Privacy
About us
This privacy notice explains how we, SimplyEOR a company registered in England, uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
We are the data processor for the data we collect and use for managing client relationships, identifying prospective clients, and delivering our consultancy services.
We can be contacted:
UK office is at: Kemp House, 152 City Road, London EC1V 2NX
By phone on +44 (0) 203 965 6700, or
By email at [email protected]
The purpose of this notice is to inform you about how and why we use your personal data, and to ensure that you are aware of your rights under data protection legislation.
Introduction
We use your personal data to provide our services to you, to meet our legal obligations, to grow our client base by conducting marketing, to keep you informed about our services and to meet any legal obligations we have.
The information we collect from you is the minimum we need to conduct our business as described above. We keep your data safe by using technical (firewalls, antivirus, and secure cloud platforms etc) and organisational measures. We do not retain your data any longer than we need to maintain our commercial relationship unless we have a legal obligation or, we are advised by industry guidelines. Where we collect your data by consent, we will retain your data until we either do not need it for our purposes any more or you withdraw your consent.
Please get in touch with us if you have any queries, we will be happy to answer any questions you have.
What data do we process?
As our client, we will hold the following information about you:
- Your name and contact information
- Information about your business activities
- Information about your employees
- Information and documentation about your matters or enquiries, including communications
- Billing and payment information
As a potential client, we will hold the following:
- Your name, and contact information
- Information and documentation relating to your business gathered from yourself, websites, Companies House, LinkedIn, and other publicly available sources.
The lawful basis for processing your data.
To collect and use your personal data, we must have a lawful basis to do so. The General Data Protection Regulation (GDPR) provides six lawful reasons to process your data, and these are found in Article 6 of the GDPR. Some data is considered special category, such as health and religion and we do not ordinarily process any special category data for our own purposes. If for some exceptional reason we needed to, then we would use an exemption found in Article 9 of the GDPR.
Providing advice and consultancy support in relation to payroll and human resources related topics.
We use the information we hold about you and your business, both personal and otherwise, to give you the best advice and service we can. For example, we will hold your contact details to our records and use it to send contracts, bill you, and keep track of payments that you make, as well as to keep in contact throughout our relationship.
(Basis: Art. 6.1.b – performance of a contract): this is necessary to deliver the service to you.
Sending news and email direct marketing to prospective and existing clients
If we have met at a networking event, have asked for support on internet forums, or contacted us via our website, and we feel that you could be a suitable client, we will use your personal data to establish if we should follow up and contact you to explore business opportunities.
(Basis Art 6.1.f) We have a Legitimate Interest to perform basic due diligence on prospective clients.
To conduct email marketing, we will do so based on obtaining your consent. You are free to withdraw that consent at any time by contacting us.
(Basis: Art. 6.1.a – consent)
We may use your data to make live marketing telephone calls unless you have asked us not to do so.
Third parties
We will not normally transfer, your personal data to third parties without your permission but there are some exceptions to this:
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate, or to a law enforcement agency. Lawful basis Art 6.1.c Legal Obligation
- If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. We have never done this, but we want to keep this option open to us. Lawful basis Art 6.1.f We have a legitimate interest to pursue money owed to us.
Data processed by third parties on our behalf.
- We utilise a secure file sharing and storage platform operated by Microsoft to ensure as far as possible the security of your data and its transfer. This software as a service provider also ensures the back up of your data.
- We may instruct and utilise the services of international payment providers and local payroll contractors when providing services.
Your data, the EEA, and the Rest of the world.
The transfer of personal data outside of the EEA is subject to some conditions as not every other country has the same level of protection of your data. Some countries have been awarded an adequacy decision by the EU which means the transfer of data is unrestricted as they afford adequate protection. Any transfer of personal data outside of these conditions means additional safeguards need to be in place. Where this is the case, we will ensure the approved and most appropriate measures are put in place.
Security
The GDPR requires us to implement appropriate technical and organisational measures to protect data. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website and to transfer data to our secure platforms.
We have additional measures including.
- Access is controlled by unique individual login credentials.
- Complex passwords are enforced.
- Data is structured in Team folders with access limited to authorised users by access control lists.
- Data is encrypted in transit and at rest.
- Microsoft currently stores our data in its UK data centres.
- External sharing is currently disabled.
- Access rights can be revoked.
- Audit logs with file event tracking is enabled.
We train our staff and associates in relation to the requirements of the GDPR.
Retention periods
This is the criteria we apply to retaining your data.
- Data about clients we will keep for the duration of your relationship with us, then twelve years after.
- Data about prospective clients we will keep for 2 years from last meaningful contact unless you have asked us to suppress your details. If you have requested suppression, we will keep the bare minimum so that we can be sure not to re-add you to any mailing lists.
Your rights
You have rights as a data subject, and we will uphold those rights. You have the right to escalate any concern to the Information Commissioners Office https://ico.org.uk.
Details of all rights can be found at https://ico.org.uk/for-the-public/
- The Right to be Informed. You should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information.
- Right of Access. You have the right to know what personal information is held, by whom and why.
- The Right to Rectification. If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure. You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing. If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability. You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object. You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making.
If you want to exercise any of these rights, please contact us at [email protected]
Please remember that we will need to submit identity when you submit a rights request.
You also have the right to lodge a complaint about our processing with a supervisory authority, the UK’s Information Commissioner’s Office.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Cookies
This policy explains how we use cookies on the SimplyEOR website.
How we use cookies
All of our web pages use “cookies”. A cookie is a small file of letters and numbers that we place on your computer or mobile device if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and enables us to improve our website.
Types of cookies we use
We use the following types of cookies:
- strictly necessary cookies– these are essential in to enable you to move around the websites and use their features. Without these cookies the services you have asked for, such as registering for an account, cannot be provided.
- performance cookies– these cookies collect information about how visitors use a website, for instance which pages visitors go to most often. We use this information to improve our websites and to aid us in investigating problems raised by visitors. These cookies do not collect information that identifies a visitor.
- functionality cookies– these cookies allow the website to remember choices you make and provide more personal features. For instance, a functional cookie can be used to remember the volume level you prefer to use when watching videos on our websites. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
- targeting cookies– these cookies are used to deliver adverts more relevant to you and your interests. They collect information about your browsing habits. Targeting cookies are linked to services provided by third parties, such as ‘like’ and ‘share’ buttons and advertisements. We use targeting cookies to send third parties information on your visit so that they can make their advertising more relevant to you when you visit their websites.
Most web browsers allow some control of most cookies through the browser settings, but you can also choose which of the above categories of cookie to enable/disable using our Cookie Settings option, shown in the bottom left-hand corner of the website.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them please visit: https://www.allaboutcookies.org/
Specific cookies we use
Cookies may be set either by SimplyEOR (“first party cookies”), or by a third-party website (“third party cookies”). The list below identifies the third-party cookies we use:
- Google Analytics
- _ga
- _gid
- _gat_gtag_UA_188548337_1
- Google Ads
- IDE
- _gcl_au
- test_cookie
- Hubspot
- __hssc
- __hssrc
- __hstc
- hubspotutk
Changes to our Cookie Statement
Any changes we may make to our Cookie Statement in the future will be posted on this page.
Contact
Any queries or concerns about the use of cookies on this website should be sent by email to: [email protected].