Your privacy matters. Learn how we protect your data with enterprise-grade security and transparent practices.
At Digital Reporting (UK), we protect your financial data with bank-grade security. We process your financial statements and company information solely to deliver iXBRL, UKSEF, and ESG compliance services. We never sell or share your data with third parties for marketing purposes.
This privacy policy covers all information collected through our website, platform, and iXBRL services. It applies to your financial statements, company details, and personal data provided during onboarding, tagging, validation, and HMRC/Companies House filing.
Yes, we're fully compliant with UK GDPR, DPA 2018, and ICO guidelines. We're registered with the ICO and follow strict data protection standards for financial services. You have rights to access, correct, delete, and port your data under UK law.
We retain financial data for 7 years from filing date (UK Companies Act requirement for accounting records). Personal data is retained during our service relationship plus 7 years for HMRC audit purposes. You can request deletion after statutory retention periods expire.
We will notify you of any material changes to our privacy policy via email and by posting updates on our website. We recommend reviewing our privacy policy periodically. Continued use of our services after changes indicates acceptance of the updated policy.
Contact our Data Protection Officer at hello@digitalreporting.co.uk for privacy queries. We respond within 30 minutes during business hours (Mon–Fri, 09:00–17:30 UK time) and within 30 days for formal data subject requests as required by UK GDPR.
We collect: contact details (name, email, phone), company information (registration number, address, SIC codes), financial statements (for iXBRL tagging), filing deadlines, and authorized signatory details. We only collect data essential for HMRC and Companies House compliance filing.
We collect data through: website forms, secure file uploads (PDF/Excel financial statements), platform account registration, HMRC Government Gateway integration, Companies House API, and direct client communications. We use cookies for session management and analytics.
Your financial statements contain sensitive business data. We process this under strict security: encryption in transit and at rest, access limited to authorized tagging specialists, audit logging, and automatic deletion after retention period. We never use your data for AI training without explicit consent.
Yes, you have control over your data collection. You can opt out of non-essential data collection, manage cookie preferences, and specify what information you're comfortable sharing. We will always respect your data preferences and boundaries.
We use essential cookies for website functionality and analytics cookies to understand user behavior and improve our services. We also use tracking pixels for email communications. You can manage your cookie preferences through our cookie settings.
After HMRC/Companies House filing, we retain iXBRL files and submission confirmations for 7 years (UK statutory requirement). Source financial statements can be deleted upon request after successful filing. All data is archived in encrypted, access-controlled storage.
We use your data to: convert financial statements to iXBRL format, validate against HMRC/FRC taxonomies, submit filings to Companies House and HMRC, provide compliance support, and maintain filing history. All processing is for direct service delivery—no marketing or third-party sales.
We share data only with: HMRC (for CT600 and accounts filing), Companies House (for statutory accounts), cloud infrastructure providers (AWS/Azure with UK data residency), and payment processors. All third parties sign data processing agreements and comply with UK GDPR.
You can opt out of marketing emails anytime via unsubscribe links or by contacting hello@digitalreporting.co.uk. Opting out doesn't affect essential service communications (filing confirmations, deadline reminders, HMRC/Companies House updates, invoice notifications).
We process data under: contractual necessity (to deliver iXBRL services), legal obligation (UK Companies Act, HMRC regulations), and legitimate interests (service improvement). For marketing, we require explicit consent. All processing complies with UK GDPR and DPA 2018.
We may use automated analysis to improve our services and provide personalized recommendations, but we don't make significant automated decisions about individuals without human oversight. You have the right to request human review of any automated decisions that affect you.
Yes, you can opt out of non-essential data uses including marketing communications, analytics, and certain data processing activities. However, opting out of essential data processing may limit our ability to provide some services. We'll clearly explain any limitations.
We use bank-grade encryption: TLS 1.3 for data in transit, AES-256 for data at rest. Financial statements are encrypted from upload through processing to HMRC submission. Encryption keys are managed via AWS KMS/Azure Key Vault with hardware security modules.
In the event of a data breach, we notify affected clients within 24 hours and the ICO within 72 hours (UK GDPR requirement). We provide detailed breach information, mitigation steps, and support. Our incident response team contains breaches immediately and conducts forensic analysis.
Your financial data is stored in UK-based data centers (AWS London, Azure UK South/West). All data remains within the UK to comply with data sovereignty requirements. Our infrastructure has physical security, environmental controls, 24/7 monitoring, and redundant backup systems.
We maintain SOC 2 Type II and ISO 27001 certifications for information security. Our infrastructure complies with HMRC Government Gateway security standards and Companies House API requirements. Regular penetration testing and security audits ensure financial data protection.
All data transmission uses TLS 1.2 or higher encryption with perfect forward secrecy. We implement certificate pinning, HSTS headers, and encrypted VPN connections for all data transfer. API communications use OAuth 2.0 and JWT tokens with time-limited access.
Access to financial data is restricted to authorized iXBRL tagging specialists and quality reviewers only. We use role-based access controls (RBAC), multi-factor authentication, and activity logging. All employees sign NDAs and undergo background checks. Access is revoked immediately upon role changes.
Under UK GDPR, you have rights to: access your data, correct inaccuracies, delete data (after retention periods), port data to other providers, restrict processing, object to processing, and withdraw consent. Contact hello@digitalreporting.co.uk to exercise your rights.
Request your data by emailing hello@digitalreporting.co.uk with subject "Data Subject Access Request". We'll verify your identity and provide a comprehensive report within 30 days (UK GDPR standard), including: contact details, company information, filing history, and stored financial documents.
Yes, you have the right to request deletion of your personal data ("right to be forgotten"). We'll process deletion requests within 30 days, though some data may be retained for legal compliance. We'll notify you if any data cannot be deleted and explain why.
You can request corrections to your personal data through our customer portal or by contacting our support team. We'll verify and update inaccurate information within 30 days. For some corrections, we may need additional verification to ensure data integrity.
Yes, you have the right to data portability. We provide your data in machine-readable formats (JSON, CSV, XML) so you can transfer it to other services. This includes all personal data you've provided and data generated through your use of our services.
Contact hello@digitalreporting.co.uk first to resolve concerns. If unsatisfied, you have the right to complain to the ICO (Information Commissioner's Office) at ico.org.uk or call 0303 123 1113. The ICO is the UK supervisory authority for data protection.
Email our Data Protection Officer at hello@digitalreporting.co.uk. We respond within 30 minutes during business hours (Mon–Fri, 09:00–17:30). For formal data subject requests, we provide full responses within 30 days as required by UK GDPR.
Privacy policy updates are posted on our website at The Digital Reporting Company.com/privacy, and we maintain a change log showing all modifications. We also email notifications to active users about significant changes. Version history is available for transparency.
Our Data Protection Officer is available Monday-Friday, 9 AM-6 PM EST for privacy consultations. For urgent privacy matters or data breaches, we have 24/7 emergency support. Email inquiries are monitored continuously with response within 48 hours.
Yes, we offer privacy training sessions for client teams working with AI systems. This includes data handling best practices, GDPR compliance training, and privacy-by-design principles. Training can be customized for your industry and specific use cases.
Report privacy concerns immediately to hello@digitalreporting.co.uk with subject "Privacy Concern". We investigate all reports within 48 hours. For serious breaches, contact the ICO directly at ico.org.uk. You can also report anonymously through our secure web portal.
Digital Reporting (UK) is registered with the ICO (Information Commissioner's Office) for data protection compliance. Our ICO registration number is available upon request. We operate under UK GDPR, DPA 2018, and follow ICO guidelines for financial data processing.
Fixed pricing. Expert support. Fast delivery.
We deliver three solutions: iXBRL filing, UKSEF compliance, and ESG reporting. Our team responds to your questions within 30 minutes during business hours (Mon–Fri, 09:00–17:30).
40–60% lower cost. 30-minute support response. 48-hour delivery.
