Simply-Docs Privacy Policy

Privacy Policy

Simply-Docs Privacy Policy

SECTION 1 – CORE WEBSITE & ACCOUNT DATA

1. Overview

Simply-Docs is committed to protecting your right to privacy as a user of our online documents. It is our policy to respect the privacy of private communication.

We collect information about our users to help us continually improve the products and facilities we offer and so that we can enter into commercial arrangements, including the sale of advertising space. Simply-Docs will always adhere to UK Data Protection Legislation, including but not limited to, the Data Protection Act 2018 and the UK GDPR.

Other than as stated below, we do not hold or use any information that you provide, or which we collect, outside the UK or European Economic Area (“EEA”), nor do we transfer it to, or share it with, others within or outside the UK or EEA (except as stated below or when we believe in good faith that the law requires it).

This Privacy Policy only relates to the Simply-Docs site and does not extend to your use of the Internet outside of the Simply-Docs site.

2. Who We Are

We are Simply-4-Business Ltd, trading as Simply-Docs, registered in England under company number 04868909. Our registered address and main trading address is 20 Mortlake High Street, Mortlake, London SW14 8JN.

We operate the Simply-Docs site (www.simply-docs.co.uk) and any and all related subdomains.

When we collect and decide how to use personal data, we act as a data controller.

When we process documents or content uploaded by our users (for example, within our eSign Facility or Cloud Document Storage), we are acting as a data processor on behalf of those users.

3. Scope of this Policy

This Privacy Policy applies to:

Visitors to our Website;
Registered and subscribed Users;
Master Users and Sub-Users using the Multi-User facility (also see Clause 18 of our Terms and Conditions);
Users of our eSign Facility (also see Clause 19 of our Terms and Conditions);
Users of our Cloud Document Storage facility (also see Clause 20 of our Terms and Conditions); and
eSign Third Parties invited to sign documents through the eSign Facility.

4. Definitions and Interpretation

In this Privacy Policy, unless the context otherwise requires, the following expressions shall have the following meanings:

“Consumer”	for the purposes of this Privacy Policy, means an individual using any products or services for their personal use or to any extent outside the purposes of any business or profession carried on by them or another;
“Cloud Document Storage”	means the facility comprising a cloud storage service, allowing you to upload and store compatible documents, as set out in Clause 20 of our Terms and Conditions;
“eSign Facility”	means the facility comprising an electronic signature service and document storage facility which we (as “eSign4Business”) make available to eSign Users and to eSign Third Parties, as set out in Clause 19 of our Terms and Conditions;
“eSign Third Party”	means any third-party individual or organisation in relation to use of the eSign Facility;
“eSign User”	means you and any Sub-User using the eSign Facility;
“Master User”	means a User with one or more Sub-Users, using our Multi-User feature, as fully defined in Clause 18 of our Terms and Conditions;
“Multi-User”	means our facility allowing Master Users to share their subscription with one or more Sub-Users, as set out in Clause 18 of our Terms and Conditions;
“Product”	means the document templates, information, and other items that we provide or make available through the Website as packaged folders of items;
“Sub-User”	means an individual within a Master User’s organisation who is nominated and authorised to use Simply-Docs under our Multi-User feature, as fully defined in Clause 18 of our Terms and Conditions;
“User”	means a person or organisation that views or uses the Website who is not a Consumer or a Sub-User (as defined in sub-Clause 18.2), whether or not that person or organisation registers and whether or not their use is as a subscriber to any Product. References to "you", "your" and "yours" refer to you as a User (and, where the context requires, a Master User and/or Sub-User); and
“Website”	means the website that you are currently viewing or using (www.simply-docs.co.uk) and any sub-domain of that website (e.g., subdomain.simply-docs.co.uk) unless it is expressly excluded by its own terms and conditions.

5. Our Roles – Controller and Processor

Context	Our Role	Description
Website browsing, registration, subscription, billing, communication, and providing the Product	Controller	We determine how and why this data is processed.
Documents uploaded to the eSign Facility or the Cloud Document Storage facility	Processor	We process data on the instructions of Users, Master Users, or Sub-Users, as appropriate.
Data about Sub-Users provided by Master Users	Controller (joint)	We collect and store account-level information, while the Master User controls access and use of Sub-User data.

6. What Data do We Collect – Website and Account Management

Category of Personal Data	Purpose of Processing	Lawful Basis (Art. 6 UK GDPR)	Retention Period	Role
Name, business name, and contact details (address, telephone number, email address).	To register accounts, manage subscriptions, and communicate with you.	Performance of a contract. Legitimate interests.	No fixed period. We keep this data until you ask us to delete it or delete your account.	Controller.
Login credentials (email address, password).	To authenticate access to User / Master User / Sub-User accounts.	Performance of a contract.	No fixed period. We keep this personal data until you ask us to delete it or delete your account or, in the case of Sub-Users, until you delete a Multi-User account slot or reassign it.	Controller.
Payment information (processed via WorldPay UK Ltd).	To process subscription payments, Multi-User purchases, and renewals.	Performance of a contract.	We do not store card or other payment method details. Certain transaction data, including invoices, is retained for 7 years for accounting purposes.	Controller.
Your Account history (subscriptions, other purchases, and renewals).	To maintain records of use for your account management and for us to analyse usage patterns.	Performance of a contract. Legitimate interests.	No fixed period. We keep this data until you ask us to delete it or delete your account.	Controller.
Your download history.	To provide your account functionality (e.g., access to previous downloads), to notify you of updates and related new content and for us to analyse usage patterns.	Performance of a contract. Legitimate interests.	No fixed period. We keep this data until you ask us to delete it or delete your account.	Controller.
Technical logs (IP address, browser type, timestamps).	To ensure site functionality, security, and to prevent abuse (fraud monitoring, load balancing).	Legitimate interests.	For as long as is reasonably required to fulfil the stated purpose(s).	Controller.
Communications (email enquiries).	To respond to queries and support requests.	Legitimate interests.	No fixed period. We keep this data until you ask us to delete it. Data is retained to improve our responses to other customer queries.	Controller.
Marketing preferences and consents.	To send our newsletters and other updates to you.	Consent. Legitimate interests.	No fixed period. We keep this data until you delete your account.	Controller.
Cookies and analytics identifiers.	To provide essential functionality and analyse usage patterns.	Consent. Legitimate interests.	As set out below in Section 5.	Controller.

7. Data Sources and Third Parties

We obtain personal data directly from you or your organisation.

We also use certain trusted providers under appropriate written contracts. Each acts as a data processor or sub-processor under written agreements meeting UK GDPR requirements:

WorldPay UK Ltd – payment processing (we do not receive or store card or other payment method details from you or from WorldPay).
Get Set Startup Ltd – software development, web development, and maintenance. Get Set Startup engage carefully selected sub-contractors to assist in providing their services, including a development partner located in India. Where any personal data transfers occur, appropriate safeguards are in place under an International Data Transfer Agreement to ensure that your personal data remains protected.
Microsoft Azure – hosting and storage of the Website, the eSign Facility, and Cloud Document Storage.
Rackspace – hosting and storage of legacy data.
Email delivery and notification providers – account, marketing, and expiry notification emails.
Analytics providers (Google, Microsoft, Bing (Microsoft), LinkedIn) – to analyse site traffic (consent-based cookies).

8. International Transfers

Where a service provider or sub-processor is located outside the UK, we ensure that appropriate safeguards are in place, such as adequacy regulations (e.g., the UK Extension to the EU-US Data Privacy Framework (also known as the “UK-US Data Bridge”)) or a suitable International Data Transfer Agreement.

9. Security

We apply suitable technical and organisational security measures including encryption, access controls, and secure hosting to protect your personal data.

SECTION 2 – MULTI-USER ACCOUNTS

1. Overview

Our Multi-User feature allows a User to invite team members within their organisation to share access to their Simply-Docs subscription as Sub-Users. These features are further explained in the Multi-User FAQs and explained and governed by Clause 18 of our Terms and Conditions.

Each Sub-User as their own login credentials and Sub-User account, linked to the Master User’s subscription.

Master Users manage Sub-Users via the “Manage Multi-User” section of “My Account”, having the ability to assign Multi-User slots and to edit, reassign, deactivate, reactivate, and delete them.

We act as a data controller for Sub-User account data and login / authentication information, and as a joint controller with the Master User in respect of Sub-User account management and usage visibility.

2. What Data do We Collect – Multi-User Accounts

Category of Personal Data	Purpose of Processing	Lawful Basis (Art. 6 UK GDPR)	Retention Period	Role
Sub-User first name, last name, and email address (provided by the Master User).	To create and activate Sub-User accounts; to send activation and verification emails.	Performance of a contract. (Provision of a service to the Master User.)	No fixed period. We keep this data until you ask us to delete it or delete the Master-User account or the specific Sub-User or reassign the relevant Multi-User slot.	Controller (joint).
Login credentials (email address, password).	To authenticate access to Sub-User accounts.	Performance of a contract.	No fixed period. We keep this data until you ask us to delete it or delete the Master-User account or the specific Sub-User or reassign the relevant Multi-User slot.	Controller.
Sub-User activity logs (document download history, eSign Facility usage, and Cloud Document Storage usage).	To provide account functionality (e.g. access to previous downloads), to notify you of updates and related new content and for us to analyse usage patterns. To provide Master User visibility to ensure compliance with fair-use.	Performance of a contract. Legitimate interests.	No fixed period. We keep this data until you ask us to delete it or delete the Master-User account or the specific Sub-User. If an existing Multi-User slot is reassigned, this data is retained for the newly assigned Sub-User.	Controller (joint).
Sub-User storage and eSign data.	To associate documents and activity with the correct Sub-User account.	Where we are the controller - Performance of a contract.	This data is kept until you ask us to delete it, delete the Master-User account, delete the Sub-User account, or until the data in the Sub-User’s eSign and Cloud Document Storage areas is auto-deleted 90 days after the expiry of the Master User’s subscription. If the Sub-User is not reactivated after the Master User renews their subscription and Multi-User slots, the 90 day auto-deletion continues for that Sub-User.	Processor (for stored documents in Cloud Document Storage and eSign). Controller (for metadata).

3. Retention and Deletion Rules

Active accounts: Data is retained and processed as necessary to deliver Multi-User functionality.
Deactivation: Sub-User login is blocked. Data is retained until reactivation or deletion.
Reassignment: Account history (including eSign documents and Cloud Document Storage files) transfers to the new Sub-User assigned to the Multi-User slot.
Deletion: Permanent and irreversible. All Sub-User personal data and stored documents are deleted.
Subscription Expiry: Sub-User login is blocked immediately. Master Users retain download access to Sub-User documents in Cloud Document Storage for a period of 90 days post-expiry, after which that data is deleted unless the Master User purchases a new subscription and sufficient Multi-User slot(s) within the 90-day period, and reactivates the Sub-User.

4. Data Sharing and Access

Sub-User data is visible to the Master User. Master Users can view limited Sub-User data via the “Manage Multi-User” page in “My Account”. Full access to a Sub-User’s account, including document download history, documents uploaded to the eSign Facility, and documents stored in Cloud Document Storage is also available to Master Users via the “Login as Multi-User” function within “Manage Multi-User”.

When a Multi-User slot is reassigned to a new Sub-User, the document download history, documents uploaded to the eSign Facility, and documents stored in Cloud Document Storage transfers to the new Sub-User assigned to that slot.

All processing is carried out using the hosting and development providers listed above in Section 1, Part 6.

SECTION 3 – ESIGN4BUSINESS

1. Overview

The eSign Facility enables Users, Master Users, and Sub-Users to upload documents, send them to signatories (eSign Third Parties) for electronic signature, and store completed signed copies.

This facility is further explained in the eSign FAQs and explained and governed by Clause 19 of our Terms and Conditions.

We act as:

Controller for account-level data, technical logs, and communication records;
Processor for the personal data contained within documents uploaded for signature by eSign Users; and
Processor for the eSign Third Party details required to send eSign invitation emails and the sending of those emails.

Where we are acting as a processor, we process only on the eSign User’s instructions in accordance with Art 28 UK GDPR. In particular, if any document uploaded to the eSign Facility contains personal data, special category data, or data relating to criminal convictions and offences, it is the eSign User’s responsibility to determine the appropriate lawful basis for processing under Article 6 UK GDPR and, where applicable:

In the case of special category data, ensure that one of the conditions in Article 9 UK GDPR are met (and, where applicable, further conditions specified in Schedule 1 of the Data Protection Act 2018); and/or
In the case of data relating to criminal convictions and offences, ensure that such data is processed in accordance with Article 10 UK GDPR and, where applicable, one of the conditions specified in Schedule 1 of the Data Protection Act 2018.

2. What Data do We Collect – eSign4Business

Category of Personal Data	Purpose of Processing	Lawful Basis (Art. 6 UK GDPR)	Retention Period	Role
eSign User name, email address, and account data.	To authenticate, deliver, and manage eSign services.	Performance of a contract.	No fixed period. We keep this data until you ask us to delete it or delete your account.	Controller.
Login credentials (email address, password).	To authenticate, deliver, and manage eSign services.	Performance of a contract.	No fixed period. We keep this data until you ask us to delete it or delete your account.	Controller.
eSign Third Party name and email address (provided by eSign User).	To send eSign invitations and manage the eSign Facility.	Lawful basis determined by the eSign User (controller).	Retained until the document is deleted from the eSign Facility. You may delete documents at any time. Documents are auto-deleted within the timeframes specified in Part 3, below.	Processor.
Message content in eSign invitation emails.	To enable eSign Users to provide context in eSign invitations.	Lawful basis determined by the eSign User (controller).	Deleted on completion or expiry of the eSign document.	Processor.
Uploaded document content (potentially including personal data, special category data, and commercially valuable and/or confidential information).	To enable the electronic signature of documents by the respective parties.	Lawful basis determined by the eSign User (controller).	Retained until the document is deleted from the eSign Facility. You may delete documents at any time. Documents are auto-deleted within the timeframes specified in Part 3, below.	Processor.

3. Retention and Deletion

Unsigned or incomplete documents are automatically deleted 90 days after upload.
Completed Documents are retained until they are deleted either by the eSign User or automatically 90 days after the expiry of your subscription (or access, if you are a Sub-User), unless renewed within that period.

4. eSign Third Parties

When an eSign User sends an invitation to an eSign Third Party to sign a document using the eSign Facility, we process that eSign User’s personal data as a processor.

Emails sent to eSign Third Parties explain that, by clicking the included link to access and sign a document, the eSign Third Party is confirming that they accept our eSign Third Party Conditions and this Privacy Policy.

Only an eSign Third Party’s name and email address is provided by an eSign User when sending an invitation to sign a document. Documents uploaded to the eSign Facility for signing may include more personal data relating to the eSign Third Party and/or other parties.

Upon completion of a document, all signatories, including eSign Users and eSign Third Parties, are emailed a complete copy of the signed document. Completed documents are stored within the eSign Facility and accessible to the eSign User for the period set out above. Completed documents can also be saved to Cloud Document Storage.

5. Data Sharing and Sub-Processors

In order to provide the eSign Facility, we use secure infrastructure and service providers. Each acts as a data processor or sub-processor under written agreements meeting UK GDPR requirements:

Microsoft Azure – hosting and storage of the Website, the eSign Facility, and Cloud Document Storage.
Rackspace – hosting and storage of legacy data.
Email delivery and notification providers – account, marketing, and expiry notification emails.
Get Set Startup Ltd – software development, web development, and maintenance. Get Set Startup engage carefully-selected sub-contractors to assist in providing their services, including a development partner located in India. Where any personal data transfers occur, appropriate safeguards are in place under an International Data Transfer Agreement to ensure that your personal data remains protected.

6. Data Security

Access to the eSign Facility and all personal data stored therein is restricted to authenticated eSign Users and automated service operations.
We do not and cannot inspect or index document content.

SECTION 4 – CLOUD DOCUMENT STORAGE

1. Overview

The Cloud Document Storage facility allows Users, Master Users, and Sub-Users to upload, store, and manage compatible documents (.doc, .docx, .pdf) within their Simply-Docs account.

This facility is further explained in the Cloud Document Storage FAQs and explained and governed by Clause 20 of our Terms and Conditions.

We act as:

Controller for account-level data, technical logs, and communication records; and
Processor for the personal data contained within documents uploaded to Cloud Document Storage.

Where we are acting as a processor, we process only on your instructions (whether you are acting as a User, Master User, or a Sub-User) in accordance with Art 28 UK GDPR. In particular, if any document uploaded to Cloud Document Storage contains personal data, special category data, or data relating to criminal convictions and offences, it is your responsibility to determine the appropriate lawful basis for processing under Article 6 UK GDPR and, where applicable:

In the case of special category data, ensure that one of the conditions in Article 9 UK GDPR are met (and, where applicable, further conditions specified in Schedule 1 of the Data Protection Act 2018); and/or
In the case of data relating to criminal convictions and offences, ensure that such data is processed in accordance with Article 10 UK GDPR and, where applicable, one of the conditions specified in Schedule 1 of the Data Protection Act 2018.

2. What Data do We Collect – Cloud Document Storage

Category of Personal Data	Purpose of Processing	Lawful Basis (Art. 6 UK GDPR)	Retention Period	Role
Login credentials (email address, password).	To authenticate, deliver, and manage Cloud Document Storage.	Performance of a contract.	No fixed period. We keep this data until you ask us to delete it or delete your account.	Controller.
Uploaded document content (potentially including personal data, special category data, and commercially valuable and/or confidential information).	To store documents for user access and retrieval.	Lawful basis determined by the User / Master User / Sub-User (controller).	Retained until the document is deleted from Cloud Document Storage. You may delete documents at any time. Documents are auto-deleted within the timeframes specified in Part 3, below.	Processor.
File metadata (file size, type, timestamp).	To monitor fair usage and enforce storage limits.	Legitimate interests.	Retained until the document is deleted from Cloud Document Storage. You may delete documents at any time. Documents are auto-deleted within the timeframes specified in Part 3, below.	Controller.
Sub-User document ownership links (Master User association).	To enable Master User to manage Sub-User accounts and to access Sub-User Cloud Document Storage after subscription expiry.	Lawful basis determined by the User / Master User / Sub-User to the extent that we are the processor.	Retained until the document is deleted from Cloud Document Storage. You may delete documents at any time. Documents are auto-deleted within the timeframes specified in Part 3, below.	Processor (for stored documents in Cloud Document Storage).

3. Retention and Deletion

Active Users / Master Users / Sub-Users: All documents stored in Cloud Document Storage remain accessible while your subscription is active (and, in the case of Sub-Users, for so long as that Sub-User is active in an available Multi-User slot). You are able to download and/or delete documents and upload additional documents within the storage limits. Once deleted, documents cannot be recovered.
Deactivated Sub-Users: All documents stored in Cloud Document Storage remain stored while the Master-User’s subscription is active, but cannot be accessed by the Master User or the Sub-User unless the Sub-User is reactivated or the Multi-User slot is reassigned, in which case, documents will be available to the Master User and the newly-assigned Sub-User.
After Subscription Expiry: Documents in Cloud Document Storage are automatically deleted 90 days after expiry, unless the subscription is renewed. Documents in Cloud Document Storage can be downloaded and/or deleted during this period.
- In the case of Sub-Users, after the Master User’s account expires, all Sub-Users’ accounts are automatically expired, and the same 90-day limit applies. Only the Master User can download and/or delete expired Sub-Users’ stored documents during this time, via the “Manage Multi User” page in “My Account”. When renewing their subscription, the Master User must purchase the requisite number of Multi-User slots and reactivate any and all Sub-User(s) whose documents they do not wish to be deleted at the end of the 90-day period.
Deletion: All files and associated metadata which are deleted 90 days after expiry cannot be recovered.

4. Data Sharing and Sub-Processors

In order to provide Cloud Document Storage, we use secure infrastructure and service providers. Each acts as a data processor or sub-processor under written agreements meeting UK GDPR requirements:

Microsoft Azure – hosting and storage of the Website, the eSign Facility, and Cloud Document Storage.
Rackspace – hosting and storage of legacy data.
Email delivery and notification providers – account, marketing, and expiry notification emails.
Get Set Startup Ltd – software development, web development, and maintenance. Get Set Startup engage carefully-selected sub-contractors to assist in providing their services, including a development partner located in India. Where any personal data transfers occur, appropriate safeguards are in place under an International Data Transfer Agreement to ensure that your personal data remains protected.

5. Data Security

Access to Cloud Document and all personal data stored therein is restricted to authenticated Users / Master Users / Sub-Users and automated service operations.
We do not and cannot inspect or index document content.

6. User Responsibilities

When using Cloud Document Storage, you must ensure that:

Any personal data (including, but not limited to, special category data and data relating to criminal convictions and offences) is lawfully processed;
Confidential or sensitive information is appropriately protected before uploading; and
Your own adequate backups are maintained outside of Simply-Docs and Cloud Document Storage.

SECTION 5 – COOKIES

Cookie (or similar)	Type	Purpose	Retention Period
.AspNetCore.Mvc.CookieTempDataProvider	Necessary		Past
cookieyes-consent	Necessary	Used to remember your cookie consent preferences.	6 months
.AspNetCore.Antiforgery.*	Necessary	Set by Microsoft AspNet for Anti-forgery protection.	Session
lidc	Functional (Opt-in)	Set by LinkedIn to facilitate data centre selection.	1 day
li_gc	Functional (Opt-In)	Set by LinkedIn for storing visitors’ consent regarding non-essential cookies.	6 months
_gcl_au	Analytics (Opt-In)	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.	3 months
CLID	Analytics (Opt-In)	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.	1 year
_ga_*	Analytics (Opt-In)	Google Analytics sets this cookie to store and count page views.	1 year, 1 month, 4 days
_ga	Analytics (Opt-In)	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.	1 year, 1 month, 4 days
_clck	Analytics (Opt-In)	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.	1 year
_clsk	Analytics (Opt-In)	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.	1 day
SM	Analytics (Opt-In)	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.	Session
MR	Analytics (Opt-In)	This cookie, set by Bing, is used to collect user information for analytics purposes.	7 days
_uetsid	Performance (Opt-In)	Bing Ads sets this cookie to engage with a user that has previously visited the website.	1 day
_uetvid	Performance (Opt-In)	Bing Ads sets this cookie to engage with a user that has previously visited the website.	1 year, 24 days
SRM_B	Performance (Opt-In)	Used by Microsoft Advertising as a unique ID for visitors.	1 year, 24 days
MUID	Advertising (Opt-In)	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.	1 year, 24 days
test_cookie	Advertising (Opt-In)	doubleclick.net sets this cookie to determine if the user's browser supports cookies.	15 minutes
bcookie	Advertising (Opt-In)	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.	1 year
ANONCHK	Advertising (Opt-In)	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.	10 minutes
IDE	Advertising (Opt-In)	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.	1 year, 24 days

SECTION 6 – YOUR DATA PROTECTION RIGHTS

1. Your Rights

As a “data subject” under the UK GDPR, you have the following rights, which we will always work to uphold:

The right to be informed about our collection and use of your personal data (as described in this Privacy Policy).
The right to access your personal data by means of a subject access request (see below).
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. You can do this either by contacting us or by changing the applicable settings in “My Account”. Sub-Users may need to request that their Master User rectifies any such data.
The right to erasure (also known as the right to be forgotten). You can exercise this right either by contacting us or by using the settings and tools available in “My Account”. Please note that if you delete your account, it will be deleted immediately and if you have an active subscription, that subscription will be cancelled. Please also note that documents stored in the eSign Facility and in Cloud Document Storage cannot be recovered once deleted. Refunds are not available. If you wish to ensure that we delete data such as accounting data or emails from you, please contact us. Sub-Users may need to request that their Master User carries out such deletion.
The right to restrict or object to our processing of your personal data for particular purposes. Email preferences can be changed using the “Email Preferences” link in “My Account”. Using this link you can opt-out of our newsletters and bulletins and, for expired subscriptions only, our alerts. For active subscriptions, alerts are an integral part of our service. For further information, please contact us.
The right to data portability. This means that you can ask us for a copy of your personal data to re-use with another service or business. Please note, however, that this right applies only if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and your data is processed using automated means.
The right to withdraw consent where any processing carried out by us relies on your consent.
Rights relating to automated decision-making and profiling.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us.

Further information about your rights can be obtained from the Information Commissioner’s Office. You also have the right to lodge a complaint with the Information Commissioner’s Office if you feel that your rights have been breached.

2. How to Access Your Personal Data

If you are a User or Master User, all personal data provided by you during registration, along with details of your subscription and download history, can be accessed via “My Account”.

If you are a Sub-User, all personal data provided by you, along with details of your download history, can be accessed via “My Account”.

If you are a Master User with Sub-Users, Sub-User data can be accessed via the “Multi User” page in “My Account”.

All documents and personal data provided by you as an eSign User can be accessed via the “My eSign” page in “My Account”.

All documents uploaded to Cloud Document Storage can be accessed via the “My Storage” page in “My Account”.

For further details on downloading documents from the eSign Facility and from Cloud Document Storage, please refer to Sections 3 and 4, above. For further details for Master Users who wish to download Sub-Users’ stored documents, please refer to Section 2, above.

If you wish to make a data subject access request, please do so in writing, sent to the email or postal address provided below, clearly marking your correspondence as a data subject access request.

We do not normally charge for data subject access requests unless they are “manifestly unfounded or excessive” (as set out in Article 12(5) UK GDPR) (e.g., repetitive). We will respond to your data subject access request within one month of receiving it. In the event that your request is particularly complex, a further two months may be required, but we will keep you informed if this is the case.

SECTION 7 – HOW TO CONTACT US

To contact Simply-Docs about anything to do with your personal data protection, including to make a subject access request, please use the following details and we will respond as soon as possible:

Email: dataprotection@simply-docs.co.uk

Telephone: 020 8878 7236

Postal Address: 20 Mortlake High Street, Mortlake, London SW14 8JN.

SECTION 8 – CHANGES TO THIS PRIVACY POLICY

We may change our Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

The updated version will be published on our website with a revised “last updated” date. Material changes may be notified by email or pop-up on your first login after the change.