrypted at rest and access is only permitted via encrypted channels (e.g. SSL); Data is minimized and regularly deleted according to national retention periods.

International data transfers

The third parties we have engaged for the abovementioned business process may transfer your personal information to outside of United Kingdom. Clarity Operations Ltd’s third party processors take all necessary measures to ensure the confidentiality, availability and integrity of personal data and to comply with the GDPR with regards to international data transfers. The international nature of its compliance certifications, as well as far-reaching technical security measures (including but not limited to encryption of the personal data, making the data illegible to an unauthorised recipient) are sufficient to ensure that the data subjects continue to benefit from the fundamental rights they are entitled to under the GDPR.

Clarity Operations Ltd relies on processing agreements with these sub-processors that include the model clauses (or “Standard Contractual Clauses”) which have been tested on the adequacy of its protection with regards to the specific sub-processing activities carried out in this particular subprocessing relationship.

Additional security measures are taken to safeguard the international data transfers:

  • Encryption;
  • Anonymisation;
  • Pseudonymisation.

Storage and protection of data

Your data is protected by Clarity Operations Ltd and its processors in pursuance to all legal requirements set by the relevant data processing laws. Clarity Operations Ltd has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. Clarity Operations Ltd has signed processing agreements with its processors to ensure an adequate level of data protection.

The following security measures are taken by Clarity Operations Ltd to protect your personal data in the course of the listed business processes:

Organisational security measures

Staff

Clarity Operations Ltd staff members are required to conduct themselves in a manner consistent with Clarity Operations Ltd’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.All staff members undergo appropriate background checks prior to hiring and sign a confidentiality agreement outlining their responsibility in protecting customer data.

We continuously train staff members on best security practices, including how to identify social hacks, phishing scams, and hackers.

Access controls

Clarity Operations Ltd maintains your data privacy by allowing only authorized individuals access to information when it is critical to complete tasks for you. Clarity Operations Ltd staff members will not process customer data without authorization.

Data hosting

As a rule, data is hosted within United Kingdom, but it is possible that we might transfer personal data to countries within the EEA, to the UK or in exceptional circumstances outside of those areas. We ensure that we comply with the GDPR and the DPA when sending data overseas by relying on data processing agreements containing standard contractual clauses with our subprocessors or by taking additional measures to secure this data transfer, such as anonymisation.

Physical security 

The data centres on which personal data is hosted are secured and monitored 24/7 and physical access to facilities is strictly limited to select staff.

Technical security measures

All devices which are used to access personal data for which we are responsible are secured with antivirus software, firewalls, encryption and access management. We regularly update operating systems and software to ensure vulnerabilities cannot be exploited.

We carry out regular vulnerability scanning of our website and have engaged credentialed external auditors to verify the adequacy of our security and privacy measures.

Your rights regarding information

Each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of their personal data, as well as the right to object to the processing and the right to data portability.

You can exercise these rights by contacting us at the following email address: [email protected]. Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. Ensure that you write “Data Request” in the subject line of your email.

Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature. Depending on the complexity and the number of the requests this period may be extended to two months.

Marketing

  • You may receive commercial offers from Clarity Operations Ltd. If you do not wish to receive them (anymore), please send us an email to the following address: [email protected] and ensure that you write “Data Opt-Out” in the subject line of your email.
  • Your personal data will not be used by our partners for commercial purposes.
  • If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.

Data retention

The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Clarity Operations Ltd account, system or other data processing medium in accordance with the process described above.

Applicable law

These conditions are governed by United Kingdom legislation. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.

Contact

For questions about this privacy policy, product information or information about the website itself, please contact: [email protected].

International data transfers

AWS

Third party headquarter address 410 Terry Ave. North, Seattle, WA, 98109-5210, United States
The primary location of processing is the USA. Personal data collected by AWS may be stored and processed in any country where AWS or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see AWS’s Privacy Policy https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Microsoft Office 365

Third party headquarter address 1 Microsoft Way, Redmond, WA 98052, United States
The primary location of processing is the USA. Personal data collected by Microsoft Office 365 may be stored and processed in any country where Microsoft Office 365 or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Microsoft Office 365’s Privacy Policy https://privacy.microsoft.com/en-ca/privacystatement

Stripe

Third party headquarter address 510 Townsend Street, San Francisco, CA 94103, United States of America
The primary location of processing is the USA. Personal data collected by Stripe may be stored and processed in any country where Stripe or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Stripe’s Privacy Policy https://stripe.com/gb/privacy

Canva

Third party headquarter address Canva Pty Ltd110 Kippax StSurry Hills NSW 2010Australia
The primary location of processing is the Australia. Personal data collected by Canva may be stored and processed in any country where Canva or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Canva’s Privacy Policy https://www.canva.com/policies/privacy-policy/

Dext

Third party headquarter address N/A
The primary location of processing is the N/A. Personal data collected by Dext may be stored and processed in any country where Dext or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Dext’s Privacy Policy N/A

Hubspot

Third party headquarter address 1 Sir John Rogerson’s Quay, Dublin 2
The primary location of processing is the Ireland. Personal data collected by Hubspot may be stored and processed in any country where Hubspot or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Adequacy decision exists between United Kingdom and European Union
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Hubspot’s Privacy Policy https://hubspot.com/privacy

Intercom

Third party headquarter address 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2
The primary location of processing is the Ireland and EEA. Personal data collected by Intercom may be stored and processed in any country where Intercom or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Adequacy decision exists between United Kingdom and European Union
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Intercom’s Privacy Policy https://www.intercom.com/help/en/articles/1722980-how-intercom-tracks-and-stores-data

Slack

Third party headquarter address 4th Floor, One Park Place Hatch Street Upper Dublin 2, Ireland
The primary location of processing is the USA and EEA. Personal data collected by Slack may be stored and processed in any country where Slack or its affiliates, subsidiaries, or service providers operate facilities.
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible
For more information, see Slack’s Privacy Policy https://slack.com/intl/en-nl/trust/privacy/privacy-policy

Blow Media

Country where data is processed or sent to United Kingdom
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible

Images Plus

Country where data is processed or sent to United Kingdom
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible

Netki

Country where data is processed or sent to USA
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible

Swag Box

Country where data is processed or sent to United Kingdom
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible

Teachable

Country where data is processed or sent to USA
Safeguards  (art. 45 GDPR) Standard Contractual Clauses
Additional safeguards (Schrems II)
  • Encryption
  • Anonymisation where possible
  • Pseudonymisation where possible

Safeguards for international data transfers

Clarity Operations Ltd’s third party processors take all necessary measures to ensure the confidentiality, availability and integrity of personal data and to comply with the GDPR with regards to international data transfers. The international nature of its compliance certifications, as well as far-reaching technical security measures (including but not limited to encryption of the personal data, making the data illegible to an unauthorised recipient) are sufficient to ensure that the data subjects continue to benefit from the fundamental rights they are entitled to under the GDPR.

Clarity Operations Ltd relies on processing agreements with these sub-processors that include the model clauses (or “Standard Contractual Clauses”) which have been tested on the adequacy of its protection with regards to the specific sub-processing activities carried out in this particular subprocessing relationship.

Additional security measures are taken to safeguard the international data transfers:

  • Encryption;
  • Anonymisation;
  • Pseudonymisation where possible.
    • Where Pseudonymisation is used by this third-party processor, they ensure that the personal data can no longer be attributed to a specific data subject without the use of additional information.
    • This additional information is kept separately; and
    • Technical and organisational measures are taken to ensure that the personal data cannot be attributed to identifiable persons (encryption; database and data separation; access controls; and logging).

Calculator

Clarity has created a calculator to show you how you can improve the profit potential in your accounting firm.

Use our Calculator

Book a call

Want to find out more? Book a call with our team to find out if Clarity is a good fit for your team, clients and accounting firm.

Book a Call

View pricing

There is a package to suit every size of accounting firm. From start-up to global giant, there’s something for you.

View all our pricing schemes
Home-PricingVisual-MobileHome-PricingVisual-size2

What our members say...

View more via...

Xero Intuit Quickbooks Sage Accounting

View more via...

  • Xero
  • Intuit Quickbooks
  • Sage Accounting

Popular insights from clarity

Enter your details to download The 7 Reasons Why 'Business Advisory' Isn't Working report

Please note that our website uses cookies. To learn more about our cookies, how we use them and their benefits, please read our Privacy Policy.