MainRD Privacy Policy

Last updated: 27 April 2019

MainRD is owned and operated by Urban Management Solutions LTD - a company registered in England and Wales, company number 08564152.

It is our belief and our policy that it is good business to take your privacy seriously, so we are committed to protecting your personal information.

This privacy policy sets out the way in which any personal information you provide to us is used and kept secure. It applies whenever we collect your personal data (including when you use our website or other digital platforms.) It explains what information we may collect about you, how we may use it and the steps we take to ensure that it is kept secure. We also explain your rights in respect to your personal data.

Please not that our website and other digital platforms may contain links to third party websites or online products, which are provided for your convenience. We can only take responsibility for the privacy practices and security of our own digital platforms. We recommend that you check the privacy and security policies and procedures of any other website that you visit.

How to contact us about your personal data

If you have any questions about this privacy policy or how we handle your personal data, please email us at contact@urban-management.net or write to us at the following address:

Urban Management Solutions
123 King Street, Hammersmith
London W6 9JQ

Information we collect and what we use it for

All personal information that we collect about you will be recorded, used, and protected by us in accordance with applicable data protection legislation and this privacy policy. We may supplement the information that you provide with other information that we obtain from our dealings with you or which we receive from other organisations, for example, our partners or government agencies that we work with, such as Companies House and HMRC.

In broad terms, we use your data for the following purposes:

When we provide you with products or services we may collect and store any personal information that you provide to us. We may, for example, keep a record of your name, address, delivery address, email address, telephone number and IP address(es) used to access our digital products. We do not store any credit card or payment method information provided by you - this is processed and stored by our trusted payment company.

When you sign up to use one of our digital products, sign up with us for an online account, register to receive marketing communications from us (and/or our sponsors and partners), fill in one of our forms (whether online or offline) or otherwise expressly provide us with your personal information, we may collect and store any personal information that you provide to us and may use it to personalise and improve your experience on our digital platforms, provide products and services you request from us, and carry out profiling and market research.

We will only process your personal information for the purposes set out in our privacy notice, should this change we will ask your consent for any additional processing we need to.

The term "processing" is widely used in the EU's General Data Protection Regulation (GDPR). In plain English, we collect and store some of your personal data for the purposes described above.

When you use our cloud-based software, or otherwise sync data with our systems, your role as a Data Controller means you should ensure you have consent from your clients, customers, partners or suppliers to store their personal information. Our role as a Data Processor is to securely store your bookkeeping database.

If at any time you do not want us to process any of this personal data, you can contact us via the email or address listed above. You should be aware that we may not be able to provide the products or services you have subscribed to without your permission to store process personal data. You can also ask us to delete your account and all personal data about you and your clients.

Use of cookies

Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.

Some of our web pages and digital products use cookies, sent by us, or other technologies to better serve you when you return to the web site. You can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies, however this may mean some web sites and digital products may not be able to work properly (or at all).

Legal basis for data processing

We process your personal data for purposes of entering into and providing the products and services under our agreement. We also process some of your personal information with your consent. Where we use consent, this will be explicitly given and can be removed at any time. We may need to process some of your personal information to also protect our legitimate interest.

Disclosure of your information

In order to provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we may need to appoint other organisations to carry out some of the data processing activities on our behalf. These may include, for example, payment processing organisations, delivery organisations, fraud prevention and screening and credit risk management companies, and government agencies such as Companies House and HMRC.

We may share your data with third parties (a) if we are under a legal or regulatory duty to do so, (b) if it is necessary to do so to enforce our terms of use, terms and conditions of sale or other contractual rights, (c) to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity, (d) where such disclosure is necessary to protect the safety or security of any persons, and/or (e) otherwise as permitted under applicable law.

We may share your data with our carefully selected partners, but we will only do this if you have consented to receive marketing relating to our partners or if one of the conditions in the paragraph above applies.

Some of the organisations to which we may disclose your personal information are situated outside of the United Kingdom and European Union in countries which may not have laws that protect privacy rights as extensively as in the United Kingdom. If we do transfer your personal information to other territories, we will take proper steps to ensure that your information is protected in accordance with this privacy policy.

In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected.

Security of information

We take the security of your personal information as a top priority. When you submit data to us, we use industry standard SSL / TLS encryption technology to guard your information in transit. In addition, we have security procedures in place to protect data stored in our databases from loss and misuse, and only allow access to them when it is absolutely necessary to do so, and then under strict guidelines as to what use may be made of the personally-identifiable information contained within them.

Where a password is required to access certain areas of our digital platforms, you are responsible for keeping your password secure and confidential. Please do not share or disclose your password to any other person.

For our cloud-based software, we engage Amazon Web Services as an "Infrastructure Provider". Part of the infrastrucutre provider's role includes storage of customer personal data.

Data you enter into the software, such as your customer and supplier names and addresses are stored in a separate database per account. This database is stored by our Infrastructure Provider and encrypted while at rest. Decryption keys are managed by the Infrastructure Provider and stored in a different location. You acknowledge your role as Data Controller in this respect, and ours as Data Processor.

Cloud software servers are housed in Amazon's secure data centres in the United Kingdom and Ireland and are managed by us. We secure all communications to and from the app using TLS, and we reject any connections that are not encrypted. This keeps your information confidential between your device and our servers and ensures that the data is safe from eavesdropping while on the Internet.

We will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of our systems.

We will take appropriate steps to ensure compliance with the Security Measures by our employees and contractors to the extent applicable to their scope of access, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality. Our staff connect to the servers for monitoring and maintenance. While connected, we also use encrypted connections. In addition, all our computers have encrypted hard drives and complex passwords to prevent unauthorised access, in case they are stolen.

For further information about Amazon's data processing practices under GDPR, click here.

Your rights, as relating to the information that we hold about you

In this section we have summarised the individuals rights under GDPR. Some of the rights are complex, and not all the details have been included here. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Right to access

You have the right to confirm whether we do or do not process your personal data, where and how we do this, and to request a copy of any personal data that we hold about you.

Right to rectification

You have the right to have your data updated or modified to ensure the data being processed is kept up to date.

Right to erasure

You have the right to be forgotten and your data to be erased, which allows you as a data subject to inform us that you no longer want us to store or process your data.

This request may be declined for a number of reasons, which are not limited to; having a lawful basis to process your information, or us needing the information for compliance with legal or contractual obligations.

Right to restrict processing

You have the right to stop processing of your personal information. Please be aware you must provide us with a legitimate reason for us to stop processing your information. Any request made that does not conform to the GDPR guidelines will be rejected.

Right to object

On occasions we may send you marketing emails to make you aware on new products that we believe can benefit you, the data subject. As you have the right to object, you can click the unsubscribe link on all of our emails to inform us that you no longer want to receive marketing emails from us.

Right to data portability

The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing. When you make this request, we will export all information about you and securely transfer it to you. You, the data subject will be able to give this information to your chosen organisation.

Right to not be subject to profiling and automated decision making

Where decisions are made through automated means, or a profile is created using data collected about you, you have the right to request human intervention.

Right to complain

As a data subject you have the right to complain to the supervisory authority regarding the processing of your personal data.

If you would like to exercise one of these rights or have any questions regarding how we process your data, please contact: jdimov@urban-management.net

Review of this policy

We keep this policy under regular review. At the top of this page you will find the date when this policy was last updated. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We will also update the date at the top of this document every time we make a change. We may also notify you in other ways from time to time about the processing of your personal information.