- Trust Center
- Privacy Notice
Privacy Notice
Last Modified: November 22, 2023
The tax.com™ team is committed to protecting and respecting your privacy. This notice explains how we protect information about you and comply with relevant data protection laws (such as the European Union’s General Data Protection Regulation (GDPR) or California’s consumer privacy laws) when you share personal or sensitive data with us through the tax.com platform. This notice also explains why and how we process your information, our retention periods, any third parties we may share information with, and how we transfer information to another country.
No Sale of Personal Data
We do not buy or sell any Personal Data. Specifically, we do not exchange, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate Personal Data for monetary or other valuable consideration to third parties.
Summary of Practices
Primarily, we collect Personal Data online and during the ordinary course of business to offer our tax advisory services and online services, including the tax.com website. The tax.com operating division of Ryan, LLC acts as the Controller for Personal Data collected from you at this site, including business contact and login information. Customers who utilize tax.com online services are the Controllers of the information they upload into the tax.com platform while using our tax advisory services and online services, and Ryan, LLC is the Processor.
Please use the Cookie Notice and Cookie Settings links at the bottom of this page to learn about and customize the use of cookies on our website.
Definitions
Personal Data means “personal information” or “personal data” as defined under applicable jurisdictional law (such as the California Consumer Privacy Act [CCPA] or GDPR) and generally includes information that (either in isolation or in combination with other information) enables you to be directly or indirectly identified (“Personal Data”).
A controller (“Controller”) is an entity that decides how and why Personal Data is processed and is usually responsible for complying with applicable data protection laws. A processor (“Processor” or “Third Party”) is an entity that collects, uses, stores, or analyzes Personal Data on behalf of the Controller.
Table of contents:
No Sale of Personal Data
Summary of Practices
Definitions
How and Why We Collect Personal Data
Data Minimization
Lawful Basis for Processing Your Personal Data
How Long Your Personal Data Will Be Kept
Data Sharing
Your Rights in Relation to This Processing
Security
Transfer of Personal Data
Change
Further Information
Cookies
Security
Contacting the Website
How and Why We Collect Personal Data
From general website usage or events: We collect Personal Data that you choose to provide to us, for example, on our “Contact Us” and “Request a Demo” (or similar) online forms or when you subscribe to our newsletters, attend our webinars, register for our events, participate in (optional) surveys used to improve our services.
From using our services: We collect internet or other electronic network activity for security and performance monitoring when you use our services. We also collect Personal Data for conventional business purposes. We may also gather your feedback. Specifically:
- Business interactions: We collect your business contact information during the day-to-day operations of our business managing our business relationship with you or your organization. We may use this information in communications with you, to notify or update you of changes in our services, to facilitate the investigation of any complaint, and for evidential purposes in any dispute.
- User account information: When setting up an account on the tax.com platform, Ryan.com platform, or other of our systems, we may collect Personal Data such as name, e-mail address, postal address, phone number, and job title. We may also collect related commercial information, such as records of the purchased services or information related to requests for demos.
- Usage information: We keep track of user activity concerning the utilization of our services by our customers. We also keep track of communications seeking our support or advice with respect to our services.
- Log information: We log information about how users interact with our services, including their IP addresses, dates and times of logins, and related information to facilitate, analyze, and improve the use and security of our systems and to prevent fraud or criminal activity.
- Information collected by tracking technology: We use various technologies to collect information, including saving cookies to users’ computers to create a bespoke experience based on your preferences, as well as to improve our online functions and measure those marketing activities permitted.
- Customer feedback: We may ask you to provide feedback (e.g., in the software directly or after receiving help from our support team). Providing this feedback is entirely optional.
Data Minimization
We take reasonable steps designed to ensure that your Personal Data that we process are limited to the Personal Data reasonably required in connection with the purposes set out in this notice.
Lawful Basis for Processing Your Personal Data
Depending on the processing activity, we rely on the following lawful bases for processing your Personal Data, including special category data or sensitive Personal Data as those terms are defined under relevant law:
- Consent: You have provided your prior consent for data to be processed for specific purposes (only used in relation to entirely voluntary processing and not for processing that is necessary or obligatory in any way).
- Contractual Necessity: Processing is necessary for the performance of an agreement with Controller.
- Legal Obligation: Processing is requested by a Controller to comply with a legal obligation to which the Controller is subject, such as tax reporting.
- Legitimate Interest: We have a legitimate interest in carrying out processing (to the extent not overridden by your interests or fundamental rights and freedoms) for the purpose of onboarding new customers, providing products and services to you, protecting against fraud or other criminal activity, and managing risks to which our business is exposed.
- Performance of an Agreement: Processing is necessary for the performance of a contract with a Third Party for the benefit of Controller, such as the use of one of our Trusted Third Parties for specific services.
How Long Your Personal Data Will Be Kept
Our policy is to retain your Personal Data for so long as it is required for the purpose for which it was collected and longer where we are obliged to do so for legal obligation(s) under applicable law to comply with legal, regulatory, and business or policy requirements. For information about how long we hold your Personal Data, you may request a copy of our retention schedule.
Data Sharing
Subprocessors: We may share Personal Data with third-party processors listed on our Subprocessor page.
Legal and Regulatory requirements: We may also share data to comply with court orders and other legal and regulatory requirements, including sharing information with government agencies and external auditors and tax authorities for the purpose of collecting tax contributions. This sharing will always be in accordance with the relevant data protection and privacy laws applicable.
Your Rights in Relation to This Processing
Where afforded by applicable jurisdictional law, such as the GDPR, you may have the right to:
- Receive information regarding our treatment of your Personal Data
- Require us to rectify any mistakes in your Personal Data
- Not be subjected to automated individual decision-making
- Require erasure of your Personal Data (subject to certain legal exceptions)
- Require restriction of processing of your Personal Data
- Object to the processing of your Personal Data
- Require data portability of your Personal Data
Where afforded by applicable jurisdictional law, such as the CCPA, you may also have the following rights:
- The right to know the categories or specific pieces of personal information we collected about you, the categories or sources for that Personal Data, the purposes for which we use that information, the categories of third parties with whom we disclose that information, and the categories of information we sell or disclose to third parties
- The right to require that we delete Personal Data that we collected and tell our service providers to do the same (subject to certain legal exceptions)
- The right to opt out of the sale or sharing of your Personal Data
- The right to limit our use and disclosure of your sensitive Personal Data (e.g., social security number, financial account information, geolocation data, or genetic data) to limited purposes, such as providing you with the services requested
To exercise these rights, please click here to use our Data Subject Access Request Form. If you wish to communicate with us as to how we have handled your Personal Data, or you believe that you previously consented to tax.com collecting your Personal Data and you’d like to withdraw your consent, please submit your communication via e-mail at privacy@tax.com.
Security
If contact with us does not resolve your issue, and you believe that your Personal Data has not been handled appropriately according to applicable law, you can contact the relevant data protection authority in your country and file a complaint with them.
Transfer of Personal Data
Ryan, LLC is an international Firm, and your data may be shared outside of the European Economic Area (EEA) to perform our services and run our business:
- As between firm entities and member firms of our network, including those located in the U.S., UK, and India
- With our third-party service providers
- Within IT systems used by us that host and support IT functions and applications
Where your Personal Data is transferred outside the EEA, in the absence of EU adequacy decisions relating to a country, we will have appropriate safeguards in place, such as Intragroup Data Transfer Agreements, Standard Contractual Clauses, and appropriate security technical and organizational measures designed to process your Personal Data per this Privacy Notice and applicable local data protection and privacy laws. We limit access to Personal Data to persons with a genuine business need to access it and who are subject to a duty of confidentiality. However, the transmission of information to us via the internet is not completely secure and security cannot be guaranteed against all threats. If you want to receive more information about international transfers of Personal Data, including the safeguards applied and countries to which your data may be transferred, please contact us using the details provided below.
Change
We may modify or amend this Privacy Notice from time to time. When this Privacy Notice is modified or updated, the Version Date will be updated, and the modified or amended Privacy Notice shall be in effect as of such date.
Further Information
Marketing and Communications: If you are an existing customer, we may send marketing communications to you about our business such as new products, service lines, updates, industry developments, and surveys that may be of interest to you. We rely upon our legitimate business interests to do so and will not seek consent. You may opt out at any time.
Just-in-Time (“JIT”) Privacy Notices: Where we invite you to submit Personal Data to us for a new purpose (such as using a new tool or joining us as a new employee), you will be provided with a JIT Privacy Notice setting out the purpose of processing, the lawful basis, and other relevant information at that time.
Privacy Notices for any third party who may have access to your Personal Data can be provided upon request by contacting the Privacy Officer at privacy@ryan.com.
Cookies
To assist us in gathering information needed to grow a useful and interesting site, we collect visitation data utilizing cookies. On a user’s first visit, a cookie is placed on the user’s machine and is then recognized by our site on each subsequent visit. This helps us to identify new and returning visitors. The information collected with the cookies issued by this site includes the IP addresses from which users access our site, the date and time of their visits, the URLs of the pages that they view, and the browser used to view the site. A description of our cookies and your cookie preferences are available at the Cookie Notice link at the bottom of this page. No information gathered on our site is shared, sold, rented, or traded outside our enterprise.
Security
We have security measures in place to protect the loss, misuse, and alteration of the information under our control, which you can read about in more detail at the Security page of the Trust Center.
This site may contain links to other websites not owned by Ryan, LLC or its affiliates. We are not responsible for the privacy practices or the content of such websites.
Contacting the Website
If you have any questions about this privacy statement, the practices of this site, or your dealings with this website, you can contact us at:
Tax.com (a division of Ryan, LLC)
Three Galleria Tower
13155 Noel Road
Suite 100
Dallas, Texas 75240-5090
972.934.0022
privacy@ryan.com