Privacy Policy

Who are we

This website is operated by Ledgerscope Services Limited. 

Ledgerscope Services Limited is a company registered in England (Company Number 10803032) (referred to either as Ledgerscope or we, our and us throughout this policy) with a registered office at Kemp House, 160 City Road, London, EC1V 2NX.  We provide a range of online services known as Movemybooks, Checkmybooks and Backupmybooks (the Services) from each of the following websites www.movemybooks.co.uk, www.checkmybooks.co.uk and www.backupmybooks.com and/or any of the applications used for the purposes of accessing the Services (the Websites).

Ledgerscope Services Limited is what is known as a ‘data controller’ as it is responsible for handling and processing your personal data when you use this Website and any of our Services.  We are committed to protecting and respecting your privacy and complying with the applicable Data Protection Laws (meaning the Data Protection Act 1998 and, unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998).

Keeping up to date with this Privacy Policy

This statement sets out our privacy policy and explains what we do with the personal information that we collect from our users, including any data you may provide through this Website when you register with us or purchase a Service from us.  Please read the following to understand our views and practices regarding personal information as well as your rights in relation to that information.

This statement was last updated on 6th April 2018. The Data Protection Laws applicable in the UK are going to change soon and so there may be further changes to this statement or some aspects of it which will only apply after May 2018. We reserve the right to modify or amend this privacy policy at any time and for any reason. Details of any changes will be posted at the top of the privacy policy web page.

It is also important that any data we hold about you is kept accurate and up to date so please keep us informed of any changes to your personal data whilst using our Services.

How to get in touch with us

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions or concerns about this privacy policy, including any requests to exercise your legal rights, you should contact our data privacy manager at:

Name of Contact: Matthew Steeples
Email Address: matthew@ledgerscope.com
Postal Address: 160 City Road, London EC1V 2NX

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Third Party Links

Please note that this policy applies only to our Websites and not to the websites of other organisations to which we may provide links. Clicking on links to other websites may allow third parties to collect or share data about you.  We are not responsible for the privacy policies or practices of such third-party sites and you should make your own enquiries in respect of them.

What information do we collect about you?

Personal data for the purposes of the UK’s data protection laws means information about an individual (rather than the name of a company or a partnership for example) from which that person can be identified.

The personal data we collect about you will fall into one of the following categories:

Identity information – information used to ensure we can identify the user of our Services which includes your full name, a username or other identifier when using our Websites;

Contact information – the details we need for getting in touch with you when providing our Services to you including your email address, telephone numbers and any billing or delivery address;

Financial and Payment details – whilst we do not collect or store your bank account or payment card details (as these are all processed by third party service providers), we do retain information about whether you have paid for our Services and details of the Services you’ve received so we can correctly manage your payments to us;

Profile and Usage data – the information about how you use our Websites and Services, your preferences in relation to the Websites, Services and technology used as well as any feedback we receive from you about our Services; and

Marketing and Communications details – information about how you prefer to communicate with us when we are performing our Services for you and also how you might wish to hear from us about our other Services and Websites.

This website is not intended for children and we do not knowingly collect data relating to children.

We do not collect what is known as ‘Special Categories of Personal Data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Nor do we collect any information about criminal convictions and offences.

As noted above, we do not collect or store any of your information which is needed to make payment for our Services, which may include your bank account details or payment card details and details of the Services you’ve received, but this will all be information that you are asked to provide to one of the third party payment service providers that we use for this purpose, being either Stripe or Secure Trading.

What information do we collect that is not about you but is Client Data?

Each of our Services involves you providing us with financial or accounts related data (we call this the Client Data) which has been previously hosted on a third party accounting system (the Source Platform) and for which you are requesting one of our Services (which might include transferring that Client Data to an alternative third party accounting system (the Destination Platform).

The majority of Client Data that you will provide to us will not be ‘personal data’ as such term is defined in Data Protection Laws.

Because there is a possibility that some of the Client Data may include small items of personal data you acknowledge and agree that in respect of such Client Data you act either as a data controller or as a data processor in regard to the data of your clients and that, as a result, we act as a data processor and/or as a sub-data processor in relation to any such Client Data which is also personal data.  All terms used in this provision have the meanings given to them in the Data Protection Laws.

You understand and accept that in providing our Services to you we will make use of the services of and transfer data from and to the third party operators of the Source Platform and Destination Platform with whom you will have your own data processing arrangements in place.  They have not been appointed as third party processors by us, but are acting as your third party processors in relation to Client Data. 

You will have entered or (as the case may be) will enter with these third-party processors into a written agreement substantially on that third party's standard terms of business incorporating terms which are substantially similar to those set out in this section on the use of personal data.  As between you and us, you shall remain fully liable for all acts or omissions of any third-party processor appointed by you in this way.

For more information about our and your responsibilities in dealing with your Client Data please see clause 8 of our Terms of Use.

How and when do we collect personal information?

If you are a customer of Ledgerscope, we collect the personal information that you provide to us when you register as a customer or create an account on one of our Websites. If you use a form on our Websites, phone or email to contact us we will store included personal information.

When you interact with our Websites we will use certain technologies to automatically collect the Profile and usage data.  We collect some of this information by what you tell us, but some of it is collected using cookies or similar technology.  Our use of cookies is explained below.

You may also opt-in to receiving emails with the latest news and special offers from us in which case we will store provided personal information.  Any marketing you receive from us will not relate to communications from or services of any third party, but will only relate to other of our Services and/or Websites and offers or updates relating to them.  You can manage your preferences for what marketing emails you receive from us at any time by using the link in our emails titled "Manage your email preferences".

As explained above, for the purposes of providing our Services we may also receive Client Data which could include some personal data about third parties.  This client Data will either be provided to us by you or by the third party provider that you have identified as providing your Source Platform.

We do not collect personal information in any other way.

How is the information about you used?

We will only use your personal information for purposes you would reasonably expect. Primarily to provide our ServiceS to you, but also to facilitate our business processes such as accounting, marketing, record keeping and to generally manage your relationship with us.  What this means is that your personal information will only ever be used by us in the following circumstances:

- to perform our contract for the Services that you have requested and purchased from us;

- to comply with a legal or regulatory compliance obligation; or

- because it is necessary for our legitimate interests and we have assessed that your interests and fundamental rights do not override our legitimate interests.

We do not rely on consent as a legal basis for our processing of your personal information. 

Below we have explained the different purposes for which we will use the different types of personal data we may have about you and the specific lawful condition for our processing:

Type of information

Purpose for which we use it

Lawful condition for processing

Identity information; and

Contact information

To register your account with us as a new customer

Perform our contract for the Service; and

Because it is necessary for our legitimate interests (where you are not an individual but a company, partnership or LLP with whom we have a contract)

Identity information;

Contact information;

Financial and payment details; and

Marketing and Communications details

To provide the Services requested; and

Manage your account and payments due

Perform our contract for the Service; and

Because it is necessary for our legitimate interests (to recover debts due to us)

Identity information;

Contact information;

Profile and Usage Data; and

Marketing and Communications details

To administer and protect our business, our Services and Websites (which will include troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Because it is necessary for our legitimate interests (to provide IT services, improve and keep our Websites updated, prevent fraud and ensure network security); and

To comply with legal or regulatory compliance obligations

Identity information;

Contact information;

Financial and payment details;

Profile and Usage Data; and

Marketing and Communications details

To send you recommendations about our other Services and Websites which we believe may be of interest to you

Because it is necessary for our legitimate interests (to develop our Services and grow the business)

Identity information;

Contact information;

Financial and payment details; and

Marketing and Communications details

Archived records following the retention periods described below will be marked inactive and hidden from our active client relationship management system with restricted access controls added

Because it is necessary for our legitimate interests (to meet our auditing requirements and for compliance purposes, maintenance of integrity of databases and service logs); and

To comply with legal or regulatory compliance obligations (including retention of transactional details for tax purposes)

Will my personal information be provided to third parties?

We may share your personal information with third parties but only in the strictly limited circumstances set out below.

- We will provide certain personal information to service providers with whom we work, where necessary to fulfil our commercial obligations to those providers.  These are the third party service providers who provide the Source Platform or Destination Platform, and so you also have a direct contractual relationship with them for the use they make of your personal data and/or Client Data (which may or may not include personal data of other individuals (as explained above)).  It is therefore up to you to ensure that such parties are made subject to the same levels of security for your personal information as us and are bound by a legal agreement with you directly to keep your personal information private and secure.

-  In certain circumstances we may share your personal information with affiliated companies and service providers who perform functions on our behalf and you may be asked to provide your information to those service providers for purposes such as processing payments, carrying out promotional services or data management, and our internet service provider (although we use HTTPS for our Websites so all interaction between an internet service provider and our Websites is encrypted). These third parties must at all times provide the same levels of security for your personal information as us and are bound by a legal agreement to keep your personal information private and secure. We do not allow these third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

-  We may also supply your personal information to government bodies and law enforcement agencies but only: if we are required to do so by the requirements of any applicable law; if in our good faith judgment, such action is reasonably necessary to comply with legal process; to respond to any legal claims or actions; or to protect the rights of Ledgerscope, our customers and the public.

- In specific circumstances we may need to share your personal information with professional advisers acting on our behalf or providing services to us including lawyers, bankers, auditors and insurers based in the United Kingdom and who provide consultancy, banking, legal, insurance and accounting services.

- We may also need to share your personal information with HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

How long will my personal information be retained?

We will only process personal information relating to customers, individuals who have contacted us and people who choose to opt-in to us sending them emails with the latest news and special offers in the ways set out in this statement.  

Following a period of 24 months from the date of the last customer request for Services or the last non-customer contact we will stop processing personal information and such individual’s information will be archived.  Although archived and hidden by our systems from active engagement with this information, we will retain the information which relates to our provision of the Services as an inactive record, rather than deleting for the purposes of our auditing and legal compliance requirements.

We will process the information of people who opt-in to emails with the latest news and special offers until such time as they unsubscribe.

Will I be sent information that I did not ask for? 

To keep you informed about the latest news and special offers but only relating to our own Services we may contact you by e-mail. If you do not wish to receive these emails you can unsubscribe using the link included with each email.

Any marketing you receive from us will not relate to communications from or services of any third party, but will only relate to other of our Services and/or Websites and offers or updates relating to them.  You can manage your preferences for what marketing emails you receive from us at any time by using the link in our emails titled "Manage your email preferences".

Use of Cookies

A cookie is a small text file that is sent to and stored on your computer. We only use cookies served by our website hosting service (Squarespace) and these are only used by us because they are essential to make our Websites work properly for you and allow us to analyse how our Website is used. We do not use any third-party cookies.

Cookie details:

crumb

The crumb cookie is used in order to recognise a computer when a user visits our website. It also prevents cross-site request forgery. (Expires when the user browsing session ends).

ss_cid

This cookie is used to identify a unique user for website usage analysis. The value assigned is a random GUID and no personally identifying information is associated with this cookie. (Expires after two years).

ss_cvisit

This cookie is used to identify a user’s session for website usage analysis. The value assigned is the timestamp of the initial page view for a session and no personally identifying information is associated with this cookie. (Expires after thirty minutes).

ss_cpvisit

This cookie represents the same information as ss_cvisit with the exception that it stores the previous session instead of the current one. (Expires after two years).

ss_cvr

This cookie is equivalent to the ss_cid cookie with the exception that it stores the values of the current and ss_cvisit ss_cpvisit cookies. (Expires after two years).

ss_cvt

This cookie is equivalent to ss_cvisit with the exception that it stores a count of the page views for that session. (Expires after thirty minutes).

What security will exist? 

We are committed to protecting the privacy of your personal data. We use appropriate standards of technology and operational security to protect personal information including a Secure Server (based in the EU) and network firewall connection. Operationally, access to personal information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Internet and data storage

The Internet is inherently insecure. Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our Websites is at your own risk.

Transmission of data overseas

Some of the third party operators of the Source Platform and Destination Platform with whom you will have your own data processing arrangements in place, are based in the United States, and so their processing of your personal data will involve a transfer of data outside the European Economic Area (EEA). Other than this, we shall not transfer your personal information outside the EEA.

Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented by either:

- using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and/or

- ensuring the providers we are transferring data to and with who are based in the US are part of the Privacy Shield certification scheme which requires them to provide similar protection to personal data shared between the Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

What are my legal rights in relation to my personal information?

In specific circumstances (usually dependent on the lawful condition for processing that we have relied upon to deal with your personal information) you have legal rights under Data Protection Laws. 

You have the right to:

- Request access to your personal data (this is usually known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.  You will not have to pay a fee to access your information in this way, but if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee or refuse to comply with your request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response;

- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;

- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which we will tell you about, if applicable, at the time of your request;

- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;

- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and

- If we were ever to rely on consent for processing your personal information then you can withdraw that consent at any time. However, we do not currently rely on consent for any of our processing of your data.  If ever applicable to you, this right will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of your legal rights at any time get in touch with us using the details provided above in the how to get in touch with us section