WiseAlpha Technologies Limited, WiseAlpha plc, any of our affiliates and any other entity which may, from time to time, accede to the Investor Agreement (entered into between you, WiseAlpha Technologies Limited and WiseAlpha plc) as a WiseAlpha Product Issuer (as defined therein) ("we", "us") may collect, use and store personal information about you as an individual.
WiseAlpha Technologies Limited is registered with the Information Commissioner's Office under registration reference ZAO51908. The protection of your personal information is important to us and we will treat your personal information as private and confidential. However, in the circumstances we describe below we may use your personal information and share it with third parties.
The personal information we collect and how we collect it
How we use your personal information
When and why we share your personal information
Lawful basis for processing data
Subject access requests
What you can do to protect your personal information
How we protect the personal information we hold
What you should be aware of when you click through to other websites from our website
Data Protection Impact Assessment
Data Protection Officer
Our policy on cookies
We may need to update this Policy from time to time. An up-to-date version of this Policy will always be available on our website and if we make any material changes which we think you should be made aware of we will notify you by prominently posting a notice on our website www.wisealpha.com which you will see when you next log on together with the updated version of this Policy and/or by email to the email address you register with us and to which your consent will be deemed to be given by your continued use of our website.
For information about cookies and how we use these please see our policy on cookies below.
1. The personal information we collect and how we collect it
We collect certain personal information about you during the registration process and on an on-going basis once you start using the WiseAlpha website.
The types of personal information we collect during the registration process
This may include basic personal information such as and not limited to your:
- Email address;
- Date of birth;
- Home address and telephone number;
- Identification documentation e.g. your passport or driving license;
- Occupation, net investible assets and sources of income for the purposes of client onboarding, marketing and relationship management.
As well as personal information that:
- we reasonably require to carry out checks for know your client, anti-money laundering and anti-fraud purposes; and to check your creditworthiness;
- we reasonably consider is helpful to assess your suitability and eligibility to invest in our products ; and
- you may wish to share with us, for example information about your investment objectives
for the purposes of compliance, finance and IT:
We may obtain personal information about you from third parties such as credit reference agencies, fraud prevention agencies and identification verification agencies as part of the checks we carry out as described above.
The types of personal information we collect once you start using our website
This includes information about:
- your bank account and card details in order to process payments to you;
- your communications with us, including emails, phone calls and webchats;
- any permissions, consents or preferences that you give us, including communications that you would like to receive from us and how you would like us to contact you;
- your computer and your visits to, and use of our website or third party websites such as your IP address, geographical location, browser type, referral source, length of visit, and page views through the use of log files;
- your transactions and other use of our services; and
- you, specifically your name and email address if you contact us through our website with questions about our company or lending operations and are not already a registered user. We collect this information for the sole purpose of responding to such enquiries and do not store this information for later use unless you instruct us to or give us consent to do so.
How do we collect your information?
We may collect personal information:
- Via our website;
- Via livechat;
- Via the internet;
- Via customer surveys;
- Via face to face meetings with members of the WiseAlpha team;
- By email and letters; and
- By phone.
We may also collect personal information from third parties we work with:
- Our ‘KYC’ service provider;
- Our payment service provider;
- Credit reference agencies;
- Financial advisers; and
- Companies that introduce you to us.
If you refer someone to our website directly from our website or via a partner’s website, we will store and track information about your referral and the person you refer to us only long enough to determine the effectiveness of our marketing activities and for the purposes of those activities. You should only refer someone to us if you have their consent to do so. We will not add the people you have referred to us to any mailing list or contact them independently of the referral process unless you made the referral as part of a bonus referral programme in which case we will store the information about the person you refer to us so that we can credit your account for the referral.
2. How we use your personal information
We collect, use and store your personal information for the following purposes:
- to register you and create an account for you so that you can start investing;
- to verify your identity, for fraud prevention and creditworthiness assessments and to implement automatic payments and fund transfers;
- to contact you if there is any problem with completing a transaction you requested or your account;
- to notify you about changes to or developments to the features and operation of the services or to our terms of service or this Policy;
- to respond to your queries and any complaints you may have;
- to update and improve the accuracy of the personal information we hold on you;
- to effectively manage our relationship with you and better understand your needs as an investor;
- to evaluate the effectiveness of marketing, and for market research and training;
- for customer modelling, statistics and trends analysis for the purposes of developing and improving the services we provide to you;
- to test new systems and check updates to existing systems;
- to remain in regular contact with you as may be necessary to execute transactions you request;
- to improve usability of our website and to evaluate the success of particular marketing/advertising campaigns, search engine optimisation strategies and other marketing activities;
- to help us ensure that our website has all of the appropriate features and functionality for the services we offer you and to improve the user experience;
- to send you service related notifications from time to time. You will receive notifications confirming your registration, the successful verification of contact details and bank accounts, and confirming successful submissions of orders. You will also receive progress updates on the status of orders you have submitted. These are transactional notifications that you cannot opt out of receiving, as they are in place to protect the security of your account and your personal information. We may also send you responses to any correspondence, if appropriate or applicable;
- to send you user surveys, requests for user feedback regarding user experience and website operations or marketing offers from us or from us on behalf of our marketing partners. The completion of these surveys or requests for feedback or acceptance of any offer is strictly voluntary; and
- as otherwise described in this Policy.
3. When and why we share your personal information
We may share your information:
- with third parties to help us provide you with services and meet other obligations to you and perform related activities, for example,credit reference agencies, fraud prevention agencies, electronic verification service providers, collection agencies, electronic payment service providers, customer support call centres, external accounting and auditing firms and government regulators;
- with our affiliates or any WiseAlpha Product Issuer for use on the basis of this Policy;
- with law enforcement, regulatory bodies or other competent authorities (such as the UK Financial Conduct Authority) as required by law or for the purposes of limiting fraud;
- when we believe that disclosure is reasonably necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process;
- to prevent terrorism and other criminal activity; and
- for other purposes provided for under this Policy or for which you give your express consent.
Where we share your personal information to process your personal information on our behalf, we will require the third party to do so in accordance with our instructions and this Policy. Where we share your personal information for other purposes, we will ask the person with whom we share your personal information to process it in accordance with 2018 GDPR data protection standards.
To complete our due diligence checks we process your data with TransUnion Information Group (“TU”). For further information please review TU’s privacy notice.
When we share your personal information with third parties, we may need to transfer it to countries outside of the European Economic Area (the “EEA”) (such as the USA or the British Virgin Islands) for our own purposes (including for storage) and to third parties located in such countries who provide services to us. All countries in the EEA, including the UK have similar standards around the protection of your personal information, however, countries outside of the EEA do not necessarily have similar data protection laws.
We’ll take all steps reasonably necessary to make sure that your personal information is treated securely. For example, as permitted by Article 46 of the General Data Protection Regulation, we use standard contractual clauses with third parties, so that your information is protected to the same standards as it is in the European Economic Area. If your information is sent to the US, in accordance with Articles 45 and 46 of the General Data Protection Regulation we make sure it goes to an organisation that is part of the Privacy Shield or that we use standard contractual clauses with third parties, so that your information is protected to the same standards as it is in the European Economic Area. Privacy Shield is the framework that sets privacy standards for information sent between US and EU countries, and it uses similar standards as the European Economic Area.
Countries outside the European Economic Area where your personal information can be transferred to include: United States of America and British Virgin Islands.
In the event we become aware that we are holding inaccurate personal data on clients, and have shared this data with other firms, we will inform the other parties about the inaccuracy so that they can correct their own records.
If someone is thinking of buying us or our business in whole or in part, we may disclose information about you in an anonymised form to them for that purpose. If we go on to sell our business in whole or in part, the new owner may use, share and hold your personal information as described in this Policy. We will notify you of any change in our ownership by posting a notice on our website and/or by email to the email address you register with us.
4. Lawful basis for processing data
The General Data Protection Regulation states that we are only allowed to use personal information if we have a genuine reason to do so.
We won’t keep your data for longer than required to fulfill our contractual obligations or for regulatory purposes. Typically, your data will be retained for six years post account closure or for specific periods in accordance with regulatory requirements (where relevant), notwithstanding your rights as outlined in section 5.
If we rely on our (or another person's) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your personal interests or fundamental rights and freedoms which require protection.
We may send you certain direct marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing and business development purposes.
However, we will always obtain your consent to direct marketing communications where we are required to do so by law.
5. Your rights
You can access certain personal information we hold about you by visiting your profile in the My Account section of our website. This section of our website is password-protected to safeguard your personal information and as a registered user, you can, at any time, access the My Account section and update your password, email address, physical address, phone number and bank account information. If you need to change any other information in your profile you should contact us at firstname.lastname@example.org.
In accordance with GDPR, you have the following rights:
- the right to be informed about the collection and use of your personal data;
- the right to access your personal data;
- the right to have inaccurate personal data rectified;
- in certain circumstances the right to have personal data erased;
- in certain circumstances the right to restrict the processing of personal data;
- the right to data portability in commonly used formats;
- the right to object to processing for certain purposes;
- rights relating to automated decision-making and profiling.
If you wish to exercise any of the above rights then please contact us on email@example.com.
If you have any complaints about our handling of your personal data please contact us on firstname.lastname@example.org or +44 20 3927 2790.
If you believe there is a problem with the way we are handling your personal data, then you have the right to complain to the Information Commissioner’s Office (ICO). It’s contact details are 0303 123 1113 (helpline) and https://ico.org.uk/concerns/ (website).
This Policy may not constitute your entire set of privacy rights, as these may also vary from country to country. To be certain of your privacy rights, you can contact the appropriate agency in your country that is responsible for overseeing privacy rights of consumers. Certain local laws require us to maintain and report demographic information on the collective activities of our registered users. We may also be required to maintain your personal information for at least seven years in accordance with applicable local laws regarding recordkeeping, reporting and audits.
If you (i) have any questions about this Policy or in relation to your personal information (including what information we hold about you), or (ii) wish to opt out of certain marketing activities or notifications sent to you or (iii) want more information about how and with whom we share your personal information and from whom we obtain it, please:
email us at email@example.com; or send us a letter at WiseAlpha Technologies Limited, for the attention of the Compliance Department, Level 39, One Canada Square, Canary Wharf, London E14 5AB.
6. Subject access requests
You have the right to submit subject access requests to us. In most cases we will not charge any fees for complying with these requests. We will endeavour to provide you with the requested information within one month of you requesting it. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive. In circumstances where we refuse a request we will tell you the reason why and inform you that you have the right to complain to the supervisory authority and to a judicial remedy.
7. What you can do to protect your personal information
You can take several precautions to protect the security of your computer and your personal information. For instance, you can start by using a well-chosen password. You should avoid using any information that others can easily learn about you, such as a family member’s name or birthday, and you should also consider using special characters in place of letters. We also recommend that you change your password frequently. You can also install and regularly update antivirus and firewall software to protect your computer from external attacks by malicious users. When you are finished with a session on our website, be sure that you log out and close the browser window.
At a minimum, we require the use of both numbers and letters in your password. We have also instituted secure steps by which you can regain access to your account should you forget your password, including the use of a security question. Your password is not known to any employee or third party with whom we may partner, and we will never ask for your password as a means of identifying yourself. You should never share your password with anyone, and if you ever receive an email that asks for your password and appears to come from us, you should report this to us immediately.
To protect the security of your account, we will send automatic notifications to confirm certain actions on your account, for example, if there has been a change to your password or the details of your external linked account. We do this to check that no one else is making changes to your account without your permission. However, the security offered through these notifications can be undermined if other people have access to your email account. Therefore, you might consider restricting access to the email account you registered with us and/or changing the passwor d for that email account frequently.
If you use a computer that is accessed by other people, such as in a public library or Internet cafe, we recommend that you take special precautions to protect the security of your account and your personal information. When you are finished using our website, you should log out completely, close the browser window and clear the browser’s cache files.
You should also be aware of fraudulent attempts to gain access to your account information known as "phishing". Phishing is a tactic used by scammers in which unsuspecting people are directed to a website by a genuine-looking email that appears to be from a legitimate company. The phony or "spoof" email takes the person to a website that looks legitimate but is in fact not genuine. Either in the email itself or on this fake website, scammers will ask for login information to gain access to people’s accounts and withdraw their money. We will never ask you for your login information in any email. In general, you can protect yourself against phishing by never providing personal or login information via an email. You might also make it a habit to check the URL of a website to be sure that it begins with the correct domain. In the case of our website, you should always ensure the URL begins with http://www.wisealpha.com or https://www.wisealpha.com.
8. How we protect the personal information we hold
Verification of Practices
We periodically review our operations and business practices (including the controls and safeguards we have put in place to protect your personal information) for compliance with our policies and procedures governing the confidentiality of information. These reviews may be conducted by our own internal staff, external accounting and auditing firms, and government regulators.
Standards and controls
We take steps to safeguard your personal information through vigorous physical, electronic and operational systems and controls. We treat all of your personal information as confidential. Data can only be read or written through defined service access points, the use of which is password-protected. The physical security of your personal information is achieved through a combination of network firewalls (there is no direct communication allowed between the database server and the Internet) and servers with hardened operating systems, all housed in a secure facility. Access to the system, both physical and electronic, is controlled and sanctioned by a senior manager.
All traffic to and from our servers runs over Transport Layer Security (TLS) which ensures that all data in transit is encrypted. To verify that TLS is being used, look for the key or padlock icon on your browser. Our systems are subject to periodic security audits to ensure that your personal information is thoroughly protected and secure.
Secure, off-site hosting
Our payments processing providers store all sensitive financial information such as bank account information in a highly secure, SOC1 environment.
We also employ session time-outs to protect your account. You will be logged out of our website automatically after a specified period of inactivity. This time-out feature reduces the risk of others being able to access your account if you leave your computer unattended.
Protection of account numbers
When we contact you about your account to confirm a funds transfer, we only reference the last four digits of your bank account number; this is done for your protection so that you will recognise the source or destination account as one which you own. We also employ strict access standards ensuring that only the senior-most employees or partner representatives have access to your account numbers and other sensitive information. This access is only granted in order to complete transactions which you request or to provide regular ongoing service to your account.
ID theft policy
We use state of the art authentication technology to verify identities. We will work with law enforcement authorities to track down and prosecute anyone who has committed identity theft.
We are committed to the integrity of our business, and our corporate values and ethical standards and expect such commitment from all of our employees. The WiseAlpha Code of Conduct includes very specific guidelines concerning the safeguarding of confidential information, which includes your personal information. These guidelines limit employee access to confidential information and the use and disclosure of personal information. If it is determined that an employee has violated the WiseAlpha Code of Conduct, disciplinary corrective action may be taken, including immediate dismissal.
9. What you should be aware of when you click through to other websites from our website
We are not responsible for the information practices employed by third party websites linked to or accessed from our website.
We may offer links to partners’ websites. We make the decision to provide these links based on the quality of information provided at the time the links are enabled or to facilitate your use of our website, and we take reasonable steps to monitor the continuing quality of content provided on these websites. However, these external sites are not subject to this Policy and may have different privacy policies or approaches to the handling of personal information. We have no control over the content of these websites. You should read the privacy policies on these websites before you provide them with any of your personal information.
10. Data breaches
Under GDPR we have a duty to report certain types of data breach to the ICO, and in some cases, to yourselves. These are breaches likely to result in a high risk to your rights and freedoms, eg if the breach could result in discrimination, reputational damage, financial loss, loss of confidentiality or any other significant economic or social disadvantage to yourselves. If you wish to contact us regarding a potential data breach please email firstname.lastname@example.org.
11. Data Protection Impact Assessment
In situations where data processing is likely to result in high risk to you, we will conduct Data Protection Impact Assessments (DPIA’s). This could be where a new technology is being deployed; or where a profiling operation is likely to significantly affect yourselves; or where there is processing of special categories of data on a large scale (eg health records, criminal conviction information).
If a DPIA indicates that the data processing is high risk, and we cannot sufficiently address the risks, then we will consult the ICO as to whether or not the processing operation complies with the GDPR.
We do not envisage this kind of scenario occurring on our investment platform.
We do not and will not knowingly collect information from any unsupervised child under the age of 13. If you are under the age of 13, you may not use our sites unless your parent or guardian has provided us with their consent for your use of our sites or our site (as applicable).
13. Our Data Protection Officer
Mr Rezaah Ahmad is responsible for data protection compliance within WiseAlpha Technologies Limited. Mr Ahmad sits on the firm’s management committee and has the knowledge, support and authority to carry out the role effectively. He can be contacted on email@example.com.
WiseAlpha Technologies Limited’s lead data protection supervisory authority is the Information Commissioner’s Office (ICO) located in Wilmslow, England.
14. Our policy on cookies
A cookie is a text file sent by a web server to a web browser, and stored by the browser. A cookie is a small text file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device.
We use web beacons or pixel tags, which are tiny graphics, in conjunction with cookies on our website, including session ID cookies, non-persistent cookies and persistent cookies. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser and load the pages according to a user’s preferences for that particular website, including the personalization of content. Cookies are also used to gather statistical data, such as which pages are visited, what is downloaded, the ISP’s domain name and country of origin, and the addresses of sites visited before and after coming to our website, as well as your "click stream" activity (meaning, the paths taken by visitors to our website as they navigate from page to page) and transactional attributes in accordance with information you voluntarily submit in the course of using our website. This data is aggregated for analysis to ensure proper functioning of our website, in terms of navigation and usability, as well as to evaluate the effectiveness of our marketing efforts. At no time do any of our cookies capture any personal information. More importantly, using cookies also helps us protect the security of your account. Session ID cookies follow your activities on our website so that we can ensure that no one is making changes to your profile, applying for any WiseAlpha Product (as defined in the Investor Agreement) or attempting to u ndertake any other activity on your account on your behalf. This information is encrypted and no personal data about you is stored on our servers.
We may send a cookie that can be stored by your browser on your computer’s hard drive. We may use the information we obtain from the cookie in the administration of our website, to improve its usability and for evaluating our marketing effectiveness as described above. We may also use that information to recognize your computer when you visit our website (if you select the "remember me on this computer" option, and to personalize our website for you. Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookie by clicking "Tools", "Internet Options", "Privacy", and selecting "Block all cookies" using the sliding selector). Blocking cookies, however, can also have a negative impact on the usability of many websites.
Cookies may have long-term expiration dates, or none, and thus can stay in your hard drive for months at a time. While you can remove them as instructed by the help content in your chosen browser, disabling cookies will prevent you from using our website. As with many transactional websites, cookies must be enabled in order to use our website.
If you would like more information about the use of third-party cookies and tags, or the process of opting out of such cookies or tags, please visit http://www.google.com/privacy.html