01482 935955

Privacy Policy

Introduction

We understand that privacy is paramount. We endeavour to keep all personal data safe and secure, and this privacy policy summarises the reasons for our handling or your data, what data we collect, and how we use and protect it. We are accredited with the government-backed Cyber Essentials scheme in order to protect our business and our customers.

Please contact us if you find any of this document is unclear.

Who are we?

The data controller is Simpatico Communications Ltd, registered in England company number 10476896 whose registered office is 2 Norwood Grove, Beverley, HU17 9HS.

What information do we collect?

As well as publicly available company data, we store some types of personal information to enable us to process orders and give ongoing support.

We collect this data through a variety of means, including but not exclusively:

  • From contact forms completed on our website
  • From orders received on our website
  • From emails and telephone calls received
  • From messages received on social media

Types of information include:

  • The names of key client contacts as well as clients’ user names
  • Their landline and mobile phone numbers
  • Email addresses

How do we use personal information?

We use the personal information to:

  • Process orders from new and existing clients
  • Account administration – including the management of payment, the management of users’ phones, etc
  • Delivering newsletters and relevant information to clients

How is your personal information protected according to the GDPR?

Each party shall comply at all times with its respective obligations under the provisions of the GDPR and Data Protection Act 2018 and shall not perform its obligations under this Agreement in such a way as to cause the other to breach any of its applicable obligations under Applicable Data Protection Legislation.

  1. We process Personal Data on your behalf and for such purposes we are the Data Processor and you are the Data Controller. In connection with such processing we shall:
    1. process the Personal Data only on documented instructions from you and in accordance with this Agreement;
    2. ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and take steps to ensure that such persons only act on our instructions in relation to the processing;
    3. implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm and risk which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected (and you shall notify us immediately if the nature of such Personal Data changes in a material way);
    4. remain entitled to appoint third party sub-processors with the consent of the Data Controller. Where we appoint a third party sub-processor, we shall, with respect to data protection obligations (a) ensure that the third party is subject to, and contractually bound by, at least the same obligations as we are, and (b) remain fully liable to you for all acts and omissions of the third party;
    5. in addition to the sub-processors engaged pursuant to paragraph 9.2.4 above, be entitled to engage additional or replacement sub-processors, subject to (a) the provisions of paragraph 9.2.4 above being applied, and (b) we notifying you of the additional or replacement sub-processor, and where you object to the additional or replacement sub-processor, the parties shall discuss the objection in good faith;
    6. not transfer Personal Data outside of the UK / European Economic Area except where such transfer is made in such a way as to ensure that the level of protection offered to natural persons by the Applicable Data Protection Legislation is not undermined;
    7. assist you to respond to requests from Data Subjects who are exercising their rights under the Applicable Data Protection Legislation;
    8. notify you without undue delay after becoming aware that we have suffered a Personal Data breach and shall not inform any third party of the Personal Data breach without first obtaining your prior written consent, except when law or regulation requires it;
    9. on your reasonable request, assist you to comply with your obligations pursuant to Articles 32-36 of the GDPR (or such corresponding provisions of the Applicable Data Protection Legislation), comprising (if applicable): (a) notifying a supervisory authority that we have suffered a Personal Data breach; (b) communicating a Personal Data breach to an affected individual; (c) carrying out an impact assessment; and (d) where required under an impact assessment, engaging in prior consultation with a supervisory authority;
    10. unless applicable law requires otherwise, upon termination of the Agreement, at your option, comply or procure compliance with the following (i) delete all personal data provided by you to us and/or (ii) return to you all Personal Data provided by you to us; and
    11. not more than once in any 12 month period and on reasonable notice, of at least twenty (20) business days, permit you (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit our data processing activities to enable you to verify and/or procure that we are complying with our obligations under this paragraph 9.2.
  2. Each party may collect, store and process contact Personal Data (such as name, work email address, telephone/mobile work number, work address, home address) of the other party and/or its employees for the purposes of the performance of this Agreement, and such collection and/or processing shall be carried out in accordance with such party’s privacy policy.