[SIMPLY SUSTAINABLE LTD] (“We”) are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.simplysustainable.com you are accepting and consenting to the practices described in this policy. We have separate privacy policies that cover colleagues and other parties. We are committed to complying with the GDPR (2016) and the Data Protection Act (2018) and good business practices. We are both a data controller and a data processor.
Information we may collect from you
We may collect and process the following data about you:
- Information you give us.You may give us information about you by filling in forms on simplysustainable.com (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, participate in discussion boards or other social media functions on our site, other activities commonly carried out on the site and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
We need this information for legitimate, contractual or organisational purposes to provide you with the services that you have requested. We will not use your data for any other purpose unless we have obtained your consent for that specific purpose.
We need this information to process your requests and we do not regard it as excessive. Other relevant details that you provide in relation to the services you receive from us may be added to your data, but anything not required will be deleted immediately. We will not ask for any irrelevant information. We will not hold or process any special category personal data at any time. If your contact details change, please advise us and we will update our records accordingly. We do not carry out automated decision making or any type of automated profiling. We will always process your data in a fair and lawful way in accordance with article 5 and article 6 of the GDPR.
We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion.
We regularly complete Legitimate Interest Assessments to ensure that our marketing activities are considered, appropriate and are in accordance with all relevant legislation.
We will never knowingly collect data from or on children below 13 years old.
- Information we receive from other sources.We may receive information about you if you use any of the other websites we operate or the other services we provide. [In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site.] We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with [them or] you.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If SIMPLY SUSTAINABLE LTD or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- We will disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions.
- Please note that we do not require your consent to share this information if we suspect criminal or unlawful activity, in these circumstances we will only contact the relevant organisations.
- At no point will your personal data be sold to anyone else and if we do need to share your data to a relevant third party, we will obtain your consent first.
We have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The GDPR provides the following rights for individuals:
|Rights||What does this mean?|
|2. The right of access||You have the right to obtain access to your information . This is so you are aware and can check that we are using your information in accordance with data protection law.|
|3. The right to rectification||You are entitled to have your information corrected if its inaccurate or incomplete.|
|4. The right to erasure||This is also known as the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.|
|5. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|6. The right to data portability||You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us.|
|7. The right to object to processing||You have the right to object to certain types of automated processing or decision making, including processing for direct marketing or where we are relying on our legitimate interests for processing.|
|9. The right to withdraw consent||If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.|
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: email@example.com
You have a right to see what information that we hold about you and you can get in contact with our Data Protection Officer Nicola Stopps at the following address: firstname.lastname@example.org.
Under the GDPR you have the right to request a copy of the personal information Simply Sustainable Ltd hold about you and to have any inaccuracies corrected or information deleted. You will need to prove your identity with 2 pieces of approved identification which can be a: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months) or a rent book (from last 3 months). We will verify your identity, noting how and when we verified it, then we will immediately delete that data. We will send you a form which clarifies what information you are looking for and to verify your identity.
If you can advise of the specific information that you require, we can process your request more quickly. We will respond to your request within one month of you providing information that confirms your identity. You are obviously entitled to all your personal information.
We will respond within one month, giving you a copy of your data, why we have it, who it could be disclosed to, the categories of data it involves, and it will be in a format that you can access easily. You have the right to clarify and correct the information as necessary. It can be deleted providing that it is not required for legal or public interest reasons. If your request is more complex, for example it involves other data subjects and we need their consent to release the relevant information we can extend our response time to three months, but we will inform you of this. If they do not give their consent, we will anonymise this data or remove the relevant detail before sending this to you. We will not charge for data subject access requests unless they are excessive or manifestly unfounded. Then we will charge for administrative time only.
If you have any concerns about how your data is being used or processed and we have not been able to help you, then you can contact the ICO. Ways to report concerns are detailed on their website: https://ico.org.uk/concerns/
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Request a call-back
"*" indicates required fields