- Who we are
Simply Customer Limited (company number 08587386)
The Hayloft, Lane Head Farm,
If you need to contact us, please email firstname.lastname@example.org
- Personal data we collect
We have a “privacy by design” policy. We collect your business email address and telephone number only, which is the minimum information we need to deliver a service to you.
If your data is provided to us by a third party, we are the data controller for any of your data held on our servers. We do not share or sell your personal data with any other party but may do so if required to in response to a Court or Government order.
- How long we retain it
Enquiries: We will retain your data for 12 months then delete it.
Customers: We will retain your data for 7 years after you stop being a customer to maintain our recordkeeping.
- Data storage
We take the handling of your personal data seriously. If using our website to contact us, our website has a valid SSL certificate. This means when you enter your contact details on our site, there is a secure connection between your computer and our website. You can be certain our website is served over SSL when you see the padlock in the corner of the web address bar.
Simply Customer laptops are encrypted and password protected. Where possible two factor authentication is used. Passwords are not shared.
We typically store your personal information on servers located within the European Economic Area (“EEA”). We will ensure that personal data is only transferred outside the UK or the EEA when protected by one of the recognised safeguards for third country transfers as approved by the information commissioners office.
- Data Breach procedure
In the event of a data breach we will:
- Advise all affected parties as soon as possible.
- Fix the issue that led to the breach.
- Produce a post-mortem of the incident detailing:
- What went wrong.
- How it was fixed.
- How we will protect against something similar happening in the future.
- YOUR RIGHTS AND Access to your personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Your personal data will not be subject to automated decision making.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us using the details in section 1.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
We may update this Policy at any time. When we do, we will post a notification on the main page of our Website and we will also revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This policy was last updated on 25th February 2019