The Simply website is brought to you by Simply Operations Limited, a company incorporated and registered in England and Wales with company number 10588244 and registered office at 2-6 Boundary Row, London, England, SE1 8HP. Simply Operations Limited is part of a group which is made up of different legal entities, all registered at the same address, including:
You may be dealing with any of the companies listed above.
We take your privacy very seriously. As such, we ask that you read this privacy notice carefully as it contains important information about:
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
The Simply website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.
Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:
We may collect and process the following personal data about you and your representatives:
We collect your personal data in a number of ways:
We may use your personal data for the following purposes: Credit and Identity Verification: In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.com/crain or www.equifax.co.uk/crain.
Where you have applied for a product or service either directly through us or an intermediary, we would need to carry out necessary fraud prevention and money laundering checks to satisfy ourselves that we can enter into an agreement with you.
Consequences of processing:
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us or we have a legitimate interest, where we have a commercial or business reason to use your information.
Please note that you can opt out from receiving marketing communications. Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at firstname.lastname@example.org.
We will process your request to be opted-out of marketing within 30 days of receipt. We will ensure that we obtain your consent before we share your personal data with any company outside of the SAF Group for marketing purposes. Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 5 above.
We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 11 below for more information)), we ensure that this data is securely deleted or destroyed. However, please note that, in some circumstances we may decide to retain your personal data for research or statistical purposes and, in such circumstances, we will anonymise your data before retaining it. For more details about our retention periods, please contact us at email@example.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
In order to protect your personal data, the SAF Group has appropriate organisational and technical security measures. These measures include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
We may share your data with other members of the SAF Group.
We may share your data with our shareholder, their agents, advisors and employees for the purposes of auditing our business, meeting our reporting requirements and to carry out our obligations under our agreement with you.
There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA. The third parties to which we may transfer your personal data include:
The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:
As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
You have certain rights in relation to the personal data we process and hold about you. These include:
If you would like to exercise any of the above rights, please:
We will respond to requests made by you within one month.
We will not charge a fee for you to exercise any of the rights listed above.
For more information about the cookies we use, please see our Cookies Policy.
No changes to this privacy notice are valid or have any effect unless agreed by us in writing. We reserve the right to vary this privacy notice from time to time. Our updated terms will be displayed on the Simply website. It is your responsibility to check this privacy notice from time to time to verify such variations.
You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO). We have appointed a data protection lead (DPL) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this privacy notice and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPL using the details set out below.
Full name of legal entity: Simply Operations Limited
Email address: firstname.lastname@example.org
Postal address: The Embassy Tea House, 195-205 Union Street, London,
SE1 0LN, England
Telephone number: 0203 369 6000