Our ICO registration number is 00044690701.
What personal information do we process?
We may collect and process the following personal information about you:
- General personal details, which may include:
- Your name
- Your residential address
- Your gender
- Your contact details (email address and/or your telephone number)
- Your date of birth
- Account sign-in information, which will include the following as set by you:
- Know Your Customer (KYC) information, which may include:
- Proof of identity such as a passport, driving licence or ID card;
- Proof of address such as utility bills or bank statements;
- Other evidence which we may need in order to comply with our Anti-Money Laundering (AML) obligations on a case-by-case basis.
- Information you provide when participating in Website discussion boards or social media functions – this may include personal data depending on the content of the information you provide
- Communications you send to us (by telephone, email, message board or otherwise), for example, to report a problem or to submit queries, concerns or comments regarding the Website, our service, or general comments
- Suitability Information, which will include information on your personal and financial circumstances and investment goals, your interests, and relevant industry experience;
- Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
- Payment information, which may include your bank account details including sort code and account number.
Information we receive from others
We may also receive information about you from third parties, including:
- Digital identity verification providers;
- Credit reference agencies;
- Publicly-available sources of information including HM Treasury sanctions lists.
We use this information in order to comply with our legal obligations and to provide our products and services to you.
What we do with your data?
We use your personal data for the following purposes:
Providing our services to you
We need to process certain personal information in order to provide our services to you, which includes our service allowing industry experts to share investment ideas with Huddlestock users and other services delivered via our Website and mobile apps. We will also need to collect and process KYC information in order to comply with our legal obligations.
Contacting you about our services
If you have given us your contact information as part of a sign-up process, we may use these details to get in touch with you about the services we offer such as by following up on an incomplete registration process or to email you details of opportunities you may be interested in. We will only send you marketing communications by electronic means (e-mail, via our apps or text) if those communications relate to goods, services or opportunities which are similar to those that you have previously purchased or expressed an interest in or if you have consented to us contacting you in this way (see below). We will also need to collect and process KYC information in order to comply with our legal obligations.
During your account set-up process you will be able to opt out of receiving marketing communications from us and/or third parties. You can change your marketing preferences at any time by contacting us at firstname.lastname@example.org if you are an investor or email@example.com if you are a strategy vendor.
Improving our services
We may use your personal data to analyse how you are using the Huddlestock service and to gain insights into how we can improve our products and services.
Customer Support and account administration
We may use your personal data to provide you with customer support or to investigate complaints or concerns about your account.
Providing information to third parties for marketing purposes and for related products and services
In certain circumstances we may ask for your consent to share your personal data with explicitly identified third parties so that they can contact you for marketing purposes or provide you with their own products or services. We will only do so if you have given us your explicit consent to share your personal information in this way, which can be given via a pop-up screen on the Website or Mobile apps. You can withdraw your consent at any time by writing to us at firstname.lastname@example.org if you are an investor or email@example.com if you are a strategy vendor.
Do we share personal information with anyone else?
We may disclose personal information we collect or receive to the following third parties:
- You or those acting on your behalf;
- Third-party credit reference agencies, in circumstances where we may need to assess your creditworthiness;
- Our custodian bank partner and selected third-party investment brokers in order to facilitate the safe custody, execution, and management of investments you make through the Huddlestock platform;
- Payment service providers, to facilitate the payment of our fees;
- Our technology partners, including our cloud hosting provider Amazon Web Services, in order to store your personal data securely;
- Our legal and professional advisors, in order to establish our compliance with law or regulation or in the establishment, exercise, or defence of legal claims;
- to third parties in connection with a proposed or actual financing, securitisation, insuring, merger, restructure, sale, acquisition, assignment or other disposal of all or part of our business or assets or the assets of any Affiliate or to anyone whom we may transfer our rights and/or obligations for the purposes of evaluating and performing the proposed transaction; and
- to third party ID verification providers when we need to verify KYC information;
- to third parties, including law enforcement officials, law courts and government and regulatory authorities: (a) if we believe disclosure is required by any applicable law, regulation or legal process (such as to respond to subpoenas or judicial orders); or (b) to protect and defend our rights, or the rights or safety of third parties, including to defend against legal claims.
What is our lawful basis for processing your personal data?
Under Article 6 of the EU General Data Protection Regulation (GDPR) we are required to tell you about the legal basis under which we collect and process your data.
We will only collect and process your personal data in accordance with one of the below lawful bases:
- Performance of a contract: This is where the processing is necessary for a contract we have with you, or you have asked us to take specific steps before entering into a contract, such as providing you with a quote. This lawful basis covers the following purposes:
- Providing our services to you
- Our legitimate interests: This is where we collect and process data in accordance with our “legitimate interests”. Our legitimate interests include:
- Improving our service
- Providing you with information about our services
- Providing you with customer support and administering your account
- Compliance with our legal obligations: We may be required to process or share your personal data in compliance with a legal obligation, such as in response to a request by law enforcement or when investigating a civil claim. We will also need to process KYC information in order to comply with our obligations under the Fourth Anti Money Laundering Directive.
- Consent: You may be given the option to explicitly consent to share your data with selected third parties for marketing purposes or to sign up for related products and services. In this we will never assume that we have your consent unless you have explicitly opted in, and you can withdraw your consent at any time by contacting us.
Data storage and international transfers
We take the security of your data very seriously, and all of your personal data will be kept according to strict safeguards and in compliance with the GDPR. Your data will be stored on cloud servers within the EEA and we will only store your data outside the EEA in the event that the jurisdiction in question has been assessed as compliant with the GDPR.
Automated decision making
When you enter in details of your interests and other suitability details, our automated matching system may use this data to sort and limit the investment ideas you see on our Website and mobile apps. This does not affect your legal rights.
You can object to automated decision making using your data by writing to us at firstname.lastname@example.org if you are an investor or email@example.com if you are a strategy vendor. Please note that this may limit the functionality of our service as a result.
You have the right to be informed over what personal data we hold and how we are using it. This information is contained within this privacy notice.
If you have consented to particular uses of your personal data, you have the right to withdraw this consent at any time.
You have the right to “portability” of your personal data that we have collected with your consent or in performance of a contract that is used in automated decision-making. This means that you can request copies of all the personal data we hold for this purpose in a structured, commonly used, and machine readable form, and we will supply this to you free of charge on request. We will respond to these requests within one month, unless the request is particularly complex, in which case we will inform you of how long it will take as soon as possible.
You have the right to request a copy of the personal data we hold under the GDPR by making a “subject access request” to us in writing. We will comply with all valid subject access requests within 30 days, unless the request is particularly complex; in this case we will contact you within 30 days with further information. You will not be charged for making a subject access request request unless we reasonably deem this to be a manifestly unfounded or excessive request, in which instance you will be charged a reasonable fee based on the administrative costs of providing the information.
If some of the personal data we hold is inaccurate or incomplete, you can request that we rectify our records by writing to us. We will comply with all requests within 30 days unless the request is particularly complex; in this case we will contact you within 30 days with further information.
Where we are using your personal data in accordance with our legitimate interests, you can object to further use of your data. This objection should be based on grounds relating to your particular situation. If you object, we will stop using your personal data in this way immediately, unless there are compelling legitimate grounds for processing your personal data which override your interests, rights and freedoms (such as requests by law enforcement) or we need to process your data for the establishment, exercise or defence of legal claims. You may always object to further use of your data for direct marketing purposes by clicking the “unsubscribe” button within marketing emails or by contacting us by writing to us at firstname.lastname@example.org if you are an investor or email@example.com if you are a strategy vendor.
You have the right to request erasure of the personal data we hold by contacting us. Please note that it is not always possible for us to comply with a request for erasure; for example, if we have collected data from you in performance of a contract, we cannot normally comply with a request for erasure unless we no longer have an active contract with you and the data is more than six years old.
You have the right to restrict the processing of your personal data in certain circumstances, such as when you object to us using your data in accordance with our legitimate interests or when you contest the accuracy of the data we hold on you.
You can exercise any of your rights by contacting us via the details at the bottom of this page. Please note that we may need to verify your identity before complying with any of the above requests.
How long we will keep your data for
We will only keep your personal data for as long as is necessary. This means that we will retain your personal data for as long as we have an active contract or business relationship with you, and after this, we will only keep your data for as long as is necessary for the purposes which it is stored.
What happens if you don’t provide us with the information we need
As outlined above, some of the personal data you provide to us will be used in order to enter into a contract with you and to comply with our legal obligations.
Should you not provide us with the data we require to offer our service or request that we erase the personal data we hold, it is likely that we will not be able to deliver our services to you.
Cookies generally fall into one of the following categories:
- strictly necessary cookies which are cookies that are essential to allow you to use a website and its features;
- performance cookies which collect information about how visitors use a website to create aggregated, anonymous information that does not identify the visitor;
- functionality cookies which allow the website to remember you and provide a more personalised service; and
- targeting or advertising cookies which are used to deliver adverts relevant to you.
Our Website uses all of the above types of cookies.
Some of our cookies remain on your device between your browsing sessions.
You can disable our cookies by changing the settings on your browser but doing so might mean you are unable to use certain features of our Website.
Complaints and contacting us
If you feel that we have not been complying with our obligations on data protection law or you wish to assert one of your rights, please contact us without delay in writing to us at firstname.lastname@example.org if you are an investor or email@example.com if you are a strategy vendor.
Should you be dissatisfied with our response or wish to complain to the relevant supervisory authority, you can do so by contacting the Information Commissioner’s Office (ICO). Contact details for the ICO can be found on this webpage.