- Osome UK
- Privacy Policy
Privacy and Data Protection Policy
1.Introduction
Welcome to Osome’s privacy policy.
Osome understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under applicable law.
This privacy policy will inform you as to how we look after your personal data. Please read this privacy policy carefully and ensure that you understand it. By providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and consent to the collection, use, processing and disclosure of your personal data as described in this policy.
Information About Us
Osome Ltd, a private company limited by shares registered in England under company number 11952830 whose registered office is at 35 New Broad street, EC2M 1NH, UK.
Osome Ltd is part of the Osome Group, which is made up of different legal entities, including Osome Ltd, a limited company registered in Singapore with registration number 201712242C whose registered office is at 68 Circular Road, #02-01, Singapore 049422.
This privacy policy is issued on behalf of Osome Ltd so when we mention “Osome”, “we”, “us” or “our” in this privacy policy, we are referring to Osome Ltd in the UK. Where we refer to Osome Ltd we refer to the Singapore entity.
Osome Ltd acts under the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”).
Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and some other online identifiers. It does not include data where the identity has been removed (anonymised data).
Purpose of this policy
The purpose of this policy is to inform you and provide you with an understanding of how we handle, collect, use, disclose and process your personal data. Any changes to this Privacy Policy are effective after posting to this website. We recommend you to check this page from time to time to be aware.
By providing your personal data to us, you acknowledge and agree that you have fully read and understood this policy, and consent to the collection, use, processing and disclosure of your personal data as described in this policy.
Your Rights.
Osome does not claim ownership of the information you submit via the Osome Application or through other means of data collection. You have the necessary rights to such information that you submit on the Osome Application.
Osome’s Rights.
We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Osome Application. You may not use our copyrights, trademarks, domains, logos, trade dress, patents, and other intellectual property rights unless you have our express permission and in accordance with our Terms and Conditions.
2.Collection of Data
Automatically Collected Information
Usage And Log Information. We collect information about your activity on our Osome Application, such as service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Osome Application, how you interact with our staff and authorized people in our Osome Application, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Osome Application, your profile photo, whether you are online and when you last used the Osome Application.
Device And Connection Information. We collect device and connection-specific information when you install, access, or use our Osome Application. This includes information such as the hardware model, operating system information, the app version, browser information, language and time zone, IP, device operations information, and identifiers, for example, the device identifier.
Cookies. Our website and Osome Application are set up to automatically collect anonymous information about visitors to help us understand our website visitors and their traffic patterns. This information is used for statistical purposes and to improve our service. Below is a list of cookies that we use on our websites and services. The types of cookies we use are always changing. If you think we’ve missed a cookie, please let us know
Cookie name | Purpose |
---|---|
Facebook Ads | Tells us how our ads on Facebook are working and what kinds of users are interested in Osome. |
Google Ads | A cookie that shows us how effective our Osome ad campaigns are by tracking how many users click through to our website from a particular ad, and the demographic of those users. |
Google Analytics | Allows us to see how many users are on the Osome website, which pages they are visiting and track how many visitors joined Osome. |
Google Optimise | Part of our testing platform to help us understand whether any changes we've made to Osome website pages have been well received. |
Google Tag Manager | This cookie controls other cookies on the website. |
Intercom | Intercom is a tool that allows users to chat to Support through our website. It uses a script with a visitor cookie associated with it. |
Leadinfo | We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo”. |
Information you Provide.
Your Personal Data. Examples of such Personal Data you may provide to us include your name, age, birth date, mobile number(s), telephone number(s), mailing or residential address, email address, passport or other identification number, and any other information relating to individuals that you have provided to us during our interaction with you.
Your Messages. We retain the contents of your messages delivered to the Osome Application during the course of providing Osome services to you. Once your files (including photos, videos, documents) are delivered, they are kept and are accessible to Osome staff and government authorities upon request. In order to improve our Osome Application we store information relating to which country your device indicates you are located in, as well as the device model and operating system you are using. Additionally, your "last login" time and read receipts are visible to Osome staff.
We collect your Personal Data in the following ways:
when you contact our chatbot and/or staff, for example, via chats, emails, telephone/video calls, letters, face-to-face meetings, social media platforms, and our website;
when you submit forms on our Osome Application;
when you enter information into documents we send to you via our Osome Application;
when you request to be included in our mailing list;
when you respond to Osome advertisements, promotions, initiatives;
when we receive references from affiliates and third parties, if you have been referred by them;
when you submit your Personal Data to us for any reason.
If you provide us with Personal Data relating to a third party (e.g. information relating to your spouse, children, parents, business partners and/or employees), by submitting such information you represent and warrant to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes.
3.Data controllers and data processor information
Who is the data controller?
In general terms, the "controller" is the entity that determines the purposes for which (i.e., "why") and the means by which (i.e., "how") personal data are processed.
If we have collected your personal data directly from you or from a third-party for our own purposes, we are the Data Controller. If we have been passed your personal data from a third-party for a joint purpose that we both influence, we are the joint Data Controller. If your data has been passed to us by a third party for processing under their instruction, that third party is the Data Controller. They should have notified you that they would be passing your personal data to us at the time they collected your data and within their own privacy notices/standards. You can see a list of Data Controllers that we process personal data for in the sections below
Who is the data processor?
A data processor simply processes any data that the data controller gives them. As an example the data processor is the third-party company that the data controller chose to use and process the data.
What are the lawful bases for processing personal data?Under Data Protection Legislation, there must be a lawful basis processing of personal data. There are following points:
Consent
Performance of a Contract
Legitimate Interest
Vital Interest
Legal Requirement
Public Interest
What are our 'legitimate interests'?The legitimate interests are our own interests or the interests of third parties. They reasonably include commercial interests, individual interests and broader societal benefits. For the purposes below:
fraud prevention;
ensuring network and information security; or
indicating possible criminal acts or threats to public security.
direct marketing; or
administrative transfers within a group of companies.
Third Party Data Controllers
Third Party Controller | What processing do we carry out for them? |
---|---|
HMRC, The Company house regulatory authorities or other authorities | We are joint Controller with relevant authorities |
Payment Processors | We are joint Controller with these service providers who pass your payments directly to us based on a transaction. They have their own privacy notices/policies. |
Courier Service Providers | We are joint Controller with them for the purposes of sending you physical documents containing your personal data |
Third Party Data Processors
Name of Third Party Processor | Purposes for Carrying out Processing |
---|---|
Riskscreen | AML Data checks |
Onfido | ID verification checks |
Looker | Business analytics |
Hubspot | CRM |
Xero | Accounting software |
4.Purposes for Collection, Use and Disclosure of Your Personal Data
Osome collects, uses and discloses your Personal Data for the following purposes:
conducting KYC;
processing payments;
replying to your questions, feedback and requests;
managing Osome’s business operations;
complying with internal policies and procedures;
providing updates and other communications on the development of Osome’s business process and applications;
assessing and processing applications or requests made by you for Osome products and services offered including, but not limited to, bookkeeping service, incorporation services, tax and accounting services and payroll services;
managing commercial risks and risk management;
managing the safety and security of our affiliates and employees;
managing the safety and security of our premises and services (including but not limited to carrying out CCTV surveillance);
in connection with any claims, actions or legal proceedings (including but not limited to drafting and reviewing documents, transaction documentation);
conducting investigations relating to disputes, billing or fraud;
managing and preparing reports on non-compliance cases;
meeting or complying with any applicable laws, regulations, codes of practice or guidelines issued by legal or regulatory bodies;
financial reporting and audit;
project management;
requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to review, develop and improve the quality of our products and services;
sending automatic reminders about missing documents or bank feeds needed for the service we are providing.
If you have indicated that you consent to receiving marketing or promotional information via your telephone number, emails or other ways of communication, Osome may contact you from time to time with information regarding our products and services.
As Osome relies on your Personal Data to provide products and services to you, you should ensure that all Personal Data submitted to us is complete, accurate, true and correct.
We will seek your consent and notify you in advance when we collect information for purposes other than listed above or for purposes unrelated to the original purpose when collecting the data, unless with the data subject’s express and voluntary consent. You can withdraw your consent previously given by written notice.
5.Accuracy and Duration of Retention
Osome will retain your Personal Data for 6 years or longer where necessary for legal or business purposes.
Osome will take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted if it is no longer required for those purposes.
6.Data Security
Osome will take all practicable steps to protect the Personal Data against unauthorised or accidental access, processing, erasure, loss or use.
Keeping Your Account Secure. You are responsible for keeping your device and your Osome account safe and secure, and you must notify us promptly of any unauthorized use or security breach of your account or our Osome Application.
Third-party authorization. Our Osome application may allow you to invite new users into your chats and company profile to have access, use, or interact with our staff. Users will also be able to view some of your personal information, business data, content, and other products and services. For example, you may invite a new director to your company profile. Please note that when you invite new users into your company profile, we will need to conduct our diligence exercise as per applicable law. Please note Osome will not bear any responsibility if your Personal Data is used by unauthorised people that you invited into the Osome Application.
To whom we may disclose Personal Data:
any member of the Osome Group anywhere in the world, including any officer, employee, agent or director;
professional advisers (including auditors, solicitors and lawyers), third party service providers, agents or independent contractors providing services to support Osome’s business;
any person to whom disclosure is allowed or required by local or foreign law, regulation or any other applicable instrument;
upon your death or mental disorder, your legal representative and their legal advisers or your immediate family member
any court, regulator, enforcement agency or any other authority or their agents;
any debt collection agency, credit bureau or credit reference agency, rating agency correspondents, insurer or insurance broker, direct or indirect provider of credit protection and fraud prevention agencies;
any financial institution to conduct credit checks, anti-money laundering related checks, for fraud prevention and detection of crime purposes;
Data Transfer. Personal Data may be transferred to, or stored at, a location outside of your country of residence including: the US, Malaysia, Singapore. When we transfer data to another country (including to other members of the Osome Group) we ensure that the recipient consents to apply proper levels of protection for personal data as we do and in accordance with applicable laws. We have appropriate safeguards such as information and cyber security controls to ensure that your personal data is protected. Osome has technical and organisational security measures in place to safeguard your personal data. When using external service providers, we require that they adhere to security standards mandated by Osome. We may do this through contractual provisions, including any required by a privacy regulator, and oversight of the service provider. Regardless of where personal data is transferred, we take all steps reasonably necessary to ensure that personal data is kept securely. If you would like further information about this, please contact us using the details below.
7.Contact Us
To contact us regarding:
your Personal Data or our Privacy Policy,
making a subject access/correction request,
requesting to withdraw your consent to any use of your Personal Data as set out in this Policy; or
requesting to obtain access and make corrections to your Personal Data records, please use the following email address (for the attention of the Data Protection Officer): dpo@osome.com.
If you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, Osome may not be able to continue to provide our services or provide access to Osome Application. Such withdrawal may also result in the termination of our services.
This privacy policy was last updated on 18 February 2022.
We’re using cookies! What does it mean?