Organisation means Keep Me Posted Limited t/a Yurtle.
Client means an organisation that has purchased the products and/or services offered by Keep Me Posted Limited t/a Yurtle.
User means an individual who has access to the products and/or services offered by Keep Me Posted Limited t/a Yurtle.
This Privacy Policy explains how the Organisation uses the personal data we collect about all individuals that have dealings with the Organisation. This includes but is not limited to Clients, Users, data subjects, all staff, contractors and consultants, agents and subsidiaries acting for or on behalf of the Organisation.
We take the security of all personal data very seriously. We use a combination of technical, organisational and physical security measures to protect your personal data in line with our obligations under data protection law. Our employees receive training to help us comply with data protection law and safeguard your privacy.
This policy is issued on behalf of the Organisation and when we mention 'Yurtle', 'us', 'we', 'our' we mean Keep Me Posted Limited t/a Yurtle.
When we use the term 'personal data' we mean information relating to natural persons who:
Can be identified or who are identifiable, directly from the information in question: or
Who can be indirectly identified from that information in combination with other information.
Personal data may also include special categories of personal information or criminal conviction or offenses data. These are considered to be more sensitive and we only process them in more limited circumstances.
Understanding our role in relation to the personal data we handle is crucial when ensuring compliance with data protection laws and the fair treatment of individuals.
Depending on what role we perform for you, the Organisation will either be the:
Data Controller
Data Processor
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
Contact Data: includes billing address, delivery address, email address and telephone numbers;
Special Categories of Personal Data: includes race or ethnicity, religious or philosophical beliefs; sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data;
Financial Data: includes credit and payment card numbers, bank account details and payment information;
Usage Data: includes information about how you use our website, products and services;
Marketing Data: includes marketing and communication preferences, information relating to promotions, customer experience and company statistics;
Location Information: we will collect information about your exact location when you choose to share that with us. For example, you may set up auto detection of care at certain locations, such as a care recipient's home. To do this you will need to share the location of your mobile device with us.
We use different methods to collect data:
Direct interactions: data collected directly from an individual by phone, post, email, filling in forms or otherwise.
Third parties: data may be exchanged via a third party in relation to your association with us. For example: insurers, brokers, claims handlers, assistance providers, legal advisers, experts and publicly available sources or the authorities (this list is not exhaustive).
Automated technologies: when interacting with our website or app, we will automatically collect technical data about the equipment being used, browsing actions and patterns. We collect this data using cookies and other similar technologies. Please see the 'Use of Cookies' below for further details.
In cases where the Organisation processes Special Category Personal Data, we will do this under the condition of Explicit Consent as outlined in Article 9.2(a) of the UK GDPR. The Organisation will be sure to identify and distinguish this data and will ensure it handles special category personal data with the necessary care and procedures in line with the DPA.
Due to the nature of the business operations undertaken by the company, the Organisation may also provide space for users to input data related to third-party individuals in their network. This data will be treated in accordance with the terms set out in this Privacy Policy, along with any supporting documents maintained by the Organisation (namely, it's Terms of Use and Data Security Policy). In these instances, explicit consent will be collected by the Organisation confirming the authorisation of users to provide and disclose the required information, and, where applicable, authorising the Organisation to transfer this data to third parties in order to adequately perform its business operations.
We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:
Where we need to perform a contract, whether that is directly or indirectly
Where it is necessary for our legitimate interests (or those of a third party) and an individual's interests and fundamental rights do not override those interests
Where we need to comply with a legal obligation
Change of Purpose: We will only use the personal data for the purposes for which it was collected, if wider use is desired, we would require new consent from the individual.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share data with other companies in our group, affiliate businesses and with third party service providers (data processors), such as insurance providers, compliance, and other agents relevant to the business activity. Where any of the data is required for such a purpose, we will take reasonable steps to ensure that the data will be handled safely, securely and in accordance with individuals' rights, our obligations and the obligations of the third party under the applicable law.
We have an obligation to disclose data in the following four examples permitted by law, and the other situations set out below. These are:
Where we are legally compelled to do so;
Where there is a duty to the public to disclose;
Where disclosure is required to protect our interest; and
Where disclosure is made at your request or with your consent.
Also, it may be necessary to share your details in the following circumstances:
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets
If all the company's assets are acquired by a third-party, personal data held by us about our customers will be one of the transferred assets
We require all third parties to respect the security of your personal data and to treat it in accordance with the law of the jurisdiction it is handled in. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to use it in accordance with our agreement with them and this policy.
Sometimes we, or third parties acting on our behalf, may need to transfer personal data between jurisdictions. The Organisation will always take steps to ensure that any transfer of personal data outside of its home jurisdiction is carefully managed to protect privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that are considered to provide adequate levels of data protection for all personal data (such as countries in the European Union) or putting contractual obligations in place with the party we are sending information to. Transfers within the group will be covered by an agreement entered into by members of the group (an intra-group agreement) which contractually obliges each group company to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the group.
We have put in place appropriate security measures, policies and procedures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach. We will notify you and the applicable regulator or authority of the breach where we are legally required to do so.
The Organisation will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Under certain circumstances, individuals have rights under data protection laws in relation to personal data:
Request access
Data subjects may submit a Subject Access Request to obtain a copy of the personal data that we hold about them in a structured or portable manner.
To make a Subject Access Request please write to:
Joe Cook
Operations Manager
Keep Me Posted Ltd
3rd Floor
86-90 Paul Street
London
EC2A 4NE
Or email: support@yurtle.co.uk
You will need to provide the following documentation for verification purposes:
Your full name, address and any reference number related to our work with you
Identification documents showing
name, address and signature;
- A copy of your driving license (shows all 3) or
- A copy of your passport and a recent utility bill or bank statement.
We aim to respond to all valid requests within one month. It may take longer if the request is particularly complicated or if several requests have been made. We'll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.
Request Correction
We do our best to ensure that your personal information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, then please contact us to request that we amend or update it.
Request erasure (right to be forgotten)
You may ask us to erase your personal data, but this right only applies in certain circumstances, e.g., where:
It is no longer necessary for us to use your personal data for the original purpose;
Our lawful basis for using your personal data is consent and you withdraw your consent; or
Our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your personal data if you object.
This isn't an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information.
Restrict processing
You may ask us to stop using your personal data in certain circumstances such as:
Where you have contacted us about the accuracy of your personal data and we are checking the accuracy;
If you have objected to your personal information being used based on legitimate interests.
This isn't an absolute right and we may not be able to comply with your request.
Data portability
In some cases, you can ask us to transfer the personal data that you have provided to us to another third party of your choice. This right only applies where:
We have justified our use of your personal data based on your consent or the performance of a contract with you; and
Our use of your personal data is by electronic means.
Withdraw consent
Where we are relying on your consent to process your personal data, you have the right to withdraw this consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Make a complaint
If you have any cause for complaint about our use of your personal data, please contact us using support@yurtle.co.uk and we will do our best to solve the problem for you.
If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer in the following ways:
Write to us:
Joe Cook
Operations Manager
Keep Me Posted Ltd
3rd Floor
86-90 Paul Street
London
EC2A 4NE
Or email us on: support@yurtle.co.uk
The Organisation practices the rules under the UK General Data Protection Regulation (UK GDPR).
If you have any concerns about the way in which we handle your data, please refer to your local supervisory authority.
This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it's as transparent as possible, so please check back here for the current version.
Yurtle is a trading name of Keep Me Posted Ltd. Keep Me Posted Ltd is an appointed representative of Gateway Platform Services Limited which is authorised and regulated by the Financial Conduct Authority (FRN: 790558). Keep Me Posted Ltd is a company incorporated and registered in England and Wales, whose registered office is Keep Me Posted Ltd, 3rd Floor, 86-90 Paul Street, London EC2A 4NE (registered company number 12961134). Yurtle insurance is underwritten by Convex Insurance UK Limited (registered company number 11796392). Convex is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (FRN: 840616).