V2.1 10/06/2023

InvestEngine Privacy Policy and Cookie Usage

Your privacy is important to us. This privacy policy sets out how InvestEngine (UK) Limited (‘InvestEngine’) uses and protects any information that you give us when you use our website or other method of providing information in the course of us providing services to you. We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, or other means, then you can be assured that it will only be used in accordance with this privacy policy. We may change this policy from time to time by updating this page or by notifying you. You may want to review this page from time to time to ensure you remain content with the way your data is used. We may contact you by email, phone, fax or mail.

By visiting www.investengine.com, either directly or via an App you are accepting the contents of this policy.

InvestEngine (‘we’, ‘us’ or ‘our’) is a Data Controller for the purpose of the General Data Protection Regulation. We are registered with the Information Commissioner’s Office (Registration number: ZA348296). If you have any questions regarding how we manage your data, please contact us at support@investengine.com. Our Data Protection Officer is the Compliance Director.

Lawful basis for processing

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

With InvestEngine we collect your personal data directly from you and from third parties. In all cases we must have a valid basis to process your personal information.

Of the six ‘lawful bases’ under the data protection laws, we assessed that four are relevant for your personal data use. These are:

  • we need your personal information to perform a contract with you (for example if we supply Portfolio Management Services (PMS) to you)

  • we have a legal obligation to collect your personal information such as for HMRC, FCA or ICO reporting

  • we have your consent for example you have ticked a box on a form or we may use your special categories of data (such as health information) where you have provided your consent to hold this information. You may withdraw this consent at any time after giving it, as described above

  • it’s in our legitimate interests or the legitimate interests of others . Our legitimate interests are:

    • to run, and develop our proposition;

    • to ensure a safe environment for our website visitors;

    • for marketing, market research and business development;

    • to provide investor services

We rely on a legitimate interest to send you direct marketing communications via, but not limited to, email or text messages. You have the right to object to receiving such communications by clicking ‘unsubscribe’ in any marketing email we may send. Alternatively, you can contact our team via online chat, secure messaging, or email at support@investengine.com.

If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a review to ensure that our (or the other person's) legitimate interests consider your personal interests or rights and freedoms which require protection.

What data we collect

We collect and process your information in these circumstances:

  • When you give us your personal information via our websites, by phone, email, in writing or otherwise. This includes but isn’t limited to information you give us when you open an account, receive PMS’s, request information or literature, or enter a competition, promotion or survey. The information you give us can include your name, address, email address, mobile or landline number and other personal details such as your National Insurance Number (or other country identifiers), health information (where you are considered a vulnerable customer), banking details and photographic information which may be considered personal in that it may be used to identify you.

  • When providing PMS services additional information will also be requested to ensure suitability can be delivered in line with FCA requirements. This will include the existence of automated decision-making, including profiling and we will collect information such as:

    • financial information relating to you or your company

    • attitude towards savings and experience

    • personal description relating to your investment needs

  • When you visit our websites we automatically collect information which includes: the Internet Protocol (IP) address used to connect your computer to the internet, your login information, your geographic location, your browser and browser plug-in type and version, and your operating system. We also collect information about your visit, including the source of your visit, and the full click path and mouse movement through our sites (including date and time). This includes the services you viewed, searches you made on our sites, page response times, length of visits to certain pages, page interaction information, how you navigated away from any page. We collect this type of information using analytic software. We collect this personal data by using cookies and other technologies, please see Cookie usage below.

  • When we email you: From time to time when you open an email we’ve sent you, we automatically collect information including your geographic location, browser type and version, the device, and the operating system and platform you’re using, by the buttons you have clicked.

  • When we receive your information from third party service providers: We may receive information about you from third party service providers such as credit reference agencies, payment service providers, marketing agencies or analytics providers.

In order to comply with our obligation to treat customers fairly under the FCA’s principles, it may be necessary for us to record certain personal data about certain investors who may be classed as vulnerable customers. Some of this data may be classified as special category data, for which we require explicit consent, including information about a customer's mental and physical health. This data will be stored securely and accessed only by appropriately authorised personnel. The data will not be transferred to, or processed by, third parties.

Information from you about other people

If you provide information on behalf of anyone else then in doing so you must ensure that you have explained how their information may be used by us and they have given you permission to do so. It is your responsibility to share this Privacy Policy with them.

How we use your information

We use your personal information in the following ways:

  • To provide you with any services and/or information you request from us. This also includes carrying out any obligations specified in any contracts between us

  • If you apply for an account with us for someone else, acting with power of attorney, we’ll use the information you give us about the applicant and your role as the attorney to provide the product or service you request

  • To build a picture of who you are and to deliver a relevant experience based on the information gathered

  • To comply with our legal and regulatory obligations, cooperate with the court service, our regulators and law enforcement agencies and to prevent and detect crime

  • If we learn of your insolvency or bankruptcy or change of directorship, we’ll transfer your details to the relevant offices such as Official Receiver or appointed insolvency practitioner(s) or Companies House

  • To check instructions you’ve given us or to resolve disputes including to establish, exercise or defend our legal rights

  • To let you know about any changes we make to our service

  • To tell you (by mail, email, telephone or otherwise) about products and services we think you could be interested in, based on our products you already have or have shown an interest in. You can opt out of this communication at any time

  • To confirm your identity and address, which includes using automated decisions when we carry out financial crime checks

  • To request your feedback on a product or service via a third party we’ve chosen (we’ll only share your name and email address)

  • Gathering data for analysis and research, and to provide management information or other services internally and to third parties

  • To improve our sites to make sure that our content is as effective as we can for you and for your computer

  • As part of our efforts to keep our sites safe and secure and to prevent and detect money laundering, financial crime and other crime

How and when we share your information

We may share your personal data with third parties (including banks, financial institutions or other, IT service providers, auditors and legal professionals) under the terms of any appropriate delegation or contractual arrangement. For the purposes of the Agreement we are required to share your information with third parties, the situations in which we share this information are detailed below:

  • in order to comply with any legal obligation, any lawful request from government, judicial bodies or agencies to make sure we comply with our legal and regulatory obligations

  • with law enforcement officials; and as may be required to meet national security or law enforcement requirements or prevent illegal activity

  • to work with fraud prevention agencies, other companies and organisations to prevent or detect financial and other crime.

  • Suppliers, where necessary for the performance of the contract.

Who we share your data with

We may also share your personal information with suppliers and service providers when we have a legitimate interest to do so, or your explicit consent. These instances are detailed below:

  • Amazon Web Services (AWS): Our data hosting service.

  • Onfido Ltd: Our Online Verification provider, who check identity information so that we may fulfil our Anti Money Laundering and Fraud prevention obligations.

  • GoCardless Ltd: Our Direct Debit provider, allowing you to set up Direct Debits with us.

  • Truelayer Ltd: Our Open banking and Variable Recurring Payment provider, allowing you to fund your InvestEngine account.

  • Equisoft Ltd: Our ISA Transfer software, allowing us to transfer your ISA from and to other ISA providers.

  • Other ISA Providers: Be necessity, when requesting to transfer an ISA in or out of InvestEngine, we must provide your data to the ISA provider.

Those authorised third parties may, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism. Where such entities act as data processors, we make sure the appropriate safeguards are in place to protect your personal information. Where such entities act as data controllers, they will be under an obligation to process your personal data in accordance with the law.

We will endeavour to anonymise your data and/or minimise the amount of your data we share with these third parties, where possible.
We will not sell or lease your personal information to third parties unless we have your explicit consent to do so.

Who you tell us to share data with (Third Party Notifications)

Our platform may allow you to add additional recipients to InvestEngine communications, some of which may contain personal or other sensitive data. By consenting to additional recipients receiving your data, you take full responsibility for the distribution of your data and will ensure that you remove any additional recipients at such time you no longer wish for them to receive communications.

Data Retention

We are required to retain certain data records to comply with our legal, accounting and regulatory obligations. To comply with these requirements, we will retain this data for the longest required period required by UK authorities.

Your personal information may be transferred or disclosed to third parties where necessary under the Agreement. This enables us to provide Services to you and to discharge our obligations to third parties, including relevant government agencies and regulators. Such third parties may also have their own data retention periods.

Any requests by you for deletion during this period may not apply to all of these data records, and such records may only be deleted once the retention period has expired.

Your rights

You have a right to know what personal data we hold about you, for what purpose and how we process it, as detailed in this Privacy Policy.

  1. The right of access: You have the right of access to any personal information we hold about you. You can ask us for a copy of your personal information commonly known as a ‘data subject access request’, including confirmation of how your personal information is being used by us; details about how and why it is being used

  2. The right to rectification: You have the right to have inaccurate personal data rectified, or incomplete data completed respectively

If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at support@investengine.com. We will promptly correct any information found to be incorrect.

  1. Right to Complain: If you have any complaints or concerns about our handling of your personal information please do get in touch with us via email at support@investengine.com and we will do our best to resolve these.

You also have the right to complain to the relevant member state authority, which for the United Kingdom is the Information Commissioner’s Office, by visiting their website or calling their helpline on 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

  1. The right to erasure (‘the right to be forgotten’): You have the right to request erasure of the data held by us. We are required to balance this right with its obligations under law and regulation with respect to record retention

  2. The right to object: You have the right to object to the processing of your personal data when this is based on legitimate interest, including profiling. You also have the right to object to the processing of your personal data for marketing purposes, including profiling for direct marketing purposes

  3. Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services

Security and links to other websites

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We maintain the highest levels of online security and privacy for your account at all times. Advanced Secure Socket Layer (SSL) 256‑bit encryption techniques ensure your personal information is protected and we house all of our data on servers in a secure facility.

Using the internet comes with risks, we cannot guarantee that any information sent to us by email or via our website will not be intercepted or tampered with. Any communications are sent at your own risk.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Key Third-Party Data Processors

OnFido is our electronic identity verification provider, who help us fulfil our regulatory obligations in verifying the identity of our customers as well as protect both InvestEngine and our customers against fraud risk. Terms of ServicePrivacy Policy, Facial Scan Policy.

Data Outside the EU/UK

Data processing may be undertaken by third parties which are located outside the European Economic Area (EEA). This means that the country or countries to which we transfer data will be assessed to ensure that your personal data does receive an adequate level of protection. We have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

InvestEngine also uses cookies to track campaigns from banner advertisements and opt‑in emails. We may use third‑party providers to help us determine which of our advertisements are most likely to be of interest to you. These providers may use behavioural information, such as how you navigate the internet, to provide relevant advertisements to you.

We also allow some of these companies to use tracking pixels. Tracking pixels may be used to collect and store information about visits to our website, such as which pages you viewed and how long you spent on the website, as well as the specific advertisement that you clicked to visit our site. No personally identifiable information is stored on these cookies or web pixels. The information reported to us is aggregated and anonymous. We use this information to understand, for example, the effectiveness of our advertising and marketing.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

When you visit our website you will be presented with a panel notifying you that we use cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If modified this may prevent you from taking full advantage of the website.

Whenever you invest, your capital is at risk
This could mean the value of your investments goes down as well as up.
Understand more about investment risk.
© InvestEngine Limited 2024. All rights reserved.