Privacy Policy


The Simply Shred & Recycle Data Privacy Policy applies to the processing of personal data, in particular the data of customers, employees and business partners aiming at creating an adequate level of protection for the transfer of personal data.

This policy defines our Company Privacy Policy that discloses our privacy practices and policies.  It allows parties outside the company to contact our business with regards to questions about our practices and policies.

We collect, use and disclose certain personal information from and about you including your use of the website.


We collect information regarding the areas of the website you visit, the websites you previously visited, the websites you link to when you leave our website, and the information and data you provide through the website (for example, through guestbooks, submission forms, emails, chat groups, postings, and other submissions).

We may also collect information from you using “cookies”.  Cookies are small pieces of data which are stored on your computer to allow your web browser to remember something about our website.  Cookies are useful because they allow us to personalize our site for you.  For example, cookies can be used to list the contents of your virtual shopping cart or to remember your password so that you do not need to enter it every time you log onto our site.


We use the information we collect from you to personalise our website to your interests, enhance your experience on our site, provide you with information regarding our products and services, process your orders, bill you, send marketing materials to you.

Personal data is only collected, processed and used if such actions are legally admissible or if the data subject has given consent.  The data must be factually correct and – if applicable – up-to-date.  Suitable measures will be taken to ensure that irrelevant or incomplete data is rectified or deleted.  The data will be deleted as soon as it is no longer required for the business purpose – for which it was originally collected and stored – observing the legal storage obligations.

Data processing will follow the objective of only collecting, processing and using personal data which is required.  Taking account of the intended purpose for using personal data, the data must be appropriate and relevant and may not go beyond the required scope (data minimization).  Personal data may only be processed within a specific application if this is necessary (data avoidance).


We share aggregated demographic information about our users with our business associates, but this information cannot be used to identify any individual.

Where possible and financially feasible, anonymization or pseudonymization methods are used.  Both methods undertake that the actual identity of the data subject cannot be re-identified or can only be re-identified with a disproportionate amount of effort.

We disclose your personal information to our payment and delivery associates to allow the processing, billing and delivery of your orders.


We hereby accept consent from the website visitor to allow us to collect, using and disclosing your information collected by us.  We are not responsible for the privacy practices and policies of these third parties.

If the collection, processing or use of personal data is not required for initiating or fulfilling a contract or there is no other legal permission, the consent of the data subject must be obtained no later than the date on which the collection, processing or use of personal data begins.  The consent must be given expressly and voluntarily and on an informed basis, which clearly shows the extent of the consent and the possible consequences of with-holding consent for the data subject.  The formulisation of the declaration of consent must be sufficiently clear and inform the data subject of his/her right to revoke his/her consent at any time in the future.  The consent must be obtained in a manner befitting the circumstances (in writing or electronically, verifiably).  In exceptions, it may be given verbally if the fact of the consent and the circumstances which allow verbal consent are documented sufficiently.  If the consent is given in writing together with other declarations, it must be clearly highlighted.


Only authorized employees especially charged with observance of data protection may collect, process or use personal data.  It is forbidden for an employee to use this personal data for his/her own (private) purposes, to transfer it to unauthorised parties or to make it accessible to them in any other way.  In this context, “unauthorised” may include colleagues or employees if they do not need the data for their field of work or specialist tasks.

If personal data is processed or used, suitable technical and organizational measures must be taken to protect the company processes and IT systems, to protect personal data against unintentional or unlawful deletion, alteration, communication, access or loss.

These measures include:

  • Refusing unauthorized persons entry to data processing facilities where personal data is processed or used (entry control),
  • Preventing unauthorized persons from being able to use data processing systems (usage control),
  • Guaranteeing that authorized users of data processing system can only access data within the scope of their access rights, and that personal data cannot be read, copied, changed or removed without authorization, either during processing or use or when stored (access control),
  • Guaranteeing that personal data cannot be read, copied, changed or removed without authorization during electronic data transfer or in the process of transmission or storage on data media, and that it is possible to review and establish where transmission of personal data is supported by data transfer facilities (transfer control),
  • Guaranteeing that it can be reviewed and established retrospectively whether, and by whom, personal data has been entered, changed or removed from data processing systems (input control),
  • Guaranteeing that personal data processed on behalf of the controller can only be processed in accordance with the controller’s instruction (job control),
  • Guaranteeing that personal data is protected against accidental destruction or loss (availability control),
  • Guaranteeing that items of data collected for different purposes are processed separately (separation requirement).


We will retain your personal information only for as long as necessary to fulfil the purposes for which the information was collected. Once the information is no longer required to fulfil these purposes, it will either be destroyed, erased or made anonymous.

The use of services or the receipt of products and/or services are not dependent on the data subject giving their consent to the use of their data for purposes other than the establishment and performance of the contract.  This only applies if the use of comparable services or the acquisition or use of comparable products is not reasonably possible or possible at all for the data subject.


We strive to ensure that any personal information we retain and use is accurate, complete and up-to-date as necessary for the purposes for which it was collected. We do not routinely update personal information unless necessary for these purposes. Nonetheless, if our records regarding your personal information are inaccurate or incomplete, we will amend that information at your request.


Each data subject may demand information (including written information) on the data stored about him/her, including its origin, the purpose of storing the data and the persons and offices to which it has been communicated.  However, such a claim will not exist if the interest in maintaining the business secret outweighs the interest of the data subject.

The information is to be given to the data subject in a clearly understandable form within an appropriate period.

The data subject has the right to demand correction if the data stored about him/her is incomplete and/or incorrect.  He/she has the right to demand the deletion of his\her data if data processing was inadmissible or the data is no longer required for data processing.  If there are legal storage periods or deletion is not possible or reasonable, the data will be blocked instead of deleted.

The data subject can object to the use of his/her data by the company responsible if he/she has a contractual or statutory right to object.  The right to object also applies in cases in which the data subject gave his/her consent to the use of his/her data previously.

At your request, we will provide to you a statement explaining the extent to which we hold personal information about you, and we will explain how that information has been used or disclosed by us.


We will use appropriate safeguards to protect your personal information against loss, theft, and unauthorised access.

Data subject may not be discriminated against in any way if they exercise their rights.

The data subject may at any time contact the Data Protection Official of the company responsible with questions and/or complaints about the use of his/her personal data or with questions about the Simply Shred Data Privacy Policy.

In this context, “responsible” denotes all companies with which the data subject has a contractual relationship or by which his/her personal data is processed.  The circumstance must be clarified in cooperation with the company involved without culpable delay.  The Data Protection Official of the company addressed will coordinate all relevant correspondence with the data subject.


If you wish to have any of your personal information removed from our databases, or if you no longer want us to send any further information to you, please contact Simply Shred & Recycling Ltd.