1. Our role
Our Platform connect investors, wealth managers and investment fund managers and make it easier to invest in, and report on, the performance of a wide range of direct and fund investments. Our Platform enable investment fund managers to list various investment opportunities, which the investors and their authorised representatives (including their wealth manager) can browse online and invest in via the Platform. In making our Platform available to their users, we are acting as an intermediary between various parties participating in an investment process, and we are authorised by the Financial Conduct Authority to carry on such activities. Our role is not limited to simply passing on information from one user to the other. This means that we are not simply processing personal data on behalf of third parties; we have independent regulatory and contractual obligations in relation to the activities carried out by our Platform users and as a result, we receive and process various personal information about our Platform users as data controllers of their personal data.
2. Personal Information we collect
2.1 If you are an investor, in order to create an account on our Platform for you, and whilst you continue to use the Platform and related services, we will collect information about you which will include the following:
(a) Profile data: This will include information you provide to us by completing the registration process and other forms on the Platform, or information which we may receive from your investment manager or your wealth manager in order to create your account and your profile. This could include (but is not limited to) your name, date of birth, postal address, phone number, email address and certain tax and regulatory information. We only request and collect profile data that is necessary for us to process in order to operate our use accounts and facilitate investment applications you choose to make via the Platform.
(b) Financial data: We will collect from you financial information such as bank account details, credit history and reports. We only request and collect financial data that is necessary for us to process in order to facilitate investment applications investors choose to make via the Platform. We may also obtain information about your investments through our Platform from the manager whose deal or fund you have invested into or from your financial adviser where they have requested we list your historic investments.
(c) Transaction data: Details about payments to and from you in relation to your investment activity via the Platform.
(d) Personal information provided by third parties: Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us comply with our regulatory obligations. We may also receive certain personal information about you from your fund manager and/or wealth manager (if applicable). In certain circumstances we may be required to carry out enhanced due diligence checks to comply with our obligations under the Money Laundering Regulations 2017. These enhanced checks may reveal information about criminal convictions or information about an individual’s political opinions and associations and/or other sensitive personal data. We will only collect and process such information to the extent necessary to comply with our regulatory obligations and in accordance with the applicable data protection laws.
2.2 If you are using our Platform on behalf of a wealth manager or a financial adviser, for example as a member of their personnel nominated to access and use our Platform, the profile data we receive in order to set up your account will be limited to your name, email address, and any further relevant corporate details. This information is necessary for us to identify you as the user authorised to use our Platform and the particular investment opportunity to which your use of the Platform relates.
2.3 Contact data: if you contact us via our Platform or our Website, by telephone or by email, we will collect information necessary to identify you and respond to your query.
2.4 We also collect technical data about our users, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Platform. We collect this personal data by using cookies and other similar technologies. Please see our Cookies Policy for further details.
2.5 Usage data collected by us includes information about how you use the Platform, our Website and related services.
2.6 Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
2.7We also collect, use and share aggregated data such as statistical or demographic data (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity, and it cannot be used by us to identify you in any way. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Platform feature or the number of service types that are purchased.
2.8 Business contact data: If you are not a user of our Platform but we are in contact with you in relation to our offering or we have come into contact with you in the course of our business, we may collect your personal data, such as information printed on your business card or other information you give us, in order to stay in touch with you.
2.9 Other than information that we may receive as a result of enhanced due diligence checks (see paragraph 2.1(d) above), we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health or genetic or biometric data), or data relating to criminal convictions and offences.
3. How we use your personal information
3.1 We may collect, store and use your personal information for the following purposes:
(a) to verify your identity in order to prevent and detect crime and money laundering
(b) to create and manage your Platform account and update the records we hold about you from time to time;
(c) to pass onto and liaise with the relevant managers, custodians, investee companies and/or third-party identification checking services in connection with your decision to participate in an investment opportunity through the Platform and third-party providers of online investment application processing services;
(d) to manage investment application process, including payments, fees and charges;
(e) to provide and administer our Platform, our Website and related services;
(f) to contact you in relation to the use of our Platform, including to provide you reminders on important usage issues, and/or asking you to leave a review or take a survey;
(g) to respond to your queries;
(h) to detect and prevent fraud;
(i) to conduct “know your customer” checks;
(j) to carry out anonymised statistical analysis and market research;
(k) to fulfil our regulatory duties, including our reporting obligations;
(l) to administer our contract with you;
(m) to develop and improve our services and products;
(o) to manage our business, including for accounting and auditing purposes;
(p) to maintain our IT systems and manage hosting of our data;
(q) to collect and recover money owed to us;
(r) to deal with legal disputes involving you, any relevant manager, financial adviser or our suppliers; and
(s) to provide you with information, services that you request from us or which we feel may interest you, when you have consented to be contacted for such purposes.
3.2 We do not sell your data. From time to time, we may send emails containing information about new features and other news about Treble Peak, such as suggestions and recommendations about similar services we offer, which we think may be of interest to you. This is considered direct marketing. You have the right to stop us from contacting you for these purposes. We will always inform you if we intend to use your personal data for such purposes, or if we intend to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms we use to collect your data. You can also object to our processing of your personal data for such purposes at any time by contacting us at email@example.com.
3.3 Some of the above purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
3.4 We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
3.5 Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Lawful processing
4.1 We are required to rely on one or more lawful grounds to collect and use the personal information that we have outlined above. We consider the grounds listed below to be relevant:
(a)Legitimate interest: Where applicable law allows us to collect and use personal information for our legitimate interests, and the use of your personal information is fair, balanced and does not unduly impact your rights. We may rely on this ground to process your personal information when we believe that it is more practical or appropriate than asking for your consent. For instance, we rely on the legitimate interest ground to process your personal information in order to protect the security of our networks e.g. when we receive external emails we will scan such emails for any threats. We will also rely on the legitimate interest ground to communicate with you in most instances and if we need to process your personal data to conduct our business in an efficient, compliant and profitable manner. It may also be necessary to process your personal data for legitimate interest of a third party, such as your fund manager or financial adviser.
(b) Contractual relationship: Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract). For instance we will process your personal data in order to enable you to use our Platform.
(c) Legal obligation: Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject. This may be the case for example when we process personal data collected by us in order to comply with our obligations under the Money Laundering Regulations 2017.
(d) Consent: Where we ask for your consent for our use of your personal information for a specific purpose. You always have the right to withdraw your consent.
4.2 Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your personal information. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table above.
5. Will we disclose your personal data to anyone?
5.1 We may need to share your personal information with third parties such as:
our agents and service providers;
credit reference agents;
any relevant investment manager or financial adviser;
our regulators, including the Financial Conduct Authority;
law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
in the context of the possible sale or restructuring of our business.
5.2 We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information.
5.3 We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. Keeping your personal data secure
6.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
6.2 While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
6.3 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
7. Transfers of your information out of the EEA*
7.1 We may need to transfer your personal data outside the European Economic Area (EEA*), for example if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as for example a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
*(for the purposes of this section, “EEA / European Economic Area” includes the UK)