top of page
Teamwork on Report

Privacy Policy

Last updated: 16/01/2025
 

This Privacy Policy explains how CheckMyRates (“we”, “us”, “our”) collects, uses, shares and protects personal data when you visit our website, contact us, or use our services.

This policy is intended to meet our transparency obligations under UK data protection law, including the UK GDPR and the Data Protection Act 2018.

 

1) Who we are

Data Controller: CheckMyRates [Payless Business Group Ltd]
Registered address: [24 Ferrars Way, CB4 3RE]
Email: [info@checkmyrates.uk]

If you have questions about this Privacy Policy or how we handle your information, contact us using the details above.

​

If you use our services on behalf of a business, you confirm you are authorised to provide the information you submit (including information about colleagues, staff, suppliers, or other third parties) where relevant.

​

2) The information we collect

We collect information in the following categories (not all will apply to every customer):

A) Information you provide to us

  • Identity and contact details: name, job title, business name, email address, phone number, business address.

  • Account and enquiry information: messages you send us, notes of calls/meetings, preferences.

  • Documents and uploads: bills, invoices, contracts, statements, tariff details, telecoms inventories, merchant services statements, business rates documents, and related evidence you provide.

  • Authority documents: letters of authority or similar permissions where required to progress work.

  • Payment and billing: billing contact details and transaction records (we do not store full card details if processed by a payment provider).

B) Information we obtain from third parties (where relevant to the services)

Where you instruct us and/or provide authority, we may obtain or verify information from:

  • service providers and suppliers (e.g. utilities, telecoms providers, payment providers/merchant acquirers);

  • relevant public bodies and agencies connected to the work (e.g. business rates bodies and related portals);

  • identity/verification or fraud-prevention providers (where proportionate);

  • professional advisers or delivery partners supporting the execution of agreed work.

We only obtain such information where it is necessary for a legitimate service purpose and consistent with your instructions and the scope of work.

C) Information we collect automatically (website usage)

When you use our website, we may collect:

  • device and browser information;

  • IP address (often truncated/aggregated where possible);

  • pages viewed and interaction data;

  • referral source and approximate location (city/region level);

  • cookie identifiers (where cookies are enabled).

See Cookies below for more detail.

​

3) How we use your information

We use personal data for the following purposes:

  1. To respond to enquiries and provide information you request.

  2. To initiate and conduct reviews (including receiving uploads, analysing documents, validating findings, and preparing outputs).

  3. To progress execution where the engagement proceeds (e.g. contacting suppliers/third parties, submitting information, tracking resolution, and administering cases).

  4. To manage our relationship with you (service communications, updates, and operational notices).

  5. To take payment and manage accounts (invoicing, receipts, refunds, and credit control).

  6. To improve our website and services (analytics, troubleshooting, testing, and service development).

  7. To keep records and protect our business (quality assurance, dispute handling, complaint management, training, fraud prevention, and compliance).

  8. To comply with legal obligations (e.g. tax/accounting record requirements and responding to lawful requests).

​

4) Lawful bases for processing

UK GDPR requires a lawful basis for each use of personal data.
We typically rely on the following:

  • Contract: where processing is necessary to deliver the services you request or to take steps at your request before entering into a contract.

  • Legitimate interests: where it is necessary for our legitimate business interests (for example, running our business, preventing fraud, improving services, and communicating with business contacts), and those interests are not overridden by your rights.

  • Legal obligation: where necessary to comply with legal obligations (e.g. tax and accounting).

  • Consent: where required (for example, certain marketing communications or non-essential cookies). You can withdraw consent at any time where consent is the lawful basis.

If we ever need to process special category data (e.g. health data) we will only do so where a specific condition applies and we will explain this at the time. In general, we do not require special category data to provide our services and ask you not to upload it unless we request it.

​

5) Marketing communications

We may send business-related communications where permitted by law, including:

  • responses to your requests;

  • service updates and operational notices;

  • information about services likely to be relevant to your role.

Where we rely on consent for marketing, you can withdraw it at any time. Where we rely on legitimate interests you can object (see “Your rights” below).

You can opt out of marketing at any time using the unsubscribe link (where provided) or by contacting us.

​

6) Cookies and similar technologies

We use cookies and similar technologies to operate our website and improve performance. Cookies may be:

  • Strictly necessary (site functionality and security);

  • Analytics/performance (understanding how visitors use the site);

  • Functionality (remembering preferences);

  • Marketing (where used, and subject to your choices).

Where required, we will request your consent for non-essential cookies and provide controls via our cookie banner/manager. ICO guidance expects cookie information to be clear and accessible.

​

7) Who we share information with

We share personal data only where necessary, and we aim to share the minimum required.

A) Service providers (processors)

We may share information with trusted providers who help us run the business, such as:

  • website hosting and infrastructure;

  • file storage and secure document processing;

  • email and communications tools;

  • CRM and customer support systems;

  • analytics providers;

  • payment processors;

  • professional advisers (accountants, legal advisers);

  • specialist delivery partners where needed to progress agreed work.

These providers process personal data under contract, acting on our instructions, and must protect it.

B) Third parties for execution (where engagement progresses)

Where necessary to progress agreed actions, and where authority/instruction is in place, we may share relevant information with:

  • suppliers and service providers connected to your accounts;

  • relevant bodies connected to business rates and related processes;

  • other parties directly involved in resolution.

C) Legal and safety

We may disclose information if required to do so by law, court order, or regulator, or to protect our rights, safety, and property, or those of others.

​

8) International transfers

Some of our suppliers may store or access data outside the UK. Where personal data is transferred internationally in a way that is considered a “restricted transfer”, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum, and carry out risk assessment where required.

We will provide more information about relevant safeguards on request.

​

9) Data security

We use technical and organisational measures designed to protect personal data, which may include access controls, encryption in transit and at rest where available, secure storage, least-privilege access, and staff/contractor confidentiality obligations.

No system is completely secure. While we take security seriously, we cannot guarantee the security of information transmitted to us via the internet. You should take care when submitting information and ensure your own devices and accounts are protected.

​

10) How long we keep your information (retention)

We keep personal data only for as long as necessary for the purposes described in this policy, and we use retention criteria consistent with the UK GDPR storage limitation principle (including having appropriate retention schedules).

Typical retention approach (may vary by case and legal requirements):

  • Enquiries: retained for a period after last contact to manage follow-ups and record-keeping.

  • Client files and supporting evidence: retained for the duration of the engagement and for a reasonable period afterwards for audit trail, dispute handling, and legal/financial record-keeping.

  • Financial records: retained as required for tax/accounting purposes.

  • Marketing preferences: retained until you opt out or we no longer use them.

  • Website analytics: retained for a limited period (often in aggregated form).

If you would like more detail on retention periods for a specific category of information, contact us.

​

11) Your rights

Under UK data protection law, you may have rights including:

  • the right to be informed;

  • the right of access;

  • the right to rectification;

  • the right to erasure;

  • the right to restrict processing;

  • the right to data portability (in certain circumstances);

  • the right to object (including to direct marketing);

  • rights related to automated decision-making and profiling.

These rights are described by the ICO as part of the right-to-be-informed transparency requirements.

To exercise your rights, contact us. We may need to verify your identity before responding.

​

12) Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the UK data protection regulator, the Information Commissioner’s Office (ICO).

​

13) Children’s data

Our services are intended for business users and are not directed at children. We do not knowingly collect personal data from children.

​

14) Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects solely by automated means. Where we use tools that assist with document review or pattern detection, humans remain responsible for conclusions and decisions.

​

15) Third-party links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those third parties. You should read their privacy policies.

​

16) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be highlighted on our website or communicated to clients where appropriate.

See if we can help you and your business today

bottom of page