Myles Milston, CEO, joins FinTech Alliance’s webinar looking at the scalability of FinTechs and what they must do to create sustainable growth paths. The expert…
When we refer to our “website” or the “Site” we mean http://globacap.com including the any of its sub-domains or pages and the Globacap Platform accessible at https://platform.globacap.com/. References to “we”, “our” or “us” is to Globacap Limited and our affiliates, operating under the name of Globacap, and “you” or “your” (or similar) is to users of the Site or our services.
The data we collect about you
We may collect, store and otherwise process different kinds of personal data about you. For ease of reference we have grouped these data together as set out below, together with some examples of each type of data.
Globacap will generally be the ‘data controller’ of the personal data that it collects and processes itself directly from you or from its websites. In other circumstances we may only act as a ‘data processor’ in respect of your information (for instance where your information is provided to us or processed by us or through our Site by one or more of our customers who is the ‘data controller’ of that data).
- Identity information such as first name, maiden name, last name, username or similar identifier
- Other information such as marital status, title, date of birth and gender
- Information such as identification documents (for example, your passport or driving licence number), copies of any documents you have provided for identification, onboarding or verification purposes
- Visual information and media such as ID photos or other images or video of you, for instance for ID verification or onboarding, including ‘liveness’ checks
- Address information such as registered address, contact address, billing address
- Contact information such as email address, telephone numbers, or similar
- Bank account and payment card details and other financial information or information relating to your financial assets
- Investment details, such as details about investments you may make (including those not filled or subsequently cancelled) through the platform, assets you may hold that are recorded in the platform, or payment or deposit information
- Details about your interactions with investments or opportunities on the platform or
- details about payments to and from you and other details of products and services you use
- information relating to transactions such as date, time, amount, currencies, exchange rate, beneficiary details, sender’s and receiver’s name and registration information, the payment method used, and so forth
- information relating to your investments or transactions in those investments
- information relating to transfers in/out of your accounts or relating to you or your account
- information about the devices or browsers that you use to access our website including browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on or identifying information about the devices you use to access this website
- information relating to your account, including username and password, holdings, investments, orders, and other activity, including your preferences and other settings
- information as part of any investor classification, including for regulatory purposes, titles or qualifications you may hold, offices that you may hold, professional experience, investment experience, and so forth
- your interests, preferences, feedback and survey responses, and records of any discussions or interactions we may have had with you
- your preferences in receiving marketing from us and our third parties and your communication preferences
- information about how you use or interact with our website, products and services or companies that utilise our platform or services
- information about your visits to the website and historic visits, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page
- information about how you interact with specific pages for instance specific deal pages for specific investments
We do not routinely collect any ‘sensitive’ information about you, such as about your race or ethnicity, religious or philosophical beliefs, health, sexual orientation, political opinions, and so on. Nor do we collect any information about criminal convictions and offences other than for the purposes of employee screening where permitted. If you do give us ‘sensitive’ information we will only use this information strictly in accordance with the law.
This website is not intended for children and we do not knowingly collect data relating to children.
Globacap as data processor
In certain circumstances our Customers may process personal data about you on our Site or through the Platform, and Globacap may act as a ‘data processor’ (or sub-processor) of that data (and our customer would be the ‘data controller’ or a data processor of the data controller).
For instance if you are a stakeholder in a company – a shareholder, option-holder, securityholder, or similar – then that company may include your data as part of their account on the Site or the Platform; for instance they may record your name, your address, your ownership or other entitlements, and other information on their share register, option register, or similar. In this situation the company would be the ‘data controller’ and Globacap would be the ‘data processor’ of your data. This will be the case regardless of whether you have signed up for a Globacap account or provided your data directly to Globacap. If you have concerns about the use of your data in this situation, we recommend you contact the relevant data controller, being the company in this example.
How is your personal data collected?
We use different methods to collect and process data from and about you. These include:
Interactions with us. You or persons acting on your behalf may give us your data including if you or they:
- apply for our products or services;
- create and/or set-up an account on our website;
- onboard to our platform or create or amend your profile or fill in any investor questionnaires;
- utilise any functionality of our website or platform;
- be involved in or interact with any companies utilising our platform;
- subscribe to our service or publications including our newsletter, or enter into a survey;
- request marketing to be sent to you;
- communicate with us.
Our clients. Clients or customers of our products may provide your personal data to us. An example could be where we administer the share register of a company, that company may provide us with your personal data (e.g. your name, address, and/or bank details).
Third parties. We will receive personal data about you from various third parties such as know-your-customer, know-your-business, anti-money-laundering or other identity verification services, credit-reference agencies, fraud-prevention agencies, analytics providers, and partners who help us to provide our services or who help us comply with our regulatory obligations or our internal compliance obligations. These may include third party data aggregators. We may in some instances be able to combine data from multiple sources.
Publicly available sources. We may also obtain data from publicly available sources such as Companies House or electoral registers.
What if you do not provide data to us?
Where we need to collect personal data and you fail to provide that data when requested, we may not be able to provide services to you or perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In some circumstances we may have to cancel a product or service you have with us or cease providing a service we were providing to you, including restricting, suspending or terminating your account or your access to the Site or certain parts or functionality of the Site.
How we use your personal data
We will only use or process your personal data when the law allows us to. Most commonly, we will use or process your personal data in the following circumstances.
To comply with our legal and regulatory obligations or our compliance processes. If you do not provide this data we may not be able to provide services to you. For example:
- To confirm your identity in order to create your account and ensure that you are eligible to use one or more services or functionality available on the Site. For example:
- To conduct required know-your-customer, know-your-business, anti-money laundering, and other fraud or financial crime checks on you, and ongoing monitoring of the same. This may extend to transactions or services you may make or use via the Site.
- To verify your status and your client classification under one or more applicable laws, rules or regulations, for example to confirm whether you are eligible to access certain functionality on the Site or make one or more investments
- To enable us to comply with our legal or regulatory or compliance responsibilities, including regulatory reporting or reporting to tax or other governmental authorities
To provide our services, carry out our obligations or enforce our rights under our contracts with you or others. For example:
- To enforce our terms and conditions and the terms of any other contract we have in place with you.
- To process and administer payments and investments in connection with the services provided on the Site.
- To carry out your instructions, for instance to process any investments or orders you may make, or other requests or instructions you may give.
- To provide information to Companies raising capital using the Site, for instance analytics, statistics and other information.
- In the case of companies that you are a stakeholder in, to provide those entities with information about you, for instance your name, address, and other information to allow those companies to fulfil their obligations to you and/or ensure their compliance with their legal or other obligations.
- Where you have been introduced or referred to us by a third party, to communicate with that third party including informing them that you have created your account or the status of your account.
- To provide you with information or notifications about your account, including any new messages or communications, or information about investment offers.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example:
- Performing our services and marketing our products and services or those available on our website.
- Monitoring, administering and improving our Site and the services or products we provide.
- Where you have a Globacap account and you update your personal information (for instance your name changes, or you update your address or other contact information), that updated information will be shared with other companies that you are a stakeholder in, for instance to update their shareholder registry or their option records. This allows our customers to have the most current contact information for you, and allows you to not have to manually update each company that you may be a stakeholder in.
- Where you have registered for a Globacap account, and you are a stakeholder in one or more companies that are our customers, your contact email(s) are shared with those customers. These Customers may send you messages via the messaging functionality on the Site or to your registered email address(es) for business reasons, such as to keep you updated on important news and events or for their corporate communications such as meeting notifications or resolutions. It is the obligation of these companies to ensure that the email notifications are in compliance with applicable law.
- Where you are a “user” or an “admin” of one of our customers in connection with the Site, one or more parts of the Site or its functionality, or the services we are providing to that customer, we may use your data to perform our contract with that customer, or to provide that customer with information relating to your use of the Site or the relevant services as their user or admin;
- In the case of individuals or businesses that have registered or indicated an interest in our Site or our services or products, to contact you to provide you with information about us or our services and on other selected products and services or information that we think may be of interest to you (unless you have asked us not to do so).
- Contacting you for feedback, surveys, customer support, or other similar reasons connected with our Site, or our services, or your use of either of them.
- To advertise, publicise and promote our business, and to measure, understand, or improve the effectiveness of advertising we provide to you and others.
- Track, analyse and improve the services we give you and other customers.
You will receive marketing communications from us if you have requested information from us, signed-up for our newsletter, created an account on our website, or otherwise have provided your information or data to us and you have not opted out of receiving that marketing.
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we include this in marketing).
Communications that are required by law or that we are making on behalf of third parties (for instance a communication to you as a shareholder or other stakeholder of a company who utilises our platform) are not considered “marketing” for these purposes. Any opt-out (see below) will not affect or restrict our ability to send or to allow our customers to send, those types of communications to you.
We will get your consent before we share your personal data with any third party for their own marketing purposes (other than marketing agencies or consultants working for us to market our products or services).
You can ask us or third parties to stop sending you marketing at any time by contacting us at any time.
Where you opt out of receiving these marketing messages, this will only apply to receipt of marketing messages and will not apply to personal data provided to us as a result of a product or service that we provide to you or other interactions with our website.
Disclosures of your personal data
We may share your personal data as permitted by this policy or by law, including with:
- Anyone who works for us or for our group when they need it to do their job or for us to provide services to you.
- To our group companies as needed to perform services we or they are providing to you.
- Any organisation which supports our Site, our compliance processes, or any of our services you use, when they need it to offer those services, for instance: credit reference agencies, analytical, Know Your Customer (KYC), Know Your Business (KYB), anti-money-laundering (AML), and payment services providers, banking or other financial services providers, cyber security, or other similar service providers, and customer ‘interface’ providers.
- Where you are a stakeholder (for instance a shareholder or an option-holder) in one of our customers or you own any securities administered by or through the Site, with that customer or the relevant company or issuer of those securities or their Users.
- Where you are a “user” or an “admin” of a company that is our customer, to that customer and its other users or admins.
- Companies that do advertising or marketing for us (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time).
- Legal, regulatory, tax and other authorities, where requested or required.
- Our banking and custodial partners, for instance to comply with their own KYC / anti-money-laundering requirements, or to identify assets as belonging to or being held for you.
- Technology service providers such as e-signature or other providers where necessary to provide our services or products from time to time.
- Anyone who you give us explicit permission to share it with.
- To enforce our terms and conditions or other agreements or contracts we have with you, or to carry out your instructions or comply with our other agreements in place with you (for instance in connection with your investments).
- As set out in this policy, including the section titled ‘How we will use your personal data‘.
We may also share your personal data to comply with the law or other legal or regulatory or disclosure obligations, or to protect the rights or safety of us or others.
In some instances, your personal data may be transferred, stored or otherwise processed outside outside the European Economic Area (‘EEA’). People who work for us or our suppliers or service providers outside the EEA might also process your data, or those persons may transfer your data outside the EEA even if those persons are within the EEA. We will take reasonable steps to ensure that where we transfer or process your data outside the EEA this is protected by similar or equivalent safeguards as is provided under EU and UK law, such as model contract clauses or the EU-US Privacy Shield.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will comply notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for or to comply with our legal obligations.
Where you are a client, we will keep your data for as long as you are a client and for six (6) years after that to comply with our legal obligations (including regulatory, tax, accounting or reporting requirements) (or such longer period as may be required by law). We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In other circumstances, to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Our standard retention period is six years. Details of retention periods for different aspects of your personal data are available on request.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
You have a right among other things to:
- Access the personal data we hold about you, or to get a copy of it.
- Ask us to correct inaccurate data.
- Ask us to delete, ‘block’ or suppress your data, though for legal reasons we might not always be able to do it, and there are other limitations to this right.
- Object to us using your data for direct marketing and certain other purposes
- Withdraw any consent you’ve previously given us going forwards. Note, it will have been lawful for us to use the personal information up to the point you withdrew your permission
Please note that there may be circumstances where we are entitled to refuse your requests, for instance where we have a legal obligation to retain information.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We’re registered with the Information Commissioner’s Office (ICO) under number ZA559999.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Myles Milston, CEO, joins Innovate Finance’s webinar as a speaker in their Spotlight Series episode exploring Exit Strategies. Hear from experts from the FinTech industry…
Every month, Globacap and MiniBarLabs invite top investors, entrepreneurs and legal experts to take you on a journey of scaling your business from first financing to exit….