We understand that your privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you. This notice contains some important information so please read it carefully.
Here are the things we think you’d really want to know:
The SimplyBiz Group is currently made up of: The SimplyBiz Group plc (holding company) and the following subsidiary businesses:
When we say ‘we’ or ‘us’ in this policy, we’re referring to the separate and distinct legal entities that make up The SimplyBiz Group from time to time. Which of the Group Companies controls your personal information may depend on the services you are using or contacting us regarding. If you would like more information about which Group Company processes and controls your data, you can contact us by one of the means set out in the “Contact Us” section below.
Our registered address is: St Andrew's House, St Andrew's Road, Huddersfield HD1 6NA.
You can contact us in the following ways:
Further information about the specific types of information that we collect and process are set out in the “How we use your information” section below.
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal basis we rely on include:
Consent: You have agreed to us processing your personal information for a specific purpose;
Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
Performance of a contract: We must process your personal information to meet the terms of your contract with us;
Prevention of fraud: Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
Legal obligation: We are required to process your personal information by law.
There are a number of ways in which we use your personal information, depending on why you are interacting with us.
When you apply to join us as a client/member, we will collect certain information about you including your name, phone numbers, email address, bank details and business address. We will also ask you about your business processes, financial information and for answers to questions relevant to the product or service you have applied for. The relevant teams will have access to all of this information. Some of this information will also be made available to other departments as needed, for example the finance team to process your payment information.
The data subjects of our membership varies based on the type of business joining us and could include directors, officers, sole traders, partners, financial advisors and other employees. We process this data to ensure we comply with our contractual obligations we have with you.
We use personal information such as your name and business email address to set up and administer access to both Group and Third Party Software solutions. This data is processed on the basis of the contractual obligations we have with you.
We use your personal data to market our services and products by phone, mail and email and this processing is conducted on the basis of our legitimate interests in providing our members with support. You can change your preferences on this marketing activity by contacting our Marketing Department.
We share data with third party product providers and partners for the purpose of them receiving feedback on events you may attend and so that they can provide you with further information on products or services that may be of interest to you.
We use your information to advise our event venue partners of the delegates expected so that they can ensure all health and safety provisions are in place including adhering to any dietary or access requests made. We process this data on the basis of the contractual obligations we have with you.
If you have asked us to provide you with certain services, such as completing your FCA registration or your GABRIEL return, we may collect and process additional information, including identification documents, criminal history and financial information in order to do this. This data is processed on the basis of fulfilling our contractual obligations with you.
As part of the financial advice process, our clients/members will collect personal information from their customers including name, address, telephone number, email address, financial information and responses as well as health information (in the event it is relevant to the product or service). The processing of this data will be covered under your agreement with your advisor. For the provision of some of our services, our members will from time to time, share their customers information with us, for example as part of our training and competency checks or to allow them to perform certain checks on their customers (for example sanction checks). We will process this data only to satisfy our contractual obligation to our clients/members and it is not used for any other purpose by us.
In order to work with our other customers and suppliers, we will collect information such as the names, contact numbers and email addresses of relevant employees discuss your services, to manage our contractual obligations and billing arrangements. This information may be shared with colleagues within the Group that are involved in our supply chain including finance team members, contract managers and service users.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
As outlined above, there may be instances where our basis for processing your personal data is that you have provided your consent. In these circumstances, we will explain to you in writing what personal data we need and why, whether we need to disclose your personal data to any third party who and why, how long we will store the personal data, your rights of access to the personal, your options for consenting or refusing to consent or withdrawing consent, and the implications of consenting or refusing to consent or withdrawing consent. Please note that it is not a condition of engagement with us that you have to agree to any request for consent from us. We will only process your personal information without your knowledge or consent where this is required or permitted by law.
We may share your personal information with the following recipients:
We are committed to implementing technical and organisational measures that, by default meet the requirements of the data protection legislation and the appropriate level of security. We will not share your personal data with a third party organisation without a valid business reason, a contract or Data Sharing Agreement in place, or without your consent. We will not transfer your personal data to organisations outside the European Union (EU) unless that country or territory can ensure an adequate level of protection in relation to the processing of your personal data.
Your personal data is not subject to automated decision-making, including profiling.
We retain your data primarily to meet statutory and regulatory obligations; secondly, your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements. Our retention schedules are available on request.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you; in such circumstances we may use such information without further notice to you.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These include:
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.
We try to meet the highest standards when processing personal information. For this reason, we take any requests, complaints or queries we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
This privacy notice does not provide exhaustive detail of all aspects of our processing of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a query, request, or a complaint about the way we have processed your personal information you can contact us directly:
Alternatively, you have the right to lodge a complaint with the regulator which oversees data protection law:
Information Commissioner’s Office
Tel: 0303 123 1113
We keep our privacy notice under regular review. Notifications of changes to this privacy notice will be via email. This privacy notice was last updated in May 2018.