1. Our role
Our Portals connect investors, independent financial advisers and investment fund managers and make it easier to invest in, and report on, the performance of a wide range of direct and fund investments. Our Portals enable investment fund managers to list various investment opportunities, which the investors and their authorised representatives (including their independent financial advisers) can browse online and invest in via the relevant Portal. In making our Portals available to their users, we are acting as an intermediary between various parties participating in an investment process, and we are authorised by the Financial Conduct Authority to carry on such activities. Our role is not limited to simply passing on information from one user to the other. This means that we are not simply processing personal data on behalf of third parties; we have independent regulatory and contractual obligations in relation to the activities carried out by our Portals users and as a result, we receive and process various personal information about our Portals users as data controllers of their personal data.
2. Personal Information we collect
2.1 If you are an investor, in order to create an account on our Portal for you, and whilst you continue to use the Portal and related services, we will collect information about you which will include the following:
2.2 If you are using our Portal on behalf of a manager or a financial adviser, for example as a member of their personnel nominated to access and use our Portal, the profile data we receive in order to set up your account will be limited to your name, email address, and any further relevant corporate details. This information is necessary for us to identify you as the user authorised to use our Portal and the particular investment opportunity to which your use of the Portal relates.
2.3 Contact data: if you contact us via any of our Portals or our Website, by telephone or by email, we will collect information necessary to identify you and respond to your query.
2.4 We also collect technical data about our users, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Portal. We collect this personal data by using cookies and other similar technologies. Please see our Cookies Policy [LINK] for further details.
2.5 Usage data collected by us includes information about how you use the Portal, our Website and related services.
2.6 Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
2.7 We also collect, use and share aggregated data such as statistical or demographic data (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity, and it cannot be used by us to identify you in any way. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Portal feature or the number of service types that are purchased.
2.8 Business contact data: If you are not a user of our Portal but we are in contact with you in relation to our offering or we have come into contact with you in the course of our business, we may collect your personal data, such as information printed on your business card or other information you give us, in order to stay in touch with you.
2.9 Other than information that we may receive as a result of enhanced due diligence checks (see paragraph 2.1(d) above), we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health or genetic or biometric data), or data relating to criminal convictions and offences.
3. How we use your personal information
3.1 We may collect, store and use your personal information for the following purposes:
3.2 We do not sell your data. From time to time, we may send emails containing information about new features and other news about CoInvestor, such as suggestions and recommendations about similar services we offer, which we think may be of interest to you. This is considered direct marketing. You have the right to stop us from contacting you for these purposes. We will always inform you if we intend to use your personal data for such purposes, or if we intend to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms we use to collect your data. You can also object to our processing of your personal data for such purposes at any time by contacting us at email@example.com.
3.3 Some of the above purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
3.4 We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
3.5 Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Lawful processing
4.1 We are required to rely on one or more lawful grounds to collect and use the personal information that we have outlined above. We consider the grounds listed below to be relevant:
4.2 Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your personal information. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.
5. Will we disclose your personal data to anyone?
5.1 We may need to share your personal information with third parties such as:
5.2 We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information.
5.3 We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. Keeping your personal data secure
6.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
6.2 While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
6.3 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
7. Transfers of your information out of the EEA
7.1 We may need to transfer your personal data outside the European Economic Area (EEA), for example if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as for example a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
8. Data retention
8.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In accordance with applicable legal and regulatory requirements, we will retain the records relevant to your CoInvestor account and any activity you have conducted on the Portal for a minimum period of six years following the termination of your access to the Portal. This period may be extended if required by law, regulatory requirement or by mutual consent between you and us.
8.2 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
9. Your Rights
Under data protection legislation you have a number of rights in respect of information held about you. These rights are as follows, and can be exercised in accordance with the applicable legislation:
If you would like to exercise any of the above rights, please:
Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services in relation to your account and/or investments.
Please note that you also have the right to lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns.
10. Third party websites
11. Contact us
If you wish to contact us, please send an email to firstname.lastname@example.org with the words “Data Protection” in the subject line.
If you no longer wish an adviser or other third party to use the Portal on your behalf then please contact us at email@example.com.