Last updated: 27 April 2019
MainRD is owned and operated by Urban Management Solutions LTD - a company registered in England and Wales, company number 08564152.
It is our belief and our policy that it is good business to take your privacy seriously, so we are committed to protecting your personal information.
Please not that our website and other digital platforms may contain links to third party websites or online products, which are provided for your convenience. We can only take responsibility for the privacy practices and security of our own digital platforms. We recommend that you check the privacy and security policies and procedures of any other website that you visit.
How to contact us about your personal data
123 King Street, Hammersmith
London W6 9JQ
Information we collect and what we use it for
In broad terms, we use your data for the following purposes:
- to administer and provide products and services you request or have expressed an interest in
- to communicate with you in the event that any products or services you have requested are unavailable
- to personalise and improve your experience on our digital platforms
- to enable us to administer any offers or promotions which you enter into
- to personalise and/ tailor any communications that we may send you
- to carry out market research so that we can improve the products and services we offer
- for fraud screening and prevention purposes
- for record keeping purposes
When we provide you with products or services we may collect and store any personal information that you provide to us. We may, for example, keep a record of your name, address, delivery address, email address, telephone number and IP address(es) used to access our digital products. We do not store any credit card or payment method information provided by you - this is processed and stored by our trusted payment company.
When you sign up to use one of our digital products, sign up with us for an online account, register to receive marketing communications from us (and/or our sponsors and partners), fill in one of our forms (whether online or offline) or otherwise expressly provide us with your personal information, we may collect and store any personal information that you provide to us and may use it to personalise and improve your experience on our digital platforms, provide products and services you request from us, and carry out profiling and market research.
We will only process your personal information for the purposes set out in our privacy notice, should this change we will ask your consent for any additional processing we need to.
The term "processing" is widely used in the EU's General Data Protection Regulation (GDPR). In plain English, we collect and store some of your personal data for the purposes described above.
When you use our cloud-based software, or otherwise sync data with our systems, your role as a Data Controller means you should ensure you have consent from your clients, customers, partners or suppliers to store their personal information. Our role as a Data Processor is to securely store your bookkeeping database.
If at any time you do not want us to process any of this personal data, you can contact us via the email or address listed above. You should be aware that we may not be able to provide the products or services you have subscribed to without your permission to store process personal data. You can also ask us to delete your account and all personal data about you and your clients.
Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.
Legal basis for data processing
We process your personal data for purposes of entering into and providing the products and services under our agreement. We also process some of your personal information with your consent. Where we use consent, this will be explicitly given and can be removed at any time. We may need to process some of your personal information to also protect our legitimate interest.
Disclosure of your information
In order to provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we may need to appoint other organisations to carry out some of the data processing activities on our behalf. These may include, for example, payment processing organisations, delivery organisations, fraud prevention and screening and credit risk management companies, and government agencies such as Companies House and HMRC.
We may share your data with our carefully selected partners, but we will only do this if you have consented to receive marketing relating to our partners or if one of the conditions in the paragraph above applies.
In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected.
Security of information
We take the security of your personal information as a top priority. When you submit data to us, we use industry standard SSL / TLS encryption technology to guard your information in transit. In addition, we have security procedures in place to protect data stored in our databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personally-identifiable information contained within them.
Where a password is required to access certain areas of our digital platforms, you are responsible for keeping your password secure and confidential. Please do not share or disclose your password to any other person.
For our cloud-based software, we engage Amazon Web Services as an "Infrastructure Provider". Part of the infrastrucutre provider's role includes storage of customer personal data.
Data you enter into the software, such as your customer and supplier names and addresses are stored in a separate database per account. This database is stored by our Infrastructure Provider and encrypted while at rest. Decryption keys are managed by the Infrastructure Provider and stored in a different location. You acknowledge your role as Data Controller in this respect, and ours as Data Processor.
Cloud software servers are housed in Amazon's secure data centres in the United Kingdom and Ireland and are managed by us. We secure all communications to and from the app using TLS, and we reject any connections that are not encrypted. This keeps your information confidential between your device and our servers and ensures that the data is safe from eavesdropping while on the Internet.
We will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of our systems.
We will take appropriate steps to ensure compliance with the Security Measures by our employees and contractors to the extent applicable to their scope of access, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality. Our staff connect to the servers for monitoring and maintenance. While connected, we also use encrypted connections. In addition, all our computers have encrypted hard drives and complex passwords to prevent unauthorised access, in case they are stolen.
For further information about Amazon's data processing practices under GDPR, click here.
Your rights, as relating to the information that we hold about you
In this section we have summarised the individuals rights under GDPR. Some of the rights are complex, and not all the details have been included here. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Right to access
You have the right to confirm whether we do or do not process your personal data, where and how we do this, and to request a copy of any personal data that we hold about you.
Right to rectification
You have the right to have your data updated or modified to ensure the data being processed is kept up to date.
Right to erasure
You have the right to be forgotten and your data to be erased, which allows you as a data subject to inform us that you no longer want us to store or process your data.
This request may be declined for a number of reasons, which are not limited to; having a lawful basis to process your information, or us needing the information for compliance with legal or contractual obligations.
Right to restrict processing
You have the right to stop processing of your personal information. Please be aware you must provide us with a legitimate reason for us to stop processing your information. Any request made that does not conform to the GDPR guidelines will be rejected.
Right to object
On occasions we may send you marketing emails to make you aware on new products that we believe can benefit you, the data subject. As you have the right to object, you can click the unsubscribe link on all of our emails to inform us that you no longer want to receive marketing emails from us.
Right to data portability
The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing. When you make this request, we will export all information about you and securely transfer it to you. You, the data subject will be able to give this information to your chosen organisation.
Right to not be subject to profiling and automated decision making
Where decisions are made through automated means, or a profile is created using data collected about you, you have the right to request human intervention.
Right to complain
As a data subject you have the right to complain to the supervisory authority regarding the processing of your personal data.
If you would like to exercise one of these rights or have any questions regarding how we process your data, please contact: firstname.lastname@example.org
Review of this policy
We keep this policy under regular review. At the top of this page you will find the date when this policy was last updated. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We will also update the date at the top of this document every time we make a change. We may also notify you in other ways from time to time about the processing of your personal information.