Privacy notice

Effective from 17 October 2023.
This privacy notice is issued on behalf of Simply Asset Finance Operations Limited and any other company part of the Simply Group that processes your data. As such, any references to “Simply”, “SAF”, “we”, “us” or “our” in this privacy notice are references to the relevant company (you are dealing with) in the SAF Group which is responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us. 

Who we are

The Simply website is brought to you by Simply Asset Finance Operations Limited, a company incorporated and registered in England and Wales with company number 10588244 and registered office at 5th Floor Harling House, 47 – 51 Great Suffolk St, London SE1 0BS. Simply Asset Finance Operations Limited is part of a group which is made up of different legal entities, all registered at the same address, including: 

  • SAF Group Holdco Limited, a company incorporated and registered in England and Wales with company number 10587968; 
  • SAF Group Finance Limited, a company incorporated and registered in England and Wales with company number 10588139; 
  • SAF1 LIMITED, a company incorporated and registered in England and Wales with company number 10920900; 
  • SAF2 LIMITED, a company incorporated and registered in England and Wales with company number 10920907; 
  • SAF3 LIMITED, a company incorporated and registered in England and Wales with company number 10920894; 
  • SAF4 LIMITED, a company incorporated and registered in England and Wales with company number 109209193; and
  • SAF6 LIMITED, a company incorporated and registered in England and Wales with company number 10920933 

(“SAF Group”).

You may be dealing with any of the companies listed above.


Purpose of this privacy notice

We take your privacy very seriously. As such, we ask that you read this privacy notice carefully as it contains important information about: 

  • what personal data we may collect from you;
  • how we will use, store and protect your personal data; 
  • with whom we may share personal data; and 
  • your rights under relevant data protection laws. 

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them. 


Third-party links

The Simply website and app may contain links to and from other applications, plug-ins and websites of other networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services. 


Lawful basis for processing

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are: 

  • Consent: where you have consented for us to process your personal data for one or more specific reasons. For example, to send promotional materials about our services and products. 
  • Performance of a contract: in order to perform and manage a contract we may have with you. 
  • Legal obligation: where processing of the data is required by law. 
  • Public interest: where processing is necessary for the performance of a task carried out in the public interest. 
  • Legitimate interest: in order to carry on the purposes of Simply’s business of providing finance and in particular: 
    • To make a decision regarding your suitability to enter into an agreement with you; 
    • Enforcing a contract you have entered with us in accordance with its terms and conditions; 
    • Recovery of any outstanding payment or equipment due to us under an agreement with you; 
    • For analysis to improve our services even if you have decided not to proceed with entering into an agreement with us, or where we have declined your application; 
    • To contact you about products and services we consider may be of interest to you, unless you opt-out of such communications; and 
    • To keep our records up to date. 

What data we may collect from you

We may collect and process the following personal data about you and your representatives: 

  • Identity data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, voice recording, lifestyle data and family situation. 
  • Visual images and personal appearance (such as photos, copies of passports or CCTV images). 
  • Special categories of personal data including information about your health or vulnerability and details of any criminal convictions or alleged offences. 
  • Contact data: billing address, delivery address, email address and telephone numbers. 
  • Financial data: financial position, bank account and payment card details. 
  • Transaction data: details about payments to and from you and other details of products and services you have purchased from us. 
  • Technical data: internet protocol (IP) address, your login data to Simply websites/systems (where applicable), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other related technology on the device used you use to access this website. 
  • Profile data: your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 
  • Usage data: information about how you use our website, products and services. 
  • Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences. 
  • Correspondence data: conversations and interactions you have with us, whether by phone, email, text message, online, face-to-face or other kinds of communication. 

How we collect information from you

We collect your personal data in a number of ways: 

  • Directly: contact, financial and identity data directly provided by you when you fill in online forms, call us or correspond with us in any way, for example when: 
  • applying for services; 
  • submitting a query; 
  • requesting or consenting to marketing materials being sent to you 
  • providing us with feedback; or 
  • updating your details through the Simply app. 
  • Automatically: as you browse the Simply website or app, certain information relating to your browsing patterns and technical data about the equipment you are using to access the website is automatically collected using cookies, server logs and other similar technologies. Please see our cookie policy for further information. 
  • From third parties/public sources: 
  • Technical data may be obtained from the following parties: 
  • Analytics providers such as Google based outside the EU; 
  • Search information providers such as Microsoft based inside or outside the EU. 
  • Contact, financial and transaction data may be obtained from providers of technical, payment, credit referencing and delivery services such as Experian and Equifax based inside the EU; 
    • Identity and contact data from publicly availably sources such as Companies House and the Electoral Register based inside the EU; and 
    • Any other public databases. 
Call recording 

We may record or monitor phone calls to confirm details of our conversations, to analyse and improve our services, resolve queries and complaints, help detect or prevent fraud and other crimes or for regulatory, training and quality purposes. This is in accordance with our legitimate interests, in particular, to continue to improve and develop our systems, train our staff and offer a high standard of service. In some cases, we rely on our legal obligations to process your personal information for the above purposes. 


How we use your personal data

We may use your personal data for the following purposes: Credit and Identity Verification: In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us, we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to: 

  • Assess your creditworthiness and whether you can afford to take the product; 
  • Verify the accuracy of the data you have provided to us; 
  • Prevent criminal activity, fraud and money laundering; 
  • Manage your account(s); 
  • Trace and recover debts; and 
  • Ensure any offers provided to you are appropriate to your circumstances. 

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain or www.equifax.co.uk/crain. 


Detecting fraud and financial crime:

Where you have applied for a product or service either directly through us or an intermediary, we would need to carry out necessary fraud prevention and money laundering checks to satisfy ourselves that we can enter into an agreement with you. 

  • We may at any time search your record with a fraud prevention agency. If at any time you give us or procure the giving of false or inaccurate information and we suspect fraud, we will record this. The fraud prevention agency will use information recorded for statistical analysis about fraud, money laundering and to verify your identity and will also share it with other organisations who will use it to prevent fraud and to help make decisions on finance proposals requested by you, members of your household or any other businesses associated with you. 
  • We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. 
  • We process your personal data on the basis that it is necessary in our legitimate interest or in exercising official authority for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. 
  • We may carry out checks to detect and prevent fraud, money laundering or financial crime activities. Any suspicious activities may be recorded and notified in accordance with our legal obligations. 
  • Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. 

Consequences of processing:
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above. 

Data transfers:
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Provide a service:
  • To provide the requested services to you; 
  • To carry out our obligations under our agreement with you; 
  • To enforce our rights under our agreement with you; To provide customer service, including to respond to your enquiries and fulfil any of your requests for information.
Ancillary purposes:
  • In accordance with our legitimate interests (in circumstances where your interests and fundamental rights do not override our interests);
  • As we believe to be necessary or appropriate:
    • In order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law;
    • To enforce or apply this privacy notice; and
    • To protect our legitimate rights, privacy, property or safety, and/or those of a third party where your rights do not override those interests.

Marketing

It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us or we have a legitimate interest, where we have a commercial or business reason to use your information. Please note that you can opt out from receiving marketing communications. Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at unsubscribe@simply.finance. We will process your request to be opted-out of marketing within 30 days of receipt. We will ensure that we obtain your consent before we share your personal data with any company outside of the SAF Group for marketing purposes. Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified above. 


Retention of your data

We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed. When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 11 below for more information), we ensure that this data is securely deleted or destroyed. However, please note that, in some circumstances we may decide to retain your personal data for research or statistical purposes, and in such circumstances, we will anonymise your data before retaining it. For more details about our retention periods, please contact us at dpl@simply.finance. 


Accuracy of your data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.


Security of your data

In order to protect your personal data, the SAF Group has appropriate organisational and technical security measures. These measures include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.


Sharing of your data
  • To members of our group

We may share your data with other members of the SAF Group.

  • To our shareholders

We may share your data with our shareholder, their agents, advisors and employees for the purposes of auditing our business, meeting our reporting requirements and to carry out our obligations under our agreement with you.

  • To third parties

There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA. The third parties to which we may transfer your personal data include:

  • Organisations which help us provide you with the product and service you have with us, e.g. electronic data storage services; 
  • Our agents and advisors who help run your account with us, collect what you owe, provide a tracing, repossession or collection service (if required); 
  • Credit Reference Agencies; 
  • Fraud prevention agencies; 
  • HM Revenue and Customs; 
  • Regulators and other authorities; 
  • Your guarantors; 
  • Claim handlers; 
  • Any party linked with you or your business; 
  • Insurers; 
  • If you use direct debits, we will share your data with the Direct Debit Scheme; 
  • If you apply for insurance through us, we may pass your personal or business details to the insurer, and onto any reinsurers; 
  • Other lenders who may hold a charge over your property and assets; 
  • Companies who we have entered into funding arrangements with, who may need to assess your credit position, asset value and carry out their own verification checks; 
  • Companies that we introduce you to for the purpose of providing finance, who may need to process your information in a similar way as we would when providing finance to you. Detailed information on how such funders process your information can be found by clicking on their individual privacy notices here; 
  • Companies that we introduce to you and you are happy for us to pass on your details; 
  • Where you have been introduced to us by an introducer, a dealer or broker, we may inform them about the outcome of your application and whether we have agreed to provide you with the product or service for which you have applied. We may also disclose information about you and your relationship with us throughout the term of that relationship;  

We may also share your personal data: 

  • If an agreement between you and us is assigned to a third party; 
  • If a company in the SAF Group is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and 
  • A prospective seller or buyer, in the event that we sell or buy any business or assets. 
Data transfer safeguards

The security of your data is important to us and we will, therefore, only transfer your data to such third parties if: 

  • We have a legal basis on which to share your data with specific third parties; 
  • The third party needs to access the personal data for a legitimate purpose; 
  • Where appropriate, the third party has agreed to comply with Simply’s instructions, required data security standards, policies and procedures and put adequate security measures in place; 
  • The transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and 
  • Where necessary, a fully executed written contract that contains suitable obligations and protections has been entered into between the parties. 

As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include: 

  • Only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission; 
  • Where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA. 

Your rights

You have certain rights in relation to the personal data we process and hold about you. These include: 

  • Right to rectification: you have the right to require us to correct any inaccuracies in your data. 
  • Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements. 
  • Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example: 
    • You contest the accuracy of the data and wish to have it corrected;
    • You object to processing but we are required to retain the data for reasons of public interest; or 
    • If you would prefer restriction to erasure. 
  • Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit. 
  • Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed. 
  • Right of access: you have the right to request access to personal data that we may process about you. 
  • Right to withdraw consent: you have the right at any time to withdraw your consent allowing us to process your personal data. Please note if you withdraw your consent, we may not be able to provide certain products or services to you if we were relying on your consent to provide them. There may be legal or other official reasons why we need to keep your use your data. However, please tell us if you think we should not be using it. 

If you would like to exercise any of the above rights, please: 

    • Put your request in writing; 
    • Include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill); and 
    • Specify the right you wish to exercise. 

Response time

We will respond to requests made by you within one month.


Charge

We will not charge a fee for you to exercise any of the rights listed above.


Cookies

For more information about the cookies we use, please see our Cookies Policy.


Amendments to this privacy notice

No changes to this privacy notice are valid or have any effect unless agreed by us in writing. We reserve the right to vary this privacy notice from time to time. Our updated terms will be displayed on the Simply website. It is your responsibility to check this privacy notice from time to time to verify such variations.


Questions in relation to this privacy notice

You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO). We have appointed a data protection lead (DPL) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this privacy notice and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPL using the details set out below.


Our full details are:

Full name of legal entity: Simply Asset Finance Operations Limited
Email address: dpl@simply.finance
Postal address: 5th Floor Harling House, 47 – 51 Great Suffolk St, London SE1 0BS
Telephone number: 0203 369 6000

02080495572