Capitalise Privacy and Cookies Policy

  1. Introduction
  2. Personal data we may collect from you
  3. The sources of which we obtain your personal data
  4. Uses made of your information
  5. Our lawful basis for processing your personal data
  6. Information sharing
  7. Accuracy of your personal data
  8. Third party services
  9. Security
  10. International transfer of personal data
  11. How long we will store your personal data for
  12. Your rights
  13. Cookies
  14. Contacting us

 

Introduction

This is the privacy notice and cookies policy (Policy) of CAPITALISE.COM PLATFORM LTD (company number 9256446) whose registered office is at 2 Valentine Place, 3rd Floor, London, England, SE1 8QH (we, us, our or Capitalise). For the purposes of the General Data Protection. Regulations 2016 (GDPR) and the Data Protection Act 2018 (as applicable), it applies were we are the data controller in respect of your personal data that we become in possession of through your use of our website, products, services or platform (together our Services).

We are committed to protecting your privacy. We appreciate that you do not want the personal data you provide to us distributed indiscriminately and this Policy explains how we collect personal data, what we do with it and what controls you have. This Policy also provides certain information that is legally required and lists your rights in relation to your personal data.

If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead. This Policy is not intended for children and we do not knowingly collect personal data relating to children.

By using our Services as a prospective or registered borrower, lender or introducer, you acknowledge the processing, collection and use of personal data in accordance with this Policy. 

We reserve the right to change this Policy from time to time by changing it on the website, so please check it regularly. This Policy was last updated on 20 November 2019.

 

Personal data we may collect from you

We may collect and process the following personal data about you or your business:

  • Individual information. This includes personal data which relates to your identity (such as your name, email address, postal address, telephone number and copies of your passport or driving licence).
     
  • Financial information. This includes financial information about you or your business (such as your bank account and payment card details or further information which we collect from you or which has been provided to us).
     
  • Account and Profile Data. This includes personal data relating to account sign-in facility, your log-in and password details.
     
  • Transaction Data. This includes details of any transactions made by you through our Services.
     
  • Communications. This includes any correspondence with you, for example to report a problem or to submit queries, concerns or comments regarding our Services.
     
  • Information Technology Data. This includes personal data which relates to your use of our. Services, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
     
  • Advertising Data. This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences.
     
  • Market Research Data. This includes personal data which is gathered for the purposes of market research, such as preferences around financial products.

We also obtain and use certain aggregated data such as statistical or demographic data for any purpose ("Aggregated Data"). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information. Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

We do not collect any information about criminal convictions and offences.

You are under no obligation to provide any personal data to us. However, if you should choose to withhold any requested information, we may not be able to provide you with certain services. An example of this would be where we are unable to provide you with certain products or services as.

 

The sources of which we obtain your personal data

We obtain your personal data from the following sources:

(a) Directly from you when you use our Services or contact us by telephone or email or instant messaging through our website. This could include personal data which you provide when you:

  • Subscribe to any of our Services;
  • Complete forms on our website, including if you open an account on our website or for our Services;
  • Upload or submit any material to us;
  • Request information on our products or services or for other marketing to be sent to you;
  • Complete a survey from us or give us feedback; and
  • Complete an enquiry form or enter a competition.

(b) From someone else, such as;

Any third parties authorised to provide your data to us such as a lender or introducer;
Third party services or third party applications (such as Xero or Quickbooks) to import data to the website or our platform or otherwise share your personal data with us;

  • Analytics providers (such as Google Analytics, MixPanel);
  • Our provider of customer feedback (such as Typeform);
  • Advertising networks (such as Google Ads, LinkedIn);
  • Providers of technical, payment and delivery services (such as Stripe and GoCardless);
  • Providers of social media platforms (such as Facebook, Twitter and Linkedin) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter or Linkedin.

(c) From publicly available sources, such as:

  • Companies House;
  • The electoral roll;
  • HM Land Registry; and
  • Credit reference agencies such as Creditsafe.

 

Uses made of your information

We will use the personal data we hold about you to:

(a) perform our contractual obligations to you, including:

  • To provide your business with the Services (either as a lender, borrower or introducer);
  • If you are using our Services on behalf of a borrower (either as a lender or an introducer), to enable us to provide to one or more lenders which are registered with us the necessary information to enable them to assess the borrower's suitability for a financial product offered by the lender(s) as set out in the Capitalise Terms of Use (https://capitalise.com/legal/website-terms-of-use);
  • To enable us to facilitate the requested relationships between introducers, borrowers and/or lenders via the website;
  • To administer your account with us on behalf of your business as a borrower, lender or introducer; and
  • As further set out in the section entitled "Information Sharing" in paragraph 6,

(b) manage our relationship with you, including:


● to send you important notices such as communications about changes to our terms and conditions and policies (including this Policy);
● to provide you with important real-time information about products or services;
● to send you information you have requested;
● to deal with your enquiries; and
● to ask you to leave a review or feedback on us;

(c) administer our business and carry out business activities;

(d) to enable us to maintain records of who uses our Services and for what purpose;

(e) for internal purposes to use data analytics, to identify visitors to the website, to improve the layout and/or content of the pages of our Services and customise them for users;

(f) to carry out research on our users' demographics so that we can enhance our offering;

(g) to send you whitepapers or other information we think you may find useful or which you have requested from us, including information about our services, provided you have indicated that you do not object to being contacted for these purposes;

(h) to comply with our own legal and industry obligations;
 
(i) to detect and prevent fraud, cybercrime and other illegal activities (and to assist introducers, lenders regulators, trade bodies and law enforcement agencies in relation to the same);

(j) investigate and defend any third-party claims or allegations; 

(k) enforce or apply our terms of use, terms and conditions and other agreements with third
parties.

 

Our lawful basis for processing your personal data

Where we may rely on consent 
For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please contact us using the contact details set out in paragraph 14. You can also tell us not to contact you with information regarding our services by following the unsubscribe instructions on most communications sent to you. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.

Examples of when we may rely on your consent to process your personal data include:
(a) where, in the provision of Services to you, we need to use your sensitive / special category personal data;

(b) where we or our carefully selected third parties have new products and services which we think you will be interested in;

(c) where we would like to use photos or images taken of you in promotional materials.

Other legal bases we may rely on

Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:

(a) the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);

(b) the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;

(c) processing is necessary for the establishment, exercise or defence of legal claims; or

(d) the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:

  • The provision of Services;
  • The recovery of debt;
  • The provision of administration and / or IT services;
  • The security of our IT network;
  • The prevention or detection of fraud or cybercrime;
  • Marketing of products and services and promotion of our business;
  • The reorganisation or sale or refinancing of our business;
  • The study in how to develop and the update of our products and services;
  • The development of our business strategy;
  • Protecting our business and property.

(e) the processing is necessary in order to protect the vital interests of an individual e.g.
where there is a medical emergency.

 

Information sharing

We may disclose your personal data to:
(a) our group companies and affiliates or third party data processers who may process data on our behalf to enable us to carry out our usual business practices. This may include lenders or introducers who have registered with us to enable the lenders to assess the borrower's suitability for a financial product offered by them, and all borrowers and introducers who sign up to our Services. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Policy. The processing of any personal data by any lender or introducer following our disclosure of your personal data to such lenders or introducers will be subject to the privacy notice of that lender or introducer;

(b) our PR agency and the provider of our customer feedback. This may include aggregate statistics about visitors to the website or users of our Services in order to describe our Services to reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information;

(c) HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;

(d) external professional advisers such as accountants, bankers, insurers, auditors and lawyers;

(e) law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;

(f) third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;

(g) third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation). We may receive your personal data from someone else (for example if you are an introducer or lender and you provide details of a potential borrower or individual to use our Services or of your directors or employees, or someone with whom you have business dealings). If you provide the personal data of someone else to us (e.g. if you are an introducer or lender and providing the personal data of a borrower) you must ensure:

(a) that you are entitled to disclose that personal data to us; and

(b) obtain the consent necessary from each person you are providing personal data for and provide us with a copy of such consent, so that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Policy. You must ensure the individual concerned is aware of the various matters detailed in this Policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.

 

Accuracy of your personal data

It is important that the personal data we hold is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

 

Third party services

The website may, from time to time, contain links to external websites or services. We are not responsible for the privacy policies or the content of such websites or services. This Policy does not apply to any third-party services that you choose to access through our website (Third Party Platforms) or to any applications developed by third parties that we do not own or control (Third Party Apps). For example, this Policy does not cover any personal data you can view on, or submit to, Third Party Platforms via our website. We are not responsible for the content or privacy policies of any Third Party Platforms or Third Party Apps and recommend that you review the policies of any Third Party Platforms and/or Third Party Apps that you access via our Services.

 

Security 

 

We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal data under our control. Our measures are aimed at having the ability to:

  • Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; and
  • Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

These measures are also periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. While we cannot ensure or guarantee that loss, misuse or alteration of personal data will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of personal data over the internet is never entirely secure. We cannot guarantee the security of personal data you submit via the website while it is in transit over the internet and any such submission is at your own risk.

It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal data if you use a shared computer or a computer in a public place.

 

International transfer of personal data

The personal data we hold about you may be transferred, stored and/or processed on secure servers located in the European Economic Area. This is necessary in order to process the information. It is also possible that personal data we hold about you may also be transferred, stored and/or processed outside the European Economic Area. In connection with such transfers we will ensure that:


(a) there are appropriate safeguards in place such as binding corporate rules or the approved EU model contractual clauses between us and the recipient. A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in paragraph 14; or


(b) the transfer is to a country that provides an adequate level of protection such as to a country approved by the European Commission or to certain organisations with the US pursuant to the Privacy Shield (as per Article 45 GDPR (or English law equivalent)); or


(c) one of the derogations for specific situations in the first sub-paragraph of Article 49(1) GDPR (or English law equivalent) applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.

 

How long we will store your personal data for

 

We will store your personal data for the time period which is appropriate in accordance with the following criteria:
(a) the on-going business operation / relationship that we have with you;

(b) the completion of the purpose for which the personal data was given;

(c) our legal obligations in relation to that personal data and other legal requirements;

(d) the type and size of the data held and whether any if it is deemed to be special category
personal data; or

(e) our accounting requirements in relation to that personal data.

We keep the length of time that we hold your personal data for under review. These reviews take place annually.

 

Your rights

Subject to applicable law including relevant data protection laws, in addition to your ability towithdraw any consent you have given to our processing your personal data (see paragraph 5), you may have a number of rights in connection with the processing of your personal data, including:

  • The right to request access to your personal data that we process or control;
  • The right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
  • The right to request, on legitimate grounds as specified in law:

(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;

  • The right to object, on legitimate grounds as specified in law, to the processing of your personal data;
  • The right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
  • The right to lodge complaints regarding the processing of your personal data with the Information Commissioner's Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.


If you would like to exercise any of the rights set out above, please contact us using the contact
details set out in paragraph 14.

Cookies

When you visit our website, our web server sends a cookie to your computer. Cookies are small pieces of information which are issued to your computer when you visit a website, and which store and sometimes track information about your use of the website. A number of cookies we use last only for the duration of your web session and expire when you close your browser ('session cookies'). Other cookies are used to remember you when you return to the website and will last for longer ('persistent cookies').
We use cookies to:

  • Remember that you have visited us before so that we can identify the number of unique visitors we receive and allow us to make sure we have enough capacity for the number of users that we get;
  • Customise elements of the promotional layout and/or content of the pages of the website; and
  • Collect anonymous statistical information about how you use the website (including howlong you spend on the website) and where you have come to the website from, so that wecan improve the website and learn which parts of the website are most popular with users.

Most web browsers automatically accept cookies but, if you prefer, you can change your browser
to prevent that or to notify you each time a cookie is set. You can also learn more about cookies
by visiting www.allaboutcookies.org which includes additional useful information on cookies and
how to block cookies using different types of browser. Please note, however, that by blocking or
deleting cookies used on the website, you may not be able to take full advantage of the website.

Our cookies

Cookie name

Purpose

Type & duration

Capitalise Website
Session

Authentication/Login

Session only

Google Tag Manager

Analytics on system usage

Session only

Google Analytics

Analytics on system usage

Session and up to
2 years

Intercom Messenger

Instant messaging 

Session and up to
1 years

Inspectlet Tracking

Support for customers

Session and up to
1 years

Wistia Video Hosting

Analytics on video usage

Session only

 

Contacting us

If you have any questions, concerns or comments about this privacy policy or any requests concerning your personal data, please contact us:

  • By emailing us at support@capitalise.com; or
  • By writing to us at 2 Valentine Place, SE1 8QH, United Kingdom.