Privacy Policy

Remotek Retail Ltd. (“SimpleVAT”, “we”, “our” or “us”), a premier tax consultancy and software solutions provider, places the utmost importance on protecting your privacy and personal information, ensuring these values are at the core of our exceptional service delivery.

Our services, designed for businesses navigating the complexities of VAT returns and compliance, include a robust Software as a Service (SaaS) platform and professional consultancy. We specialise in supporting companies engaged in Fulfilment by Amazon (FBA) and those utilising the One Stop Shop (OSS) VAT framework, offering tailored solutions to manage and simplify their tax obligations.

This Privacy Policy outlines how we collect, use, protect, and handle the Personally Identifiable Information (PII) you entrust to us. This includes data obtained through our SaaS platform, direct interactions with our clients, and automated processes via marketplace APIs. We recognise the sensitive nature of this information and are dedicated to maintaining the highest standards of privacy and security.

In navigating the diverse legal landscapes of Europe, we adhere to various jurisdiction-specific regulations, ensuring compliance while serving our clients' diverse needs. Our policy also addresses the specific requirements of our partners, like Amazon, in relation to data storage and retention.

Your trust is invaluable to us, and we are committed to being transparent about our data practices and safeguarding your information. This policy is designed to help you understand our approach and your rights concerning your personal data.

We collect the following types of PII to effectively deliver our services:

• Client Information: This includes names, addresses, and contact details of our clients and their customers, necessary for invoice generation and tax compliance.
• Financial Data: Details related to transactions, such as sales figures, tax amounts, and other financial information, essential for accurate VAT calculation and reporting.

We employ the following methods to collect data:

• Automated Collection via APIs: We retrieve data from marketplace platforms using secure API connections. This automated process ensures up-to-date and accurate data collection, critical for our services.
• Direct Input from Clients: Clients may provide information directly through our platform or during consultancy engagements.

Your data is the cornerstone of our service provision. We are committed to handling it with the utmost care and in accordance with all relevant data protection laws and regulations.

We may share Personally Identifiable Information (PII) with third parties in limited and specific scenarios, including but not limited to:

• Legal and Regulatory Compliance: We disclose your information to tax authorities as required by tax laws. Additionally, if compelled by a court order, we may release your information in compliance with legal processes.
• Data Subprocessors: In cases where we employ data subprocessors, we may share necessary information with them to ensure the effective delivery of our services. These subprocessors are carefully selected and obligated to maintain the confidentiality and security of the data.

In all instances, our priority is to safeguard your personal information while complying with legal obligations and maintaining the efficiency of our services.

While we must share data for operational and legal reasons, we give utmost importance to your preferences and control over your data. We seek your explicit consent where necessary before sharing your data, adhering to the principles of choice and transparency.

In cases where we share your data, only the data necessary for the specific purpose is shared, ensuring no excess information is disclosed.

Our commitment to data security extends to the instances when we share data. All data shared with third parties is transmitted securely, using encryption and other security measures. We ensure that our partners and service providers adhere to stringent data protection and privacy standards equivalent to ours.

In certain situations, we may be required to disclose PII in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. Our compliance with such requests is done thoughtfully, ensuring adherence to legal obligations while respecting the privacy and rights of our clients.

We understand the sensitivity of your personal information and are committed to maintaining its confidentiality and integrity in every aspect of our operations.

We retain invoice data and related PII in compliance with various European jurisdictions, which often require record-keeping for a minimum of seven years. In some jurisdictions the legally mandated obligatory retention period is up to ten years.

Consistent with Amazon’s data policies, PII collected from Amazon transactions is not stored on our servers for more than thirty days post-order fulfilment. However, we maintain necessary records in line with legal requirements for invoice retention. In compliance with requirements set forth by Amazon, after thirty (30) days following order fulfilment, we move PII off of our servers and onto secure cold storage solutions like Amazon Glacier, ensuring data safety over the long term.

Upon the expiry of the legal retention period, data continues to be retained for statistical purposes and consistency in record-keeping practices.

Upon a client’s request, we will delete their data, provided it is not subject to any legal retention requirements.

We conduct periodic audits to identify and delete any data that is no longer necessary for our stated purposes.

Clients can submit a request for data deletion through our designated channels. Each request is reviewed for legal compliance, and clients are informed about the process and outcome.

Our approach to data retention and deletion reflects our commitment to data protection and legal compliance, ensuring that your personal information is handled with the utmost care and respect.

All data is encrypted during transit and at rest. This means that when data is being sent to or from our servers, and when it is stored, it is protected by advanced encryption technologies.

We employ strict access controls to ensure only authorized personnel have access to your data. This includes multi-factor authentication, regular password updates, and rigorous staff training on data security.

We conduct frequent security audits and assessments to identify and address potential vulnerabilities, ensuring our security measures are up-to-date and effective.

We are committed to adhering to industry standards and best practices for data security. We align our practices with established data security frameworks and comply with relevant regulations, such as the General Data Protection Regulation (GDPR).

We employ strict access controls to ensure only authorized personnel have access to your data. This includes multi-factor authentication, regular password updates, and rigorous staff training on data security.

In the unlikely event of a data breach, we have procedures in place to promptly identify and respond to such incidents. Affected parties will be notified as required by law, and we will take all necessary steps to mitigate any harm and prevent future occurrences.

Our staff receives regular training on data protection and security, ensuring they are aware of the latest threats and best practices. This training is a crucial part of our overall security strategy.

Your data’s security is of paramount importance to us. We are dedicated to implementing and maintaining the highest level of security measures to protect your information and earn your trust.

Given that we operate across various European jurisdictions, we often handle data that crosses national borders. This section explains our approach to international data transfers, ensuring compliance with data protection laws and safeguarding the privacy of our clients.

As a general rule of thumb, we do not move data outside of the European Economic Area (EEA). This applies to all data process and handled by us, including data used in day-to-day operations by our systems, backups and data stored in cold storage for the long-haul.

We utilise the services of Hetzner and Amazon for compute and data storage. These providers have a significant data centre footprint spanning different continents. It is our policy to transfer data only between data centres which are physically located within the EEA.

You have the right to request access to the personal information we hold about you to understand how it is being used.

If you find that any of the PII we hold is inaccurate or incomplete, you have the right to request that we correct it.

Where applicable, you can request a copy of your data in a structured, commonly used, and machine-readable format, and have the right to transmit this data to another controller.

Also known as the “right to be forgotten,” you can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent (if the processing was based on consent).

You can opt out of receiving marketing communications from us at any time. You can also opt out of having your data shared with third parties, except where required for our legitimate business purposes or by law.

If you have any questions or concerns about how we handle your data, or if you wish to make a complaint, please contact us. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.

We value your trust and are committed to enabling you to exercise your rights regarding your personal information effectively.

Our approach is tailored to meet the specific requirements of each jurisdiction:

1. GDPR Compliance: As a baseline, we comply with the General Data Protection Regulation (GDPR), which sets forth strict guidelines on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
2. Local Laws and Regulations: In addition to GDPR, we adhere to local data protection laws in each country we operate. This may include specific rules on data retention, processing, and transfer.

We recognise that data protection authorities in different jurisdictions may enforce regulations in varying manners, and we stay abreast of these differences to ensure compliance. As interpretations of data protection laws can vary, we are committed to continuously updating our practices in line with the latest legal interpretations and court rulings.

We regularly review our practices to ensure they align with the latest legal requirements and best practices in each jurisdiction. As laws evolve, we will update our policies and practices accordingly and communicate these changes to our clients.

We understand the importance of respecting the nuances of each jurisdiction’s data protection laws and are dedicated to upholding the highest standards of compliance in all the regions we serve.

Our Privacy Policy is reviewed regularly to ensure it aligns with the latest legal requirements and best practices. When changes in law, business operations, or technology necessitate, we will update this policy to reflect these developments.

We will inform you of any significant changes to our Privacy Policy in a timely manner. This may be through email notifications, alerts on our website, or other appropriate communication channels.

The latest version of our Privacy Policy will always be accessible on our website, with the date of the last update clearly displayed.

If the changes are significant, especially those affecting how we collect, use, or share your PII, we may seek your consent again, as required by law.

Continued use of our services after the changes come into effect will be regarded as acknowledgement and acceptance of the updated policy.

To maintain transparency, we will keep an archive of previous versions of our Privacy Policy on our website, allowing you to review changes over time.

We encourage you to review our Privacy Policy regularly to stay informed about how we protect your information and your rights. Your continued partnership and trust are important to us, and we are committed to maintaining the highest standards of privacy and data protection.

• Email: [email protected]
• Phone: +44 (20) 37693785
• Mailing Address: Nikola Kozlev Str. bl. 20, Varna 9000, Bulgaria

We have designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with privacy laws. The DPO's contact details are given below.

• Name: Mr. Boyan Georgiev
• Phone: +44 (20) 37693785, ext. 302

If you are not satisfied with our response or believe we are processing your personal data not in compliance with the law, you also have the right to lodge a complaint with your local data protection authority.

Your trust is the foundation of our relationship, and we are committed to ensuring your privacy rights are respected and protected. Our team is always here to provide support and address any questions or concerns you may have regarding your personal information.