Privacy policy
1. Who we are
This privacy policy explains how Simplepage Ltd ("Simplepage", "we", "us", or "our") collects, uses, and protects your personal data when you use simplepage.com (the "Site").
Simplepage Ltd is a company registered in the Isle of Man with company number [[TBC: IoM company number]], whose registered office is at [[TBC: IoM registered address]]. We are the data controller for personal data collected through this Site.
This policy is issued under the Data Protection Act 2018 (Isle of Man) and the GDPR and LED Implementing Regulations 2018, which together set out how organisations in the Isle of Man must handle personal data.
This policy does not cover personal data processed by our SaaS products (Eddi, Sumlo, Patch, Printo, or any other product we operate under a separate domain). Each product has its own privacy policy accessible from its website.
2. What information we collect
When you interact with the Site, we may collect the following categories of personal data:
Information you give us directly (for example, by submitting a contact form or emailing us):
Your first name and last name.
Your email address.
Your phone number, if you choose to provide it.
The contents of any message you send us.
Your company name and job title, if you choose to provide them.
Information collected automatically when you visit the Site:
Aggregated, anonymous analytics (page views, referrer, device type, browser, country at country level) via our privacy-friendly analytics provider. This does not identify you individually and does not use cookies.
Basic security information (IP address, request headers) handled by our content delivery and hosting providers for the purpose of protecting the Site from abuse and attacks.
We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
3. Why we collect it and the lawful basis for processing
Under the Isle of Man Data Protection Act 2018, we must have a lawful basis for processing your personal data. The bases we rely on are:
Purpose | Lawful basis |
|---|---|
Responding to an enquiry you have submitted via a form or email | Performance of a contract or taking steps to enter into a contract at your request, and our legitimate interest in responding to prospective and current clients |
Sending you information you have asked for (such as a proposal, quote, or follow-up) | Performance of a contract or pre-contractual steps at your request |
Sending marketing emails (for example, a newsletter) | Your consent, which you can withdraw at any time |
Aggregated, anonymous analytics to understand how the Site is used and to improve it | Our legitimate interest in operating and improving the Site, balanced against your privacy (no personal data is processed for this purpose) |
Protecting the Site from fraud, abuse, and attack | Our legitimate interest in the security of our infrastructure and our users |
Complying with legal obligations | Legal obligation |
We will only send you marketing emails if you have specifically opted in, and you can withdraw that consent at any time using the unsubscribe link in the email or by emailing us.
4. How long we keep your data
We retain personal data only for as long as is necessary for the purposes for which it was collected:
Category | Retention period |
|---|---|
Contact-form enquiries | Up to 24 months from the last correspondence, unless you become a client (in which case retention is governed by the service agreement and our legitimate business records obligation, typically up to 7 years after the relationship ends for tax and accounting purposes) |
Email correspondence | Up to 24 months from the last email, unless it forms part of a client record |
Marketing subscribers | Until you unsubscribe or withdraw consent |
Security logs (IP addresses in access logs) | Up to 30 days, after which logs are deleted or anonymised |
Aggregated analytics | Indefinitely (this data is not personal data and cannot identify individuals) |
Where we are required to retain data longer by law (for example, for tax or accounting purposes), we will keep it for that period and no longer.
5. Who we share your data with
We do not sell your personal data. We share it only with the following categories of third-party service providers, each acting as a data processor on our behalf under a written agreement:
Provider | Purpose | Where data is processed |
|---|---|---|
Umbraco Cloud / Azure` | Hosting the Site and storing form submissions | EU / UK |
Cloudflare | Content delivery, DDoS protection, and security filtering | Globally via Cloudflare's edge network |
Plausible Analytics | Privacy-friendly, cookieless website analytics (aggregated, no personal data) | EU (Germany) |
Google Workspace / Brevo / Mailgun` | Receiving and responding to your email enquiries | EU / UK |
We may also disclose personal data where we are required to do so by law, regulation, or court order, or where disclosure is necessary to protect our rights, your safety, or the safety of others.
6. International transfers
Some of our third-party providers process data outside the Isle of Man. Where that happens, we rely on one of the following safeguards:
The destination country has been recognised as providing an adequate level of data protection.
The provider has signed Standard Contractual Clauses (or an equivalent mechanism) ensuring your data is protected to the standard required by Isle of Man data protection law.
You have given explicit consent to the transfer.
If you would like more detail on the safeguards in place, contact us using the details below.
7. Your rights
Under the Isle of Man Data Protection Act 2018 and the GDPR and LED Implementing Regulations 2018, you have the following rights over your personal data:
Right of access - the right to request a copy of the personal data we hold about you.
Right to rectification - the right to ask us to correct inaccurate or incomplete data.
Right to erasure - the right to ask us to delete your personal data, subject to certain legal exceptions (for example, where we are required to keep it for tax purposes).
Right to restriction - the right to ask us to stop or limit how we process your data while a concern is being resolved.
Right to data portability - the right to receive the personal data you have provided in a structured, commonly used, machine-readable format.
Right to object - the right to object to processing based on our legitimate interests, or to processing for direct marketing.
Rights in relation to automated decision-making and profiling - we do not carry out any automated decision-making or profiling that has a legal or similarly significant effect on you.
Right to withdraw consent - where we rely on your consent, you can withdraw it at any time.
To exercise any of these rights, contact us at [email protected] `. We will respond within one month, though we may need to verify your identity first.
Exercising your rights is free of charge, unless your request is clearly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
8. Complaints
If you are not satisfied with how we have handled your personal data, you have the right to complain to the Isle of Man Information Commissioner, the supervisory authority for data protection in the Isle of Man.
Website: inforights.im
Email: [email protected]
Post: Isle of Man Information Commissioner, PO Box 69, Douglas, Isle of Man, IM99 1EQ
You have the right to raise a complaint directly without contacting us first, but we would appreciate the chance to address your concern before you do.
9. How we secure your data
We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:
HTTPS across the whole Site.
Restricted access to systems on a need-to-know basis.
Multi-factor authentication on administrative accounts.
Routine security patching of our hosting infrastructure.
Regular backups.
Written data processing agreements with all third-party providers.
No method of transmission over the internet is completely secure. While we use reasonable measures to protect your data, we cannot guarantee its absolute security.
10. Cookies and tracking
We use cookies sparingly. Where a cookie is used, the table below explains what it does, whether it is essential, and how long it lasts.
We do not use tracking, advertising, or third-party marketing cookies on this Site.
Cookie | Set by | Purpose | Type | Lifespan |
|---|---|---|---|---|
| Cloudflare | Bot protection and security filtering. Used to distinguish real visitors from automated traffic. | Strictly necessary | Up to 30 minutes per session |
.AspNetCore.Antiforgery.* | Simplepage | Protects contact forms against cross-site request forgery attacks. | Strictly necessary | Session only |
We use Plausible Analytics to measure traffic on the Site. Plausible is privacy-friendly, open-source analytics that does not set any cookies and does not collect personal data. All traffic data is aggregated and anonymous. Plausible is compliant with the Isle of Man Data Protection Act 2018, UK GDPR, and PECR. You can read their data policy at plausible.io/data-policy.
Some pages may embed content from third parties (for example, a video from YouTube or a LinkedIn profile card). These embeds may set their own cookies when loaded. We have no control over third-party cookies. If you are concerned about third-party tracking, your browser's privacy settings or an extension such as uBlock Origin can block them.
If you submit a contact form, we process your name, email, phone (if given), and message content solely to respond to your enquiry, under the lawful bases set out in section 3. We do not use form data for marketing unless you explicitly opt in.
You can control and delete cookies through your browser settings. Disabling strictly necessary cookies may prevent parts of the Site from working correctly.
11. Changes to this policy
We may update this privacy policy from time to time. Any changes will be posted on this page with a new "Last updated" date. Significant changes (for example, a new category of personal data or a new third-party processor) will be flagged prominently. By continuing to use the Site after changes are posted, you acknowledge the updated policy.
12. Contact us
If you have any questions about this privacy policy or how we handle your data, please contact us:
Simplepage Ltd
Privacy email: [email protected]
General email: [email protected]
Registered office: