Skip to content

Privacy Policy

1         Introduction

This Privacy Policy (the “Policy”) describes the information we collect from you and how that information is used and shared by us. It applies to personal data that you (or someone on your behalf) provide to us. We may process personal data provided to us for any of the purposes described in this Policy or for other reasons if we tell you them in advance. If you are our client, this Policy should be read in conjunction with the contract you enter into with us (“Engagement Agreement”).

We are committed to respecting the privacy and confidentiality of personal data and complying with data protection legislation. When we process personal data in:

  • the United Kingdom we do so in compliance with the Data Protection Act 2018 and the UK GDPR;
  • the European Economic Area we do so in compliance with the EU GDPR; and
  • Australia we do so in compliance with the Privacy Act 1988.

2         About us

“Expat US Tax”, “we,” “us” and “our” refers to each company in the Expat US Tax Group as set out here:

Expat US Tax Limited – Blake House, 18 Blake Street, York, YO1 8QG, United Kingdom

Expat US Tax Pty Ltd – Level 17, 31 Queen Street, Melbourne, VIC 3000 Australia, and Level 6, 100 Walker Street, North Sydney, NSW 2060, Australia

Expat Solutions DMCC – Office 1405, One Lake Plaza, Cluster T, JLT, Dubai, United Arab Emirates

Expat US Tax LLC – 5900 Balcones Drive, Suite 5037, Austin, TX 78731, United States of America

Expat Solutions India Pvt Ltd – EC-58, Sector 1, Salt Lake, Kolkata 700064, West Bengal, India

Expat Solutions India Pvt Ltd (Nepal branch) – Aarshiwad, 3rd Floor, Pulchowk, Lalitpur Metropolitan City, Kathmandu, Nepal

Expat Solutions Philippines Inc.One West Aeropark Building, 8th Floor, Global City Clark, Clark Freeport Zone, Philippines

Expat US TaxBox 1219, 116 74 Stockholm, Sweden

Each company in the Expat US Tax group of companies is a separate legal entity and a separate controller of personal data. Some of these companies trade under a legal and/or trading name that does not include the words “Expat US Tax”. We may change the details in this section (2) from time to time.

3         How to contact us

If you wish to discuss any data protection matter please contact the Data Protection Officer:

The Data Protection Officer – Expat US Tax Limited, Blake House, 18 Blake Street, York, YO1 8QG, United Kingdom. Tel +44 (0)1904 211 005. Email info@expatustax.com

4         Our role

Our role as a controller or a processor depends upon the nature of our engagement with you. If you are a client this will be defined in our contract with you. But generally:

  • Where we decide the purpose and means of processing, we are a controller;
  • Where we jointly decide the purpose and means of processing with you, we are a joint controller; and
  • Where we process personal data according to your explicit written instructions, in a contract that satisfies Article 28 of the GDPR, we are a processor.

5         How we obtain personal data

Personal data is any information that could identify a living person. We only collect personal data that is necessary and we ask clients to only share personal data that is required. If you provide us with unnecessary personal data, we either return it to you or destroy it if you prefer.

Types of personal dataWhere we collect it from
Personal data that you provide to us• When you fill in forms on any of our websites;
• When you correspond with us by telephone, email or letter;
• When you communicate with us by our secure portal;
• Using the Live Chat facility;
• From personal messaging services such as WhatsApp®, Facebook Messenger® and SMS;
• If you visit our offices, we may record your details in a visitors’ book, Covid register or electronic equivalent; and
• If you visit our offices, you may be recorded by CCTV systems owned by us or our landlord which are deployed for the prevention and detection of crime and to provide a safe working environment for employees and visitors.
Publicly available sources we might use to collect personal data• Credit reference agencies and other company information providers;
• National business administration authorities, such as Companies House in the UK;
• Social media such as LinkedIn®; and
• Our own research activities such as reviewing websites.
Personal data that we receive from referrals• We may receive unsolicited personal data in the form of a business-to-business referral; and
• We may receive personal data submitted as a referral from one of our employees.
If we receive personal data from the above sources we will seek your consent before we process it further.

6         The personal data that we process about you:

CategoryData that we might process
Prospective clients• Full name, company name and job title;
• Website address, email address and telephone number;
• Banking details and tax filing details (if relevant to the service); and
• Any further personal data that you choose to provide in your initial inquiry or during subsequent discussions whether by phone, email or letter.
Personal or self-employed clients• Your name, home address and date of birth;
• Name, home address and date of birth of any family members, advocates or other beneficiaries and connected parties;
• Employment status; and
• Financial details such as salary, other income and investments, tax status and debt level.
Business clients, we also process the following• Company name and registration number;
• Business type and industry sector; and
• Name, business address, job title, email address and telephone number(s) of all employees who may engage directly with us.
Officers of the company, beneficial owners and persons of significant control• Contact details (name, home address);
• Date of birth;
• PEP (Politically Exposed Persons) status; and
• SIP (Special Interest Person) status.
Suppliers• Company name and registration number, company address and telephone number;
• Business type and industry sector; and
• Name, address, job title, email address and telephone number(s) of all employees who may engage directly with us.
If you, or a recruitment agency on your behalf, contact us concerning employment by any means of communication• Your CV or resume containing personal data; and
• Further personal data in a covering letter.
If you visit one of our websites, we collect information about your computer• IP address (where available);
• Geographic location (if you allow this when prompted by your browser);
• Operating system;
• Browser type;
• Geographical location when you opened it; and
• Which parts of the email you interacted with.
To enable our systems to recognize your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy in our Terms of Use.

If you use social media accounts which are registered using the same email address you have provided to us elsewhere, our systems enable us to link your social media accounts to your email address and therefore we process links to any social media accounts that you use. (You should check that you read and understand the privacy policies of all social media providers that you use).

7         Special category personal data

Unless we have a legal basis for doing so we do not collect special category personal data such as health, race or ethnic origin. For certain services or activities, and when required by law or with an individual’s consent this may be necessary.

8         Purpose for the processing and the legal basis for the processing

PurposeExplanationLegal basis
1. Providing services to youThe wide range of services we provide usually require us to process personal data to provide advice and deliverables. Processing necessary for the performance of a contract, or steps taken to enter into a contract with our clients, legitimate interests and
legal obligation.
2. Complying with any requirement of law, regulation or a professional body of which we are a memberIf you wish to become our client (and periodically thereafter), we have a legal obligation to verify your identity. We are obliged to inform you that this will take place. We may do this by:
performing a search with a credit reference agency and/or
an evaluation of traditional ID-check documents (passport, drivers’ license etc.) and the use of an electronic signature complying with the European Union Trusted Lists (EUTL).
Legal or regulatory obligation and legitimate interests.
3. Administering, managing and developing our businesses and servicesWe use personal data for
• managing our relationship with clients;
• developing our businesses and services)
• maintaining and using IT systems;
• hosting or facilitating the hosting of events; and
• administering and managing our websites, systems and applications.
Legitimate interests
4. RecruitmentWhen an applicant becomes an employee, their personal data is processed subject to our Internal Privacy Policy. Personal data about unsuccessful applicants is retained for 6 months after which it is securely destroyed.Legitimate interests
5. Business development and marketingWhen sending electronic marketing messages to existing clients concerning similar products or services to those already purchased, we rely on the “soft opt-in” approved by the UK’s Information Commissioner and similar mechanisms in other European countries and Australia. Such mechanisms permit us to lawfully send marketing messages to existing clients provided that they contain an “opt out” mechanism.
We retain personal data collected through our business development processes for as long as we believe our products and services may be of interest to prospective clients. Individuals and organizations can ask to be removed from our business development system at any time.
Legitimate interests and consent
6. Procurement of services from suppliersLegitimate interests

9        Retention of personal data

We retain personal data in accordance with legal, regulatory and contractual requirements.

10      Data sharing

We only share personal data with other organizations when we have a lawful basis to do so and when we do so, we put contractual arrangements and security mechanisms in place to protect personal data and to comply with our data protection, confidentiality and security standards.

10.1   Data sharing within the Expat US Tax group of companies

Personal data held by us may be transferred to, or disclosed to, other companies in our group of companies. We may do this where necessary for administrative purposes and to provide professional services to our clients. All companies in our group are bound by a Data Sharing Agreement which commits them to share personal data in a secure and lawful manner that respects the rights and freedoms of data subjects.

10.2   Data sharing with other controllers

Depending upon the nature of the service being provided to you we may lawfully share personal data with other organizations. This may change from time to time.

We use specialist organizations to provide certain services, such as data hosting. These organizations (data processors) are bound by a written contract which defines their tasks and responsibilities. We only employ processors that comply with data protection legislation and processors are subject to audit or certification review to ensure continuing compliance. The processors we use may change from time to time.

11      International transfers

We are part of a global association of tax consultants and we sometimes use organizations located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our clients are located.

We will not transfer or process personal data outside the country in which a client has contracted, or allow third parties to do so, unless it done in an approved manner in accordance with appropriate levels of security and data protection.

12      Profiling and automated decision-making

We do not perform any profiling based on personal data that has a legal or significant effect upon data subjects. We do not perform any automated decision-making involving personal data.

13      Your rights

You have the following rights concerning your personal data:

 Individuals’ Rights
Right to be informedThis Policy provides details of how we process your data, but if you have any further questions please contact our Data Protection Officer.
Right of accessYou have the right to obtain confirmation as to whether or not we process your personal data, and, if we do, to have access to that personal data.
Right to rectificationYou can tell us to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data corrected by providing a supplementary statement.
Right to erasure
(right to be forgotten)
You have the right in some circumstances to oblige us to erase personal data concerning you.
Right to restriction
of processing
You have the right in some circumstances to oblige us to restrict processing of your personal data.
Right to data portabilityYou have the right in some circumstances to oblige us to restrict processing of your personal data and to provide you with the personal data about you which you have provided in a structured, commonly used and machine-readable format. You also have the right to oblige us to transmit those data to another controller.
Right to withdraw consentIf the lawful basis for processing is consent, you have the right to withdraw that consent.
Right to object to
direct marketing
Where your personal data is processed for direct marketing purposes, you have the right to object to this.
Rights in relation to automated decision making and profilingWe do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you.

14      Your right to lodge a complaint with a supervisory authority

If you would like to exercise any of your rights shown above, please contact the Data Protection Officer by post, telephone or by using the email address detailed in section 3.

If you are not satisfied with the response you receive, you have the right to lodge a complaint with the relevant supervisory authority for the territory in which you are contracted as shown in the table below:

Contracted inSupervisory authority
United KingdomInformation Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: +44 (0) 1625 547 745 Email: casework@ico.org.uk
SwedenSwedish Authority for Privacy Protection (Integritetsskyddsmyndigheten)
Drottninggatan 29, 5th Floor, Box 8114, 104 20 Stockholm
Tel: +46 8 657 6100 Email: imy@imy.se
AustraliaOffice of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001, Website: http://www.oaic.gov.au
Tel: +61 1300 363 992 Email: enquiries@oaic.gov.au
United States of AmericaFederal Trade Commission
600 Pennsylvania Avenue, NW, Washington, DC 20580
Tel: +1 (202) 326-2222
CanadaOffice of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor, Gatineau, QC K1A 1H3, Website: https://www.priv.gc.ca
Tel: +1-800-282-1376
PhilippinesNational Privacy Commission
5th Floor Delegation Building, PICC Complex, Roxas Blvd, Pasay, Metro Manila 1308
Tel: +63 2 8234 2228 Email: complaints@privacy.gov.ph

© 2021 Expat US Tax – This Policy is version 20210726 – Published 26 July 2021