At Growthdeck Limited (referred to as “we”, “us”, “our”) we take privacy seriously and we are committed to protecting it. This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
Growthdeck Limited (company number 09801754) is the data controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed.
This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes. Please see Changes to this policy for more information.
This policy was last updated on 27th January 2020.
2. PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT
When you use this website and our services, the categories of information that we may collect about you and the way in which we collect it are as follows (this will differ depending on what type of user you are):
Personal information you give to us: This is information about you that you voluntarily give to us by entering information via our website and/or corresponding with us by phone, email or otherwise. This includes information provided at the time of registering with Growthdeck, managing your account and using our services. This may consist of the following categories of information, our collection of which depends on what type of user you are (whether a fundraiser, investor or business owner):
- email address
- contact telephone number
- Date of birth
- amount being sought
- investor type (HNW, Sophisticated or Restricted)
- details of investments you make, the fundraising you are carrying out or have achieved and/or the investment you are seeking or have achieved
- promotional source (e.g. advert, press, referral) of how you heard about Growthdeck and/or the company seeking investment
- legal information relating to claims made by you or against you or the claims process
- information contained in our correspondence or other communications with you about our services or business
- your marketing preferences
- your net wealth and the source of your wealth
We ask you for additional information in order to conduct anti-money laundering checks where this is necessary. This additional information is as follows:
- tax residency (primary and secondary)
- unique Tax Reference (Primary and secondary) or National Insurance (NI) Number
- country of birth
- previous address (if less than 3 years)
We may also ask you for information when you report a problem with our website. If you complete any surveys that we ask you to participate in, or you give any feedback, we will collect your information in these circumstances as well. The information we collect from surveys will generally be on an anonymous basis, however you may be asked to leave your contact details if you would like us to respond to you.
Personal information we collect about you: We may automatically collect information about you, such as details of transactions you carry out through our website, and technical information about your visits to our website, including traffic data, location data, weblogs and other communication data, the resources you access on our website, anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, your device IMEI and other technical information about your device. This information may be collected by cookies placed on our website – please see Cookies for more information.
Personal information we may receive from other sources: We obtain certain personal information about you from TransUnion when we undertake fraud prevention checks where this is required. Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process your information. If we or a fraud prevention agency, as a result of our processing of your personal data, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact TransUnion for further information.
We may also collect personal information from your social media accounts if you connect with us or our services using your social media accounts, including LinkedIn, Twitter, Google+ and Facebook. We use Google Analytics and we receive information about our users from them.
3. HOW WE USE YOUR PERSONAL INFORMATION
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
Performance of the contract with you or to take steps to enter into it. We may use and process your personal information where we have provided our services to you, where you are in discussions with us about any of our services and where you have an account with us.
Legitimate interests or that of a third party for the following purposes:
- for marketing activities (other than where we rely on your consent to do this)
- for analysis to inform our marketing strategy, help us understand how our website is used, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website)
- to correspond or communicate with you
- to administer and manage your account
- to verify the accuracy of data that we hold about you and create a better understanding of you as a customer
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access
- for prevention of fraud and other criminal activities
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request)
- for assessing the quality of the our service and to provide staff training within the business
- for the management of queries, complaints, or claims and
- for the establishment and defence of our legal rights.
Compliance with a legal obligation. We will use your personal information to comply with our legal obligations: (i) to carry out fraud prevention checks and to comply with other regulatory requirements that apply to us (including compliance with the Financial Conduct Authority rules); (ii) to assist any public authority or criminal investigation body; (iii) to identify you when you contact us; and/or (iv) to verify the accuracy of data we hold about you.
Consent. We will ask for your consent to send you direct marketing communications. Please see Marketing below for more information, including how to withdraw your consent.
4. DATA ANONYMISATION AND USE OF AGGREGATED INFORMATION
Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data for analytical and research purposes.
This information may be collected by cookies placed on our website and app – please see Cookies for more information.
5. OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
We may disclose your information to the following third parties:
- Our third party partners. We disclose your information to Woodside Corporate Services for the purposes of handling investor money and managing the nominee relationship with investors. We also disclose your information to our regulatory principal, Daedalus Partners LLC, for whom we are an Appointed Representative, to undertake regulatory oversight of our activities. We also share personal information, including name, address, phone number and date of birth with TransUnion for the purposes of confirming an individual investor's identity and conducting the Anti-Money Laundering checks required by HMRC and the FCA. Further information on how TransUnion process this data can be found at https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
- Our suppliers and service providers. We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud service providers (such as hosting and email management), IT providers, advertising and marketing agencies, communication fulfilment services and administrative service providers. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
- Customer satisfaction surveys. As customer satisfaction is important to us, we may ask a third party research company to contact you for the sole purpose of gathering general information and specific information relating to us and our products and services. The information collected will generally be on an anonymous basis, however you may be asked to leave your contact details if you would like us to respond to you.
- Lawyers Lawyers involved in a transaction where you are investing on the basis that the information is used to solely satisfy regulatory requirements to enable the transaction to take place.
- Other ways we may share your data. We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
6. AUTOMATED DECISIONS
As part of our processing of your personal information, we may take decisions by automated means in regard to fraud prevention. You may automatically be considered to pose a fraud or money laundering risk if our processing reveals your behaviour to be:
- consistent with that of known fraudsters or money launderers;
- inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true identity.
We may also make automated decisions about you so that we can provide you with personalised marketing based on your website browsing history and other information you provide to us (none of these will have a legal or other significant effect on you).
7. WHERE WE STORE YOUR PERSONAL INFORMATION
All information you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).
The third parties listed under ‘Others who may receive or have access to your personal information’ may be located outside of the EEA or they may transfer your information outside of the EEA. Those countries may not have the same standards of data protection and privacy laws as in the UK. Whenever we transfer your information outside of the EEA, we impose contractual obligations on the recipients of that information to protect your personal data to the standard required in the UK. We may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing. Any third parties transferring your information outside of the EEA must also have in place appropriate safeguards as required under data protection law.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
We will not keep your information for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it.
If you have registered an account with us we will store your personal information for as long as your account is open. We regularly review inactive accounts and actively initiate reactivation of your account by sending you reminders.
If you have signed up to receive email marketing from us we will store your personal information for as long as you are subscribed to our email marketing list (even if your account has closed). If you unsubscribe or your account is closed, we will keep your email address on our suppression list to ensure that we do not send you marketing emails.
If you have contacted us with a complaint or query we will store your personal information for as long as is reasonably required to resolve your complaint or query.
We retain technical information from Google Analytics for at least 2 years from the date it is collected.
Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held for up to 6 years.
The exceptions to the above are where:
- we need your personal information to establish, bring or defend legal claims or to comply with a legal or regulatory requirement
- the law requires us to hold your personal information for a longer period, or delete it sooner
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law or you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further right to restrict processing below) or
- in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
9. SECURITY AND LINKS TO OTHER SITES
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we have given (or where you have chosen) a password which enables you to access your account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
Cookies are small files saved to the user's computers hard drive that track, save and store information about the user's interactions and usage of a website. This allows a website, through its server to provide the users with a tailored experience within the site.
Our site uses strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site, register and/or make investments. If you would like more details about these cookies then please contact us directly and we will be happy to provide you with further information.
Other cookies may be stored to your computer’s hard drive by external vendors when our site uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Deleting cookies/changing cookie settings
Consent to receive cookies
We need consent from you to receive cookies. When you first visit our site, you will be notified that if you continue to browse this site without changing your settings, we will assume that you have agreed to receive all cookies on our site. However, if you would like to, you can change your cookie settings at any time. Please refer to the section above on more information on changing your browser settings.
To find out more about cookies including how to manage your cookie settings, please visit www.allaboutcookies.org. This link is provided for convenience only and we do not have any control over its content. We therefore make no warranties or representations as to the accuracy or completeness of any of the information appearing on that site nor as to the suitability or quality of any of their products or services.
We may collect your preferences to receive marketing information about us directly from us in the following ways:
- when you register for an account with us online and indicate that you would like to receive such marketing from us;
- when you opt in to receive marketing communications by updating your preferences in your account area; and
- when you refresh your marketing preferences when responding to a request from us to do so from time to time.
You have the right to withdraw your consent (opt out) at any time to our use of your personal information for marketing purposes. Please see Withdrawing your consent and Objecting to our use of your personal information below for further details on how you can do this.
12. YOUR RIGHTS
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 1 month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Accessing your personal information. You have the right to ask for a copy of the information that we hold about you. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Correcting and updating your personal information. The accuracy of your information is important to us. If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know. You can also update your details by logging into your online account.
Withdrawing your consent. Where we rely on your consent as the legal basis for processing your personal information you may withdraw your consent at any time. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our unsubscribe tool in the relevant communication or you can change your marketing preferences in your account area on our website. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
Objecting to our use of your personal information. Where we rely on our legitimate interests as the legal basis for processing your personal information you may object to us using your information for these purposes. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
Automated decisions. In certain circumstances, you may contest a decision made about you based on automated processing.
Erasing your personal information or restricting its processing. In certain circumstances, you may ask for your personal information to be removed from our systems. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your personal information in a structured data file (“data portability”). Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can also ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Complaining to the UK data protection regulator. You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details .If you have concerns about the way we have handled your personal information, we encourage you to contact us and we will seek to resolve any issues or concerns you may have.
13. CHANGES TO THIS POLICY
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and app and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website and app, whichever is the earlier. We recommend you regularly check for changes and review this policy whenever you visit our website or use the app. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.
14. CONTACT US
Phone: 0800 302 9444
Post: Data Protection at Growthdeck, 504-506 Elder House, Elder Gate, Milton Keynes, MK9 1LR