1. Introduction
TT Tax Solutions Limited, trading as TwentyTwenty Tax (“2020TAX”, “we”, “us”, “our”), is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our website at 2020tax.ie and our tax refund services.
We are the data controller for personal data processed in connection with our services. We are subject to the EU General Data Protection Regulation (GDPR), the Data Protection Acts 1988–2018 (as amended), and all other applicable Irish and EU data protection law.
2. Data We Collect
We collect the following categories of personal data:
Identity & Contact Data — Your name, email address, phone number, postal address, and date of birth.
Tax & Financial Data — Your PPS number, employment details, annual income, tax year information, P60s or payslips you provide, employer details, and bank account details for refund payment.
Usage Data — How you interact with our website, which pages you visit, how long you spend on them, and which tools you use. This includes IP address, browser type, and device information collected via cookies and analytics tools.
Communications Data — Records of emails, messages, or other correspondence between you and our team.
Sensitive Data — In some cases, claiming certain tax credits (e.g. health expenses) may involve data that is sensitive by nature. We only process this where you have explicitly provided it for the purpose of your claim.
3. How We Collect Your Data
We collect data when you:
- Register for an account or submit your details via our website
- Use our Refund Calculator
- Upload documents or complete forms as part of a claim
- Contact us by email, phone, or contact form
- Browse our website (automatically, via cookies — see Section 8)
4. Why We Use Your Data (Legal Bases)
We process your personal data on the following legal bases under GDPR Article 6:
Performance of a contract — Processing your identity, contact, and tax/financial data is necessary to provide you with our tax refund service, prepare your claim, and transfer your refund.
Legal obligation — We are required to retain certain records for compliance with Irish tax law, accounting regulations, and anti-money-laundering obligations.
Legitimate interests — We use usage data to improve our website and services, and to detect fraud or abuse, where this does not override your rights and freedoms.
Consent — Where we send you marketing communications, we do so only with your consent, which you can withdraw at any time.
Where we process sensitive data (e.g. health expense information), we rely on your explicit consent under GDPR Article 9(2)(a).
5. How We Use Your Data
We use your personal data to:
- Verify your identity and eligibility for our services
- Prepare and submit tax refund claims to Revenue on your behalf
- Calculate your estimated and actual refund
- Transfer your refund net of our fee to your bank account
- Provide you with updates on your claim status via your dashboard and email
- Respond to your enquiries and provide customer support
- Improve our tools, platform, and AI models (using anonymised/aggregated data only)
- Comply with our legal and regulatory obligations
- Send you service-related communications and, where you have consented, marketing updates
6. Who We Share Your Data With
We do not sell your personal data. We share it only where necessary:
Revenue Commissioners — We submit your claim data directly to Revenue as part of our service. This is done solely on your instruction and with your explicit authorisation.
Technology service providers — We use trusted third-party providers for hosting, cloud storage, email delivery, and analytics. All providers are subject to data processing agreements and operate within the EEA or under adequate safeguard mechanisms.
Professional advisors — In limited circumstances, our accountants, legal advisors, or auditors may access data as necessary.
Law enforcement or regulatory bodies — We will disclose data where required to do so by Irish or EU law, court order, or regulatory authority.
We do not transfer your personal data outside the European Economic Area (EEA) without appropriate safeguards in place.
7. How Long We Keep Your Data
We retain your personal data only as long as necessary for the purposes for which it was collected:
- Account & claim data: Retained for 7 years from the date of your most recent claim, in line with Irish Revenue record-keeping requirements.
- Communications: Retained for 3 years from the date of the communication.
- Usage & analytics data: Retained for up to 24 months in anonymised or aggregated form.
- Marketing consent records: Retained until you withdraw consent, plus 1 year for audit purposes.
After the applicable retention period, data is securely deleted or anonymised.
8. Cookies
We use cookies and similar technologies to make our website function and to understand how it is used. Cookies we use include:
Essential cookies — Required for the website to work (e.g. keeping you logged in). These cannot be disabled.
Analytics cookies — Help us understand how visitors use our site (e.g. which pages are most visited). We use anonymised data only.
Preference cookies — Remember your settings and choices on our site.
We do not use advertising or third-party tracking cookies. You can manage your cookie preferences via the cookie banner on your first visit or through your browser settings. Disabling non-essential cookies will not affect your ability to use our core service.
9. Your Rights
Under GDPR, you have the following rights in relation to your personal data:
Right of access — You can request a copy of the personal data we hold about you.
Right to rectification — You can ask us to correct inaccurate or incomplete data.
Right to erasure — You can ask us to delete your data, subject to our legal retention obligations.
Right to restriction — You can ask us to restrict how we process your data in certain circumstances.
Right to data portability — You can request your data in a structured, machine-readable format.
Right to object — You can object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at hello@2020tax.ie. We will respond within one month of receiving your request. We may need to verify your identity before processing your request.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Data Protection Commission (DPC) of Ireland at dataprotection.ie.
10. Data Security
We take the security of your personal data seriously. We use appropriate technical and organisational measures including encryption in transit and at rest, access controls, and regular security reviews. However, no transmission over the internet is completely secure, and we cannot guarantee absolute security.
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the DPC within 72 hours and will notify you without undue delay where required.
11. Children
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately at hello@2020tax.ie and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by a prominent notice on our website. The “Last updated” date at the top of this page will always reflect the most recent version.
13. Contact & Data Controller Details
TT Tax Solutions Limited T/A TwentyTwenty Tax
26/27 Pembroke Street Upper, Dublin 2, D02 X361
CRO: 814127 | VAT: IE 4726542AH
hello@2020tax.ie | +353 85 225 0916