V3.1 01/12/2024
Privacy Policy
1. About us
InvestEngine (UK) Limited 4th Floor, 57 Great Suffolk Street, London SE1 0BB is a Data Controller for the purpose of the General Data Protection Regulation. This means that we are responsible for determining the purpose and way your personal data is used.
We are authorised and regulated by the Financial Conduct Authority (“FCA”) (FRN: 801128). We are also registered with the Information Commissioner’s Office (“ICO”) (Registration number: ZA348296).
2. Contact details
Email: support@investengine.com
3. What information we collect, use, and why
We collect or use the following information to provide our services:
- Names and contact details including email & telephone number
- Addresse(s) and Date of birth, gender, socio-demographic information, postcode, profession, employment and earnings
- National Insurance or other country or residence identifier and nationality information
- It may include health information (if you are considered a *vulnerable customer)
- Payment details (including card or bank information for transfers and direct debits)
- Photographic or video recordings for identity information
- Know your Client Account information including source of wealth and income
- Website user information (including user journeys and cookie tracking), tags
- Records of meetings and decisions
- Information relating to compliments or complaints
- Technical information including your geographical location, browser type and version, device and operating system and platform you are using to access and use our website and App
We also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated data may be derived from our personal information, but it does not reveal your identity.
*To meet our obligations under the FCA’s Consumer Duty and ensure positive outcomes for our customers, we may need to record certain personal data for investors identified as vulnerable. This could include special category data, such as information about a customer's mental and physical health, for which we will obtain explicit consent. All data will be securely stored and accessed only by authorised personnel. It will not be shared with or processed by third parties.
We collect or use the following information for the operation of customer accounts:
- Names and contact details, including email address
- Addresses
- Payment details (including card or bank information for transfers and direct debits)
- Purchase history and profiling information (such as risk) collected for proper management of account such as our Managed Portfolio Services
- Account information, including registration and transaction details
- Information used for security purposes
- Marketing preferences
We collect or use the following information to prevent, detect & investigate suspicious activity and criminal behaviour:
- Names and contact information including publicly available information
- Customer or client accounts
- Criminal offence data provided by other regulatory bodies as appropriate
- Financial transaction information and know your client information
We collect or use the following information for service updates or marketing purposes:
- Names and contact details
- Addresses
- Marketing preferences
- Location data
- Purchase or viewing history
- IP addresses, log-in information, browser information, browser versions and any plug-ins
- Source of your visit to our website, click path and mouse movement through our website (including date and time)
- Services you viewed, searches you made on our website, page response times, length of visits to pages, pager interactions
- Cookie usage
- Website and app user journey information
- Records of consent, where appropriate
We collect or use the following information to comply with legal requirements:
- Name
- Contact information
- Identification documents and source of wealth information
- Financial transaction information including Know Your Client information
We also collect or use the following information to comply with legal and AML requirements:
- Biometric information (where used to identify someone)
- Source of Wealth information
- Know Your Client information
We collect or use the following personal information for dealing with queries, complaints or claims:
- Names and contact details
- Address
- Payment details
- Account information
- Relevant information from previous investigations
- Customer or client accounts and records
- Financial transaction information
- It may include health information (if you are considered a vulnerable customer)
- Correspondence
4. Lawful bases and data protection rights
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.
- If you make a subject access request, we must respond to you without undue delay and in any event within one month.
- To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Our lawful bases for the collection and use of your data
Our lawful bases for collecting or using personal information to provide our services are:
- Consent - we have permission from you to use your data, after we gave you all the relevant information. All your data protection rights may apply, except the right to object. You have the right to withdraw your consent at any time.
- Contract – we must collect or use the information so we can enter or carry out a contract and transactions with or for you, for example if we supply Portfolio Management Services to you or if you open an account with us. All your data protection rights may apply except the right to object.
- Legal obligation – we must collect or use your information so we can comply with the law for example tax date, to assist with Regulatory enquiries and for helping to detect financial crime. All your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
- Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All your data protection rights may apply, except the right to portability. Our legitimate interests are:
Providing our Services: We process your data based on our legitimate interest to effectively manage and maintain our services. This includes onboarding, account management, fraud detection and prevention, verification of your identity and eligibility in relation to the products and services we offer. Ensuring a secure environment for our website visitors. We also conduct marketing, market research, and business development activities, and provide investor services through our App and Website. Additionally, we handle complaints, facilitate trades, and manage ongoing account administration across our entire product range, including sharing data with 3rd Party providers where necessary.
Our legal basis for using your information:
- To provide you with the services and information you request from us, including fulfilling any contractual obligations between us, plus eligibility and fraud detection. You have provided your consent by using your personal information, for example via entering it into our Website or App or in correspondence with us.
- If you apply for an account on behalf of someone else under a power of attorney, we’ll use the information you provide about the applicant and your role as the attorney to deliver the requested product or service.
- To build a profile of you and deliver a personalised experience based on the information we gather and to comply with the contractual obligations and verifying and carrying out instructions on your account.
- To provide you with tailored insights, such as account growth, activity summaries, and performance highlights, to enhance your investment experience. Additionally, we may analyse anonymized and aggregated data to identify trends (e.g., popular investment regions or ETF adoption). This helps us improve our services and share general insights with partners, without identifying individual customers.
- To comply with our legal and regulatory obligations, cooperate with courts, regulators, and law enforcement agencies, and to prevent and detect crime.
- If we become aware of your insolvency, bankruptcy, or change in directorship, we’ll transfer your details to the relevant authorities, such as the Official Receiver, appointed insolvency practitioner(s), or Companies House.
- To verify instructions you’ve given us, resolve disputes, and establish, exercise, or defend our legal rights as well as verifying the device used to access our website or App.
- To inform you about any changes we make to our services and tailor our services to you.
- To notify you (by mail, email, telephone, or otherwise) about products and services we believe may interest you, based on products you already have or have shown interest in. You can opt out of these communications at any time.
- To confirm your identity and address, including using automated decisions when conducting financial crime checks and to prevent and detect money laundering, financial crime, and other criminal activities.
- To safeguard economic wellbeing, to comply with regulatory requirements and to exercise legal rights.
- To request your feedback on a product or service via a selected third party (we’ll only share your name and email address).
- To gather data for analysis and research, and to provide management information or other services internally and to third parties.
- To improve our websites and ensure that our content is as effective as possible for you and your device.
- Administering our website and apps and for internal operations including troubleshooting, data analysis, load management, testing, research and statistical and survey purposes.
5. Where we get personal information from
- Directly from you or anyone acting on your behalf
- Legal and judicial sector organisations
- Publicly available sources
- Providers of marketing lists and other personal information
- Suppliers and service providers
- Third parties that help us monitor or improve our products and services
6. How long we keep information
We are required to retain certain data records to comply with legal, accounting, and regulatory obligations. To meet these requirements, we will retain this data for the maximum period mandated by UK regulatory authorities.
Your personal information may be transferred or disclosed to third parties as necessary under our Agreement with you and this policy. This allows us to provide services to you and fulfil our obligations to third parties, including government agencies and regulators. Please note that these third parties may have their own data retention policies.
If you request deletion of your data during this retention period, please be aware that it may not apply to all records. Such records will only be deleted once the required retention period has ended. Sometimes we may be unable to delete your personal data for technical reasons (if it is stored in archives), in these circumstances we will continue to securely store your data and only use it for purposes that we have stated until it is deleted.
7. Who we share information with
Others we share personal information with
- Professional or legal advisors and anyone authorised to act on your behalf
- Financial or fraud investigation authorities
- Relevant regulatory authorities or government of judicial bodies or agencies
-
Organisations we’re legally obliged to share personal information where necessary for the performance of the contract such as business partners, suppliers and other third parties for the performance of any contract we enter with them or you, including:
- Data, service, and software providers to help improve, develop, and maintain our products and website. This may include activities such as customer data modelling, statistical analysis, financial market analysis and trend analysis.
- I-Cloud storage providers both UK and International to store information
- Communication specialists, advertisers, and advertising networks that require your information to tailor communications and display adverts about our services to you and others. We will only share your personal information with third-party advertisers to enable them to deliver services on our behalf.
- Payment Service providers
- Credit reference and fraud prevention agencies
We may also share your personal information with third parties if we decide to sell, transfer, or merge parts of our business or assets. Additionally, we may seek to acquire other businesses or merge with them. If such a change occurs, the new owners may use your personal data in the same manner as outlined in this policy. In all cases, we only share your personal information with third parties when it is necessary for them to fulfil their function.
8. Cookies
Our website and app use cookies to distinguish you from other users, enhancing your experience when you browse our website or use our app. Once you agree, cookies are added to help analyse web traffic and tailor your experience by remembering your preferences. We use traffic log cookies for statistical analysis to improve our website, and the data is removed afterward. We also use cookies and tracking pixels to monitor advertising campaigns and understand which ads are most relevant to you. These tools collect anonymous, aggregated information about your browsing behaviour, such as which pages you visit and the effectiveness of our advertising. No personally identifiable information is stored in these cookies or pixels.
You can choose to disable or refuse some or all our cookies; however, please be aware that doing so may cause certain parts of our website or app to function improperly or become inaccessible. For detailed information about the cookies we use and their purposes, please refer to our Cookie Policy.
9. How we store, transfer and share information
We have implemented applicable security measures to prevent unauthorised access to or misuse of your personal information. All information you provide to us is stored on secure servers, and all internal data traffic is encrypted using TLS technology. We restrict access to your data to only those employees, agents, contractors, and third parties who have a legitimate business need. They are authorised to process your personal data solely based on our instructions and are bound by a duty of confidentiality. We always maintain the highest levels of online security and privacy for your account. Advanced Secure Socket Layer (SSL) 256‑bit encryption techniques ensure your personal information is protected and we house all our data on servers in a secure facility.
Unfortunately, transmitting information via the internet cannot be completely secure. While we strive to protect your personal data, we cannot guarantee the security of data transmitted to our website or app, especially via email. Any transmission is at your own risk.
10. How we store, transfer and share information
When necessary, we may transfer personal information outside the UK. In such cases, we comply with the UK GDPR and ensure appropriate safeguards are in place. If your data is stored outside the UK or the European Economic Area, this is likely due to our third-party partners and service providers processing data outside these regions to help us deliver our products and services. In these circumstances, we take all reasonable steps to ensure your data is treated securely and in accordance with this policy and consistent with EU and UK Laws.
11. Third Party Links
Our website, apps, and emails may contain links to and from other websites, including those of our advertisers and affiliates. If you choose to follow a link to any of these websites, please be aware that they have their own privacy policies, and we do not accept any responsibility for your data if you decide to use these websites. We strongly recommend that you review their privacy policies before submitting any personal data.
12. How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. We would, however, appreciate the chance to deal with your concerns so please contact us in the first instance.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint/
13. Changes
Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please note that updates to this policy are not routinely sent by email, so we encourage you to check back regularly to stay informed of any updates or changes to our Privacy Policy.