Shui Shao Shao consulting (Shenzhen) Co., Ltd (“sssvat” / “we” / “us” / “our”) is a company incorporated in China, with an office address at 411, building B, getailong complex building, 227 Bulong Road, Ma'antang community, Bantian Street,Shenzhen,China. sssvat is committed to protecting and respecting your privacy.
sssvat is a data controller. For the purposes of data protection legislation in the UK, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.
1. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS, AND HOW DO WE USE IT?
a) Contact data: This may include name, address, email address and telephone number. We use this information so that we can communicate with you. This information is also necessary in the proper administration of payroll, invoicing and bookkeeping services.
b) Profile data: When registering an account with sssvat, you have the ability to provide information about yourself including uploading a photograph and selecting language preferences.
c) Payment data: We will collect payment details from you if you access any of the Premium Features of the sssvat Service (as defined in the sssvat T&Cs).
e) Invoice data: This includes any data contained on an invoice, such as company names, company numbers, contact details (as described above), VAT numbers, receipts and invoice amounts.
f) Financial data: This information includes national social security numbers, salaries, bonuses, expenses, tax codes, tax rates, benefits, information around absences, and details of payments made or received.
2. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may need to share personal data with selected third parties in the following limited circumstances:
a) Your staff: In carrying out certain sssvat Services (for example payroll administration), it may be necessary to share certain personal data with your employees, staff and other contractors. This exchange of information is necessary for the completion of the sssvat Services.
b) Your customers: In carrying out certain sssvat Services (for example invoice administration), it may be necessary to share certain personal data with your customers. This exchange of information is necessary for the completion of the sssvat Services.
c) Your business affiliates: In carrying out certain sssvat Services (for example invoice administration), it may be necessary to share certain personal data with your business affiliates, such as suppliers, creditors and debtors. This exchange of information is necessary for the completion of the sssvat Services.
d) Third party service providers: In carrying the sssvat Services we may share personal data with the providers of certain IT systems and services (including email services and marketing tool providers) that we use to build, host, administer and maintain the sssvat Services. Additionally, certain personal data may be shared by sssvat in the normal course of business, including with our back office personnel, external legal, accounting, financial or other professional service providers, or parties facilitating payment services (including but not limited to our banks and direct debit service providers).
e) To comply with legal or regulatory requests: If we are under a duty to disclose or share personal data in order to comply with any legal or regulatory obligation, we may share personal data with a regulator or law enforcement agency, for example HMRC.
f) Prospective buyers or sellers: In the event that sssvat buys or sells any business or assets, we may disclose certain personal data to the prospective buyer, investor or seller of such business or assets. So far as possible we will share anonymised data with the other parties before any such transaction completes. If sssvat (or substantially all of sssvat’s assets) is acquired by a third party, personal data held by sssvat, or within such assets, may be transferred to such third party.
3. TRANSFERS OF YOUR PERSONAL DATA
1. We will not transfer your personal data outside of the EEA, except to selected third parties that we have instructed to help us provide services to you, for example if we utilise cloud-based platforms to store data, which may involve use of geographically distributed data centres.
2. Where such transfers are to a country outside the European Union, we rely on one of the European Commission’s adequacy decisions (for example, relying on a Privacy Shield certification where the transfer contains a US entity) or we will use reasonable efforts to put in place appropriate safeguards to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission. Please click here for a link to the standard contractual/data protection clauses and click here for more information about the Privacy Shield for US companies.
3. If there are any other circumstances (for example where we are not processing your personal data in relation to the sssvat Services) which would require us to transfer your personal data outside of the EEA, we will seek your consent to transfer your personal data outside of the EEA. In the event of such a transfer, where applicable, we will put appropriate safeguards in place to cover transfers of your personal data including, for example, signing standard contractual clauses/data protection clauses adopted by the European Commission, or where applicable, relying on a Privacy Shield certification where the transfer involves a US entity.
4. DATA RETENTION
1. We take appropriate measures to ensure that your personal data is kept secure. We will store your personal data for as long as is necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, financial and good-practice requirements.
2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
3. In some circumstances you can ask us to delete your data: see clause 6 below for further information.
4. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
5. You can also log into our website and manually delete certain personal data which has been submitted to sssvat.
We have put in place safeguards to prevent your personal data from being lost, used or accessed in an unauthorised way. We limit access to your personal data to those employees, agents or contractors who have a business need to access it.
1. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS
1. As a result of us collecting and processing your personal data, you have the following legal rights:
a) to access personal data held about you;
b) to request us to make any changes to your personal data if it is inaccurate or incomplete;
c) to request your personal data is erased where we do not have a compelling reason to continue to process such data in certain circumstances;
d) to receive your personal data provided to us as a data controller in a structured, commonly used and machine-readable format where our processing of the data is carried out by automated means and is based on: (i) your consent; (ii) our necessity for performance of a contract to which you are a party; or (iii) steps taken at your request prior to entering into a contract with us;
e) to object to, or restrict, our processing of your personal data in certain circumstances;
f) if we use your personal data for direct marketing, to ask us to stop and we will comply with your request;
g) if we use your personal data on the basis of having a legitimate interest, to object to our use of it for those purposes, giving an explanation of your particular situation, and we will consider your objection;
h) to object to, and not be subject to a decision which is based solely on, automated processing (including profiling), which produces legal effects or could significantly affect you; and
i) to lodge a complaint with a data protection supervisory body, which at present is the Information Commissioner’s Office.
2. To exercise any of your rights set out above please contact sssvat.
3. We try to respond to all legitimate requests within one month. Occasionally it may take us longer where your request is particularly complex, in such cases, we will keep you updated on timescales. Such requests will be responded to free of charge, but a small administration fee may apply where requests are excessive.
1. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA
2. sssvat’s contact details. You can contact sssvat using the following details: