SmartRebate
Legal

Privacy Policy.

How SmartRebate handles your data, in plain English.

Effective date: [Date]
Last updated: [Date]

1. Who we are

SmartRebate ("we," "us," "our") is a trading name of [Company Name], a company registered in the United Arab Emirates under licence number [number], with its registered office at [UAE address].

We operate as a lead generation and introducer service for UK PAYE workers who may be entitled to a tax rebate. We connect them with a regulated UK accountancy firm that processes such claims.

Although we are established in the United Arab Emirates, UK GDPR applies to our processing of personal data because we offer services to individuals located in the United Kingdom. We are the data controller responsible for the personal information we collect through smartrebate.co.uk and through our enquiry and onboarding process.

If you have questions about this policy or about how we handle your personal data, contact us at:

2. What this policy covers

This policy explains what personal data we collect from you, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have over it.

It applies to anyone who:

  • Visits the SmartRebate website
  • Submits an enquiry form
  • Communicates with us by phone, email, WhatsApp, or any other channel
  • Is referred to us by an existing client

3. The personal data we collect

We collect the following categories of personal data:

Information you give us when submitting an enquiry:

  • Full name
  • Email address
  • Phone number
  • Postcode or address
  • Employment details (job title, employer, industry)
  • Information about whether you are a UK PAYE taxpayer

Information we collect when you speak with us:

  • Notes from any phone calls, WhatsApp messages, or emails between us
  • Details of any documents you provide (e.g., P60, payslip)
  • Information about your eligibility and the potential value of your claim

Information we collect automatically when you use our website:

  • IP address
  • Browser type and device information
  • Pages visited and time spent on the site
  • Referring website (if you came to us from another site)
  • Cookie data (see our Cookie Policy at smartrebate.co.uk/cookies)

We do not knowingly collect data from anyone under the age of 18. Our service is for working UK adults.

4. How we use your personal data and our legal basis

We process your personal data on the following legal bases:

Performance of a contract or steps prior to entering a contract (UK GDPR Article 6(1)(b))

We use your data to:

  • Respond to your enquiry
  • Confirm your eligibility for a tax rebate
  • Introduce you to our Accountancy Partner
  • Communicate with you about the progress of your claim

Legitimate interests (UK GDPR Article 6(1)(f))

We use your data where we have a legitimate business interest in doing so, provided this is not overridden by your rights. Specifically:

  • To improve our service and website
  • To detect and prevent fraud
  • To maintain records of our communications with you
  • To pursue payment of introduction fees from our Accountancy Partner

Consent (UK GDPR Article 6(1)(a))

Where required, we will ask for your consent before processing your data, for example for marketing communications. You can withdraw consent at any time.

Legal obligation (UK GDPR Article 6(1)(c))

We may process your data to comply with legal obligations, including tax law, anti-money laundering regulations, and responding to lawful requests from regulators or law enforcement.

5. Who we share your data with

Our Accountancy Partner

When you submit an enquiry and indicate you wish to proceed, we share your personal data with our regulated UK Accountancy Partner so they can assess your claim. This includes your contact details, employment information, and any documents you have provided.

Once your data is shared with the Accountancy Partner, they become an independent data controller for the purposes of processing your claim. Their use of your data is governed by their own privacy policy, which you will be provided with at the point of engagement.

We will not share your data with the Accountancy Partner until you have given us your verbal or written consent to proceed.

Service providers

We use a number of third-party service providers to operate our business. These include:

  • Website hosting (Lovable / [hosting provider])
  • Email service providers (e.g., Google Workspace)
  • Customer relationship management software
  • Analytics providers (e.g., Google Analytics)
  • WhatsApp Business

These providers process your data on our behalf and are bound by data processing agreements that require them to handle your data securely and only for the purposes we instruct.

Legal and regulatory disclosures

We may disclose your data where required to do so by law, regulation, or legal process, including to HMRC, the ICO, the police, or other competent authorities.

Business transfers

If SmartRebate is sold or merges with another business, your data may be transferred to the new owners as part of that transaction. You will be notified if this happens.

We do not sell your personal data to anyone, ever.

6. International data transfers

Our company is based in the United Arab Emirates. When you submit your data to us, it is transferred from the UK to the UAE for processing.

The UAE is not currently designated by the UK government as a country with an adequacy decision under UK GDPR. We therefore rely on appropriate safeguards permitted under UK GDPR Articles 46 and 49 when transferring your personal data internationally, including:

  • The International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses, where required between us and our service providers
  • Your explicit consent to the transfer where appropriate
  • The transfer being necessary for the performance of a contract you have entered into with us, or to take steps at your request prior to entering such a contract

We take reasonable steps to ensure that any data transferred internationally receives a level of protection equivalent to that required under UK GDPR. This includes contractual safeguards with our service providers and the security measures described in Section 10.

When we share your data with our UK-based Accountancy Partner (as described in Section 5), that data is transferred back into the UK and is processed by them under UK law.

If you would like more information about our international transfer arrangements, contact us at hello@smartrebate.co.uk.

7. How long we keep your data

We keep your personal data only for as long as necessary to fulfil the purposes for which we collected it, including any legal, accounting, or reporting requirements.

In practice, this means:

  • Enquiries that do not proceed: retained for 12 months from your last contact with us, then deleted
  • Active and completed claims: retained for 7 years from the end of the relevant tax year, to comply with HMRC record-keeping requirements that apply to our Accountancy Partner
  • Marketing data: retained until you withdraw consent
  • Website analytics data: retained for up to 26 months
  • Phone call recordings (if applicable): retained for 6 months unless retained as evidence of a transaction

8. Your rights

Under UK GDPR, you have the following rights:

  • Right of access. You can request a copy of the personal data we hold about you.
  • Right to rectification. You can ask us to correct inaccurate data.
  • Right to erasure. You can ask us to delete your data ("right to be forgotten") in certain circumstances.
  • Right to restrict processing. You can ask us to limit how we use your data.
  • Right to data portability. You can ask us to transfer your data to you or another provider in a structured format.
  • Right to object. You can object to certain types of processing, including direct marketing.
  • Right to withdraw consent. Where we rely on consent, you can withdraw it at any time.
  • Right not to be subject to automated decision-making. We do not make decisions about you using automated processing without human review.

To exercise any of these rights, contact us at hello@smartrebate.co.uk. We will respond within one month, although this may be extended by up to two further months for complex requests.

We may need to verify your identity before fulfilling certain requests, to protect your data from unauthorised disclosure.

9. Marketing communications

If you have submitted an enquiry, we may contact you about the progress of that enquiry and about related services we provide. This is part of providing our service and is not marketing.

We will only send you marketing communications (such as occasional updates about new services or tax rebate information) if you have specifically opted in, or where we are legally permitted to do so under the "soft opt-in" rules for existing clients.

You can opt out of marketing at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Replying "STOP" to a marketing text or WhatsApp message
  • Emailing hello@smartrebate.co.uk

Opting out of marketing will not affect communications about your existing enquiry or claim.

10. How we protect your data

We take the security of your personal data seriously. The measures we take include:

  • Encryption of data in transit (SSL/TLS on our website)
  • Encryption of data at rest where appropriate
  • Restricted access to personal data on a need-to-know basis
  • Regular security reviews of our systems and providers
  • Staff training on data protection and information security
  • Data processing agreements with all third-party providers

No system is 100% secure. While we use industry-standard measures, we cannot guarantee absolute security of data transmitted over the internet or stored on any system.

11. Cookies

Our website uses cookies and similar technologies. Details of which cookies we use, what they do, and how to manage them are set out in our Cookie Policy at smartrebate.co.uk/cookies.

12. Complaints

If you are unhappy with how we have handled your personal data, please contact us first at hello@smartrebate.co.uk. We will investigate and respond.

If you remain unhappy, and you are located in the United Kingdom, you have the right to complain to the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. If we make significant changes, we will notify you by email or through a notice on our website before the changes take effect.

14. Contact us

For any questions about this Privacy Policy or how we handle your personal data:

SmartRebate
[Company Name]
[UAE address]
Email: hello@smartrebate.co.uk
Phone: [phone, ideally UK number for accessibility]