Privacy Policy

Privacy Policy

Last updated: 24th September 2025

So Local & Co. Ltd (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you interact with us, and sets out your rights under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

1. Who we are

So Local & Co. is a company registered in England and Wales, Company Number 16642172. We operate a subscription-based platform connecting local residents with independent businesses in Southbourne and surrounding areas.

For all matters relating to data protection, please contact:

Email: info@solocalco.com

We are the “data controller” for the purposes of UK data protection law.

2. The information we collect

We only collect and process the following information:

•       Subscriber details – name, email address, and billing address (where provided).

•       Subscription details – membership ID and digital wallet pass information.

•       Business partner details – contact names, business email, and phone number.

We do not collect or store payment card details. All payments are processed securely by Stripe Payments Europe, Ltd, our trusted third-party payment provider.

We do not collect technical data (e.g., IP addresses, device type, browsing behaviour), and we do not currently operate a marketing preferences system.

Some personal data (such as your name, email address, and payment information) is necessary for us to provide your subscription. Without this information, we cannot create or maintain your membership. Other information (such as billing address) may be optional and only required in specific circumstances.

3. How we use your information

We use your information to:

1.    Provide your subscription and deliver access to perks and promotions.

2.    Manage and administer your account.

3.    Communicate with you regarding your membership, partner offers, and community updates.

4.    Comply with our legal, tax, and accounting obligations.

We do not use your personal data for automated decision-making or profiling.

4. Our legal bases for processing

Under UK data protection law, we rely on the following lawful bases:

•       Contractual necessity – to provide your subscription and related services.

•       Legal obligations – for record-keeping, compliance, and responding to lawful requests.

•       Legitimate interests – to operate and improve our services in a proportionate way that respects your rights.

5. Sharing your information

We do not sell your data. We only share it with:

•       Stripe – to process payments securely.

•       Service providers – who support essential business functions (e.g., email delivery).

•       Regulatory or legal authorities – where disclosure is required by law.

We do not share your personal details with partner businesses. Only unique membership codes are shared with them for verification purposes.

6. International transfers

Where our service providers transfer personal data outside the UK (for example, Stripe may process data in the United States), we ensure that appropriate safeguards are in place in accordance with UK data protection law, such as the UK International Data Transfer Agreement or equivalent contractual clauses.

7. Data storage and security

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, misuse, or disclosure. Payment information is handled exclusively by Stripe.

8. How long we keep your data

•       Subscriber data – retained for the duration of your subscription and up to 6 years afterwards, to comply with legal and accounting obligations.

•       Business partner data – retained for as long as our business relationship continues, and for up to 6 years afterwards where necessary for legal purposes.

9. Your data protection rights

You have the following rights under the UK GDPR:

•       Right of access – to obtain a copy of your personal data.

•       Right to rectification – to correct inaccurate or incomplete data.

•       Right to erasure – to request deletion of your personal data, where applicable.

•       Right to restrict processing – to limit how your data is used.

•       Right to object – to processing based on our legitimate interests.

•       Right to data portability – to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller, where applicable.

•       Right to withdraw consent – where consent is relied upon (though we currently do not process data on this basis).

To exercise your rights, contact us at info@solocalco.com

10. Third-party links

Our website or emails may include links to partner businesses. Please note that we are not responsible for the privacy practices of those businesses or their websites.

11. Updates to this policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website, and significant changes will be notified to subscribers by email.

12. Contact us

If you have any questions about this Privacy Policy or how your personal data is handled, please contact:

Email: info@solocalco.com

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk.