Privacy notice: tax advice study

In this privacy notice, we explain the legal basis for data processing, who will have access to your personal data, how your data will be used, stored and deleted, and who you can contact with a query or complaint.

Who is the data controller and data processor?

For the purpose of data protection legislation, HM Revenue and Customs (HMRC) is the data controller for the personal data processed as part of this research. The National Centre for Social Research (NatCen) who are conducting the research on behalf of HMRC are the data processors.

What is the legal basis for processing my data?

As data controllers HMRC are responsible for deciding the purpose and legal basis for processing data. For this project, the legal basis for processing data is so HMRC can perform their lawful functions to complete a public task.  This means that processing is necessary to carry out a task conducted in the public interest. More information on how HMRC use data for research can be found here: Research at HMRC - HM Revenue & Customs - GOV.UK (www.gov.uk)

What personal data is being collected?

NatCen Social Research have been asked by HMRC to speak to taxpayers who have used offshore specialists. The aim of the research is to better understand the relationship between taxpayers and their advisers. The research will explore customers’ circumstances, thought processes and experiences of these services. The findings will inform HMRC’s future policymaking in relation to these services.

To recruit participants, NatCen will be processing personal data (including name and telephone number) of individuals who may have used these services, drawn from HMRC records. Individuals will receive an advance letter about the study and be given the opportunity to opt out of the research by contacting HMRC if they do not want to be contacted by NatCen. Following this opt out period, the personal data of customers who did not contact HMRC about opting out of the research will be transferred securely using a secure file transfer system and stored in a secure folder on NatCen’s server. NatCen’s Telephone Unit will use this data to contact customers, inviting them to take part.

Interviews with participants will be recorded with permission (audio only). These will be transcribed by Joe McGowan Transcriptions. Full transcripts will be stored securely on NatCen’s secure server and only accessed by the research team.

Who will have access to my personal data?

NatCen are carrying out this research. The research team at NatCen will have access to:

  •  Research participant contact details
  •  Audio recordings and transcripts

All data gathered will be anonymised before being analysed, and personal data will only be accessible to the research team at NatCen. NatCen will only keep your personal data for as long as it is needed for the purpose of this research, after which point it will be securely destroyed.

Joe McGowan Transcriptions is the transcription service we use to transcribe our interview data. They will have access to recordings and transcriptions from the interviews; no other data will be shared with them. McGowan Transcriptions are on NatCen’s approved supplier list and compliant with all of NatCen’s information security policies.

How will my data be treated?

Data will only be used for research purposes. NatCen will store and handle all data securely and confidentially in line with the GDPR. Only the research team at NatCen and transcribers at McGowan will have access to the data. NatCen will not inform any third party, including HMRC, that you have taken part or what you have said.  Reports and publications arising from this research will not identify any individual taking part. We may use direct quotes in reports, but these will be anonymised.

All personal information, and any other data held on the project, will be securely deleted six months after project completion.

Who can I contact with a query or a complaint?

If you have any questions about how your data will be used, please contact HMRC’s Data Protection team at advice.dpa@hmrc.gov.uk.

Under GDPR, you have the right to lodge a complaint about how information has been used or managed with the Information Commissioner’s Office (ICO) at www.ico.org.uk/concerns or using 0303 123 1113.