SimplyPostcode™ - Privacy Policy

This privacy policy sets out how Comtek Accounts Ltd (trading as Simply Postcode) uses and protects any information that you give Comtek Accounts Ltd (trading as Simply Postcode) when you use this website.

Comtek Accounts Ltd (trading as Simply Postcode) is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Comtek Accounts Ltd (trading as Simply Postcode) may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1/7/2012.

How we use cookies

We don’t use cookies on this web site, but we do use:

  • Google Analytics, to track site usage which stores anonymous data
  • Google Display Advertising uses cookies to serve ads based on a user’s prior visits to your website.
  • Google Adword and Bing Ad which store anonymous data about click through rates
  • Social networking links, which may store cookies in order to serve social information
  • You may opt-out of Google’s use of cookies by visiting the Google advertising opt-out page. (Alternatively, you can opt-out of Google Analytics opt-out browser add-on.)

Postcode software uses cookies to identify a user, but ONLY when used for internal use (within a company, used by a company employee). So in summary it does not use cookies when used by the general public on web sites.

What we collect

If you open an account with us we may collect the following information, which is required for the return of license information to the Royal Mail. It is not used for any other purpose:

• name and job title
• contact information including email address
• address information including postcode
• other information relevant to the use of our services

What we do with the information we gather

We require this information in order to provide our postcode lookup server, and in particular for the following reasons:

• Internal record keeping.
• We may use the information to improve our products and services.
• We may periodically send promotional emails about new products, and e-mails regarding the renewal of contracts and credit packs.
• It is a requirement of the royal mail terms and conditions that we pass on customer name and addresses, after purchasing a licence.  They do not pass this information to any third parties.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Comtek Accounts Ltd, 6 Malborough Court, Wisbech, Cambs, PE13 1LT.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

GDPR compliance

Sam Smith, our Head of Software Development and Comtek Accounts Ltd appointed Data Protection Officer, is responsible for ensuring our systems have ‘privacy by design’ and that our default mode is one of GDPR compliance.

This explains the data we hold and where:

‘What constitutes sensitive data?' - we store very little "Personal information"

We don't hold personal data unless you are a customer, and then only to bill and support you

'What data do you hold?'

1) Accounts - Billing Details + E-mail (On-Premises)

In house CRM - Billing Details + E-mail + Notes for Cases/Projects, etc (On-Premises)

2) We have three different business activities using online Servers, all hosted with RackSpace which are very secure:

  1. A) Simply Postcode - Billing Details + Password - Salt + Encrypted SHA384 (SHA2)
  2. B) Postcode LITE - Billing Details + Password - Salt + Encrypted SHA384 (SHA2)
  3. C) Software License System - Billing Details + Password - Salt + Encrypted SHA384 (SHA2)

Also records IP address and usage for support purposes

No credit card information is held
A and B - Accounts are deleted after 1 year if dormant

Billing Details - May include Phone, Mobile (optional) number, billing history
This must be stored for 7 years to comply with HRMC regulations

 Where is the data stored and How secure?' 

    1. Accounts and CRM in house on Windows 2016 Server.  Incoming Firewall + Encrypted Drives.   Remote access is via encrypted VPN.
    2. Rackspace in Reading and Heathrow.  Very secure.  Very few ports open, Cisco managed firewall.  Remote access is via encrypted VPN.

The Privacy Shield is provided by firewalls and internet security.  All communication to Rackspace servers is via an encrypted VPN

No Sensitive Account/Personal data leaves the building

Access to data

Yes - we can give you all data held within 1 month

Right to be forgotten

Yes - within one month all data will be erased

Security Breach

We will report any breaches of security to ICO (Information Commission Office) and people affected within 3 days.

We are a Small Company

For companies that have more than 250 employees, there's a need to have documentation of why people's information is being collected and processed, descriptions of the information that's held, how long it's being kept for and descriptions of technical security measures in place.