Privacy Policy

Welcome to Simplay Rugs` Privacy Policy! We take data protection and information security very seriously. The effective management of all personal data, including security and confidentiality, is the heart of our business and naturally underpins our practices and processes.

This privacy policy informs you about the type, scope and purpose of the processing of personal data we collect, use and process as a part of our website and its functions and content. This policy applies to you, the User of our Services and us the provider of the Services and governs the processing of your personal data in context of our Services and business.

Name and contact details of the responsible person:
Simplay Rugs Ltd
28 West Bromwich Indoor Market,
Kings Square, West Bromwich,
West Midlands, B70 7NW,
United Kingdom

E-mail: matthew@simplayrugs.co.uk

Simplay Rugs proceeds with all data processing procedures (e.g., collection, processing, and transmission) in accordance with the statutory provisions of the UK`s Data Protection Act 2018 and in line with Regulation (EU) 2016/679 (General Data Protection Regulation). The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures Simplay Rugs takes to protect your data and how you can exercise your rights.

Data Subject Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more.

Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website. Please direct all requests for information, requests for information or objections to data processing to us.

What are the relevant legal bases for processing your data?
In accordance with Art. 13 GDPR the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:

  • Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a GDPR)
  • Contract – This is where we process your information to fulfil a contractual arrangement, we have made with you. (Art. 6 Para. 1 lit. b GDPR)
  • Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b GDPR)
  • Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f GDPR). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
  • Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. b GDPR)

Collection, use and storage of personal data
When you use the online offer, Simplay Rugs collects different data from you, partly also so-called personal data. This is information that relates to an identified or identifiable natural person (hereinafter “data subject”).

Visiting the Simplay Rugs website in general
When visiting Simplay Rugs website, you transmit data to our web server (due to technical necessity) via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • complete IP address of the requesting computer
  • amount of data transferred

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. The legal basis for the storage is Article 6 lit. f) GDPR.

Further personal information is only collected if you provide it voluntarily, for example in the context of an enquiry or registration. Depending on the area concerned, Simplay Rugs uses the personal data provided by you to answer your enquiries, to process your order and for the purpose of technical administration of the websites. In detail, the use in the respective areas follows as follows:

Online Shop
When you place an order in our online shop, we store the following information in order to fulfil the contract concluded between you and Simplay Rugs or to carry out pre-contractual measures in accordance with Article 6 lit. b) GDPR:

a) Order without setting up a customer account
When placing an order in the online shop, all data necessary for execution and processing are requested by means of mandatory fields: Your full name, your e-mail address, your address (billing address and, if applicable, different delivery address). Your data will only be used to process your order.

b) Customer account / registration
It is also possible for you to register for your purchase at Simplay Rugs. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase at a later date. Simplay Rugs stores the data you enter to set up a customer account through which your orders are recorded, executed and processed. Simplay Rugs will hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.

c) Retention of order data
If you submit data to Simplay Rugs for an order, your data will be stored for as long as necessary for the processing of the purchase and mandatory according to the legal retention periods. The extended storage for the fulfilment of the storage obligations is carried out according to article 6 lit. c) GDPR.

Contacting Us
If you contact us, the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with Article 6 lit. b) GDPR to process your request. Your data provided via a contact form will not be used for any other purposes, in particular not for advertising.

Disclosure of personal data to third parties
Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.

a) Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.

b) Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract:

  • In the case of delivery of goods to logistics companies and the postal service provider specified when the order was placed.
  • In the case of payment for goods to the payment service provider specified when the order was placed.
  • We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.

c) Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.

Payment systems
In our online shop you can choose between different payment methods. For this purpose, the respective payment-relevant data is collected in order to be able to carry out your order and payment processing. In addition, your IP address is processed due to technical necessity and for legal protection.

Certain personal data and mandatory data are required for the fulfilment of the contract. Without this data, we will unfortunately have to refuse to conclude the contract, as we will then not be able to carry it out. The data will be transmitted accordingly to our payment service providers for payment processing. The payment systems we use SSL encryption to protect the transmission of your data.

Payment data is collected during the ordering process. For orders on our site, you have the possibility to choose between different payment methods. For each of the payment methods. The legal basis for the data processing is Art. 6 para. 1 b) GDPR, as the processing of the data is necessary for the performance of the contract. The transfer of data for payment processing as well as for fraud prevention and detection is based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f) GDPR as well as on Art. 6 para. 1 p. 1 lit. b) GDPR for the fulfilment of the contractual relationship.

Google Pay
If you select Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it and the legal basis is Art. 6 (1) b) GDPR for payment processing.

Stripe
Payment by credit card and debit card is made via the payment service provider Stripe, to which we pass on your mandatory details (e-mail address) provided during the checkout, for payment processing. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe and only insofar as it is necessary for this purpose.

PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) f GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method.

The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including information on the credit agencies used, please refer to PayPal’s privacy policy.

Apple Pay
If you choose the payment method “Apple Pay“, the payment processing is carried out via the “Apple Pay” function of your device running iOS, watchOS or macOS by charging a payment card deposited with “Apple Pay”. Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. For the release of a payment, the entry of a code previously defined by you as well as the verification by means of the “Face ID” or “Touch ID” function of your terminal device is therefore required.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.

Apple retains anonymised transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was completed successfully. Anonymisation completely eliminates any reference to individuals. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.

Transfer to authorities and other public bodies
Your data will only be disclosed to third parties outside the Simplay Rugs if the responsible public authority or governmental institution orders the disclosure in an individual case, in which case Simplay Rugs is obliged to do so.

General technical organisational measures
Simplay Rugs has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by Simplay Rugs is protected by physical, technical and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.

The Simplay Rugs website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.

Secure data transmission
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).

Passwords
You should never disclose your password for accessing our customer portal to any third party and you should change it regularly. If you want to leave your customer account in the online shop, you should press the logout and close your browser to prevent anyone from gaining unauthorised access to it.

Online presence in social media
We maintain online presences within social media on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Automated Decision Making and profiling
Automated decision making is not used at Simplay Rugs.

Processing of special categories of data
No special categories data is processed.

Children Data
Our Service is not intended for children, and we do not knowingly collect data relating to children.

The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Direct marketing in the context of a customer relationship
We use the data you provide to fulfil and process our contract and to respond to your enquiries or on the basis of your consent. Insofar as you have also given us separate consent to process your data for booking, quotation and advertising purposes, Simplay Rugs is entitled to contact you for these purposes via the communication channels you have ticked in this consent.

Changes
This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.