Privacy Policy
This document sets out the privacy policy of Urbaniser Ltd., a company formed under the laws of England & Wales (“we”, “us” and “our”).
Privacy Commitment
Welcome to Urbaniser, a new app for smart devices that allows you to store all your favourite places on one platform with geolocations, open-source data, photos and notes (“Urbaniser”).
We are committed to protecting the privacy of all Urbaniser users.
Our privacy policy is designed to be compliant with the laws and regulations of wherever we conduct our business. Without limiting the foregoing, our privacy policy is consistent with the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) and the version of the GDPR adopted by the United Kingdom (“GDPR UK”).
This privacy notice describes how we collect and process the personal data of individuals using Urbaniser and we also provide you with details as to your rights in connection with your personal data that we control and process.
While we maintain a website, we do not collect any personal data from the website. The website uses some cookies that record certain information about how our website is used, but they do not collect any personal data.
About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies can be used by web servers to identity and track users as they navigate different pages on a website and identify users returning to a website. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Our Cookies
We use both session cookies and persistent cookies on this website.
We use the following cookies:
· __unam Functionality. This cookie is usually associated with the ShareThis social sharing widget placed in a site to enable sharing of content across various social networks. It counts clicks and shares of a page.
· __utma Performance. This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie lasts for 2 years by default and distinguishes between users and sessions. It is used to calculate new and returning visitor statistics. The cookie is updated every time data is sent to Google Analytics. The lifespan of the cookie can be customised by website owners.
· __utmb Performance. This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated every time data is sent to Google Analytics. Any activity by a user within the 30 minute life span will count as a single visit, even if the user leaves and then returns to the site. A return after 30 minutes will count as a new visit, but a returning visitor.
· __utmc Performance. This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. It is not used in most sites but is set to enable interoperability with the older version of Google Analytics code known as Urchin. In the older versions, this was used in combination with the __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics this is always a Session cookie which is destroyed when the user closes their browser. Where it is seen as a Persistent cookie it is therefore likely to be a different technology setting the cookie.
· __utmv Performance. This is an optional additional cookie set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie is used when site owners create custom visitor-level variables for customising what can be measured. The cookie is updated every time data is sent to Google Analytics. It has a default lifespan of two years, although this can be customised by site owners.
· __utmz Performance. This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour measure of site performance. This cookie identifies the source of traffic to the site so Google Analytics can tell site owners where visitors came from when arriving on the site. The cookie has a life span of 6 months and is updated every time data is sent to Google Analytics.
· _ga Performance. This cookie name is associated with Google Universal Analytics, which is a significant update to Google’s more commonly used analytics service. The new service reduces the reliance on cookies in general, and only sets this and one other – _gat, although Google also say data can be collected without setting any cookies. This cookie is used to distinguishe unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
· _gat Performance. This cookie name is associated with Google Universal Analytics, according to documentation, it is used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.
Analytics cookies
We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html
Cookies and personal information
Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies.
Blocking cookies
Most browsers allow you to refuse to accept cookies. For example:
· in Internet Explorer (version 9) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
· in Firefox (version 16) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
· in Chrome (version 23), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
Blocking all cookies will, however, have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on this website.
Deleting cookies
You can also delete cookies already stored on your computer. For example:
· in Internet Explorer (version 9), you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835);
· in Firefox (version 16), you can delete cookies by clicking “Tools”, “Options”, “Privacy” and then “Show Cookies”, and then clicking “Remove All Cookies”; and
· in Chrome (version 23), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Delete cookies and other site and plug-in data” before clicking “Clear browsing data”.
Again, doing this may have a negative impact on the usability of our website.
Some Definitions
In this privacy notice, the following terms have the meanings provided below.
“Personal data” means any information of any kind relating to a natural individual and which can be connected to that individual either directly or indirectly by reference to other information. Personal information relating to an anonymised individual, the identity of whom cannot be recovered, is not personal data for the purposes of this privacy notice.
“Processing” of personal data means performing any operation or set of operations on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the personal data.
“Controller” of personal data is any person or entity that determines how personal data will be processed and by whom. We will be the controller of personal data that we have collected from you.
“Processor” of personal data is any person or entity that undertakes any processing activity of the personal data. We both control and process personal data. We may also use third parties for certain processing activities related to the personal data.
How we collect personal data
1. Subscribing to Urbaniser. When you subscribe to Urbaniser, you may open an account by providing us with an email address, a username and a password. You may also open an account by registering via your Facebook or Google account. If you open an account through such a service, we will receive a security cookie from them confirming that you have an account with them and that the sign in credentials you provided us match those that you have with that service. The service will also provide us with the username and email or other form of identification that you use with that service. Google also provides your name and profile picture.
If you subscribe via Facebook, Facebook will also provide us with access to most of your personal data that it collects from you, including your location, birthday, profile photo, site interactions such as posts and article ‘likes’, friends lists, interests and other companies you have liked or interacted with. It is our policy not to make use of the access to this personal data provided by Facebook and we do not access, collect, control or process such personal data. However, you can also restrict the types of personal data that Facebook may share with us through your privacy settings in your Facebook account.
2. Using Urbaniser. When you use Urbaniser, the app will send certain data to us regarding how you are using the app, including details of the places that you are storing in your Urbaniser, how often you use Urbaniser, where you are using it (if your device’s location is on), what kind of content you are uploading onto Urbaniser (in terms of whether it is text or pictures, but not the actual text or pictures), for how long you are using Urbaniser each time you open it and whether you experience any technical difficulties that our servers detect. However, all of this use data is sent to us in an anonymised form and upon receipt, it is aggregated together with the anonymised use data of all other Urbaniser users rendering it no longer personal data.
How and why we process your personal data
As explained above, we actually collect a minimal amount of your personal data as most of the data we receive from your Urbaniser is anonymised with no possibility for us to reconnect it to you. The table below provides details of how we process any of your personal data that we do collect, together with a description of the kind of personal data processed and the reasons and the legal basis for processing the personal data.
Type of Data Purpose of Processing Legal Basis (See Below)
Data provided upon your subscription To enable you to subscribe for and log Performance of a contract
onto Urbaniser and use the services Exercise of legitimate interests
provided by Urbaniser
Contact details provided upon To communicate with you in connection Exercise of legitimate interests
subscription with your use of Urbaniser and its related
services. Communications may be for the
purposes of research, marketing and
promotional purposes or for resolving
technical problems. This includes your
contact email via Mailchimp.com
(Mandrillapp) and app.urbaniser.com
Data provided upon your subscription To comply with any legal obligations and law Exercise of legitimate interests
enforcement requests that we may receive
from governmental/regulatory/police and
other law enforcement authorities
Data provided upon your subscription To establish, exercise, or defend legal claims Performance of a contract
and criminal prosecutions Exercise of legitimate interests
The legal basis for us to collect and process your personal data
We ensure that we have at least one appropriate legal base for processing your personal data. We ensure that the legal bases are consistent with the legal bases required under the GDPR UK and GDPR, which unless specified otherwise are generally sufficient to establish the legality of the processing of the personal data in other jurisdictions.
The legal bases that we rely on are stated in the table above and explained below.
1. For the performance of a Contract. When you subscribe to Urbaniser and we accept your subscription, we enter into a contractual relationship made up of our terms and conditions (which may be viewed here [add link],) pursuant to which, we provide you with certain services via the Urbaniser app and you make certain legally binding promises to us. We use your personal data to enable us to perform our obligations under our contract with you, essentially enabling you to subscribe to Urbaniser and enabling you to log onto Urbaniser.
2. To support our Legitimate Interests. We have legitimate business interests to process your personal data for the purposes described in the table above. To determine whether we may rely on this legal basis, we have considered the nature of your personal data that we will hold and process and that none of the processing adversely affects your interests or fundamental rights and freedoms.
3. Consent. From time-to-time, we may elect to use your personal data in a manner or for purposes not described above. Should any such processing not be justified by any other legal basis, then we will require your freely given, express, clear and informed consent. Until we receive your consent, we will not undertake any processing that does not have another appropriate legal basis.
How long will we hold your Personal Data?
We will retain your personal data only for as long as we need it for the purposes described in the table above and for so long as the legal bases that we rely on are still valid. Generally, this will mean that we will retain all of your personal data for so long as you are subscribed to Urbaniser and once your subscription with Urbaniser is terminated, we will only retain personal data that we determine continues to be relevant for us in case of establishing, exercising, or defending legal claims. However, there may be other reasons for holding onto your personal data for a longer period, if this is in our legitimate interests. Once we determine that we should no longer hold an item of your personal data, that data will be either deleted or anonymized and aggregated with the personal data of other Urbaniser users.
When and how do we share your personal data?
Except to the limited extent stated below, we do not currently share any of your personal data with any other party (unless it has been anonymised). Should we decide to change our current policy, we will update this privacy notice and bring the changes to your attention. Where we determine that your express consent will be required before sharing your personal data, then we will first obtain that consent.
1. Transfer of personal data to third party servers. Personal data that we collect is stored on third party servers that have been selected, among other reasons, based on their commitments to hold and protect the personal data from unauthorized access or transfer and that have provided commitments consistent with the GDPR UK and GDPR. Currently, the personal data is stored on the servers owned and operated by Google, which are located in Western Europe within the EU. The personal data is stored on the servers under our own unique account to which no other party has access.
2. Transfer of personal data to third party processors. We may engage third party service providers for various purposes. For example, we may engage third party data analysts, technical support personal, marketers and various others. None of our service providers currently require us to provide them with your personal data (except in anonymised aggregated form) and we do not currently provide any third parties with your personal data. If we will need to provide any third party with any personal data of yours in the future, then we will ensure that this is founded on one of the legal bases for processing personal data described above (such as so we can perform our contract with you or for our legitimate interests). Prior to transferring the personal data to the service providers, we will ensure that they understand and commit to processing your personal data in full compliance with the law. Where the services may be provided efficiently with anonymised data, then we will only provide the data in anonymized form.
3. International Transfers of Personal Data. Except for any transfer of personal data to Google’s servers in Western Europe (as described in paragraph 1 above), we do not currently conduct any international transfers of personal data. Should we decide to transfer personal data that we hold to parties outside of the U.K. (other than on Google’s servers), then we will ensure that we have a legal basis to do so or obtain your prior consent and we will ensure that the transfers are made in full compliance with GDPR UK and GDPR restrictions on international transfers.
4. Business transfers. If we are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data stored on our systems are likely to be among the assets transferred to or acquired by a third party.
5. Our Personnel. We use service providers based outside of the UK. Currently, our service providers are based in Ethiopia. These personnel provide us with various developmental and technical services. They do not require personal data in order to provide their services and we do not provide them with any personal data. However, from time-to-time they may need full access to our servers in order to fix bugs or to implement various changes or maintenance work. This full access to the servers means that they have the ability to access personal data, although they are not permitted to and our agreements with each of them contain provisions expressly prohibiting them from accessing any personal data for any reason.
How we secure your personal data
Urbaniser takes the security of all personal data very seriously, regardless of whether the information is stored electronically or in another form.
We have put in place reasonable administrative, organizational and technical safeguards and security measures to protect personal data from unauthorized access, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures and update them when we deem it to be required.
Examples of measures taken include:
· Ensuring that the personal data we hold is minimal.
· Ensuring that our personnel are informed and trained on the holding and processing of personal data.
· Restricting access to personal data to only personal that have a need-to-know for our business purposes consistent with this privacy notice.
· Implementing technical measures to prevent unauthorized access to Urbaniser servers, such as "hacking". Please note, though, that no website, app or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Personal data relating to children
Urbaniser is not offered to children under the age of 13 or any other minimum age stipulated in the laws of the country in which the child resides, unless the child’s parent or guardian consents to their use of Urbaniser. If you consent to your child subscribing to Urbaniser, then you also consent to this policy notice applying to your child’s personal data. You are responsible for ensuring that your child does not provide us with any personal data applying to them that you do not want us to process according to this pricacy notice.
Your Rights in Connection with Your Personal Data Held by Us
You have certain rights in relation to personal data about you that we hold. Details of these rights and how to exercise them are set out below. We will require suitable evidence of your identity before we are able to act on any request.
Right of Access
You have the right at any time to ask us for a copy of the personal data about you that we hold. The applicable laws provide certain instances where we may refuse your request for a copy of your personal data, or certain parts of the personal data that we hold. If we refuse your request or any element of it, we will provide you with our written reasons for doing so as soon as possible.
Right of Correction or Completion
If personal data we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.
Right of Erasure
You have the right to request that personal data we hold about you is erased if:
· your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
· if our processing of certain personal data was based on your consent and you wish to withdraw your consent, then you may do so and we will delete that personal data unless there is another legal basis justifying the processing of that personal data;
· you consider and can establish that your personal data has been unlawfully processed; or
· your personal data must be deleted in accordance with a legal obligation.
Please note that even if we accept your request to delete personal data about you, we may still retain data in an aggregated and anonymized form that does not identify you. We may also be legally prevented from deleting your data and if this is the case, we will inform you upon receipt of your request to be deleted.
Right to object to or restrict processing
You have the right to object to our processing of your personal data.
Please note that because at the moment the only personal data we collect that is not anonymised is the personal data you used to subscribe to Urbaniser and that you use to log onto Urbaniser, deletion of that personal data or prevention of us processing that personal data will mean that you will no longer be able to use Urbaniser.
Right of Data Portability
You have a right to receive any personal data that we hold about you in a structured, commonly used and machine-readable format. Please note that if you are requesting the personal data to be transferred to a third party’s system, we cannot guarantee technical compatibility with that system.
Consent
To the extent that we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.
Exercising your rights
If you wish to exercise any of your rights listed above in connection with any personal data of yours that we hold and process, then please contact us in the manner set out in the next section below.
Communications and Complaints
If you wish to exercise any of your rights described above, or if you wish to communicate with us in connection with any matter related to our processing of your personal data or if you are unhappy about any aspect of our use of your personal data, please do notify us, providing the reasons for any request or complaint and we will endeavour to rectify the problem. Please email us at hello@urbaniserapp.com.
If you are based in the EU, you may also lodge a complaint with any Data Protection Authority set up to supervise and enforce the GDPR (“DPA”). There is a DPA in each EU member state and you may report to any DPA, although generally you will report to the DPA set up in the member state in which you are located. Here is a list of all DPAs and their contact details: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
If you are based in the UK, you may also lodge a complaint with the Information Commissioner’s Office (ICO) which supervises and enforces GDPR UK. You can learn how to report a breach to the ICO here: https://ico.org.uk/for-organisations/report-a-breach/
For other countries, please check with local advisers or authorities as to whether you are entitled to make a complaint and to whom.
However, we do take your rights with respect to your personal data very seriously and will appreciate the chance to resolve any issues that you may have before you address a DPA, ICO or similar authority.
Changes to this Notice
We are constantly trying to improve Urbaniser and the services available through the app, so this privacy notice may need to be amended from time-to-time. If we amend the privacy notice, then we will notify you the next time you open Urbaniser.
By using Urbaniser, you consent to this privacy notice and all amendments hereto applying to how we collect, hold and process your personal data.