Privacy Policy

Last updated 30 November 2021

Appital Limited (“Appital”, “us”, “our” or “we”) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you use our software platform and marketplace (“Platform”) and any other Appital sites (including https://appital.io/) and applications offered or made available by Appital (“Services”) and tells you about your privacy rights and how the law protects you.

We may update the terms of this privacy policy from time to time so please check it regularly for any updates. Your continued use of the Platform and/or Services following any update to this privacy policy will constitute your acceptance of those changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

1. INTRODUCTION

1.1. ABOUT US

We are Appital Limited, a company incorporated and registered in England and Wales with company number 11282881 and have our registered address at 222 Regent St., London W1B 5TR.

1.2. PURPOSE OF THIS PRIVACY POLICY

This privacy policy explains how we collect and process your personal data when you use our Platform and Services. Please read this privacy policy carefully as it contains information about:

what personal data we may collect from you; how we will use, store and protect your personal data; and with whom we may share your personal data.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where information relating to identity has been removed (anonymous data).

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

This website is not permitted for use by individuals below eighteen years of age and we do not knowingly collect data relating to such individuals.

1.3. THIRD PARTY LINKS

The Platform and Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. If you leave our Platform or Services, we encourage you to read the privacy policy of every website you have visited.

2. CONTROLLER

Appital is the data controller and is responsible for any of your personal data that we process. You can contact Appital via the contact details at section 12 below if you have any questions with regards to this privacy policy or our privacy practices.

3. THE DATA WE COLLECT ABOUT YOU

3.1. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  1. Identity Data includes name, title and location (from a drop-down list).
  2. Profile Data includes:
  3. your username and password; and
  4. if you are using the Platform or Services as an investor, the personal information you submit to your profile on the Platform (“Profile”).
  5. Contact Data includes name, email address and telephone numbers.
  6. Know Your Customer (KYC) Data includes, but is not limited to, identification documents, such as passport data.
  7. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Platform and Services.
  8. Usage Data includes information about how you use our Platform and Services.
  9. Marketing and Communications Data includes your preferences in receiving marketing from us, and your communication preferences.

3.2. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on the Platform or Services. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

3.3. We do not collect any special categories of personal data about you (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

4. HOW WE COLLECT YOUR DATA

4.1. We use different methods to collect data from and about you including through:

  1. Direct interactions. You may give us your Identity Data and Contact Data when registering for an account on the Platform and by completing your Profile, or when corresponding with us over email or otherwise.
  2. Automated technologies or interactions. As you interact with our Platform and Services, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using server logs and other similar technologies.
  3. Third parties or publicly available sources.
  4. Contact Data from the asset management, investment firm or brokerage that you are employed or engaged by and which has facilitated your access to the Platform and Services;
  5. if you are part of an asset management or investment firm, we may receive Contact Data and Identity Data from your broker;
  6. Technical Data, which may be obtained from Google Analytics and other sources.
  7. Identity and Contact Data from publicly available sources such as Companies House based inside the UK.

5. USE OF YOUR PERSONAL DATA

5.1. Under the applicable data protection laws, we must have a lawful basis in order to process your personal data. The legal bases on which we may process your data are:

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where we need to comply with a legal obligation.
  3. Where you have provided consent.
  4. Where we need to process your personal data to meet our legitimate interests and your interests and fundamental rights do not override those interests.

5.2. We use the personal data we collect to:

  1. register you as a new user and provide you with access to the Platform;
  2. provide you with the functionality of the Platform and Services;
  3. populate and maintain your Profile;
  4. contact you for marketing purposes (see section 6 below for more information);
  5. manage our relationship with you, which will include notifying you about changes to our terms or privacy policy;
  6. administer and protect our business and the Platform and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); and
  7. use data analytics to improve our Platform, Services and user experience.

5.3. We also use information that we collect about you for operational purposes, including to:

  1. carry out verification and/or KYC checks, including to check that any required regulatory requirements are complied with; and
  2. as we believe to be necessary or appropriate under applicable law, to enforce our rights or to respond to requests from law enforcement and other government authorities.

6. Marketing

6.1. We may send marketing communications to you about the Platform and our Services. To opt-out from receiving marketing communications you may contact us at any time at privacy@appital.io. We will process your request to opt-out of marketing within 30 days of receipt.

6.2. Where you opt out of receiving these marketing communications, this will not apply to personal data provided to us as a result of the purposes specified in section 5 above.

7. DISCLOSURE OF YOUR INFORMATION

7.1. There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the United Kingdom and European Economic Area (EEA). The third parties to which we may transfer your personal data include:

  1. your broker (if you are part of an asset management or investment firm);
  2. service providers, including:
    1. the authentication provider “Google Cloud Identity Platform”. We share your personal data with them in order to allow them to perform the necessary functions as an authentication provider;
    2. OpenFin, if you use OpenFin to access the Platform;
    3. your Portfolio, execution or Order Management System
    4. Google Analytics; and
    5. any outsourced ‘know your client’ provider that we may use from time to time, and
  3. other companies in the Appital group for administrative and reporting purposes.

7.2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7.3. We will only transfer your personal data outside the UK or EEA where suitable safeguards have been put in place by the receiving party. These safeguards are intended to ensure a similar degree of protection is afforded to your personal data wherever it may be transferred and include:

  1. only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission (or any successor body from time to time);
  2. where your data will be transferred outside of the EEA or, the UK , entering into specific contractual terms which have been approved by the ICO or the European Commission (or any successor bodies from time to time) and which give personal data the same protection it has within the UK.

8. INFORMATION ABOUT OTHER INDIVIDUALS

If you give us data (including personal data) on behalf of someone else, you confirm that the other person has given you permission to act on his/her behalf and has agreed that you can:

  1. provide their personal data to us;
  2. give consent on their behalf to the processing of their personal data;
  3. receive on their behalf any data protection notices; and
  4. give consent to the transfer of the individual’s personal data abroad.

9. SECURITY AND INTERNATIONAL TRANSFERS OF DATA

9.1. We are committed to ensuring that your personal data will be treated confidentially and securely. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

9.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9.3. Although we take all steps reasonably necessary to ensure that your personal data is treated securely, you should be aware that the transmission of information via the Internet is not completely secure and we cannot guarantee the security of your data during its transmission.

10. RETENTION

10.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

10.2. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

10.3. In some circumstances you can ask us to delete your data: see below for further information.

10.4 In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11. YOUR RIGHTS

11.1. You have certain rights in relation to the personal data we process and hold about you. These include:

  1. Right to rectification: you have the right to require us to correct any inaccuracies in your personal data.
  2. Right to erasure: you have the right to require us to delete your personal data, subject to certain legal requirements.
  3. Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:
    1. you contest the accuracy of the data and wish to have it corrected;
    2. you object to processing but we are required to retain the data for reasons of public interest; or
    3. if you would prefer restriction to erasure.
  4. Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
  5. Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
  6. Right of access: you have the right to request access to personal data that we may process about you.
  7. Right to withdraw consent: where you have previously consented to the processing of your personal data, you have the right at any time to withdraw that consent.

11.2. If you would like to exercise any of the above rights, please:

  1. submit your request in writing;
  2. include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill); and
  3. specify the right you wish to exercise.

11.3. We will respond to requests made by you within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We will not usually charge a fee for you to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

12. CONTACT

12.1. You should be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO).

12.2. If you have any questions about this privacy policy or our privacy practices, please contact us using the details below.

Our full details are: