Skip to content
Dead Simple 365.
DRAFT for solicitor review. Not yet in force.

Dead Simple 365 Privacy Policy

Version 0.1 (draft), 12 June 2026.

This policy explains how Dead Simple Computing Ltd, trading as Dead Simple 365, collects and uses personal data when you use deadsimple365.co.uk and buy Microsoft 365 subscriptions and related services from us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Dead Simple Computing Ltd is the controller of the personal data described in this policy.

  • Company number: 11670139, registered in England and Wales
  • Registered office: [REGISTERED OFFICE ADDRESS]
  • Privacy contact: [PRIVACY EMAIL ADDRESS]
  • ICO registration number: [ICO REGISTRATION NUMBER]

We sell to businesses only. The personal data we hold is mainly the business contact data of the people who act for our customers, such as directors, administrators and billing contacts.

2. The data we collect

We collect and hold the following categories of data.

Company and account data. Company name, trading name, Companies House registration number, business address, VAT number where provided, and the details of your account with us.

Contact data. Names, job titles, business email addresses and phone numbers of the people who place orders, accept agreements, administer the account or receive billing correspondence.

Billing and payment data. Invoices, payment history, subscription and seat records, and payment card details. Card payments are processed by Stripe. Card details are entered directly into Stripe's systems. We never store full card numbers, only the limited card metadata Stripe returns to us (such as card brand, last four digits and expiry month) so we can show you which card is on file.

Microsoft tenant identifiers. The identifiers needed to provision and manage your subscriptions, such as your Microsoft tenant ID and tenant domain. We do not access the contents of your tenant (your emails, files or user data) unless you separately grant us delegated access for a support service.

Microsoft Customer Agreement acceptance records. When you accept the Microsoft Customer Agreement at checkout, we record the name and email address of the person accepting, the date and time, the IP address used, and the agreement version. Microsoft requires us to keep this evidence and to provide it to Microsoft or to Giacom on request.

Website and technical data. IP addresses, device and browser information, and usage data collected through our site, including any cookies or similar technologies described in our cookie notice.

Correspondence. Emails, support requests and other communications with us.

3. How we use the data, and our lawful bases

Purpose Lawful basis (UK GDPR Article 6)
Taking orders, provisioning subscriptions, managing your account, billing and support Performance of a contract (6(1)(b))
Verifying business status via Companies House and screening payments for fraud Legitimate interests (6(1)(f)): selling only to businesses, protecting against fraud
Recording Microsoft Customer Agreement acceptance and sharing it with Microsoft or Giacom on request Legal obligation under our partner agreements and legitimate interests (6(1)(f)); the record is contractually required by the Microsoft CSP programme
Sending service emails (order confirmations, renewal reminders, payment failure notices, price change notices) Performance of a contract (6(1)(b))
Sending marketing about our services to business contacts Legitimate interests (6(1)(f)), with the right to opt out at any time
Keeping accounting and tax records Legal obligation (6(1)(c))
Establishing, exercising or defending legal claims Legitimate interests (6(1)(f))

We do not use personal data for automated decision making that produces legal or similarly significant effects. We do not sell personal data.

4. Who we share data with (our processors and partners)

We share data with the following recipients, only to the extent needed for the purposes above.

  • Stripe processes payments on our behalf. Stripe holds your card details; we do not. Stripe also acts as an independent controller for some of its own regulatory purposes, as described in Stripe's privacy policy.
  • Giacom, our Microsoft indirect provider, receives the customer, tenant and subscription details needed to place and manage your Microsoft orders, and the Microsoft Customer Agreement acceptance records where requested.
  • Microsoft receives the customer and tenant details needed to provision your subscriptions, and processes your tenant data under the Microsoft Customer Agreement as your processor.
  • Our hosting provider hosts our website, application and databases.
  • Our transactional email provider sends our service and account emails on our behalf.
  • Our professional advisers (accountants, solicitors, insurers), and authorities where disclosure is required by law.

Where these recipients act as our processors, they do so under contracts that meet the requirements of Article 28 UK GDPR.

5. International transfers

Some of our providers (including Stripe and Microsoft) may process data outside the UK, including in the United States. Where personal data leaves the UK, we rely on safeguards recognised under UK GDPR, such as UK adequacy regulations, the UK Extension to the EU US Data Privacy Framework, or the International Data Transfer Agreement and Addendum to the EU Standard Contractual Clauses, as applicable to each provider.

6. How long we keep data

  • Account, subscription and MCA acceptance records: for the life of the customer relationship, then for 6 years after the relationship ends, reflecting limitation periods for contract claims and Microsoft CSP audit requirements.
  • Invoices and accounting records: at least 6 years from the end of the financial year they relate to, as tax law requires.
  • Correspondence and support records: up to 6 years after the relationship ends.
  • Marketing contact data: until you opt out or the data is no longer current.
  • Website logs and technical data: typically no more than 12 months.

After these periods, data is deleted or anonymised.

7. Security

We apply appropriate technical and organisational measures, including encryption in transit, access controls, and restriction of card data handling to Stripe's PCI DSS certified systems. No system is perfectly secure, and we will notify you and the ICO of personal data breaches where the UK GDPR requires it.

8. Your rights

Under the UK GDPR you have the right to:

  • access the personal data we hold about you;
  • rectification of inaccurate or incomplete data;
  • erasure of your data in certain circumstances;
  • restriction of processing in certain circumstances;
  • data portability of data you provided to us under contract;
  • object to processing based on legitimate interests, including the right to stop direct marketing at any time;
  • withdraw consent at any time, where we rely on consent.

To exercise any right, contact [PRIVACY EMAIL ADDRESS]. We respond within one month, extendable by two further months for complex requests. We may need to verify your identity first. These rights belong to the individuals whose data we hold (for example, the named contacts at our customers), not to the company as such.

9. Complaints

If you are unhappy with how we handle your personal data, please contact us first at [PRIVACY EMAIL ADDRESS] so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Changes to this policy

We may update this policy from time to time. The current version is always published on our site with its version date. Material changes will be notified to the billing contact on file.