Effective Date: 8th January 2025

Simple Choices (“we,” “us,” or “our”) is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (GDPR). This GDPR Policy explains how we collect, use, store, and protect personal data. By using our services or accessing our website, Simplechoices.co.uk (the “Site”), you agree to the practices outlined in this policy.

 

1. Data Controller

For the purposes of the GDPR, Simple Choices is the Data Controller of the personal data you provide to us. As a Data Controller, we determine the purposes and means of processing your personal data.

 

2. What Personal Data We Collect

We may collect and process the following types of personal data:

• Identity Information: Your name, professional qualifications, and business details.
• Contact Information: Email address, phone number, and postal address.
• Financial Information: Bank account details, payment information, and transaction data.
• Technical Information: IP address, browser type, device details, and Site usage data.
• Profile Information: Usernames, passwords, preferences, and interests.
• Communications Data: Emails, messages, feedback, and customer support interactions.

 

3. How We Collect Personal Data

We collect personal data in the following ways:

• Directly from You: When you register on our Site, fill out forms, subscribe to our services, or contact us.
• Automatically: Through cookies and similar technologies as you navigate our Site. For more information, please see our Cookie Policy.
• Third Parties: We may receive information from third-party service providers, such as payment processors, analytics providers, or social media platforms.

 

4. Why We Collect and Use Personal Data

We collect and use personal data for the following purposes:

• Service Provision: To deliver and improve our services, including facilitating product comparisons and connecting users with suppliers.
• Account Management: To create, manage, and maintain user accounts on our Site.
• Communication: To send you updates, newsletters, and service-related communications.
• Marketing and Personalisation: To deliver relevant content, promotions, and advertisements, based on your preferences and behaviour.
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations.
• Security and Fraud Prevention: To protect our Site and users against security threats, fraud, and abuse.

 

5. Lawful Basis for Processing Personal Data

Under the GDPR, we must have a lawful basis to process personal data. We rely on the following legal grounds:

• Consent: When you provide explicit consent to receive marketing communications or use cookies.
• Contractual Necessity: When processing is required to fulfil our contractual obligations, such as account registration and service delivery.
• Legal Obligation: When processing is necessary for compliance with legal requirements.
• Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our services, ensuring security, and understanding Site usage patterns.

 

6. How We Share Personal Data

We may share personal data with the following parties:

• Service Providers: We share data with third-party providers who perform services on our behalf, such as hosting, payment processing, and analytics.
• Business Partners: We may share data with suppliers and manufacturers for order fulfilment, customer support, and delivery of services.
• Legal Authorities: We may disclose data to regulatory bodies, law enforcement agencies, or other parties when required by law.
• Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity.

Future Use of Automated Tools: We are planning to integrate automated tools to verify professional credentials (e.g., GMC, NMC registration) and identify documentation. Once implemented, these tools will comply with GDPR, ensuring the protection and confidentiality of your data. Updates to this policy will reflect these changes.

 

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). If we transfer your data outside the EEA, we will ensure that appropriate safeguards are in place to protect your information, such as standard contractual clauses approved by the European Commission.

 

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting obligations.

Retention Periods:

• Insurance Documents: Retained for up to 7 years to comply with legal and audit requirements.
• Identification Documents (e.g., passports): Retained for 1 year after account deactivation.
• Professional Qualifications/Registration Numbers: Retained for the duration of the account’s active status and up to 2 years post-deactivation for regulatory and audit purposes.

Inactive Accounts:

• If your account remains inactive for 12 months, we will notify you to confirm whether you wish to retain it. If no response or activity is recorded within 18–24 months, your account will be deactivated. Personal data associated with deactivated accounts will be retained for up to 2 years before permanent deletion, unless required by law.

 

9. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request that we delete your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request the transfer of your personal data to another organization or to you, under certain conditions.
• Right to Object: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Withdraw Consent: If we process your data based on consent, you may withdraw this consent at any time.

To exercise these rights, please contact us at Info@simplechoices.co.uk. We may require verification of your identity before fulfilling your request.