top of page

Privacy Policy

1.  Introduction

Urbane Sojourners Ltd is registered with Companies House, registration number 15492134. Urbane Sojourners (“we/us/our”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, https://www.urbanesojourners.com (“Our Site”) and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

​

We ask that you read our privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

​

If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

 

​2. What Does This Policy Cover?
This Privacy Policy applies only to your use of Our Site. 

 

3. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (Regulation (EU) 2016/679) (the “EU GDPR”) where applicable in relation to the storage retention and processing of EU personal data, the retained EU law version of the EU GDPR (UK GDPR) as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

​

​Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

 

4.  Information We Collect
We may collect and process the following types of personal data:

 

The lawful basis for processing is set out in Article 6 of the UK GDPR. At least one of these must apply whenever we processes your personal data:

​

  • Consent - the processing is necessary as an individual/organisation has given us clear consent for us to process their personal data for a specific purpose.

  • Contract - the processing is necessary for a contract we have with the individual/organisation, or because we have been asked to take specific steps before entering a contract.

  • Legitimate Interests - the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

​

While providing our services we collect the following personal information when you provide it to us:

​

  • Names and contact details.

  • Third Party contact details.

  • Addresses.

  • Third Party personal data.

  • Passwords and login details for client accounts, so we can successfully carry out the virtual administration services highlighted in the contract and/or agreement.

  • Special Category Data - For Urbane Sojourners Ltd to lawfully process special category data, we must identify both a lawful basis under Article 6 of the GDPR and a separate condition for processing under Article 9. These do not have to be linked. We would also carry out a ‘data protection impact assessment (DPIA)’ for any type of data processing which is likely to be high risk.

 

The ICO provides further guidance on ‘Special Category Data’. You can find more about the UK GDPR lawful bases by visiting www.ico.org.uk.

 

5. How We Use Your Information

We use your personal data for the following purposes:

​

  • Providing Services: To deliver virtual assistant services and manage your account.

  • Communication: To communicate with you regarding your enquiries, service updates and marketing offers.

  • Collaboration: To provide customer care and support (both before, during and after a contract period).

  • Technical Use: To detect, prevent and address technical issues.

  • Payment Processing: To process payments and manage billing.

  • Legal Compliance: To comply with applicable laws and regulations.

  • Improving Services: To analyse usage and improve our services based on feedback and trends.

 

6.  Legal Basis for Processing Personal Data
We rely on the following legal bases for processing your personal data:

 

  • Contractual Necessity: We process your data to fulfil our contractual obligations to you.

  • Consent: We may process your data based on your consent, which you may withdraw at any time.

  • Legal Compliance: We may process your data to comply with legal obligations.

  • Legitimate Interests: We may process your data to pursue our legitimate interests, provided these do not override your rights.

 

7.  Data Retention
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:

​

  • We will hold your personal data, including but not limited to, name, address, and contact details for the duration of your contracted agreement with us, plus 12 months after any contract end date, to facilitate organisation requirements.

​

8.  Lawful Bases and Data Protection Rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.


Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
 

 

If you make a request, we must respond to you without undue delay and in any event within one month. To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

 

How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

 

The ICO’s address:           
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint​

 

9.  Data Security and Protection Policy

This policy outlines the measures we implement to protect personal information and ensure data security. It establishes responsibilities and procedures for safeguarding sensitive data against unauthorised access, loss, or misuse.

 

Access Control
Role-Based Access Control (RBAC): Access to sensitive data is limited based on employee roles within our organisation. Employees will only have access to the data necessary for their job functions.


Least Privilege Principle: Employees are granted the minimum level of access required to perform their duties.


Multi-Factor Authentication (MFA): All employees must use multi-factor authentication to access sensitive data and systems.

​

Data Encryption
Data at Rest Encryption: All sensitive data stored on our servers and devices must be encrypted using industry-standard encryption methods.


Data in Transit Encryption: All data transmitted over networks is encrypted using secure protocols such as HTTPS and SSL.

​

Regular Security Audits and Assessments
Vulnerability Assessments: We will conduct regular vulnerability assessments to identify and remediate potential security weaknesses.


Penetration Testing: We will perform penetration testing at least annually to evaluate the effectiveness of security measures and incident response protocols.

 

Incident Response Plan

Breach Notification Procedures: We have established clear guidelines for notifying affected individuals and regulatory bodies in the event of a data breach.

​

Data Backup and Recovery
Regular Backups: Critical data is backed up on a routine basis to ensure recovery in case of loss or corruption.


Testing Recovery Procedures: We will regularly test backup restoration processes to ensure reliable data recovery.

​

Data Minimisation and Retention Policies
Limit Data Collection: We will only collect data necessary for business purposes to reduce exposure to data breaches.


Data Retention Policies: Clear guidelines for data retention will be established, and unnecessary data will be disposed of securely.

​

Compliance with Regulations
Stay Informed: We will regularly review and comply with relevant data protection regulations, including GDPR, ICO, and others.

 

10. Insurance

We are registered with the Information Commissioner's Office (ICO) and maintain professional indemnity insurance, along with cyber and date protection insurance, to safeguard your information effectively.
 

11.  Sharing Your Information
We may share your personal data with:

 

  • Service Providers: Third-party vendors who assist us in operating our business, such as payment processors and IT service providers.

  • Legal Authorities: When required by law or to protect our rights or the rights of others.


12.  Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on our website and updating the effective date. We encourage you to review this policy periodically.

 

Contact Us
If you have any questions or concerns about this Privacy Policy or our practices regarding your personal data, please contact us at urbansojourners@outlook.com

​
 

bottom of page