Privacy Policy
Crunch Privacy Policy
We are E-Crunch Limited (Company Registration No. 06014477) and our registered office is at 3rd Floor, 86-90 Paul Street, London, EC2A 4NE.
We are a Controller for the purpose of the UK General Data Protection Regulation, effective from 1 January 2021.
Our representative for the purpose of data protection compliance is Naomi Carlton-Poole who can be contacted at dp@crunch.co.uk. If you would like to report a security vulnerability please see our Responsible Disclosure policy.
Privacy Policy purpose and how it applies.
We respect your privacy and your rights to control your personal data (data). We will always protect your data, be clear about the data we collect from you and the reasons why. We do not and will not sell your data to third parties.
We will only use your data when the law allows us to. Most commonly, we will use your data in the following circumstances:
- Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to perform the contract for services we are about to enter into or have entered into with you
- Where we need to comply with a legal or regulatory obligation.
This Privacy Policy (the 'Policy') explains the data we collect from you, either directly or indirectly, why and how we use it. It explains how we protect your data, the choices you can make about the data we collect and how you can control these decisions.
The Policy describes:
- Types of information we collect, why and how
- How we use your data
- When we may share or disclose your data
- How to access and control your data
- Communication, marketing and advertising preferences
- Where we store and process data
- How we secure your information
- Our retention of your information
- Your rights
- Changes to our Policy
- How to contact us
Please read this Policy carefully.
Types of information we collect, why and how
We will only collect personal data from you that we consider to be necessary in the context and purpose in which it's given.
Through your use of our services we may also collect personal data from you about someone else. If you provide us with personal data about someone else, you must ensure that you are authorised to disclose that data to us and that, without us taking any further steps required by applicable data protection or privacy laws, we may collect, use and disclose such personal data for the purposes described in this Policy. You must, therefore, take reasonable steps to ensure that the third party concerned is aware of and consents to the various matters detailed in this Policy, including: the fact that their personal data is being collected; the purposes for which that data is being collected; the intended recipients of that data; and the third party's right to obtain access to the data (including details of how to request access). Where requested to do so, you must assist us with any requests by the third party to access or update the personal data you have collected from them and provided in connection with our Services.
You may be required to provide information when:
- Learning about Crunch
- Purchasing, or enquiring about a product
- Forming a company
- Subscribing to a Crunch service
- Using our services
- Joining our Affiliate scheme
Learning about Crunch
In order to gain more information about Crunch, you may visit our website or landing pages, or post and reply in the Crunch Community Forum, or for example speak to one of our advisors, take out a demo of our accounting software, join our membership group "Crunch Chorus", use our calculators or attend an event. At these times you may voluntarily provide personal information about yourself.
We collect: The type of personal information collected may include full name; phone numbers; email addresses; business type; income; usage data and statistics; connection data; other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences.
Why: To make sure you find the information you're looking for and for us to make recommendations to you about our products and services. To follow up your enquiry, provide you with discounts on services, give you access to business guides and invoicing software, to share news about events and networking opportunities. Additionally, your IP address helps us to understand geographic information about our website visitors.
How: Data is collected through online forms; surveys; email; telephone, or in person.
Purchasing, or Enquiring about a Crunch Product
Depending on the type of product you purchase from us you may be asked to share information so we can provide a quote, respond to your enquiry, determine the product best suited for you and to complete the transaction.
We collect: The type of personal information collected may include full name; home/business postal address; phone numbers; email addresses; payment card information; business type/trade; usage data and statistics; connection data; other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences; purchase inquiry and history; products, services or content provided.
Why: To carry out our obligations to provide services you've engaged us to deliver or to perform. To provide a quote, form policy documents, complete the transaction and to follow up your purchase or enquiry.
We do not store any card payment data and only use payment information in connection with the purchase made.
How: Data is collected through online forms; email; or telephone.
Forming a Ltd company
If you are using our Crunch Formations company formation site you will be asked to provide information relating to yourself, the limited company you want to form and related third parties such as additional directors or shareholders, if you have any. This information is needed so your company can be registered with Companies House.
We collect: The type of personal information collected may include full name; home/business postal address; phone numbers; email addresses; registered office/service address; date of birth; title; nationality; company details, to include share split, person of significant control; authentication data, for example passport number, national insurance number; place of birth; payment card information; usage data and statistics; connection data; other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences; purchase inquiry and history; products, services or content provided.
Why: To check company name availability and ensure the company is formed correctly with the correct company officers and company information. To comply with legal and regulatory compliance, to include crime prevention. To provide the right guidance, answer your questions and to complete the transaction.
How: Data is collected through an online form; email; or telephone.
Subscribing to a Crunch service
If you subscribe to one of our accounting services you may be asked to provide information relating to you and/or your business. The information required will depend on the type of service you're subscribing to. You may also be asked to provide information about third parties i.e. additional employees, directors or shareholders. We may also seek your permission to contact external third parties to gain items such as professional clearance or assignment schedules.
We collect: The type of personal information collected may include full name; home/business postal address; registered office address; business name/type; phone numbers; email addresses; job title; date of birth; place of birth; title; nationality; marital status; national insurance number; tax codes; HMRC UTR numbers; government-issued identification, including passport numbers; sanction and watch list data; details of any other business involvement including shareholding; payment card information; bank account data; usage data and statistics; connection data; other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences; username and passwords for accessing and using our services, purchase inquiry and history; products, services or content provided.
Why: To verify your identity for legal/regulatory compliance and crime prevention. To carry out our obligations to provide services you've engaged us to deliver or to perform. To configure your accounting/payroll software correctly and provide the right support and advice. Allow access to our Refer a Friend program. Analysis for management and marketing purposes.
How: Data is collected through online forms; surveys; email; telephone or by post.
Using our accounting services
During the course of your subscription you may be asked to provide additional information and to keep us informed of any changes to your circumstances or that of your business. You may also require additional services or products.
We collect: The type of personal information collected may include changes in marital status; changes of home/business postal address; other sources of income; investment activities; changes to your company structure, to include changes to company officers; usage data and statistics; connection data; other unique identifiers such as IP addresses or device IDs, marketing and advertising responses and preferences; username and passwords for accessing and using our services, purchase inquiry and history; products, services or content provided.
Why: To carry out our obligations to provide services you've engaged us to deliver or to perform. Support you in managing your affairs, provide the right guidance and support at the right time, ensure you continue to be subscribed to the right service for you, to notify you about changes to our services, make suggestions/recommendations to you about other products and services. For related purposes such as updating and enhancing our client records, improving our services, troubleshooting, testing, data analysis, research, profiling, statistical and survey purposes. Analysis for management and marketing purposes and statutory returns, legal and regulatory compliance and crime prevention.
How: Data is collected through online forms; surveys; email; telephone; SMS text message; or by post.
Joining the Crunch Partner Programme
Crunch offers a partner programme where you have the opportunity to earn commission for referrals of Crunch products and services. We provide you with a secure login to our online affiliate platform, where you can access a wide range of marketing tools to help facilitate referrals via links to your website.
We collect: The type of personal information collected may include full name; business postal address; telephone and mobile numbers; email addresses; job title; business name; VAT number; bank account data; website address; username and passwords.
Why: To provide you with a login to access our affiliate platform where you can monitor referral activity and where you provide Crunch with your business information to facilitate commission payments.
How: Data is collected through online forms; email; telephone.
How we use your data
Crunch also uses the data we collect to provide you with our services and to communicate with you.
Crunch uses the data for the following purposes:
- Providing, and enhancing our products and services
- Compliance
- Security, Safety and issue resolution
- Business Operations
- Communication, Marketing and Advertising
Providing and enhancing our products and services
We use data to provide and improve our services and perform essential business operations. This includes operating our services, maintaining and improving the performance of our services, including developing new features, research, testing and providing client support. We may use Artificial Intelligence (AI) platforms to assist in analysing data for these purposes. We may also make aggregated anonymised information publicly available on our website or through Crunch Chorus.
Compliance
We use data to ensure we comply with relevant regulation and law. This includes needing to verify your identity if you subscribe to our accounting services. This verification involves:
(a) a full electoral roll search (your consent is not required for this); and
(b) credit reference agencies placing a search footprint on your electronic file and your data being accessed by third parties for the specific purpose of anti-money laundering, credit assessment, ID verification, debt collection, asset reunification, tracing and fraud prevention.
Security, Safety, and Dispute Resolution
We use data to protect the security and safety of our services and our clients, to detect and prevent fraud, to resolve disputes and enforce our agreements.
Outgoing and incoming telephone calls from and to our advisory or support teams are usually recorded for training and monitoring purposes. This process helps us to maintain high standards of service and resolve issues.
Business Operations
We use data to run business operations to provide you with our services, profile our user base and develop anonymised aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions and report on the performance of our business.
Communication, Marketing and Advertising
We use the data we collect to deliver and personalise our communications with you.
For example, we may contact you by email or other means of electronic communication to inform you about our services, invite you to take part in a survey, notify you about promotions, business activities, events and changes to our services.
If you become a member, subscribe to or purchase one of our services you will also receive service-related communications. These will include system and service support communications, policy, security or software updates.
We also use cookies and similar technologies to provide the most relevant products and information to you.
When we may share or disclose your data
Crunch does not sell data about our clients and we only share or disclose your data as authorised in this Policy.
We may share or disclose information with the following types of third parties.
Suppliers: Crunch works with a variety of third party suppliers to perform services such as website hosting, online product purchases, telephone and email communications. We share your personal data as necessary to complete any transaction or provide a product or service you have requested. These suppliers work on our behalf for the purposes described in this Policy. Crunch imposes strict contractual obligations on its suppliers to ensure data is secure, protected and treated in accordance with this Policy and we will take all steps reasonably necessary to maintain compliance with these obligations.
Subcontractors: Crunch subcontracts elements of its service provision to other parties, for example Crunch Accounting Ltd. We will always ensure that we have appropriate contractual arrangements in place.
Group companies: Crunch may share personal data with other members of our group, this includes Crunch Umbrella Ltd, Crunch Investments & Pensions Ltd, Crunch Academy Ltd or its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Affiliates/Partners: Our sites may, from time to time, contain links to and from the websites of our partner networks and affiliates who provide complementary services. Your information will only be passed to the relevant service provider if you express interest in a third party service by calling or completing a form on our website, or by enabling usage of a third party service, or by talking to a Crunch team member. These third parties may then send communications to you and provide information on offers and services that may be of interest to you. If, at any time, you wish to opt-out of further communications, please follow the instructions in their marketing communications or consult their own privacy policies for further information about unsubscribing. Please note that some of our services e.g.: insurance, mortgages, investments and pensions and applications are provided by third parties whose privacy practices may differ from Crunch. If you provide personal data to any of those third parties, your data is governed by their privacy policy. Overall, we do not accept any liability arising from the operation of these third party privacy policies, so please check these policies carefully prior to activating a service.
Legal/Regulatory Bodies: To the extent that we are duty-bound by any applicable legal or regulatory requirement to cooperate with any competent legal or governmental authority or agency, we shall do so in accordance with applicable law. This may involve disclosure of your personal data and we will have no legal liability for such disclosures. Please note that, depending on circumstances, Crunch may be forbidden from advising you of the fact that your personal data has been disclosed to or requested by such third parties.
Under Section 330 of the Proceeds of Crime Act 2002 we have a duty to report to the Serious Organised Crime Agency (SOCA) if we know, or have reasonable cause to suspect, that you or anyone connected with your business are or have been involved in money laundering. Failure on our part to make a report where we have knowledge, or reasonable grounds for suspicion, would constitute a criminal offence. We are obliged by law to undertake this reporting to SOCA, but are under no obligation to make you aware of this reporting. In fact, we may commit the criminal offence of "tipping off" under Section 333 of the Proceeds of Crime Act 2002 if we were to inform you that a report had been made. In consequence, neither Crunch's principals nor staff may enter into any correspondence or discussions with you regarding such matters.
Other Parties: with whom it might be necessary to complete a financial or corporate transaction such as a merger or sale of assets.
How to access and control your data
You can request to review, edit or delete your personal data by contacting us by email to dp@crunch.co.uk. We will acknowledge any request to access or delete your personal data as soon as possible, but certainly within 14 days. All requests will be actioned in accordance with Crunch data retention policy and the UK General Data Protection Regulations.
Communication, marketing and advertising preferences
Communication
You can opt-out of receiving certain direct communications from Crunch.
If you wish to stop receiving promotional or marketing related emails from us, you can do so by following the instructions included in every email sent to you via the "Update your email preferences" link. We respect your choice, and we will stop sending you emails once you unsubscribe or update your preferences. It may take up to 14 days to process your request.
If you have consented to receive communications or marketing from us by SMS text message, you may stop this by replying STOP, by emailing STOP to dp@crunch.co.uk, or by advising us over the phone.
Please note, if you have become a member, subscribed or purchased any of our services regardless of your preferences we will continue to communicate with you for service emails, software updates, policy updates, or significant information about our services.
You can adjust the amount of 'interest-based advertising' (as described below) you may receive by changing your cookie settings, changing your device settings, and/or opting-out of certain advertising networks. If you have opted-out of receiving emails from us, we will not use your email for interest-based advertising activities.
Cookies and Other Similar Technologies
We use cookies and similar technologies like pixels, tags and other identifiers to help us personalise our websites and services for you, remember your preferences, understand how users are using our websites and services and help customise our marketing offerings.
By visiting our websites or using our services you agree that you are happy for us to set cookies and similar technologies for the purposes described in this Policy.
Cookies
A 'cookie' is a small data file that is sent to your computer's cookie file when you visit a website. When you visit the website again the cookie allows that site to recognise your browser.
We use two types of cookie, 'persistent' and 'session'. Session cookies are temporary and will only stay on your device until you close your browser at which point they are deleted. Persistent cookies stay on your computer or mobile device permanently until they expire or are deleted.
We use the following types of cookies on our website:
Strictly necessary cookies. These cookies are essential for you to browse our websites and use the features.
Performance upped. These cookies collect information about how you use our websites. This data may be used to help optimise our website and make it easier for you to navigate.
Functional cookies. These cookies allow our websites to remember choices you make and personalise your experience. We may store your geographic location in a cookie for instance, to ensure that we show you the website relevant to your area.
Third Party cookies. Third party cookies are those placed by websites and/or parties other than Crunch. These cookies may be used on our website to improve our products or services or to help us provide more relevant advertising. These cookies are subject to the respective privacy policies for these external services, for example, the Facebook Data Use Policy.
Analytics cookies. We use analytics cookies, like those offered by Google Analytics, to help us understand things like how long a visitor stays on our website, what pages they find most useful, and how they arrived. To learn more about Google Analytics and your data, visit this Google webpage.
How to control cookie settings
Most web browsers allow you to control cookies through their settings preferences, however if you limit the ability of websites to set cookies, you may impact your overall user experience.
You can learn about how to control cookie settings on popular web browsers, by visiting:
Google Chrome
Internet Explorer
Safari
Firefox
Pixels
In addition to cookies, we sometimes use small graphic images known as 'pixels' (also known as web beacons, clear GIFs, or pixel tags). We use pixels in our email, online chat and phone communications (if you have selected to receive such communications) to help us to understand how you interacted with our communication.
We also use third party pixels (such as those from Google, Facebook, and other advertising networks) to help us provide advertising that is relevant to your interests.
Other Identifiers
When you use our app, we collect a unique ad tracking identifier from your device (the Advertising Identifier or "IDFA" on iOS devices and the Google Ad ID or "AID" on Android devices) so that we can learn more about users of our app and provide the most relevant messaging and marketing. Although these identifiers are unique to your device, they do not contain any of your data such as name or email address.
How to control Identifier Settings
You can control how these identifiers are used, including the ability to reset them, through your device settings. Below you can learn about how to control cookie settings on the following popular device operating systems:
Marketing and Advertising
Crunch uses several marketing tools in support of our advertising efforts.
In accordance with the Digital Advertising Alliance Principles, Crunch may work with third party advertisers that use cookies and similar technologies to provide more relevant advertising about our services on our website and across the internet.
To provide this 'interest-based advertising', the parties combine non-personal data about your online activities acquired over time which helps cater advertising that we deliver to you.
Examples of this may include a Crunch advertisement on a Facebook page, or a Google-owned page such as a search results page or YouTube, or on a site within Google's advertising network. We do not share your data as part of this process.
If you wish to opt-out of interest-based advertising, click here.
If you have opted out of receiving communications from us, we will not use your email for interest-based advertising, although you may still be subject to certain interest-based advertising depending upon your browser and device settings.
Where we store and process data
By submitting your personal data, you agree to its transfer, storing and processing.
Most personal data is stored electronically on servers or computer systems with controlled access and controlled environments.
Crunch servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include monitoring, 24/7 surveillance and on-site security staff.
Other personal data may be kept in paper form within our office, if needed, although in the main copies are destroyed after they have been scanned into computer systems.
We will not transfer personal data outside of the European Economic Area (EEA) without complying with the provisions of the Data Protection Legislation in respect of such transfer. Where you access our services outside the EEA, it shall be your responsibility to ensure that any access outside of the EEA which results in a transfer of personal data complies with the provisions of the Data Protection Legislation.
However if you choose to access your personal data outside the EEA, you should only do so in a secure environment which means that your browser must support the encryption security used in connection with our services.
How we secure your information
Crunch is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure.
For example, any personal data transferred to us over the internet is protected with Secure Sockets Layer / Transport Layer Security (SSL/TLS) Encryption Certificate technology. This ensures that all personal data transferred is encrypted to prevent eavesdropping and tampering.
While no Service is completely secure, Crunch takes precautionary measures and has strict security standards to help prevent data loss, theft, misuse and unauthorised access, disclosure, alteration and destruction or other like incidents that might affect the security of your personal data.
These measures include encryption, password protection, anti-malware, firewalls, server authentication, user profiles, backup/disaster recovery systems, restriction of access to premises and computer systems, as well as use of relevant third party service providers to provide security.
Crunch imposes strict contractual obligations on its suppliers, subcontractors and partners to ensure data is secure, protected and treated in accordance with this Policy and we will take all steps reasonably necessary to maintain compliance with these obligations.
However we cannot guarantee the security of your personal data while it is being transmitted to us if you don’t enter or import it from a secure environment or secure mobile device.
Our services can be accessed through the use of an individual user login and password. To protect the confidentiality of data, you must keep your password confidential and not disclose it to any other person. Please alert us immediately if you believe your password has been misused. Additionally, always logout and close your browser when you finish your session, especially if you’re on a public computer. You are ultimately responsible for administering and safeguarding any passwords or memorable words created to control access. Please note, we will never ask you to disclose your password in an unsolicited phone call or email.
Crunch contracts with certain commercial banks to provide automated feeds of bank transaction data into our accounting software. These services provide an efficient method of transferring receipt and payment details directly from bank statements to your accounting records and the banks’ security protocols are applied to the transmissions. These services do not give Crunch or any third party the ability to transact via the relevant bank accounts.
If you have any questions about the security of your data, you can contact us at dp@crunch.co.uk.
Our retention of your information
Crunch retains personal data for as long as necessary to provide our services or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly.
For example, the default standard retention period for accounting records is six years plus current, otherwise known as six years + one. This is defined as six years after the last entry in a record, followed by first review and/or destruction to be carried out in the additional current (+ one) accounting year.
If Crunch needs to alter, restrict processing of your data, or remove your data outside of our data retention policy period, we will inform you.
Your rights
You can find detailed information about your rights under Data Protection legislation on the UK Information Commissioner's website at ico.org.uk.
You have the right to withdraw consent, at any time and you may always opt not to disclose certain data, but that may mean we will be hindered in our ability to provide our services, or it may mean you will not be able to access certain services.
You have:
-
The right to be informed - You have the right to obtain confirmation whether your personal data is being processed by Crunch or a third party processor. Through this Policy we explain the data we may gather, how it is used and why.
-
The right of access - You have the right to access personal data we hold about you. You can make a request for access to the data we hold about you by emailing dp@crunch.co.uk.
There is no charge for this service. However, we can charge a 'reasonable fee' when a request is manifestly unfounded or excessive, particularly if it is repetitive and we may also charge a reasonable fee to comply with requests for further copies of the same information.
We will provide copies of the personal data we hold about you without delay and at the latest within one month of receipt. The period of time for response may be extended by a further two months where requests are complex or numerous. If this is the case, Crunch will inform you within one month of the receipt of the request and explain why.
-
The right to rectification - You have the right to your personal data being corrected if it is inaccurate or incomplete. If you think your personal data needs to be corrected email dp@crunch.co.uk.
-
The right to erasure (also known as the right to be forgotten). You can withdraw your consent and request the deletion or removal of your personal data, as well as contributions in the forum, where there is no compelling reason for its continued processing. Crunch have in place processes to regularly review the data we hold and ensure that it is removed when it is no longer appropriate to hold it. However if you wish to make a request for your personal data to be removed, you can do this by emailing dp@crunch.co.uk.
-
The right to restrict processing. Under certain specific circumstances, such as when you contest the accuracy of your personal data, you have a right to 'block' or suppress processing of personal data. If this is requested Crunch are permitted to store your personal data, but not further process it. In the unlikely event that you wish to restrict processing you can do this by emailing dp@crunch.co.uk.
-
The right to data portability. You have the right to data portability allowing you to obtain and reuse your personal data for your own purposes across different services. To allow you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without hindrance to usability Crunch can provide you with a CSV file. Please email dp@crunch.co.uk. Please note this right only applies to data subject to automated processing.
-
The right to object. You have the right to object to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing; and
- processing for purposes of scientific/historical research and statistics.
In relation to Crunch, only the direct marketing ground is applicable. If you wish to object to Crunch direct marketing please email dp@crunch.co.uk.
After you have signed up for our services you will receive service related emails from us, which are necessary to enable us to provide our services. You will always have the ability to opt-out of receiving non-service related messages. You can also ask to opt-out of having personal identifiable information used for certain purposes, including promotional communications and newsletters. If you have consented to receive communication or marketing from us by SMS text message, you may curtail this by emailing STOP to dp@crunch.co.uk. You can exercise your right to prevent such processing by following the opt-out instructions, which will be clear and obvious on the forms, or emails we use to collect your data. You can also exercise the right at any time by contacting us at dp@crunch.co.uk.
-
Rights in relation to profiling and automated decision making.
If you exercise any of your rights and your personal data has been shared with third parties, Crunch will notify the third parties that you are exercising your rights as relevant to them.
If you wish to complain about Crunch's handling of your personal data, please contact our Data Protection Officer, providing full details of your complaint and including any relevant documentation, by:
- email dp@crunch.co.uk; or
- letter to the Data Protection Officer, E-Crunch Ltd, Unit W8A, 325-327 The Knoll Business Centre, Old Shoreham Road, Hove, BN3 7GS.
You have the right to lodge a complaint with the Information Commissioner Officer, details of how to do this are given at their website: ico.org.uk.
Changes to our Policy
Crunch may modify or update this Policy when necessary to reflect feedback and changes in our services. Visiting our website and/or using our services after any modification to this Policy will constitute your acceptance of such modification and updates. When we update this Policy we will revise the 'Last Update' date at the top of the Policy.
If there are material changes to the Policy or in how Crunch uses your personal data, we will notify you either by posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to regularly review this Policy to learn more about how Crunch is using and protecting your information.