What we mean by “personal information”:
“Personal information” means any information which can be used to identify you, like your name or email address.
Any information that falls outside of this is “non-personal information.”
If we store your personal information with information that is non-personal, we will consider the combination as personal information. If we remove all personal information from a set of data then the remaining is non-personal information.
Information we may collect from you and what we do with it:
We will collect information from you in two main ways:
Information you give us:
This is information you give us on registering on our websites, filling in forms on our websites or by corresponding with us by phone, email or otherwise.
The information you give us may include your name, address, email address and phone number, FCA registration number (if applicable), financial and credit card information or other personal information or description.
We will only use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, investments and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about, and that we feel will be relevant to you;
- to provide you with topical news on any sector that we feel will be relevant to you;
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect automatically:
We may collect information when you search for an investment or a type of investment, download a report or a review, attend an event, pay for services and when you report a problem with the site. We may collect information such as your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We will use only this information:
- to allow you to access a complete audit trail of your research activities when using some of our websites
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of the information we serve to you and others, and to deliver relevant information to you;
- to make suggestions and recommendations to you about other goods and services we offer that are similar to those that you have (through your activity on our websites) shown an interest in, and that we feel will be relevant to you.
Our rights to collect and use your information in this manner:
Indagate Group is committed to abiding by the EU General Data Protection Regulation (GDPR). All companies that comprise the Indagate Group are data controllers in common, which means that they each process the user data of Indagate Group independently, and each have to ensure that any processing of personal information is carried out in line with the data protection principles in the GDPR. These principles require that the data must be:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept longer than necessary;
- processed in accordance with the individual’s rights;
- secure; and
- not transferred to countries outside the European Economic Area unless the country has adequate protection for the individual.
As is the case under the Data Protection Act (DPA), the processing of personal information under the GDPR must fall within one of six specified conditions. The condition Indagate Group will chiefly be relying on with regard to your data is that it is in our “legitimate interests” to do so.
Under the GDPR, the legitimate interests condition is satisfied where the processing of your data is necessary for the purposes of the legitimate interests pursued by the controller (us) or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information. The ways in which we may use your personal information and our legitimate interests for doing so include:
To verify your identity and administer your account.
We have a legitimate interest to process and use your personal information to ensure the functionality and security of our products and services, to identify you and the instructions you give us, and to prevent and detect fraud and other misuses.
To notify you of upcoming events, recent publications or industry updates which we think may be of interest to you, based on your previous engagement with us.
The GDPR acknowledges that companies may have a legitimate interest in direct marketing activities, and it is reasonable to assume customers would expect a business to attempt to promote its services using basic details (subject to the customer not having indicated they do not wish to receive marketing materials), and there is relatively little intrusion into customers’ privacy or other disproportionate impact.
We may process and use your personal information so that any notifications sent to you are relevant to you, and may also create aggregate and statistical information based on your personal information. This profiling includes automated processing of your personal information for evaluating, analysing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you e.g. we will only notify you about an event focused on EIS investments if you have previously engaged with us on tax-advantaged investments, for instance by downloading an EIS review, searching for EIS investments, downloading an EIS Industry Report or previously attending an EIS event with us.
To improve the quality of our services to you.
We have a legitimate interest in analysing how people use our services so we can improve them and focus them on the areas that are most relevant to you. For the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. However, we may also process and use your personal information to personalise our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customised content and advertising. We may combine personal information collected in connection with your use of a particular product and/or service with other personal information we may hold about you, unless the purpose for which we collected that data is incompatible with amalgamation.
To notify you about changes to our services.
We have a legitimate interest in letting you know about changes to the services you subscribe to.
We may share your information with selected third parties including:
Any member of the Indagate Group may share your personal information with other members of our group. In addition to this, we may share your information with third parties in the following circumstances (and always in accordance with the relevant laws):
- We may share your data with our business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. These include our IT infrastructure providers such as Google and Dropbox and payment services firms such as Stripe and Cart Connect.
- We may use individual user data or aggregate information to help investment providers reach the kind of audience they want to target (for example, investors or advisers interested in investing in tax-advantaged investments, or alternative finance). We may make use of the personal information we have collected from you to enable us to comply with our providers’ wishes by displaying their investment information to that target audience.
- We may provide data to analytics and search engine providers that assist us in the improvement and optimisation of our site.
- In the event that Indagate Group sells or buys any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets.
- If Indagate Group or substantially all of its assets (or a substantially all of the shares or assets of one of its subsidiaries) are acquired by a third party, in which case personal information held by it about its (or the relevant subsidiary’s) customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our the Terms and Conditions of our websites and any other agreements; or to protect the rights, property, or safety of Indagate Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your personal information
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long do we keep personal information?
We will only keep your personal information for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. However, we are obliged to keep certain records of our relationship, for instance to comply with the FCA’s rules, in which case we will instead restrict access through our archiving processes. Subject to any actual or potential legal claim, the maximum time that we envisage retaining any of your information is seven years, after which time it will be destroyed.
Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. If you do notify us that you no longer wish to receive marketing information we will keep an encrypted version of your contact information to ensure we respect your wishes.
You have the right to request information and access to the personal information we hold about you.
You also have the right to request that we correct or delete any incomplete, incorrect, unnecessary or outdated personal information we hold on you. However, we cannot delete such personal information that is necessary for compliance, our binding legal obligations or if the personal information must be retained according to applicable laws, or is required for the exercise or defence of a legal claim.
In case you consider your personal information collected by us to be inaccurate but you do not wish your personal information to be deleted; if we have used your personal information unlawfully; or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration, you may request restriction of processing of your personal information.
You may also at any time object to your personal information being processed for direct marketing purposes, sending promotional materials, profiling, or for the performance of market research. Further, where your personal information is processed based on your consent, you have the right to withdraw your consent for such processing at any time.
Please note that we may need to identify you and to ask for additional information in order to be able to fulfil your above requests. Please also note that applicable law may contain restrictions and other provisions that relate to your above rights.
How to contact us
If you wish to contact us, please send an email to our nominated person at firstname.lastname@example.org, write to Indagate Group, Halford Chambers, 1-3 Halford Road, Richmond, TW10 6AW or call 020 3375 1700.
Updated 22 May 2018