This Privacy Notice provides you with information on how and why we process your data and the lawful basis on which we do so. We want you to be fully informed about how we process your data and your rights.
Rockpool’s lawful basis for processing data
We process data to pursue our legitimate interests in a way which might reasonably be expected for running our business and which does not impact on the rights, freedom or interests of any individuals.
The protection of your privacy in the processing of your personal data is an important concern to us. We will process personal information in accordance with relevant laws for data protection. We use appropriate technical and organisational security measures to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.
Your data may be held and processed on our behalf by third parties that comply with appropriate data protection standards in countries inside European Economic Area. It may also be held and processed on our behalf in a country outside of the European Economic Area, in which case we will take appropriate steps to adequately protect it. We will not share your information with third parties for any other purpose except to fulfil our regulatory obligations or if they are processing the data on our behalf.
Security of Data
We are committed to taking steps to ensure that personal data is protected, and to prevent any unauthorised access, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.
We will ensure that personal data is kept for no longer than is necessary and only for as long as it is relevant and necessary for the legitimate interests under which we are processing it, which includes our regulatory obligations. At the end of the retention period, your data will either be deleted, destroyed or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Our staff are trained to be responsible for the protection of data and are alert to any actual, suspected, threatened or potential data protection breaches. If a data breach occurs which we believe could adversely affect your rights and freedoms, we will inform you as soon as possible.
Visiting out website
We use Google Analytics to collect standard internet log information such as IP addresses and details of visitor behaviour patterns on our website, details of the link that you clicked on and any search terms you entered. IP addresses are not linked to personally identifiable information. All information processed remains anonymous; we do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We will always make it clear if we are collecting personal data for processing. It is possible to opt out of tracking by Google Analytics across all websites by visiting http://tools.google.com/dlpage/gaoptout.
How to avoid all cookies
If you wish to disable cookies, you can set up your browser to block all cookies, delete existing cookies or issue a warning before any new cookie is downloaded. Please consult your browser’s Help function for instructions on how to do this. Further information about cookies and how to avoid them is available at www.aboutcookies.org.
Third party cookies
If we have obtained your data from a third-party, we will ensure that we have confirmation that there is a lawful basis for processing your data for the purposes of direct marketing. We will undertake a legitimate interest assessment to ensure that the processing is a necessary, proportionate and fair means to achieving our business objectives and we will balance this with your rights and interests. You have the right to object and if you do so, we will stop any further processing unless there is any other legitimate interest that overrides your right.
If you’re an individual investor
This section covers the data processing that we will undertake to fulfil requests for information and services from an individual acting on their own behalf and not in a business capacity.
Requesting information from Rockpool
If you request or download information about a private company investing from Rockpool by providing your name, email and telephone number, we will process this data for direct marketing. We will seek your consent to receive ongoing electronic communications informing you of our services and how to become a client. If you do not provide your consent, we will retain the data you provided but will not continue to communicate with you unless you give us consent to.
Becoming a client
When you register with Rockpool, either via our website or a registration form, you become a Rockpool client. We collect the data required to provide you with our service which is the provision of information on investments, investment services and other opportunities related to private companies and we will process this data to communicate to you via email, post and phone. We may also collect other information from you to offer you a better client experience and ensure that you receive the information that is appropriate to your needs.
We will continue to process your data for the purpose stated above until you inform us that you wish this to stop. Please email email@example.com to notify us of this.
Becoming an investor
When you apply to open a Rockpool investor account, we will ask you to complete an application or account opening form and agree to the Investor Terms. The data that we collect will be for processing your application, administering your account, administering your investments and meeting our regulatory obligations, including FCA rules, anti-money laundering regulations, reporting to HMRC and complying with any other relevant regulations. We will use the data if need be to assess your appropriateness to invest in private companies.
This may include passing your details to investee companies and other third parties in response to their regulatory obligations. We may also use your information as necessary to meet our legal obligations.
The data we are required to process to meet our regulatory obligations may change from time to time. If there is a material change, then we will inform you of this.
Keeping investors informed
If you have an open account with Rockpool, it is important that you are kept informed. This could include, but is not limited to, alerting you to individual company reports relating to your investments, providing you with portfolio illustrations and relevant tax documentation. You can access all of this at any time via the Rockpool platform. We will store data on how and when you access this account and the emails relating to investment information and reporting. You can unsubscribe to these alert emails at any time by emailing firstname.lastname@example.org
Closing your account
If you have no assets in your Rockpool account, you can request that your account is closed. We will retain the data that we are required to meet our regulatory and legal obligations for the length of time required.
If you’re acting in a business capacity on behalf of investors
We process data of individuals in their business capacity to inform them of investment services and opportunities in relation to private companies. We do this for the legitimate purpose of direct marketing.
If you are acting in a business capacity on behalf of investors who have a Rockpool account
We communicate details of an investor’s account(s) to individuals acting in a business capacity if the investor has authorised us to. We will continue to process data for this purpose until the investor instructs us not to, or if the business individual informs us that they no longer have the relationship with the investor.
We will retain the data that is required to meet our regulatory obligations for the length of time required.
If you are acting on behalf of a company seeking funding
If you are acting on behalf of a company seeking funding or are involved with a company that is seeking funding, we will collect and process data about you. We will do this as part of our due diligence process and our requirement to protect our clients’ interests. This data may include special category data which is personal data which the GDPR classes as more sensitive and needing more protection. This data can be collected on a different lawful basis to other personal data and we will collect special category data on the basis of consent. This data will be retained for as long as is required under our regulatory obligations. After the end of the retention period, the data will be deleted, destroyed or anonymised.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Your right to access
You are entitled to access the information that is held about you. To obtain a copy of this information, please email email@example.com or write to us at our registered address.
Your right to rectification
If you inform us that any information we are holding about you is incorrect, we will promptly correct any information found to be incorrect. Please email firstname.lastname@example.org to inform us.
Your right to restrict or stop the processing of your data
You have the right to request that we restrict or stop processing your data, but this only applies in certain circumstances. Please email email@example.com to make this request. Our response to your request will depend on how we are processing your data and for what purpose.
If your Rockpool account holds no assets and has never held any assets with Rockpool, then we can restrict or stop processing your data. We will retain only the data required to ensure that you are not contacted in future.
If one or more of your Rockpool accounts hold or have ever held assets, then we will not be able to stop processing your data until we no longer have a regulatory or legal requirement to. We can limit the processing of your data to what is necessary and we can stop providing you with information regarding any new investments, investment services or opportunities.
Your right to object
You have the right to object to your data being processed by us. If you wish to object, please email firstname.lastname@example.org outlining the grounds and we will stop the processing unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is in relation to legal claims. If we are unable to agree to your request, we will write to inform you and you will have a right to complain to the ICO.
Your right to be forgotten
You have the right to be forgotten and to have your data erased if there is no overriding legitimate interest for us to continue processing your data. If you wish to be forgotten, please email email@example.com and we will stop the processing and erase your data unless we have legitimate grounds to continue the processing which override your interests, rights and freedoms, or the processing is in relation to legal claims. If we are unable to agree to your request, we will write to inform you and you will have a right to complain to the ICO.
Get in touch
If you would like to talk to us about any aspect of this Privacy Notice, please email firstname.lastname@example.org or write to the address below or call us on 0203 8548 8100
Contacting the regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk