Privacy Policy
1. Introduction
SMS has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for SMS websites, including SMS and all sub-domains under these domains. These domains include, but are not limited to
smsbusinesscloud.com
simplymailsolutions.com
eu.simplymailsolutions.com
us.simplymailsolutions.com
portal.simplyms.com
support.simplyms.com
cp.simplyms.com
store.simplyms.com
smshelp.co.uk
In this policy, “Simply Mail Solutions”, “SMS”,“we”, “us”, and ‘our” refer to Internet for Everything Limited trading as SMS.
In this policy “Personal data” is defined by Article 4(1) of the GDPR: “(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
2. Data protection officer
Our current nominated Data protection officer is:
Keith Pritchard
3. Scope
This privacy statement only covers the information collected on SMS’s web sites, ie where we act as a data controller. The SMS’s web sites contain links to other sites. SMS is not responsible for the privacy practices, actions, or the content of such web sites.
4. Use of personal data
Section 4 outlines how SMS makes use of personal data, including:
the kinds of information we collect
the purpose of collection
the legal basis for processing data
SMS operate in a business to business environment and personal data is only held on individuals over the age of 18. Should we become aware of personal data being held by us of persons under 18 the data will be immediately deleted.
4.1 Website activity tracking
Websites operated by SMS use Google Analytics to collect information on website visits. Information collected includes geographic location of visitors number of visits pages visited web browser and OS used length of visit on-site activity such as completing contact forms the value and products taken of any orders generated on store.simplyms.com. This is collected in an anonymous format with no identifiable user information collected
This data is collected in an anonymised format with no information collected by SMS as who the visitor was.
Information is collected through a cookie placed in the visitor’s web browser. People can opt-out of having a cookie through their web browser settings. See our Cookie Policy for more details.
Google track additional information which we occasionally use for remarking purposes. Google’s own statement regarding this collection is:
“This includes data from Google’s signed-in users who have chosen to enable Google to associate their web and app browsing history with their Google account, and to use such information from their Google account to personalise ads. Google Analytics temporarily joins these identifiers to your Google Analytics data in order to support your audiences. When you enable this setting, you must adhere to the Google Analytics Advertising Features Policy, including rules around sensitive categories and the necessary privacy disclosures to your end users about the data you collect and share with Google.”
Additional report information is generated around visitor demographics and interests. SMS receive this information in an aggregated format from Google, with no personally identifiable information present.
Any information collected by Google Analytics that is associated with cookies, user-identifiers (eg User ID), or advertising identifiers (eg DoubleClick cookies, iOS identifier for advertisers, or Android OS advertising ID) is automatically deleted after 14 months or whenever a user initiates a new event, whichever is shorter. Aggregated data, without personally identifiable information, is not affected.
4.2 Customer billing portal
Personal data is held on a customer’s billing portal to enable provision and administration of services. Information collected includes Customer’s name Customer’s billing address Customer’s payment details (credit card, debit card, bank details, etc, as appropriate) Customer’s contact telephone number(s)
In general, this is collected at the time of initial order, though customers can amend the information held at any time in their billing portal.
Contact information is collected in order to provide customer’s with status updates, including when new invoices are produced, planned upgrades or outages that will affect service, and other information deemed essential.
Financial information and payment details are collected to process payments for services provided by SMS.
For legal reasons, it is necessary to maintain certain financial records for a period of time.
Customer billing portal data is held in secure UK data centres.
4.3 Customer Relations Management database
SMS maintain a Customer Relations Management (CRM) database. This holds Business premises address (as recorded in the customer’s billing portal) Known contacts at the business (as recorded through conversations with the sales team or enquiries made by customers) Records of conversations between customers and SMS’ sales / account management representatives
This data is collected to provider a high quality service to customers, and for internal tracking / auditing of employee activity.
Customer Relations Management data is held in secure UK data centres.
4.4 Enquiry data
When customers, or prospective customers, make an enquiry with SMS, a record of that enquiry is held by us. How the data is retained depends on how the enquiry was made.
Enquiry data is held to provide a high quality response to individual enquiries hold an audit trail of conversations in case of dispute.
The personal information collected is that given by the person making the enquiry.
Enquiry data is deleted 12 months after an enquiry has been identified as no longer valid (for example when no further responses from the an enquirer has been logged).
Enquiry data is stored in secure UK data centres.
4.4.1 Website enquiries made by completing an enquiry form
Personal information is held within the Customer Relations Management database and the website’s internal forms database
For website enquiries, the person completing the contact form is given the option of allowing SMS to use the information for further contact
4.4.2 Telephone enquiries
Personal information is held within the Customer Relations Management database
4.4.3 Direct email enquiries
Personal information is held within SMS’ email mailbox, the Customer Relations Management database, the online ticketing system (depending which email address the direct enquiry was sent to)
4.5 Marketing database
SMS may process personal data on customers, and people making enquiries for our service, in order to provide future information on new services, promotions, and other marketing communications. Marketing data held would include: Name Contact email Contact telephone Contact postal address Communication preferences Responses to marketing activity such as emails opened, website pages visited, conversations held with SMS employees.
Marketing data is held in the Customer Relations Management database.
Individuals can opt-out of the marketing database at any time either by contacting SMS directly or clicking a relevant link in email communications.
Customers, and non-customers making enquiries are given the option of opt-into future marketing communications. Depending on how their enquiry is made (see ‘Enquiry data’) the method of obtaining an opt-in will differ.
Only where a valid opt-in has been given will the person be added to the marketing database.
4.6 Legal defence
We may process personal data to establish, exercise, or defend legal claim in either court proceedings or in administrative and out-of-court procedures. Information is processed to protect and assert our legal rights, or the legal rights of others.
4.7 Professional advice
We may process personal data as part of obtaining professional support and advice from others. Information is processed to improve services to customers, adapt to changes in legal requirements, or to protect SMS against business risk.
4.8 Log files
To fulfil legal obligations, log files are kept of server activity. We may process personal data as part of these obligations, including IP addresses, user login IDs. Log files are stored for a minimum of 30 days as required by the Regulation of Investigatory Powers Act 2000.
4.9 Other uses
In addition to the above, personal information may be processed by SMS for the purposes of completing our agreements with customers, internal auditing, supplier auditing, or for legal requirements.
5 Providing personal data to third parties
At times is may be necessary to disclose personal data to third parties in the general operation of business duties.
Personal data is only shared with third parties when necessary and in a secure, encrypted, electronic method of communication.
Third parties are required to demonstrate their own commitment to data protection and GDPR requirements before information is shared with them.
5.1 Providing a service requested by a customer
Where a customer’s services are delivered by a third party supplier (such as Microsoft, Qunifi, DropBox, or others) it is necessary to pass personal data onto the supplier for the efficient delivery of services
Personal data is only shared with suppliers providing a customer’s service. Information on customer’s not using that supplier’s service is not shared
A full list of suppliers is available upon request
5.2 Processing financial transactions
Payment service providers are used to process customer payments
5.3 Legal defence
Personal data may be shared with third party legal companies as part of a legal defence against claims
Marketing communications
Personal data may be shared with a third party to fulfil marketing communications, such as sending email newsletters out to subscribers, when individuals have consented to receive such information from SMS
6. International transfer of personal data
SMS provide services from suppliers based in different locations. This section outlines where personal data may be held.
Only customers who have chosen a specific service will have their data processed in the location utilised by the supplier.
Personal data is only shared with non-UK or non-EU suppliers when necessary and in a secure, encrypted, electronic method of communication.
Where personal data is processed by a non-UK or non-EU provider, suppliers are required to demonstrate their own commitment to data protection and GDPR requirements before information is shared with them.
The following suppliers may have personal data transferred to their location outside of the EU as part of normal operations to fulfil a customer’s service requirements
Dropbox for Business — Data centres located in the United States of America
Microsoft — Storage location depends on a customer’s nominated billing address and Office 365 service taken. The vast majority of data is stored in the United Kingdom or the EU. Location of personal data for users of selected Microsoft Office 365 data may include the United States of America
Domain registration — Personal data may be processed by enom, a US-based domain provider
7. Individual rights for personal data
Individuals may request a copy of the personal data held on them by SMS. The fulfilment of this request is dependant on:
An administration fee of £10
Proof of your identity such as a photocopy or scan of your passport or driving licence certified by a solicitor, or utility bill with address shown
Particular personal data may not be supplied as part of your request to the extent permitted by law
You can request removal from marketing databases at any time without the need for an administration fee of proof of your identity
You have the right to request removal of your personal data, or selected elements of your data, at any time.
Where information must be retained for legal compliance, that data will not be deleted.
8. Amendments
Our Privacy Policy may be updated at any time.
The website will display the latest version of of the Privacy Policy at any time.
We recommend individuals regularly refer back to our Privacy Policy page for the latest updates