HomePrivacy Policy

Privacy Policy

How SOMSOS LIMITED collects, uses, stores, shares, and protects personal data in connection with its website, platform, API, products, and related services.

Last updated: 14 March 2026 Language: English UK GDPR & EU GDPR · England & Wales

1Who we are

SOMSOS LIMITED is a private limited company registered in England and Wales under company number 16446591, with its registered office at Unit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE.

For the purposes of applicable data protection law, SOMSOS LIMITED is the data controller for personal data processed through our website, platform, products, API, and related services.

Company NameSOMSOS LIMITED
Company Number16446591
Registered OfficeUnit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
Privacy Contactprivacy@somsos.com

2What this policy covers

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our services, contact us, visit our website, request a demo, create an account, or otherwise interact with us.

It also explains how we process personal data obtained from public sources where our services involve OSINT, software development, public-record aggregation, insolvency-related datasets, address extraction, mapping, geocoding, fraud detection, compliance workflows, or similar analytical use cases.

3Personal data we may collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity data, such as name, job title, employer, business role, username, and account identifiers.
  • Contact data, such as email address, phone number, billing address, and correspondence details.
  • Account and service data, such as login details, subscription records, support requests, product settings, and audit information.
  • Technical data, such as IP address, browser type, device information, system logs, timestamps, API usage data, and security event logs.
  • Payment and transaction data, such as invoicing details, payment status, and related business records.
  • Public-source intelligence data, where relevant to our services, such as names, addresses, publication text, case references, company-related details, insolvency-related information, and other data drawn from public records, public notices, registers, or similar lawful sources.
  • Location and mapping-related data, where relevant to the service, such as structured address data, geocoded points, and region-based search results.

4Where data comes from

We may obtain personal data directly from you, for example when you contact us, create an account, request information, subscribe to a service, or communicate with our team.

We may also obtain data from your organisation, from service providers acting on your behalf, and from public or third-party sources where this is relevant to our OSINT, software, compliance, or fraud-related services.

Where we do not receive data directly from the individual, we may collect it from public registers, public notices, official publications, openly accessible websites, commercial data suppliers, technical logs, customer-provided datasets, or other lawful sources.

5Why we use data

  • To provide, operate, maintain, secure, and improve our website, platform, API, and related services.
  • To create and manage customer accounts, subscriptions, support requests, service communications, and business relationships.
  • To analyse, structure, validate, enrich, map, or present public-source data within our products and services, including insolvency-related and location-related datasets where relevant.
  • To support fraud detection, risk screening, compliance, due diligence, investigative, research, or monitoring use cases where permitted by law and by our contractual framework.
  • To detect abuse, secure our systems, investigate incidents, enforce our terms, and protect our legal rights and business interests.
  • To comply with applicable legal, regulatory, accounting, tax, reporting, and record-keeping obligations.

6Lawful bases

Depending on the context, our lawful bases may include:

  • Contract — where processing is necessary to provide our services, manage accounts, or respond to pre-contract enquiries.
  • Legal obligation — where processing is required for legal, regulatory, tax, accounting, or compliance purposes.
  • Legitimate interests — where processing is necessary for running and improving our business, securing our systems, managing customer relationships, developing OSINT and analytical services, and using public-source information for lawful business, compliance, or anti-fraud purposes, provided those interests are not overridden by the rights and freedoms of the individual.
  • Consent — where we specifically ask for it, for example in limited marketing or optional processing situations. You may withdraw consent at any time.

7Sharing data

We may share personal data where necessary with hosting providers, infrastructure providers, storage providers, analytics providers, payment providers, professional advisers, customer support tools, communications providers, and other service providers that process data on our behalf under appropriate contractual safeguards.

We may also share data with customers or authorised users where this is part of the service we provide, for example where our products present lawfully obtained public-source business or insolvency-related information for due diligence, fraud detection, research, compliance, or investigative purposes.

We may disclose personal data where required by law, regulation, court order, law enforcement request, or where necessary to establish, exercise, or defend legal claims.

8International transfers

SOMSOS LIMITED is a UK company, and our services may involve users, data sources, customers, or providers located in the UK, the EEA, or other countries.

Where personal data is transferred internationally, we will take appropriate steps to ensure that the transfer is lawful and that suitable safeguards are in place, such as adequacy decisions, contractual safeguards, or other lawful transfer mechanisms.

Where our processing relates to individuals in the European Union, we aim to operate in a way that is consistent with both UK GDPR and EU GDPR requirements where those regimes apply.

9Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide services, maintain security, resolve disputes, enforce agreements, and meet legal, regulatory, tax, or accounting obligations.

Retention periods may vary depending on the type of data, the service involved, the source of the data, the sensitivity of the data, applicable legal requirements, and whether continued retention is necessary for fraud prevention, audit, compliance, or legitimate business needs.

When personal data is no longer required, we will delete it, anonymise it, or securely restrict further use where appropriate.

10Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include access controls, authentication, role separation, logging, backups, system monitoring, encryption, and other security safeguards appropriate to the nature of the service and the data being processed.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11Individual rights

Subject to applicable law, individuals may have the right to request access to their personal data, request correction of inaccurate data, request deletion, request restriction of processing, object to processing, request data portability, and withdraw consent where consent is the lawful basis.

Where we rely on legitimate interests, individuals may have the right to object to that processing, and we will assess such requests in line with applicable law and the nature of the processing involved.

To exercise your rights, please contact us at privacy@somsos.com.

12Complaints

If you have concerns about how we handle personal data, we encourage you to contact us first so that we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk), and where EU GDPR applies you may also have the right to contact your local supervisory authority in the EEA.

13Public-source data notice

Because some of our services may involve the analysis, organisation, enrichment, or presentation of data obtained from public sources, not all personal data processed by us is collected directly from the individual concerned.

In those cases, the categories of data, the source of the data, the purpose of the processing, and the lawful basis will depend on the specific service, dataset, customer use case, and legal context.

Where required, we will provide additional notices, layered explanations, customer-facing disclosures, contractual restrictions, or case-specific information about such processing.

14Children

Our services are intended for business, compliance, research, investigative, software, and professional use, and are not designed for children as a primary audience.

If you believe that a child has provided personal data to us inappropriately, please contact us so that we can review the matter.

15Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, technology, or business operations.

When we make material changes, we will publish the updated version on our website and revise the "Last updated" date at the top of this page.

16Contact

If you have any questions about this Privacy Policy or about our processing of personal data, please contact:

CompanySOMSOS LIMITED
Company Number16446591
Registered OfficeUnit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
Emailprivacy@somsos.com