This is the privacy notice and cookies policy (Policy) of CAPITALISE.COM PLATFORM LTD (company number 9256446) whose registered office is at 20 Wenlock Road, London, England, N1 7GU (we, us, our or Capitalise). For the purposes of the General Data Protection. Regulations 2016 (GDPR) and the Data Protection Act 2018 (as applicable), it applies were we are the data controller in respect of your personal data that we become in possession of through your use of our website, products, services or platform (together our Services).
We are committed to protecting your privacy. We appreciate that you do not want the personal data you provide to us distributed indiscriminately and this Policy explains how we collect personal data, what we do with it and what controls you have. This Policy also provides certain information that is legally required and lists your rights in relation to your personal data.
If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead. This Policy is not intended for children and we do not knowingly collect personal data relating to children.
By using our Services as a prospective or registered borrower, lender or introducer, you acknowledge the processing, collection and use of personal data in accordance with this Policy.
We reserve the right to change this Policy from time to time by changing it on the website, so please check it regularly. This Policy was last updated on 20 November 2019.
We may collect and process the following personal data about you or your business:
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose ("Aggregated Data"). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information. Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not collect any information about criminal convictions and offences.
You are under no obligation to provide any personal data to us. However, if you should choose to withhold any requested information, we may not be able to provide you with certain services. An example of this would be where we are unable to provide you with certain products or services as.
We obtain your personal data from the following sources:
(a) Directly from you when you use our Services or contact us by telephone or email or instant messaging through our website. This could include personal data which you provide when you:
(b) From someone else, such as;
Any third parties authorised to provide your data to us such as a lender or introducer;
Third party services or third party applications (such as Xero, Quickbooks or Sage) to import data to the website or our platform or otherwise share your personal data with us;
(c) From publicly available sources, such as:
We will use the personal data we hold about you to:
(a) perform our contractual obligations to you, including:
(b) manage our relationship with you, including:
(c) administer our business and carry out business activities;
(d) to enable us to maintain records of who uses our Services and for what purpose;
(e) for internal purposes to use data analytics, to identify visitors to the website, to improve the layout and/or content of the pages of our Services and customise them for users;
(f) to carry out research on our users' demographics so that we can enhance our offering;
(g) to send you whitepapers or other information we think you may find useful or which you have requested from us, including information about our services, provided you have indicated that you do not object to being contacted for these purposes;
(h) to comply with our own legal and industry obligations;
(i) to detect and prevent fraud, cybercrime and other illegal activities (and to assist introducers, lenders regulators, trade bodies and law enforcement agencies in relation to the same);
(j) investigate and defend any third-party claims or allegations;
(k) enforce or apply our terms of use, terms and conditions and other agreements with third
parties.
Where we may rely on consent
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 14. You can also tell us not to contact you with information regarding our services by following the unsubscribe instructions on most communications sent to you. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.
Examples of when we may rely on your consent to process your personal data include:
(a) where, in the provision of Services to you, we need to use your sensitive / special category personal data;
(b) where we or our carefully selected third parties have new products and services which we think you will be interested in;
(c) where we would like to use photos or images taken of you in promotional materials.
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
(a) the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);
(b) the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
(c) processing is necessary for the establishment, exercise or defence of legal claims; or
(d) the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
(e) the processing is necessary in order to protect the vital interests of an individual e.g.
where there is a medical emergency.
We may disclose your personal data to:
(a) our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. This may include lenders or introducers who have registered with us to enable the lenders to assess the borrower's suitability for a financial product offered by them, and all borrowers and introducers who sign up to our Services. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Policy. The processing of any personal data by any lender or introducer following our disclosure of your personal data to such lenders or introducers will be subject to the privacy notice of that lender or introducer;
(b) our PR agency and the provider of our customer feedback. This may include aggregate statistics about visitors to the website or users of our Services in order to describe our Services to reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information;
(c) HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
(d) external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
(e) law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
(f) third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
(g) third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation). We may receive your personal data from someone else (for example if you are an introducer or lender and you provide details of a potential borrower or individual to use our Services or of your directors or employees, or someone with whom you have business dealings). If you provide the personal data of someone else to us (e.g. if you are an introducer or lender and providing the personal data of a borrower) you must ensure:
(a) that you are entitled to disclose that personal data to us; and
(b) obtain the consent necessary from each person you are providing personal data for and provide us with a copy of such consent, so that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Policy. You must ensure the individual concerned is aware of the various matters detailed in this Policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
(h) for targeted advertising through digital platforms, social media and television (this may entail profiling, data enrichment and audience segmentation);
It is important that the personal data we hold is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
The website may, from time to time, contain links to external websites or services. We are not responsible for the privacy policies or the content of such websites or services. This Policy does not apply to any third-party services that you choose to access through our website (Third Party Platforms) or to any applications developed by third parties that we do not own or control (Third Party Apps). For example, this Policy does not cover any personal data you can view on, or submit to, Third Party Platforms via our website. We are not responsible for the content or privacy policies of any Third Party Platforms or Third Party Apps and recommend that you review the policies of any Third Party Platforms and/or Third Party Apps that you access via our Services.
We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. Our measures are aimed at having the ability to:
These measures are also periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. While we cannot ensure or guarantee that loss, misuse or alteration of personal data will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of personal data over the internet is never entirely secure. We cannot guarantee the security of personal data you submit via the website while it is in transit over the internet and any such submission is at your own risk.
It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal data if you use a shared computer or a computer in a public place.
The personal data we hold about you may be transferred, stored and/or processed on secure servers located in the European Economic Area. This is necessary in order to process the information. It is also possible that personal data we hold about you may also be transferred, stored and/or processed outside the European Economic Area. In connection with such transfers we will ensure that:
(a) there are appropriate safeguards in place such as binding corporate rules or the approved EU model contractual clauses between us and the recipient. A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in paragraph 14; or
(b) the transfer is to a country that provides an adequate level of protection such as to a country approved by the European Commission or to certain organisations with the US pursuant to the Privacy Shield (as per Article 45 GDPR (or English law equivalent)); or
(c) one of the derogations for specific situations in the first sub-paragraph of Article 49(1) GDPR (or English law equivalent) applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.
We will store your personal data for the time period which is appropriate in accordance with the following criteria:
(a) the on-going business operation / relationship that we have with you;
(b) the completion of the purpose for which the personal data was given;
(c) our legal obligations in relation to that personal data and other legal requirements;
(d) the type and size of the data held and whether any if it is deemed to be special category
personal data; or
(e) our accounting requirements in relation to that personal data.
We keep the length of time that we hold your personal data for under review. These reviews take place annually.
Subject to applicable law including relevant data protection laws, in addition to your ability towithdraw any consent you have given to our processing your personal data (see paragraph 5), you may have a number of rights in connection with the processing of your personal data, including:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
If you would like to exercise any of the rights set out above, please contact us using the contact
details set out in paragraph 14.
When you visit our website, our web server sends a cookie to your computer. Cookies are small pieces of information which are issued to your computer when you visit a website, and which store and sometimes track information about your use of the website. A number of cookies we use last only for the duration of your web session and expire when you close your browser ('session cookies'). Other cookies are used to remember you when you return to the website and will last for longer ('persistent cookies').
We use cookies to:
Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note, however, that by blocking or deleting cookies used on the website, you may not be able to take full advantage of the website.
|
Cookie name |
Purpose |
Type & duration |
|
Capitalise Website |
Authentication/Login |
Session only |
|
Google Tag Manager |
Analytics on system usage |
Session only |
|
Google Analytics |
Analytics on system usage |
Session and up to |
|
Intercom Messenger |
Instant messaging |
Session and up to |
|
Inspectlet Tracking |
Support for customers |
Session and up to |
|
Wistia Video Hosting |
Analytics on video usage |
Session only |
If you have any questions, concerns or comments about this privacy policy or any requests concerning your personal data, please contact us: