In this policy, we use the following terms:
- “Service”, “services”, “site”, and “website” refers to the web sites, software applications, and business services provided by Simmarcom Limited.
- “You” and “your” refers to you – a user or visitor of our sites and services.
- “We”, “us”, and “our” refers to Simmarcom Limited.
This Policy details what personal data we collect, how we use it, how we share it and with whom, how we manage that data, your rights and how you exercise your rights. It encompasses data we collect in the course of our business and data we collect on our web sites and services, which include:
- Simmarcom limited, hosted at https://www.simmarcom.co.uk
- Simmarcom helpdesk, hosted at https://helpdesk.simmarcom.co.uk
- Gadget Savvy, hosted, at https://www.gadgetsavvy.co.uk
- Mingoes, hosted, at https://www.mingoes.co.uk
- Coffee Spout, hosted at https://www.coffeespout.co.uk
- potofdots image shop, hosted at https://www.potofdots.co.uk/
- Bezels and Displays, custom electronic assemblies, hosted at https://www.bezelsanddisplays.co.uk
Where you sign-up to use our sites and services directly, we are a Data Controller in respect to the data we collect about you.
Where we provide web applications or hosting services to you for your use, you (our customer) are a Data Controller and we are a Data Processor. For example, you are a Data Controller where you use our online applications or web hosting services to collect or process personal data about your users and visitors. In this case, you must accept and adhere to our Processor Agreement, which is available if you wish to sign up to use any such service.
You may use our sites anonymously, and we only process your personal data where the processing is lawful and legitimate.
The data we collect will be adequate and relevant for the purpose intended. We will keep accurate records and take steps to correct or delete inaccurate data. We will delete data that is no longer needed or necessary for the intended purpose and where we don’t need to retain it for contractual or legal purposes.
The personal data we collect
We collect and process data that you provide to us when visiting and interacting with us and our sites and services. Where you submit your data to us we state the purpose at the point of collection. We do not collect or store and financial data such as credit card information.
This is the data we collect directly:
- Email address
- Shipping address
- Billing address
- Phone number
- “Username” for our sites or systems
- your stated preferences and consent about the things you want to hear about
- Business name and details
This is the data we collect indirectly:
- IP address and generalised location
- Information we don’t ask for but you voluntarily give to us
- Your client-device type (PC, Tablet etc)
This is the data we collect from other parties:
- When you complete a payment using PayPal, we receive the name and email address you used for payment, which may be different from the details you used on our websites
- In the course of business a 3rd party (such as your business colleague) might pass your data to us
- When using our online system, a 3rd party (such as your business colleague) might submit your details, for example to invite you to collaborate using that system
What we do with the personal data
We use the information to:
- Deal with your enquiry, request or support ticket
- Setup and maintain user accounts in our websites and systems
- Record and show who submitted comments on our websites
- Process your payments
- Process and send orders from our shops
- Where you are a customer, to create and maintain a business relationship with appropriate records for the performance of our contracts and agreements.
- Communicate website, policy, and service updates to you, i.e. non-marketing information
- Communicate necessary business and technical information with you, such as billing or system usage information, in order for us to properly run our business, sites and services
- Where you have positively consented to receive marketing information such as email newsletters and information
How long we retain your data
We retain your data for the appropriate use and time necessary to meet your consented needs and our obligations.
- For general enquiries, we retain the data until your queries are dealt with
- If you are a customer or a user of our systems, we will retain your data until no longer required
- For the duration of contacts or agreements between us
- Where we have provided a formal response to an enquiry (such as a proposal or quotation), we retain the information for 12 months so that we can progress our business interests. You can ask us to delete that information earlier, e.g. you don’t wish to proceed with that proposal. After 12 months we will delete the data unless you consent for us to further retain it, e.g. you have not yet made a decision about the proposal or you want to stay in touch.
- Where you make a purchase or other financial transaction, we will retain the data for up to 7 years for mandatory Accounting and Tax reporting purposes
- We will retain the data where we have a legitimate interest such as collecting debts owed to us, in legal defence or other action, or for mandatory legal or statutory purposes
- If you are a past customer, we will retain your data until we are no longer required to comply with contractual or legal obligations
- If you have account on one of our systems or websites that has not been used for over 3 years, we will assume you no longer want that account; and delete your data after making reasonable attempts to ask you what you want.
Where we store data
Our business data is stored securely. Simmarcom’s sites and services (i.e. our software programs and databases that store data) are hosted by 3rd party companies who provide us with secure hosting and web services, necessary for the delivery of our sites and services. We use Krystal hosting, based in the UK, to host our sites and applications and the databases for those services.
Our payment providers
Other third parties
We will not share your data to third parties for them to process, unless:
- You ask us to
- or you consent
- or where we have a legal duty – where such a disclosure is mandated by the courts, law enforcement, or ordered in judicial proceedings or to comply with a legal obligation. This may be necessary to avoid fraud or crime, to protect data subjects, or for criminal investigation.
Where we reasonably believe that we have detected fraudulent or other criminal or dishonest activity on our site we will report such activity to legal authorities.
- or in the event of the transfer or sale of the ownership of our business or sites or services, in order to provide continued service to you. You will be asked for consent to transfer your data before any such transfer, and will have the option not to consent and to terminate your service or contract.
- It is necessary to recover debts owed to us, or in the course of legal action
We also utilise the Google Analytics service to help us manage our sites, but we do not pass personal data (known as “User ID”) or unique identifiers (known as “Event Data”) to Google and we also implement “anonymised IP address” information so your IP address is not passed to Google.
Some of our sites feature links to Social Media platforms, but we do not pass personal data to those services. We may also use affiliate marketing links, advertising links, and links to other shops, sites and publishing services, but we do not pass personal data to those services.
Young people and age restrictions
We do not intentionally collect or process any personal data for people under 18 years of age even with permission of a guardian or parent. If you are under the age of 18, you are not permitted to subscribe, submit forms or sign up to any service. We will delete any data we have reason to believe concerns a person under 18.
We do not collect any special category data including personal data relating to race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or
sexual orientation, criminal convictions and offences. Any such data submitted to us by any method will be deleted or destroyed.
When you grant consent to use your data we will only process for the consented purpose. You may withdraw consent at any time, for example by exercising your rights under GDPR, or unsubscribing from our marketing emails, or by otherwise letting us know what you want.
If you click on a social media button or a link to another site, the social media service or other site may place additional cookies in your browser to facilitate sharing and interaction on that service.
We take steps to secure your interaction data, such as using SSL for our websites. Our online databases and application services are protected by SSL, passwords, firewalls and other methods. Our website and application databases and files are replicated (for backup purposes) to separate secure storage using secure transfer methods. Our PCs hold business data on encrypted drives. Our business information and email data files are protected by password and backed up onto encrypted storage.
Confidentiality of the Internet
Although we take reasonable steps to secure information that is transmitted over the Internet to and from our Service (e.g. using security techniques such as SSL/https), the Internet is a public network and the security or confidentiality of such data cannot be guaranteed. Some common Internet technologies are less secure that others and so you send data over the Internet at your risk.
Other websites and services
We do not accept any responsibility or liability for your use of other websites whether linked to our sites or not.
Information about our web application and the data they might collect for you
We offer online applications for our customers who use our applications to engage their own consumers and business customers. For those applications, our customer is a Data Controller and we are a Data Processors. Our customer, who uses the application, is responsible for all of the data collected by their use of the application.
You have the following rights, as set out in the GDPR regulation:
- Right to be informed. We will tell you what data we are collecting and why, how long we will keep that data, and if it will be shared or stored with a 3rd party. We give you information at the point of collection (for example, we will explain this on web forms before you submit your data).
- Right of access. You have the right to obtain confirmation that your data is being processed, and information about its processing, retention period or retention criteria, where it was collected, how and where it is processed, if it shared, and other supplemental information.
You have the right to access your data for no charge (except where permitted by law). To avoid a data breach, we will verify your identity before we process your request.
- Right to rectification. We will correct inaccurate or update incomplete data when you ask us to, without charge (except where permitted by law), taking steps to ensure the updated data is accurate.
- Right to be forgotten. You can ask us to delete your personal data.
- Right to restrict processing. This is an alternative to the “right to be forgotten” used to restrict the processing of data for a temporary period.
- Right to data portability. You have the right to obtain and reuse personal data that you have previously consented to give us or is used for the performance of a contact, and that is processed in electronic format.
- Right to object. You may ask us to stop processing your personal data.
Under the GDPR, you also have “rights related to automated decision making including profiling”; although we do not perform “automated decision making including profiling” in our systems.
Exercising your GDPR rights
To exercise your right provided by the GDPR regulation, get in touch with us here. We will retain a record of each “rights request” and how we handled the request. We maintain an electronic record of you request and our action in separate electronic records.
To properly protect your and other subjects’ data, we may require additional identification information from you so that we can verify your identity.
If you have questions or comments about this policy, contact Simmarcom Limited using the information on this page.
Contacting the UK supervising authority
The UK supervising authority is the ICO (Information Commissioner’s Office). You have a right to complain through the ICO. We always want to deal with concerns, so please let us know what we can do to meet your needs before you contact the ICO.
Updates to this policy
Updated 30th March 2014
Updated 23rd August 2016
Updated 28th November 2016
Updated 16th May 2018, updated for GDPR, and we combined individual policies from our various sites and services.
Updated 12th June 2018, to incorporate www.potofdots.co.uk
Updated October 2020, to incorporate www.bezelsanddisplays.co.uk and other minor clarifications