By visiting www.investengine.com, either directly or via an App you are accepting the contents of this policy.
InvestEngine (‘we’, ‘us’ or ‘our’) is a Data Controller for the purpose of the General Data Protection Regulation. We are registered with the Information Commissioner’s Office (Registration number: ZA348296). If you have any questions regarding how we manage your data, please contact us at firstname.lastname@example.org. Our Data Protection Officer is the Compliance Director.
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
With InvestEngine we collect your personal data directly from you and from third parties. In all cases we must have a valid basis to process your personal information.
Of the six ‘lawful bases’ under the data protection laws, we assessed that four are relevant for your personal data use. These are:
we need your personal information to perform a contract with you (for example if we supply Portfolio Management Services (PMS) to you)
we have a legal obligation to collect your personal information such as for HMRC, FCA or ICO reporting
we have your consent for example you have ticked a box on a form or we may use your special categories of data (such as health information) where you have provided your consent to hold this information. You may withdraw this consent at any time after giving it, as described above
it’s in our legitimate interests or the legitimate interests of others. Our legitimate interests are:
to run, and develop our proposition;
to ensure a safe environment for our website visitors;
for marketing, market research and business development;
to provide investor services
We rely on a legitimate interest to send you direct marketing communications via, but not limited to, email or text messages. You have the right to object to receiving such communications by clicking ‘unsubscribe’ in any marketing email we may send. Alternatively, you can contact our team via online chat, secure messaging, or email at email@example.com.
If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a review to ensure that our (or the other person’s) legitimate interests consider your personal interests or rights and freedoms which require protection.
We collect and process your information in these circumstances:
When you give us your personal information via our websites, by phone, email, in writing or otherwise. This includes but isn’t limited to information you give us when you open an account, receive PMS’s, request information or literature, or enter a competition, promotion or survey. The information you give us can include your name, address, email address, mobile or landline number and other personal details such as your National Insurance Number (or other country identifiers), health information (where you are considered a vulnerable customer), banking details and photographic information which may be considered personal in that it may be used to identify you.
When providing PMS services additional information will also be requested to ensure suitability can be delivered in line with FCA requirements. This will include the existence of automated decision‑making, including profiling and we will collect information such as:
financial information relating to you or your company
attitude towards savings and experience
personal description relating to your investment needs
When you visit our websites we automatically collect information which includes: the Internet Protocol (IP) address used to connect your computer to the internet, your login information, your geographic location, your browser and browser plug‑in type and version, and your operating system. We also collect information about your visit, including the source of your visit, and the full click path and mouse movement through our sites (including date and time). This includes the services you viewed, searches you made on our sites, page response times, length of visits to certain pages, page interaction information, how you navigated away from any page. We collect this type of information using analytic software. We collect this personal data by using cookies and other technologies, please see Cookie usage below.
When we email you: From time to time when you open an email we’ve sent you, we automatically collect information including your geographic location, browser type and version, the device, and the operating system and platform you’re using, by the buttons you have clicked.
When we receive your information from third party service providers: We may receive information about you from third party service providers such as credit reference agencies, payment service providers, marketing agencies or analytics providers.
In order to comply with our obligation to treat customers fairly under the FCA’s principles, it may be necessary for us to record certain personal data about certain investors who may be classed as vulnerable customers. Some of this data may be classified as special category data, for which we require explicit consent, including information about a customer’s mental and physical health. This data will be stored securely and accessed only by appropriately authorised personnel. The data will not be transferred to, or processed by, third parties.
We use your personal information in the following ways:
To provide you with any services and/or information you request from us. This also includes carrying out any obligations specified in any contracts between us
If you apply for an account with us for someone else, acting with power of attorney, we’ll use the information you give us about the applicant and your role as the attorney to provide the product or service you request
To build a picture of who you are and to deliver a relevant experience based on the information gathered
To comply with our legal and regulatory obligations, cooperate with the court service, our regulators and law enforcement agencies and to prevent and detect crime
If we learn of your insolvency or bankruptcy or change of directorship, we’ll transfer your details to the relevant offices such as Official Receiver or appointed insolvency practitioner (s) or Companies House
To check instructions you’ve given us or to resolve disputes including to establish, exercise or defend our legal rights
To let you know about any changes we make to our service
To tell you (by mail, email, telephone or otherwise) about products and services we think you could be interested in, based on our products you already have or have shown an interest in. You can opt out of this communication at any time
To confirm your identity and address, which includes using automated decisions when we carry out financial crime checks
To request your feedback on a product or service via a third party we’ve chosen (we’ll only share your name and email address)
Gathering data for analysis and research, and to provide management information or other services internally and to third parties
To improve our sites to make sure that our content is as effective as we can for you and for your computer
As part of our efforts to keep our sites safe and secure and to prevent and detect money laundering, financial crime and other crime
We may share your personal data with third parties (including banks, financial institutions or other, IT service providers, auditors and legal professionals) under the terms of any appropriate delegation or contractual arrangement. For the purposes of the Agreement we are required to share your information with third parties, the situations in which we share this information are detailed below:
in order to comply with any legal obligation, any lawful request from government, judicial bodies or agencies to make sure we comply with our legal and regulatory obligations
with law enforcement officials; and as may be required to meet national security or law enforcement requirements or prevent illegal activity
to work with fraud prevention agencies, other companies and organisations to prevent or detect financial and other crime.
Suppliers, where necessary for the performance of the contract.
We may also share your personal information with certain suppliers when we have a legitimate interest to do so, or your explicit consent. These instances are detailed below:
Data, service and software providers to help improve, develop and maintain our products and website (which may include, for example customer data modelling or statistical and trend analysis)
Data, service and software providers to provide you with an interest‑based web journey
In agreement with communication specialists, advertisers and advertising networks that require your information so they can select communications and serve adverts about our services to you and others. We will only share your personal information with third party advertisers in order to help them provide services on our behalf
Those authorised third parties may, in turn, process your personal data abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism. Where such entities act as data processors, we make sure the appropriate safeguards are in place to protect your personal information. Where such entities act as data controllers, they will be under an obligation to process your personal data in accordance with the law.
We will endeavour to anonymise your data and/or minimise the amount of your data we share with these third parties, where possible.
We will not sell or lease your personal information to third parties unless we have your explicit consent to do so.
We are required to retain certain data records to comply with our legal, accounting and regulatory obligations. To comply with these requirements, we will retain this data for the longest period required by UK authorities.
Your personal information may be transferred or disclosed to third parties where necessary under the Agreement. This enables us to provide Services to you and to discharge our obligations to third parties, including relevant government agencies and regulators. Such third parties may also have their own data retention periods.
Any requests by you for deletion during this period may not apply to all of these data records, and such records may only be deleted once the retention period has expired.
The right of access: You have the right of access to any personal information we hold about you. You can ask us for a copy of your personal information commonly known as a ‘data subject access request’, including confirmation of how your personal information is being used by us; details about how and why it is being used
The right to rectification: You have the right to have inaccurate personal data rectified, or incomplete data completed respectively
If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at firstname.lastname@example.org. We will promptly correct any information found to be incorrect.
Right to Complain: If you have any complaints or concerns about our handling of your personal information please do get in touch with us via email at email@example.com and we will do our best to resolve these.
You also have the right to complain to the relevant member state authority, which for the United Kingdom is the Information Commissioner’s Office, by visiting their website or calling their helpline on 0303 123 1113.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The right to erasure (‘the right to be forgotten’): You have the right to request erasure of the data held by us. We are required to balance this right with its obligations under law and regulation with respect to record retention
The right to object: You have the right to object to the processing of your personal data when this is based on legitimate interest, including profiling. You also have the right to object to the processing of your personal data for marketing purposes, including profiling for direct marketing purposes
Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We maintain the highest levels of online security and privacy for your account at all times. Advanced Secure Socket Layer (SSL) 256‑bit encryption techniques ensure your personal information is protected and we house all of our data on servers in a secure facility.
Using the internet comes with risks, we cannot guarantee that any information sent to us by email or via our website will not be intercepted or tampered with. Any communications are sent at your own risk.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data processing may be undertaken by third parties which are located outside the European Economic Area (EEA). This means that the country or countries to which we transfer data will be assessed to ensure that your personal data does receive an adequate level of protection. We have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
We also allow some of these companies to use tracking pixels. Tracking pixels may be used to collect and store information about visits to our website, such as which pages you viewed and how long you spent on the website, as well as the specific advertisement that you clicked to visit our site. No personally identifiable information is stored on these cookies or web pixels. The information reported to us is aggregated and anonymous. We use this information to understand, for example, the effectiveness of our advertising and marketing.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.