The Pay As You Go price plan means you just pay for the data that you use. The more list members
you have, the larger your list emails, and the more recipients all increase the amount of data
that is used. There is a minimum data purchase requirement as shown in the table below.
1GB data bundle (Valid 1 month)
3GB data bundle (Valid 1 month)
10GB data bundle (Valid 1 year)
30GB data bundle (Valid 1 year)
Minimum data purchase
1GB / month or 10GB / year
3GB / month or 30GB / year
Minimum monthly cost
$8 (paying monthly)
$6 (paying yearly)
$24 (paying monthly)
$16 (paying yearly)
Maximum list members
Data use per month
Price per GB
Data cost per month
For large or high volume lists we recommend the Unlimited price plan
Unlimited price plan
The Unlimited price plan means you just pay for the total number of unique members
in your account. The number and size of emails (and the number of lists for a Multiple
List account) are all unlimited.
Simplelists.com Terms and Conditions
1.1. Set out below are the Supplier’s standard terms and conditions for the
provision of the Services, which will apply in all circumstances of the
Supplier’s provision of the Services.
1.2. Each Customer must read these terms and conditions carefully, paying
particular attention to clause 13, which provides for the limitation of the
2.1. The definitions and rules of interpretation in this clause apply in these
those employees, agents,
list members and independent contractors of the Customer who are authorised
by the Customer to use the Services.
a day other than a Saturday, Sunday or public holiday in England when banks
in Lon- don are open for business.
CHANGE OF CONTROL
the beneficial ownership of more than 50% of the issued share capital of a
com- pany or the legal power to direct or cause the direction of the general
management of the company, and controls, controlled and the expression
change of control shall be construed accordingly.
information that is proprietary or confidential and is either clearly
labelled as such or identified as Confidential Information in clause 11.
the provision of the Services in accordance with these Terms.
the person identified as the “Customer” who registered for the Service and
pays the charges.
the data inputted by the Customer, Authorised Users, or the Supplier on the
Customer’s behalf for the purpose of using the Services or facilitating the
Customer’s use of the Services.
the document made available to the Customer by the Supplier online via
https://www.simplelists.com or such other web address notified by the
Supplier to the Customer from time to time which sets out a description of
the Services and the user instructions for the Services.
INITIAL SUBSCRIPTION TERM
the initial term of the Contract as defined by the length of the subscription
the initial amount of Subscriptions which the Customer has purchased.
the period that the Customer makes payments for the Service.
SERVICE COMMENCEMENT DATE
the date that the Customer registers for an account.
the subscription services to be provided by the Supplier to the Customer for
the purposes of email forwarding and related services.
the online software applications, access to which is provided by the Supplier
as part of the Services.
any of but not limited to: sending unsolicited mail messages ("junk mail") or
other advertising material to individuals who did not specifically request
such materials; the forging of mail header information.
the subscription fees payable by the Customer to the Supplier for the
the subscriptions purchased by the Customer which entitle Authorised Users to
access and use the Services in accordance with the Contract.
has the meaning given in clause 14.2 (being the Initial Subscription Term
together with any subsequent Renewal Periods).
Simplelists.com of BCM6673, London, WC1N 3AX.
the terms and conditions set out in this document as amended from time to
any thing or device (including any software, code, file or programme) which
may: prevent, impair or otherwise adversely affect the operation of any
computer software, hardware or network, any telecommunications service,
equipment or network or any other service or device; prevent, impair or
otherwise adversely affect access to or the operation of any programme or
data, including the reliability of any programme or data (whether by
re-arranging, altering or erasing the programme or data in whole or part or
otherwise); or adversely affect the user experience, including worms, trojan
horses, viruses and other similar things or devices.
2.2. Unless the context otherwise requires, words in the singular shall include
the plural and in the plural shall include the singular.
2.3. Unless the context otherwise requires, a reference to one gender shall
include a reference to the other genders.
2.4. A reference to a statute or statutory provision is a reference to it as it
is in force as at the date of the Contract.
2.5. A reference to a statute or statutory provision shall include all
subordinate legislation made as at the date of the Contract under that statute
or statutory provision.
2.6. A reference to writing or written includes faxes and e-mails.
2.7. References to clauses are to the clauses of these Terms.
2.8. Reference to a “party” shall mean a party to the Contract.
3.1. The Supplier shall, during the Subscription Term, provide the Services and
make available the Documentation to the Customer on and subject to these Terms.
4. User subscriptions
4.1. Subject to these Terms, the Supplier hereby grants to the Customer a
non-exclusive, non-transferable right to permit the Authorised Users to use the
Services during the Subscription Term.
4.2. The Customer shall not (and shall procure that each Authorised User shall
not) access, store, dis- tribute or transmit any Viruses, or any material during
the course of its use of the Services that:
a) is unlawful, harmful, threatening, defamatory, obscene, infringing,
harassing or racially or ethnically offensive;
b) facilitates illegal activity;
c) depicts sexually explicit images;
d) promotes unlawful violence;
e) is or could be considered Spam;
f) is discriminatory based on race, gender, colour, religious belief,
sexual orientation, disability; or
g) in a manner that is otherwise illegal or causes damage or injury to
any person or property;
and the Supplier reserves the right, without liability or prejudice to its other
rights to the Customer, to disable the Customer’s access to any material that
breaches the provisions of this clause.
4.3. The Customer shall not (and shall procure that each Authorised User shall
not) except as may be allowed by any applicable law which is incapable of
exclusion by agreement between the parties and except to the extent expressly
permitted under these Terms:
a) attempt to copy, modify, duplicate, create derivative works from,
frame, mirror, republish, download, display, transmit, or distribute all
or any portion of the Software and/or Documentation (as applicable) in
any form or media or by any means; or
b) attempt to reverse compile, disassemble, reverse engineer or
otherwise reduce to human- perceivable form all or any part of the
c) access all or any part of the Services and Documentation in order to
build a product or service which competes with the Services and/or the
d) attempt to obtain, or assist third parties in obtaining, access to
the Services and/or Documenta- tion, other than as provided under this
clause 4; and
4.4. The Customer shall use all reasonable endeavours to prevent any
unauthorised access to, or use of, the Services and/or the Documentation and, in
the event of any such unauthorised access or use, promptly notify the Supplier
by emailing email@example.com.
4.5. The Customer shall use all reasonable endeavours to protect passwords.
Should any password be compromised, the Supplier must be promptly notified by
5. Customer data
5.1. The Customer shall own all right, title and interest in and to all of the
Customer Data and shall have sole responsibility for the legality, reliability,
integrity, accuracy and quality of the Customer Data.
5.2. The Supplier shall follow its internal company archiving procedures for
backing-up the Customer Data. In the event of any loss or damage to Customer
Data, the Customer’s sole and exclusive remedy shall be for the Supplier to use
reasonable commercial endeavours to restore the lost or damaged Customer Data
from the latest back-up of such Customer Data maintained by the Supplier. To the
extent permitted under applicable law, the Supplier shall not be responsible for
any loss, destruction, alteration or disclosure of Customer Data caused by any
6. Data Processing
6.1. See the separate GDPR Statement on the Simplelists website for how the
Supplier complies with the obligations of data processing with regard to the EU
General Data Protection Regulation.
6.2. This section details the data processing that the Supplier (as the data
processor) will perform on behalf of the Customer (the data controller). The
Supplier shall comply with any further written instructions from the Customer
with respect to processing.
Subject matter of the processing
Email list hosting and mailing list distribution
Duration of the processing
For the length of time that the Customer has an active account
Nature and purpose of the processing
The collection, recording, storage and retrieval of data related to list
members. The collection, recording, storage, retrieval and dissemination of
list emails to list members.
Type of personal data
Name, email address and related notes of list members. Emails distributed via
Categories of data subject
List members of Simplelists
Plan for return and destruction of the data once the processing is
Data will be destroyed one year after a Customer's Simplelists account has
expired. A customer may request the return of the data at any time before
7. Supplier's Obligations
7.1. The Supplier undertakes that the Services will be performed with reasonable
skill and care.
7.2. The undertaking at clause 7.1 shall not apply to the extent of any
non-conformance which is caused by use of the Services contrary to the
Supplier’s instructions, or modification or alteration of the Services by any
party other than the Supplier or the Supplier’s duly authorised contractors or
agents. If the Services do not conform with the foregoing undertaking, Supplier
will, at its expense, use all reasonable commercial endeavours to correct any
such non-conformance promptly, or provide the Customer with an alternative means
of accomplishing the desired performance. Such correction or substitution
constitutes the Customer’s sole and exclusive remedy for any breach of the
undertaking set out in clause 7.1. Notwithstanding the foregoing, the Supplier:
a) does not warrant that the Customer’s use of the Services will be
uninterrupted or error-free; or that the Services, Documentation and/or
the information obtained by the Customer through the Services will meet
the Customer’s requirements; and
b) is not responsible for any delays, delivery failures, or any other
loss or damage resulting from the transfer of data over communications
networks and facilities, including the internet, and the Customer
acknowledges that the Services may be subject to limitations, delays and
other problems inherent in the use of such communications facilities.
c) is not responsible for any damage caused by viruses that may
propagate through the system, although the Supplier will attempt to
prevent this happening by virus-scanning incoming emails to the Service.
7.3. The Contract shall not prevent the Supplier from entering into similar
agreements with third parties, or from independently developing, using, selling
or licensing documentation, products and/or services which are similar to those
provided under the Contract.
8. Customer's Obligations
8.1. The Customer shall:
a) provide the Supplier with all necessary co-operation in relation to
the Contract; and all necessary access to such information as may be
required by the Supplier; in order to provide the Services, including
but not limited to Customer Data, security access information and
b) comply with all applicable laws and regulations with respect to its
activities under the Contract;
c) carry out all other Customer responsibilities set out in the Contract
in a timely and efficient manner. In the event of any delays in the
Customer’s provision of such assistance as agreed by the parties, the
Supplier may adjust any agreed timetable or delivery schedule as
d) ensure that the Authorised Users use the Services and the
Documentation in accordance with the Terms and shall be responsible for
any Authorised User’s breach of the Terms;
e) obtain and shall maintain all necessary licences, consents, and
permissions necessary for the Supplier, its contractors and agents to
perform their obligations under the Contract, including without
limitation the Services;
f) ensure that its network and systems comply with the relevant
specifications provided by the Supplier from time to time; and
g) be solely responsible for procuring and maintaining its network
connections and telecommunications links from its systems to the
Supplier’s data centres, and all problems, conditions, delays, delivery
failures and all other loss or damage arising from or relating to the
Customer’s network connections or telecommunications links or caused by
9. Charges and Payments
9.1. The Customer shall pay the Subscription Fees to the Supplier for the User
Subscriptions in accordance with this clause 9.
9.2. If the customer provides:
a) Its credit card details to the Supplier, the Customer hereby
authorises the Supplier to bill such credit card:
(i) on the Service Commencement Date for the Subscription Fees
payable in respect of the
Initial Subscription Term; and
(ii) subject to clause 14.1, on each anniversary of the Service
Commencement Date for the
Subscription Fees payable in respect of the Renewal Period;
b) its approved purchase order information to the Supplier, the Supplier
shall invoice the Customer:
(i) on the Service Commencement Date for the Subscription Fees
payable in respect of the
Initial Subscription Term; and
(ii) subject to clause 14.1, at least 30 days prior to each
anniversary of the Effective Date for
the Subscription Fees payable in respect of the next Renewal
9.3. Where the Supplier issues an invoice to the Customer, the Customer shall
pay each invoice within 30 days after the date of such invoice.
9.4. If the Supplier has not received payment within 30 days after a payment due
date of any invoice, then without prejudice to any other rights and remedies of
a) the Supplier may, without liability to the Customer, disable the
Customer’s password, account
and access to all or part of the Services and the Supplier shall be
under no obligation to provide any
or all of the Services while the invoice(s) concerned remain unpaid.
9.5. All amounts and fees stated or referred to in the Contract:
a) are non-cancellable and non-refundable, unless the most recent
for use of the Service was within seven (7) days of notice of
b) may be increased at the start of the next renewal period, in which
a minimum of 30 days' notice will be provided.
10. Intellectual Property Rights
10.1. The Customer acknowledges and agrees that the Supplier and/or its
licensors own all intellectual property rights in the Services (and the
Software). Except as expressly stated herein, the Contract does not grant the
Customer any rights to, or in, patents, copyright, database right, trade
secrets, trade names, trade marks (whether registered or unregistered), or any
other rights or licences in re- spect of the Services (and the Software).
10.2. The Supplier confirms that it has all the rights in relation to the
Services that are necessary to grant all the rights it purports to grant under,
and in accordance with, the terms of the Contract.
10.3. The Supplier grants the Customer with a non-exclusive, non-transferable
licence to use the Software to the extent necessary for the usage of the
Services in accordance with the Terms. The Customer shall not represent that it
owns any intellectual property rights in the Software and shall not use the
Services or the Software in any manner that adversely affects the validity of
the Supplier rights in or to the Software and / or those of its licensors.
11.1. It is hereby agreed by both the Supplier and the Customer that no
disclosure of Confidential Information shall be made to any third party. This
clause may not apply if the Supplier receives a properly authorised UK issued
Court Order to the contrary, and in such circumstances will ensure that the
Customer is promptly informed.
11.2. The Supplier shall apply careful attention to the observance of
confidentiality in relation to the Customer Data and confirms that throughout
the duration of the provision of Services it shall apply continuous compliance
to all aspects of the UK Data Protection Act/EU General Data Protection
Regulation, including without limitation data processing. The Supplier
furthermore shall not use or disclose Customer Data without express consent from
the Customer, or unless such use or disclosure is necessary for the operation of
11.3. The Supplier hereby confirms that it has appropriate technical,
organisational and information security measures in pace. Such measures govern
the management, processing and storage of the Customer's data related to their
use of the Services.
11.4. The Supplier hereby agrees to not transfer any personal data that is
processed on behalf of the Subscriber, to any territory which falls outside the
European Economic Area (EEA), unless such transfer is either (a) conducted with
the Subscriber's written consent in advance, or (b) necessary to allow the
Subscriber to use the Services, for example if they themselves or one of their
members are located outside of the EEA.
12.1. The Customer shall defend, indemnify and hold harmless the Supplier
against claims, actions, proceedings, losses, damages, expenses and costs
(including without limitation court costs and reasonable legal fees) arising out
of or in connection with the Customer’s and/or any Authorised User’s use of the
Services where such claims, actions, proceedings, losses, damages, expenses and
costs has arising as a result of the Customer’s and/or any Authorised User’s
negligence or breach of the Contract, provided.
13. Limitation of Liability
13.1. This clause 13 sets out the entire financial liability of the Supplier
(including any liability for the acts or omissions of its employees, agents and
sub-contractors) to the Customer:
a) arising under or in connection with the Contract;
b) in respect of any use made by the Customer of the Services, the
Documentation or any part of
c) in respect of any representation, statement or tortious act or
omission (including negligence)
arising under or in connection with the Contract.
13.2. Except as expressly and specifically provided in the Contract:
a) the Customer assumes sole responsibility for results obtained from
the use of the Services and the
Documentation by the Customer, and for conclusions drawn from such use.
The Supplier shall have
no liability for any damage caused by errors or omissions in any
information, instructions or scripts
provided to the Supplier by the Customer in connection with the
Services, or any actions taken by the
Supplier at the Customer’s direction;
b) all warranties, representations, conditions and all other terms of
any kind whatsoever implied
by statute or common law are, to the fullest extent permitted by
applicable law, excluded from the
c) the Services are provided to the Customer on an “as is” basis.
13.3. Nothing in the Contract excludes the liability of the Supplier:
a) for death or personal injury caused by the Supplier’s negligence; or
b) for fraud or fraudulent misrepresentation.
13.4. Subject to clause 13.2 and 13.3:
a) the Supplier shall not be liable whether in tort (including for
negligence or breach of statutory
duty), contract, misrepresentation, restitution or otherwise for any
loss of profits, loss of business,
depletion of goodwill and/or similar losses or loss or corruption of
data or information, or pure economic
loss, or for any special, indirect or consequential loss, costs,
damages, charges or expenses
however arising under the Contract; and
b) the Supplier’s total aggregate liability in contract, tort (including
negligence or breach of statutory
duty), misrepresentation, restitution or otherwise, arising in
connection with the performance or
contemplated performance of the Contract shall be limited to the total
Subscription Fees paid for the
User Subscriptions during the 12 months immediately preceding the date
on which the claim arose.
14. Term and Termination
14.1. The Contract shall, unless otherwise terminated as provided in this clause
14, commence on the Service Commencement Date and continue for the Initial
Subscription Term and, thereafter, the Contract shall be automatically renewed
for successive periods unless:
a) either party notifies the other party of termination, in which case
this agreement shall terminate
upon the expiry of the applicable Initial Subscription Term or Renewal
b) otherwise terminated in accordance with these Terms;
14.2. The Initial Subscription Term together with any subsequent Renewal Periods
shall constitute the Subscription Term.
14.3. Without affecting any other right or remedy available to it, the Supplier
may terminate this agree- ment with immediate effect by giving written notice to
the Customer if:
a) the Customer fails to pay any amount due under this agreement on the
due date for payment;
b) the Customer commits a material breach of any other term of this
agreement which breach is
irremediable or (if such breach is remediable) fails to remedy that
breach within a period of 20 days
after being notified in writing to do so;
c) the Customer repeatedly breaches any of the terms of this agreement
in such a manner as to reasonably
justify the opinion that its conduct is inconsistent with it having the
intention or ability to
give effect to the terms of this agreement;
d) the Customer suspends, or threatens to suspend, payment of its debts
or is unable to pay its debts
as they fall due or admits inability to pay its debts or is deemed
unable to pay its debts within the
meaning of section 123 of the Insolvency Act 1986;
e) the Customer commences negotiations with all or any class of its
creditors with a view to
rescheduling any of its debts, or makes a proposal for or enters into
any compromise or arrangement
with its creditors other than for the sole purpose of a scheme for a
solvent amalgamation of
that other party with one or more other companies or the solvent
reconstruction of that other party;
f) a petition is filed, a notice is given, a resolution is passed, or an
order is made, for or in connection
with the winding up of the Customer other than for the sole purpose of a
scheme for a solvent
amalgamation of that other party with one or more other companies or the
solvent reconstruction of that
g) an application is made to court, or an order is made, for the
appointment of an administrator, or
if a notice of intention to appoint an administrator is given or if an
administrator is appointed, over
h) the holder of a qualifying floating charge over the assets of the
Customer has become entitled to
appoint or has appointed an administrative receiver;
i) a person becomes entitled to appoint a receiver over the assets of
the Customer or a receiver is
appointed over the assets of the Customer;
j) a creditor or encumbrancer of the other party attaches or takes
possession of, or a distress,
execution, sequestration or other such process is levied or enforced on
or sued against, the whole or any
part of the Customer’s assets and such attachment or process is not
discharged within 14 days;
k) any event occurs, or proceeding is taken, with respect to the other
party in any jurisdiction to
which it is subject that has an effect equivalent or similar to any of
the events mentioned in clause
14.3.d to clause 14.3.j (inclusive);
l) there is a change of control of the Customer; or
m) the Customer suspends or ceases, or threatens to suspend or cease,
carrying on all or a
substantial part of its business.
14.4. On termination of the Contract for any reason:
a) all licences granted under the Contract shall immediately terminate;
b) the Supplier will destroy or otherwise dispose of any of the Customer
Data in its possession unless
the Supplier receives, no later than the termination of the Contract,
a written request for the delivery to the Customer of the then most
recent back-up of the Customer
Data. The Supplier shall use reasonable commercial endeavours to deliver
the back-up to the
Customer within 30 days of its receipt of such a written request,
provided that the Customer has, at
that time, paid all fees and charges outstanding at and resulting from
termination (whether or not
due at the date of termination). The Customer shall pay all reasonable
expenses incurred by the
Supplier in returning or disposing of Customer Data. Customer Data may
remain in backup storage for some
period of time after it has been destroyed in production systems; and
c) any rights, remedies, obligations or liabilities of the parties that
have accrued up to the date of
termination, including the right to claim damages in respect of any
breach of the agreement which
existed at or before the date of termination shall not be affected or
15. Force Majeure
15.1. The Supplier shall have no liability to the Customer under the Contract if
it is prevented from or delayed in performing its obligations under the
Contract, or from carrying on its business, by acts, events, omissions or
accidents beyond its reasonable control, including, without limitation, strikes,
lock-outs or other industrial disputes (whether involving the workforce of the
Supplier or any other party), failure of a utility service or transport or
telecommunications network, act of God, war, riot, civil commotion, malicious
damage, compliance with any law or governmental order, rule, regulation or
direction, accident, breakdown of plant or machinery, fire, flood, storm or
default of suppliers or sub-contractors, provided that the Customer is notified
of such an event and its expected duration.
16.1. If any provision (or part of a provision) of these Terms is found by any
court or administrative body of competent jurisdiction to be invalid,
unenforceable or illegal, the other provisions shall remain in force.
16.2. If any invalid, unenforceable or illegal provision would be valid,
enforceable or legal if some part of it were deleted, the provision shall apply
with whatever modification is necessary to give effect to the commercial
intention of the parties.
17.1. The Supplier reserves the right to modify the Service or change the Terms
and Conditions of this agreement. The Supplier shall provide notice of such
changes by posting it at https://www.simplelists.com, and where possible by
contacting the Customer at the registered email address. Customers not agreeing
to the modified agreement may terminate the Service. Continued use of the
Service after such material has been posted shall be deemed acceptance of the
revised terms and conditions by the Customer.
18. Entire Agreement
18.1. The Contract, and any documents referred to in it, constitute the whole
agreement between the par- ties and supersede any previous arrangement,
understanding or agreement between them relating to the subject matter they
18.2. Each of the parties acknowledges and agrees that in entering into the
Contract it does not rely on any undertaking, promise, assurance, statement,
representation, warranty or understanding (whether in writing or not) of any
person (whether party to the Contract or not) relating to the subject matter of
the Contract, other than as expressly set out in the Contract.
19.1. The Customer shall not, without the prior written consent of the Supplier,
assign, transfer, charge, sub-contract or deal in any other manner with all or
any of its rights or obligations under the Contract.
19.2. The Supplier may at any time assign, transfer, charge, sub-contract or
deal in any other manner with all or any of its rights or obligations under the
20. Third Party Rights
20.1. The Contract does not confer any rights on any person or party (other than
the parties to the Con- tract and, where applicable, their successors and
permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
21.1. Any notice required to be given under the Contract shall be in writing and
shall be delivered by hand or sent by pre-paid first-class post or recorded
delivery post to the other party at its address, or sent by fax to the other
party’s fax number, or sent by email to the other party’s email address as set
out set out on account registration or such other email address as may have been
notified by that party for such purposes.
21.2. A notice delivered by hand shall be deemed to have been received when
delivered (or if delivery is not in business hours, at 9 am on the first
Business Day following delivery). A correctly addressed notice sent by pre-paid
first-class post or recorded delivery post shall be deemed to have been received
at the time at which it would have been delivered in the normal course of post.
A notice sent by fax shall be deemed to have been received at the time of
transmission (as shown by the timed printout ob- tained by the sender). A notice
sent by email shall be deemed to have been received at the time of transmission
(as shown by the time stamp on the email sent by the sender).
22. Governing Law and Jurisdiction
22.1. The Contract and any dispute or claim arising out of or in connection with
it or its subject matter or formation (including non-contractual disputes or
claims) shall be governed by and construed in accordance with the law of England
22.2 Each party irrevocably agrees that the courts of England and Wales shall
have exclusive jurisdiction to settle any dispute or claim arising out of or in
connection with the Contract or its subject matter or formation (including
non-contractual disputes or claims).
using this website, how we obtain it, and what choices and rights you have about your
to Simplelists.com of BCM6673, London, WC1N 3AX, the company which provides the email list
hosting services, the associated websites, and any associated services or features which may
be made available to you from this website.
Data Protection Framework
Simplelists is based within the United Kingdom, and as such is registered with the
Information Commissioner’s Office (ICO) as a Data Controller under the UK Data
General Data Protection Regulation 2016/679 (GDPR) which comes into effect on 25th May
2018, under the supervision of the ICO within the UK.
Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking
more information, requesting a demonstration or trial of one of our services, or for
other similar business administration or support purposes. Your decision to disclose
your personal data is entirely voluntary, and by doing so, you are providing us with
specific consent to use your personal data only in relation to the specific purposes for
which you have disclosed it to us. Simplelists may access and use your Customer Data
only for the purposes for which you have submitted it to us to (a) provide information
to you, (b) contact you, (c) provide services to you, or (d) maintain the operations and
security of the website and services we provide to you. We will not use your personal
information for any other purposes, for example the communication of marketing material,
unless we have your specific consent to do so. We will always handle and store your
personal data in accordance with industry best practice aligned with ISO27001, the
international standard for information security. This includes the activities and
procedures undertaken by our own personnel and any third parties (see "Declaration of
Sub-Processing" section below), and the technical controls which we have implemented to
prevent the unauthorised access, compromise or theft of information from our
applications, supporting computer systems and premises.
Email Lists Data
We do not sell, loan, lease, give away, share or in any other way make your personal
information or your Simplelists list address, or your list members details and email
addresses, available to parties other than Simplelists.com, except to comply with law or
legal processes. The people who have permission to send messages to your list is
controlled entirely by you, in accordance with your list settings.
We will not monitor or disclose the contents of your email list, except when required to
by law, or when required to do so in the course of system maintenance, or when requested
by the Customer. We do store email messages coming through our servers, but only for the
purpose of displaying the messages in the Archives feature, or for debugging in the
event of a problem. Access to messages that have been stored is only available to system
administrators in the course of their duty, or through Archives pages (should they be
enabled for your list). If you wish your messages to never be recorded, please contact
Support, although in any case we will keep a message should there be a problem with the
forwarding address, and attempt delivery for a maximum of 5 days, after which time the
message will be returned to the list owner.
Sensitive Personal Data
GDPR specifies a set of personal data categories which are “sensitive”, and which require
special consideration by Data Controllers. This website, and any services available from
this website, do not knowingly collect or process any sensitive personal data.
Children’s Personal Data
This website, and any services available from this website, are not directed to children
under the age of 13. If you learn that a child under the age of 13 has provided us with
their personal information without having parental consent, please contact us
immediately so that we can take appropriate action.
Customer and Citizen Data Rights
As prescribed within data protection regulations, you have several rights connected to
the provision of your personal data to Simplelists using this website. These include
your rights to request that we:
confirm to you what personal data we may hold about you, if any, and for what
change the consent which you have provided in relation to your personal data
correct any inaccurate or incomplete personal data which we may hold about you
provide you with a complete copy of your personal data for you to move elsewhere
stop processing your personal data, whilst an objection from you is being resolved
permanently erase all your personal data promptly, and confirms to you that we have
done so (there may be reasons why we may be unable to do this)
To contact Simplelists, please see the "about" section on our website. If we do not
properly address your request, or fail to provide you with a valid reason we are unable
to do so, you have the right to contact the Information Commissioner’s Office to make a
complaint. They can be contacted via their website (www.ico.org.uk).
Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to Simplelists
using this website, we need to make you aware of any organisations that act as Data
Processors for us in the provision of our services to you. Details of these are
contained in our separate GDPR Statement available on our website.
The activities within which each of these Data Processors participates are available upon
request by contacting us.
cookies, dependent upon how you use or interact with our website. Cookies are small text
files sent by us to your computer, or from your computer or mobile device to us each
time you visit our website. They are unique to you or your web browser. Session-based
cookies last only while your browser is open and are automatically deleted when you
close your browser. Persistent cookies last until you or your browser delete them, or
and allow us to undertake website analytics and customization, among other similar
things. If you decide to disable some or all cookies, you may not be able to use some of
the functions on our website. We may use third-party cookies, for example Google
Analytics, and you may choose to opt-out of third party cookies from their website.
This website may include relevant hyperlinks to external websites not controlled by
Simplelists. Whilst all reasonable care has been exercised in selecting and providing
you with such links, you are advised to exercise caution before clicking any external
links. We cannot guarantee the ongoing suitability of external links, nor do we
continually verify the safety or security of the contents which may be provided to you.
You are advised, therefore, that your use of external links is at your own risk and we
cannot be responsible for any damages or consequences caused by your use of them.
changes on this page. If you continue to access this website or use services available
from this website after those changes have come into effect, you will have agreed to the
statutory rights, or to make a complaint, please write to: Simplelists.com, BCM 6673,
London, WC1N 3AX or email: firstname.lastname@example.org
The UK’s data protection framework is changing on 25th May 2018, when the existing Data
Protection Act 1998 will be replaced with the European Union General Data Protection
Regulation (“GDPR”) (2016/679). Whilst the UK will soon be leaving the EU, the
replacement data protection legislation being progressed through Parliament is very
closely aligned to the requirements of GDPR.
Simplelists.com (“Simplelists”) provides email list hosting services to its customers,
and as such is responsible for the secure and compliant processing of personal data
related to our customers, as well as the protection of our customers’ information (which
may include personal data) whilst it is being processed by one of our system. This GDPR
statement has been prepared to provide key information about these various personal data
processing activities to our customers.
Data Protection by Design and Default
Article 25 of GDPR requires that data processing activities (e.g. the Simplelists
software solution) provide data protection by design and default. Simplelists has
achieved this requirement by ensuring that its application has been designed in
accordance with industry best practice, using trusted technologies, and has been subject
to penetration testing to ensure that vulnerabilities are being properly managed, and
configurations remain effective.
Simplelists utilises resilient UK data centres which are subject to formal ISO27001
certification. Unless we have entered into a specific agreement with a customer to host
their instance of Simplelists in a non-UK country, we commit that all personal data
processing is undertaken within the United Kingdom, under the prevailing UK data
Article 35 of GDPR requires that formal Data Protection Impact Assessments (“DPIA”) are
undertaken by organisation where there is a “high risk to the rights or freedoms of
natural person”. Simplelists has assessed that there are no high risks to individuals
who may purchase or use our software solution.
Legal Basis for Personal Data Processing
Article 6 of GDPR requires that the lawfulness of data processing be advised. Simplelists
uses “legitimate interests” as the basis for the secure processing and storage of its
customer data in order to deliver the Simplelists software solution to them. This
includes the communication of information related to our solution or similar matters. We
occasionally communicate with non-customers and will only do so based upon the “explicit
consent” which we have been provided with by the data subject, either through a positive
confirmation on a web form, or by their communication preferences shared from social
media channels. We provide clear methods for data subjects to remove or vary their
consent if they wish to do so.
Customer Documented Processing Instructions
Article 28 of GDPR requires that our customers should formally communicate their data
processing requirements to Simplelists (as their data processor). In the event that a
customer does not provide such written instructions to Simplelists (a) this omission
does not remove their obligation to do so, and (b) Simplelists will deliver the software
solutions in accordance with its published service definitions and other related
Data Controller and Data Processor
Simplelists acts as:
Data Controller (as per GDPR Article 24) for the (i) personal data relating directly
to its customers and necessary for the management, provision and operation of its
software solution, and (ii) for its own employee management purposes, or
Data Processor (as per GDPR Article 28) in respect of the personal data which may be
loaded into the Simplelists software solutions by its customers.
Each customer is responsible for ensuring that they have an appropriate legal basis for
processing personal data within a Simplelists software solution and will fully indemnify
Simplelists in the event of any claim of any sort being brought for not having a valid
Children’s Personal Data
The Simplelists software solution is not directed towards children under the age of 13.
If you learn that a child under the age of 13 has provided their personal information to
us without having parental consent, please contact us immediately so that we can take
appropriate action. In accordance with Section 5 above, should a Simplelists customer
select to upload children’s personal data into their deployment of a Simplelists
software solution then they will be required to evidence that the have a valid legal
basis for doing so.
Sensitive Personal Data
Article 9 of GDPR specifies a set of personal data categories which are considered to be
“sensitive”, and which require special consideration by Data Controllers. The software
solutions provided by Simplelists does not knowingly collect or process any sensitive
personal data. In accordance with Section 5 above, should a Simplelists customer select
to upload sensitive personal data into their deployment of the Simplelists software
solution then they will be required to evidence that the have a valid legal basis for
Data Subject Rights
Articles 16-21 of GDPR provide data subjects with several rights in relation to their
personal data, including:
Right of access by the data subject (Art.15)
Right to rectification (Art.16,19)
Right to erasure (Art.17,19)
Right to restriction of processing (Art.18)
Right to data portability (Art.20)
Right to object to processing (Art.21)
Where Simplelists is acting as Data Controller (see 4(a) above), then it will receive,
validate, record, progress and respond to any such data subject requests received.
Should Simplelists, acting as Data Processor (see 4(b) above), then it will advise the
applicant of the customer’s details that should be used to make their request. As a
responsible Data Processor, Simplelists will assist its customers with complying with
Should a data subject decide to exercise their rights, they should contact Simplelists as
Declaration of Sub-Processors
Simplelists confirms its use of:
Secure UK data centres with ISO27001 certification. Being UK-based, they are subject
to prevailing UK data protection legislation. In accordance with our security
operating protocols, details of the providers and locations are only made available
upon specific request to Simplelists.
Worldpay UK, for the purposes of invoicing and receiving payments from customers for
our software solution, which is based in the UK and therefore falls under the
requirements of the EU General Data Protection Regulation.
Ctrl O Ltd, for the provision of specialist technical support for our software
solutions, which is based in London, UK and therefore falls under the requirements
of the EU General Data Protection Regulation.
Simplelists confirms that:
It has undertaken applicable due diligence and validation on each of the declared
sub-processors to ensure that they are aware of and able to deliver their applicable
requirements under the EU General Data Protection Regulation.
It will not vary or replace any of the declared sub-processors without having first
given advanced notice to all applicable customers.
Record Keeping & Breach Reporting
Simplelists confirms that it securely retains and manages data which records the use of
our software solutions, including user credentials and IP addresses. Should a customer
require assistance with information contained within our data processing records, please
contact us as below.
We actively monitor our software solutions for unusual activities and issues, which
includes indications of data breaches. Simplelists will promptly act to notify either
the customer or the ICO (as applicable to our role) in the event of a data breach being
suspected (as per Article 33), and if acting as Data Controller will also inform
affected data subjects (as per Article 34).
Removal of Personal Data
It remains the customer’s responsibility to remove all personal data prior to terminating
their service provision with Simplelists. Should the customer not do this, then
Simplelists will securely purge their data at the point when the resources are to be
redeployed – but this does not take place instantly and customers are strongly
recommended to (a) remove their own personal data beforehand, or (b) contact Simplelists
Support if assistance is needed to do this
All Simplelists personnel are based within the EU and receive regular, formal instruction
in matters relating to information security and data protection. Those with specific
roles relating to the management of risk assessments, data protection impact
assessments, data subject rights and incident management receive more focused training.
Audits and Inspections
Simplelists will submit to audits and inspections, and provide the Customer (as the
Controller) with whatever information it needs to ensure that we are both meeting our
Article 28 obligations. Simplelists will tell the controller immediately if it is asked
to do something infringing the GDPR or other data protection law of the EU or a member
Security of Web Links
Simplelists software solutions may include relevant hyperlinks to external websites not
controlled by us. Some links may be added by list members by sending emails to lists and
being displayed in archives. As such, you are advised to exercise caution before
clicking any external links. We cannot guarantee the ongoing suitability of external
links, nor do we continually verify the safety or security of the contents which may be
provided to you. You are advised, therefore, that your use of external links is at your
own risk and we cannot be responsible for any damages or consequences caused by your use
Simplelists is registered with the Information Commissioner’s Office under the UK Data
Protection Act 1998 – registration number Z9414171 applies.
If a Simplelists customer or data subject believes that Simplelists has not delivered
upon its obligations under GDPR, they have a right to make a compliant to the ICO. They
can be reached by using the contact form on their website.