Privacy Policy

1. Introduction

1.1 Our Commitment to Your Privacy

RSSims ("the Company," "we," "us," "our") operates this website. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of personal information when individuals ("users," "you") visit our website, use our services, request a quote, book a rental, or otherwise communicate with us. The Company is committed to protecting the privacy and security of your personal information. This policy is designed to be transparent about our data practices and to help you understand your rights.

1.2 Scope of this Policy

This Privacy Policy applies to all information, content, and services offered through our website (the "Services"), which is built using the Astro framework and hosted on Netlify. Our Services include providing quotes for custom and pre-built sim racing simulators and facilitating the booking of our on-site simulator rental experience. For website analytics, we use the privacy-respecting tool Umami, and for managing rental bookings, we utilise the services of SimplyBook.me. This policy governs the entire user interaction lifecycle with our website. By accessing and using any of the Services, you acknowledge that you have read and understood this Privacy Policy.

1.3 Who We Are (Data Controller)

For the purpose of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller responsible for your personal information is.

Should you have any questions about our privacy practices, this Privacy Policy, or if you wish to exercise any of the rights available to you, please contact us:

• Email: info@rssims.com
• Mailing Address: Unit 2, Helmsley Way, Broadhelm Business Park, Pocklington, York. YO42 1AE

2. What Personal Information We Collect and How

We collect personal information in different ways, depending on how you interact with our Services. We are committed to the principle of data minimisation, meaning we only collect information that is necessary for the purpose for which it is being processed.

2.1 Information You Provide to Us Directly

• When You Request a Quote: When you use our "Contact Us" page to request a quote for a sim racing simulator, we collect the personal information you voluntarily provide. This typically includes your full name, email address, telephone number, and any details you include in your message regarding your product configuration or enquiry.
• When You Book a Simulator Rental: Our on-site simulator rentals are managed through an integrated booking system provided by our third-party partner, SimplyBook.me. When you make a booking, you provide personal information directly into their platform. This information includes your full name, email address, telephone number, and the specific details of your appointment, such as the date and time. While we are the data controller for this information, SimplyBook.me acts as our data processor to facilitate the booking.

2.2 Information We Collect Automatically

• Website Analytics: We value your privacy, which is why we use Umami for our website analytics. Umami is a privacy-focused analytics tool that does not use cookies and does not collect any personally identifiable information. All the data we see, such as which pages are visited, the referring website, and the visitor's country, is aggregated and anonymised. We cannot use this data to identify or track any individual visitor.
• Website Hosting and Security (Server Logs): To ensure the security and operational integrity of our website, our hosting provider, Netlify, automatically collects certain technical information in server logs when you visit our site. This information may include your IP address, browser type and version, operating system, and the date and time of your access. This data is used for legitimate purposes such as diagnosing technical issues, preventing fraudulent or malicious activity, and maintaining the security of our Services.

3. How We Use Your Personal Information

We use the personal information we collect for specific, explicit, and legitimate purposes. We do not process your information for any other reasons than those outlined below.

• To Provide Our Services: We use the information from your quote requests to understand your requirements, prepare a personalised quote, and communicate with you about it. We use the information from your rental bookings to schedule, confirm, and manage your appointment, including sending you confirmations and reminders.
• To Communicate With You: We use your contact details to respond to your enquiries, provide customer support, and communicate important information regarding your quote or booking. All final order details and payments are handled via email, which requires the use of your email address for these contractual communications.
• To Improve Our Website: The anonymised and aggregated data from our Umami analytics helps us understand how visitors use our website. This allows us to identify popular products, improve site navigation, and enhance the overall user experience without compromising individual privacy.
• To Maintain Security and Prevent Fraud: We use technical data, such as IP addresses collected in server logs by our hosting provider, to monitor for and protect against security threats, spam, and other malicious activities that could harm our website or our users.
• To Comply with Legal Obligations: We are required to maintain records of all financial transactions for a certain period to comply with UK tax and company law. If your quote or booking results in a sale, we will retain the necessary personal information as part of our business records.

4. Our Lawful Basis for Processing

Under the UK GDPR, we must have a valid lawful basis for processing your personal data. Our processing activities are based on the following legal grounds:

• Performance of a Contract: Much of our data processing is necessary to perform our contractual obligations to you, or to take steps at your request before entering into a contract. This is the basis for processing your information when you request a quote, book a rental, and when we communicate with you to finalise an order and payment.
• Legitimate Interests: We process some data based on our legitimate interests, provided that these interests are not overridden by your rights and freedoms. Our legitimate interests include securing our website and services from threats (by processing IP addresses in server logs) and improving our website using anonymised analytics to better serve our customers.
• Legal Obligation: We may process your personal information where it is necessary for us to comply with a legal obligation. This applies to the retention of financial records related to sales of our products and services to meet our obligations under UK tax and accounting laws.

5. Sharing Your Personal Information (Third Parties and Data Processors)

We do not sell, rent, or trade your personal information. We only share your data with trusted third-party service providers who act as our data processors, and only when it is necessary to provide our Services to you. We have contracts in place with these providers to ensure they protect your data.

• SimplyBook.me: We use SimplyBook.me as our appointment scheduling provider for simulator rentals. When you make a booking, your name, email address, phone number, and appointment details are processed by their system on our behalf to manage the booking process effectively.
• Netlify: Our website is hosted on Netlify. As such, they process technical data like your IP address when delivering our website content to you and as part of their security and operational monitoring.
• Umami: We use Umami for website analytics. As stated previously, Umami does not collect or process any personal information from our visitors, ensuring your browsing activity remains private.

We may also be required to disclose your personal information to comply with applicable laws and regulations, to respond to a lawful request such as a court order, or to otherwise protect our legal rights.

6. Cookies and Tracking Technologies

Our website, operated by RSSims, does not use cookies for tracking, advertising, or analytics purposes. Our chosen analytics platform, Umami, is specifically designed to be cookie-less, meaning we can gather useful statistical information without placing any tracking files on your device.

The only potential source of cookies on our site is from embedded third-party services, such as the SimplyBook.me booking widget. This service may set cookies that are strictly necessary for its functionality, for example, to remember your selections as you proceed through the booking process. The use of these cookies is governed by SimplyBook.me's own privacy and cookie policies. We do not have access to or control over these cookies.

Because we do not use any non-essential or tracking cookies ourselves, you will not see a cookie consent banner on our website.

7. Data Retention

We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Quote Enquiries: Information you submit via our contact form for a quote that does not result in a sale will be retained for a period of 24 months to allow for follow-up communications and to address any subsequent enquiries you may have.
• Sales and Booking Records: Where a quote or booking leads to a transaction, we are legally required to retain the associated personal and financial data for a minimum of 6 years after the end of the relevant tax year to comply with HMRC regulations.
• Server Logs: Technical data, including IP addresses, held in our hosting provider's server logs is typically retained for a short period (generally between 30 and 90 days) for security and diagnostic purposes before being deleted.

8. International Data Transfers

Some of our third-party service providers are based outside of the United Kingdom, which means that your personal information may be processed in other countries, including the United States.

When we transfer your personal data outside of the UK, we ensure that a similar degree of protection is afforded to it by making sure that appropriate safeguards are in place. We do this by using specific contracts approved for use in the UK which give personal data the same protection it has in the UK, such as the International Data Transfer Agreement (IDTA) or the Addendum to the EU's Standard Contractual Clauses. We only partner with third parties who demonstrate a commitment to data protection and security.

9. Your Data Protection Rights

Under UK data protection law, you have a number of rights regarding your personal information. These rights are as follows:

• The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we are providing you with this Privacy Policy.
• The right of access: You have the right to obtain access to your personal information that we hold.
• The right to rectification: You are entitled to have your information corrected if it is inaccurate or incomplete.
• The right to erasure: Also known as ‘the right to be forgotten’, this enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This right is not absolute and only applies in certain circumstances.
• The right to restrict processing: You have the right to ‘block’ or suppress further use of your information in certain circumstances. When processing is restricted, we can still store your information, but may not use it further.
• The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
• The right to object: You have the right to object to certain types of processing, such as processing based on our legitimate interests.
• Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing which produces legal or similarly significant effects on you. We do not currently engage in this type of activity.

To exercise any of these rights, please contact us using the details provided in Section 1.3 of this policy.

10. Security of Your Information

We are committed to protecting the security of your personal information. We take reasonable and appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. This includes using Secure Sockets Layer (SSL) technology to encrypt data transmitted to and from our website. We also rely on the robust security infrastructure of our trusted hosting and service providers, who maintain high standards of physical and digital security. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure.

11. Children's Privacy

Our Services are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information from our systems as soon as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, and we will update the "Last Updated" date at the top of this policy. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

13. How to Contact Us & Your Right to Complain

If you have any questions about this Privacy Policy, our data protection practices, or if you wish to exercise any of your rights, please do not hesitate to contact us using the details below:

• Email: info@rssims.com
• Mailing Address: Unit 2, Helmsley Way, Broadhelm Business Park, Pocklington, York. YO42 1AE