1.1. ABOUT US
We are Appital Limited, a company incorporated and registered in England and Wales with company number 11282881 and have our registered address at One Heddon Street, Heddon Street, London, W1B 4BD.
- what personal data we may collect from you;
- how we will use, store and protect your personal data; and
- with whom we may share your personal data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where information relating to identity has been removed (anonymous data).
This website is not permitted for use by individuals below eighteen years of age and we do not knowingly collect data relating to such individuals.
1.3. THIRD PARTY LINKS
3. THE DATA WE COLLECT ABOUT YOU
3.1. We may collect, use, store and transfer different kinds of data about you (some of which is personal data) which we have grouped together as follows:
- Identity Data includes name, title and location (from a drop-down list).
- Profile Data includes:
- your username and password; and
- if you are using the Platform or Services as an investor, the personal information you submit to your profile on the Platform (“Profile”).
- Contact Data includes name, email address and telephone numbers.
- Know Your Customer (KYC) Data includes identification documents, such as passport data.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Platform and Services.
- Usage Data includes information about how you use our Platform and Services.
- Marketing and Communications Data includes your preferences in receiving marketing from us, and your communication preferences.
3.3. We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
4. HOW WE COLLECT YOUR DATA
4.1. We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity Data and Contact Data when registering for an account on the Platform and by completing your Profile, or when corresponding with us over email or otherwise.
- Automated technologies or interactions. As you interact with our Platform and Services, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
- Third parties or publicly available sources.
- Contact Data from the asset management, investment firm or brokerage that you are employed or engaged by and which has facilitated your access to the Platform;
- if you are part of an asset management or investment firm, we may receive Contact Data and Identity Data from your broker; and
- Technical Data, which may be obtained from Google Analytics and other sources.
5. USE OF YOUR PERSONAL DATA
5.1. Under data protection laws, we must have a lawful basis in order to process your personal data. The legal bases on which we may process your data are:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal obligation.
- Where you have provided consent to marketing.
- Where we need to process your data to meet our legitimate interests.
5.2. We use the personal data we collect to:
- provide you with access to the Platform;
- provide you with the functionality of the Platform and Services;
- populate and maintain your Profile;
- contact you for marketing purposes (see section 6 below for more information);
- administer and protect our business and the Platform and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); and
- use data analytics to improve our Platform, Services and user experience.
5.3. We also use information that we collect about you for operational purposes, including to:
- carry out verification and/or KYC checks, including to check that any required regulatory requirements are complied with; and
- as we believe to be necessary or appropriate under applicable law, to enforce our rights or to respond to requests from law enforcement and other government authorities.
6.1. We may send marketing communications to you about the Platform and our Services. Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at firstname.lastname@example.org. We will process your request to be opted-out of marketing within 30 days of receipt.
6.2. Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 5 above.
7. DISCLOSURE OF YOUR INFORMATION
7.1. There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the United Kingdom and European Economic Area (EEA). The third parties to which we may transfer your personal data include:
- your broker (if you are part of an asset management or investment firm);
- service providers, including:
- the authentication provider “Google Cloud Identity Platform”. We share your personal data with them in order to allow them to perform the necessary functions as an authentication provider;
- OpenFin, if you use OpenFin to access the Platform;
- Google Analytics; and
- any outsourced ‘know your client’ provider that we may use from time to time, and
- other companies in the Appital group for administrative and reporting purposes.
7.2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7.3. We will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
- only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission (or any successor body from time to time);
- where your data will be transferred outside of the EEA or, if the UK leaves the EEA, outside of the UK, entering into specific contractual terms which have been approved by the European Commission (or any successor body from time to time) and which give personal data the same protection as within the EEA; or
- where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.
8. INFORMATION ABOUT OTHER INDIVIDUALS
If you give us data (including personal data) on behalf of someone else, you confirm that the other person has given you permission to act on his/her behalf and has agreed that you can:
- provide their personal data to us;
- give consent on their behalf to the processing of their personal data;
- receive on their behalf any data protection notices; and
- give consent to the transfer of the individual’s personal data abroad.
9. SECURITY AND INTERNATIONAL TRANSFERS OF DATA
9.1. We are committed to ensuring that your personal data will be treated confidentially and securely. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
9.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9.3. Although we take all steps reasonably necessary to ensure that your personal data is treated securely, you should be aware that the transmission of information via the Internet is not completely secure and we cannot guarantee the security of your data during its transmission.
10.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
10.2. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
11. YOUR RIGHTS
11.1. You have certain rights in relation to the personal data we process and hold about you. These include:
- Right to rectification: you have the right to require us to correct any inaccuracies in your personal data.
- Right to erasure: you have the right to require us to delete your personal data, subject to certain legal requirements.
- Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:
- you contest the accuracy of the data and wish to have it corrected;
- you object to processing but we are required to retain the data for reasons of public interest; or
- if you would prefer restriction to erasure.
- Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
- Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
- Right of access: you have the right to request access to personal data that we may process about you.
- Right to withdraw consent: where you have previously consented to the processing of your personal data, you have the right at any time to withdraw that consent.
11.2. If you would like to exercise any of the above rights, please:
- put your request in writing;
- include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill); and
- specify the right you wish to exercise.
11.3. We will respond to requests made by you within one month. We will not charge a fee for you to exercise any of the rights listed above.
12.1. You should be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO).
Our full details are:
Full name of legal entity: Appital Limited Email address: email@example.com