Privacy policy

Apt Payroll Services Ltd is committed to protecting the privacy and security of personal data entrusted to us. This policy explains how we collect, use and disclose our client and their employees’ information.

By using our services or interacting with our website, you agree to the terms outlined in this Privacy Policy. This policy replaces any existing statement or agreement.

This policy was last reviewed on the 13th of October 2025.

Scope

This policy shall be provided to existing clients in compliance with GDPR.  It shall also be provided to any potential clients wishing to outsource payroll, pension or any other potential service Apt Payroll Services Ltd may administer. It is the responsibility of the client as the Data Controller to ensure this policy is available to the Data Subjects.

Information we collect

Personal data means any information that may be used to identify an individual including but not limited to a first or last name, a home address or other physical address, and an e-mail address or other contact information, whether at work or home.

The personal data we collect from you may be used for the following purposes:

  • Fully managed payroll outsourcing service on behalf of the client, either directly or indirectly through an accountant

  • Management of workplace pension scheme

  • Internal personal records of the staff of Apt Payroll Services Ltd

  • Submissions to HMRC, DWP, TPR and other regulatory authorities deemed as lawful

  • Email/correspondence to inform and advise clients and potential new businesses of specific payroll duties, legislation changes and any other changes in the services we provide

  • Email marketing to clients and potential new businesses to promote additional services that Apt Payroll may develop in relation to its core business

Why do we collect, process, and store this data?

As a payroll bureau, managing the outsourced payroll and pension requirements of our clients, we are the Data Processor.  It is necessary to hold relevant information in relation the employees of our clients, for whom we provide a payroll and pension service.  The client is the Data Controller.  Apt Payroll Services Ltd will act on behalf of our clients as the Data Processor and use the employer’s data so that it can:

  • Set up PAYE and pension scheme

  • Process and calculate pay

  • Process and calculate pension calculations

  • Add new and maintain employee data held within payroll software systems

  • Production of contracts of employment

  • Report to the HMRC liabilities and perform RTI submissions

  • Process Attachment of Earnings Orders

  • Keep employees and employer records up to date

  • Setup and provide payslips to client employees and our staff

  • Provide payroll and pension support to clients

  • Liaise and make available employee data under legislation such as Child Maintenance Service, court orders, and any other legal or regulatory requirements

  • Make BACS and other transactions to pay employees wages

  • Provide a response to regulatory bodies e.g. DWP, HMRC Child Maintenance Service, and TPR Requests for information

  • Anti-money laundering ID verification

How we meet our GDPR obligations

The personal and special categories of personal data we collect and process is necessary as Data Processor. We will comply with our legal requirements and in performance of our contract with our clients, providing a managed outsourced payroll, pension, and associated administrative functions service.

We will ensure that all personal data is lawfully processed, only collected for specified, explicit and legitimate purposes, and that we only collect and process adequate data to fulfil our legal and contractual responsibilities. We will make every endeavour to ensure the accuracy of the personal data will be managed securely. Personal data not retained will be appropriately destroyed or returned to the client in the manner detailed within the Standard Terms and Conditions.

How we obtain personal data

As the Data Processor for our clients, we obtain the bulk of the data subject information from the client at the commencement of our contractual relationship. Additional information necessary to process employee payroll, pensions, and administrative services (such as hours worked, pay rates, holiday, and sickness) is provided to Apt Payroll Services Ltd in the manner agreed with the client in the Standard Terms and Conditions. It is the responsibility of the client as the data controller to ensure that all personal data provided is accurate, appropriate, and lawful under the GDPR.

Consent

Consent must be freely given, specific, informed and unambiguous, and verifiable. Consent can also be withdrawn by the Data subject.

In accordance with GDPR, as our client you are the Data Controller.  It is your responsibility to collect and forward, in a secure manner, the personal data of those individuals you wish Apt Payroll Services Ltd to process as the Data Processor in the management of your outsourced services.

Individuals rights

It is important that all Data Subject know their rights under GDPR:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling

More information on the individual rights of a Data Subject can be found on the below link:

 The rights of individuals | ICO

Should a Data Subject wish to exercise any of their rights within the GDPR, they should, in the first instance, contact their respective Data Controller’s Data Protection Officer.

The type of personal information we collect

As our client, we will use the data you collect to manage your payroll or service, as agreed in our Standard Terms and Conditions. We collect most of the necessary personal data during the initial contractual process, in which you detail your instructions on our New Client Details Form or New Starter Form

The personal data we may use includes:

  • Name, postal address and email address

  • NI number

  • HMRC information

  • Bank account details

  • Proof of identity

  • Leave records

  • Contract of employment and HR details

  • Next of kin details

  • Date of birth

  • Title

  • Gender

  • Ethnicity

  • Martial status

  • Previous employment history

  • Student loan information

  • Client details (name, address, date of birth, NI Number, passport number/driving licence number, position in organization, telephone numbers, email, and other contact details)

Sharing personal data

Subject to the applicable data protection law, we may share your personal data:

  • Subcontractors and other persons who help us provide our products and services

  • Courts, to comply with legal requirements, and for the administration of justice

  • Companies and other professional advisors, including our auditors

  • Fraud prevention agencies, credit reference agencies, and debt collection agencies, when we open your account and periodically during your account or service management

  • Other organisations who use shared databases for income verification and affordability checks to manage/collect arrears

  • Government bodies and agencies in the UK and overseas (e.g HMRC) who may in turn share it with relevant overseas tax authorities and with regulators

  • In an emergency or otherwise to protect your vital interests

  • Anyone else where we have your consent or the law requires it

Retention of data

We will retain all data that may be processed for the purposes of the legitimate interests of Apt Payroll Services Ltd. We will hold this information for six years plus the current tax year:

  • Retention in case of queries: We will retain your information as long as necessary to deal with your queries.

  • Retention in case of claims: We will retain your information as long as you might legally bring claims against Apt Payroll Services Ltd

  • Retention in accordance with legal and regulatory requirements:  We will retain your information after your client file has been closed or otherwise has come to an end, based on our legal and regulatory requirements

Identity verification and fraud prevention checks

The personal data we have collected from you at the commencement of our contract, or at any stage, will be shared with fraud prevention agencies, which will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment in the future. We may also search and use our internal records for these purposes. We will advise you prior to entering any such contractual obligation.

Subject to applicable laws, we will seek the monitoring and recording of your calls, emails, text messages, social media messages and other communications in relation to your dealings with us.  We will do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on your account where necessary for these reasons and this has been justified by our legitimate interests or our legal obligations.