When we refer to our “website” or the “Site” we mean http://globacap.com including the any of its sub-domains or pages and the Globacap Platform accessible at https://platform.globacap.com/. References to “we”, “our” or “us” is to Globacap Limited and our affiliates, operating under the name of Globacap, and “you” or “your” (or similar) is to users of the Site or our services.
We may collect, store and otherwise process different kinds of personal data about you. For ease of reference we have grouped these data together as set out below, together with some examples of each type of data.
Globacap will generally be the ‘data controller’ of the personal data that it collects and processes itself directly from you or from its websites. In other circumstances we may only act as a ‘data processor’ in respect of your information (for instance where your information is provided to us or processed by us or through our Site by one or more of our customers who is the ‘data controller’ of that data).
We do not routinely collect any ‘sensitive’ information about you, such as about your race or ethnicity, religious or philosophical beliefs, health, sexual orientation, political opinions, and so on. Nor do we collect any information about criminal convictions and offences other than for the purposes of employee screening where permitted. If you do give us ‘sensitive’ information we will only use this information strictly in accordance with the law.
This website is not intended for children and we do not knowingly collect data relating to children.
Globacap as data processor
In certain circumstances our Customers may process personal data about you on our Site or through the Platform, and Globacap may act as a ‘data processor’ (or sub-processor) of that data (and our customer would be the ‘data controller’ or a data processor of the data controller).
For instance if you are a stakeholder in a company – a shareholder, option-holder, securityholder, or similar – then that company may include your data as part of their account on the Site or the Platform; for instance they may record your name, your address, your ownership or other entitlements, and other information on their share register, option register, or similar. In this situation the company would be the ‘data controller’ and Globacap would be the ‘data processor’ of your data. This will be the case regardless of whether you have signed up for a Globacap account or provided your data directly to Globacap. If you have concerns about the use of your data in this situation, we recommend you contact the relevant data controller, being the company in this example.
We use different methods to collect and process data from and about you. These include:
Interactions with us. You or persons acting on your behalf may give us your data including if you or they:
Our clients. Clients or customers of our products may provide your personal data to us. An example could be where we administer the share register of a company, that company may provide us with your personal data (e.g. your name, address, and/or bank details).
Third parties. We will receive personal data about you from various third parties such as know-your-customer, know-your-business, anti-money-laundering or other identity verification services, credit-reference agencies, fraud-prevention agencies, analytics providers, and partners who help us to provide our services or who help us comply with our regulatory obligations or our internal compliance obligations. These may include third party data aggregators. We may in some instances be able to combine data from multiple sources.
Publicly available sources. We may also obtain data from publicly available sources such as Companies House or electoral registers.
Where we need to collect personal data and you fail to provide that data when requested, we may not be able to provide services to you or perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In some circumstances we may have to cancel a product or service you have with us or cease providing a service we were providing to you, including restricting, suspending or terminating your account or your access to the Site or certain parts or functionality of the Site.
We will only use or process your personal data when the law allows us to. Most commonly, we will use or process your personal data in the following circumstances.
To comply with our legal and regulatory obligations or our compliance processes. If you do not provide this data we may not be able to provide services to you. For example:
To provide our services, carry out our obligations or enforce our rights under our contracts with you or others. For example:
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example:
You will receive marketing communications from us if you have requested information from us, signed-up for our newsletter, created an account on our website, or otherwise have provided your information or data to us and you have not opted out of receiving that marketing.
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we include this in marketing).
Communications that are required by law or that we are making on behalf of third parties (for instance a communication to you as a shareholder or other stakeholder of a company who utilises our platform) are not considered “marketing” for these purposes. Any opt-out (see below) will not affect or restrict our ability to send or to allow our customers to send, those types of communications to you.
We will get your consent before we share your personal data with any third party for their own marketing purposes (other than marketing agencies or consultants working for us to market our products or services).
You can ask us or third parties to stop sending you marketing at any time by contacting us at any time.
Where you opt out of receiving these marketing messages, this will only apply to receipt of marketing messages and will not apply to personal data provided to us as a result of a product or service that we provide to you or other interactions with our website.
We may share your personal data as permitted by this policy or by law, including with:
We may also share your personal data to comply with the law or other legal or regulatory or disclosure obligations, or to protect the rights or safety of us or others.
In some instances, your personal data may be transferred, stored or otherwise processed outside outside the European Economic Area (‘EEA’). People who work for us or our suppliers or service providers outside the EEA might also process your data, or those persons may transfer your data outside the EEA even if those persons are within the EEA. We will take reasonable steps to ensure that where we transfer or process your data outside the EEA this is protected by similar or equivalent safeguards as is provided under EU and UK law, such as model contract clauses or the EU-US Privacy Shield.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will comply notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for or to comply with our legal obligations.
Where you are a client, we will keep your data for as long as you are a client and for six (6) years after that to comply with our legal obligations (including regulatory, tax, accounting or reporting requirements) (or such longer period as may be required by law). We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In other circumstances, to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Our standard retention period is six years. Details of retention periods for different aspects of your personal data are available on request.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You have a right among other things to:
Please note that there may be circumstances where we are entitled to refuse your requests, for instance where we have a legal obligation to retain information.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We’re registered with the Information Commissioner’s Office (ICO) under number ZA559999.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.