Privacy Policy

Effective Date: 28 July 2018

This Privacy Policy provides important information on how Spread Co (a company registered in England and Wales with company number 05614477), handles your personal information and ensures that it remains confidential and secure. It also details your rights in respect of Spread Co’s processing of your personal information.

Under the General Data Protection Regulation (GDPR) Spread Co is required to notify the use of personal data to its supervisory authority, the Information Commissioner’s Office (ICO). Our registration number is Z9317258.

Data protection laws and regulations state that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

If you have any questions regarding this Privacy Policy or want to exercise your rights please contact us by:

  • Email: dp@spreadco.com
  • Telephone: +44 (0)192 383 2682
  • Post: Data Privacy, 1stFloor North, Argyle House, Joel Street, Northwood Hills, Middlesex HA6 1NW

This Privacy Policy will be kept under regular review to take into account new legal/regulatory obligations and relevant technology, changes to our operations and practices, and to ensure that it remains appropriate and in line with GDPR. Any changes made to this Privacy Policy in the future will be posted on our website. If we make changes which are significant we will provide a prominent notice or notify you through other means.

If we ever have to use your personal information for any purpose that we haven’t described in this Privacy Policy, we will notify you. We will let you know exactly what we will use it for before we go any further and, where appropriate, obtain your consent.

1.     What personal information do we collect about you?

We collect the following types of personal information about you which are explained in more detail below:

  • Identity details
  • Account information
  • Information about your income and wealth
  • Technical information
  • Marketing and communications information

If you provide us with personal information on someone else (such as a joint applicant or you authorise an individual who will be permitted to instruct Spread Co to take action on your behalf), you must have their permission to do so.

We may also collect such information from third party websites or introducing brokers with whom we have a mutual relationship or through our ‘refer a friend’ scheme.

1.1.         Identity details

Your salutation/title, full name, date of birth, current residential address, previous residential address (where applicable), telephone number(s), e-mail address, nationality, copies of your identity documents (including some form of ID and/or passport number), national/tax identification number, employment status and employment details.

1.2.         Account information

Your username, password, account balance, trading history, trading performance, interests and preferences for certain types of products and services.

1.3.         Information about your income and wealth

Your income, source of funds, value of your savings and investments, and copies of tax and financial statements.

1.4.         Technical information

Your Internet Protocol (IP) address, login information, browser type and version, operating system and platform, information on which pages you look at on our website, and other similar data.

1.5.         Marketing and communications information

Your preferences on marketing, information collected for marketing or survey purposes, information collected in relation to subscribing for news updates, and records of any correspondence you have entered into with us.

2.     Use of your personal information

We are only allowed to use your personal information if we have a proper reason to do so:

  • To fulfil a contract we have with you. This means processing your information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • When it is our legal duty. This means processing your information where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  • When it is in our legitimate interest. This means processing your information where it is in the interest of our business to do so in order to enable us to give you the best product and/or service and most secure experience. We ensure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your information for our legitimate interests. We do not use your information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • When you have provided your consent.

2.1.         Verify your identity and establish and manage your account

We collect certain personal information in order to be able to set up and effectively manage your account. We also use this information to verify your identity. This includes using third parties to carry out identity, fraud and credit checks on our behalf. We may also ask you to provide us with documents to confirm your identity.

We are under a legal duty to do this because we have to ‘know who you are’ under certain laws and regulations before you can open an account with us. It is also in our legitimate interest in order to prevent money laundering and other criminal activities.

2.2.         Provide you with products and services, or information about our products and services

Once you open an account with us or subscribe to an update or webinar, we will need to use your personal information to provide you with our products and services.

We process your personal information in this way to fulfil the contract we have with you.

2.3.         Improve our products and services

We may, from time to time, use personal information provided by you through your use of the services and/or through customer surveys to help us improve our products and services.

It is in our legitimate interest to use your personal information in this way to ensure that we provide you with the best products and services.

2.4.         Profiling

We may, from time to time, use your personal information to form profiles about you. We may also make decisions about you through automated profiling or automated identity, or credit checks, which may affect your ability to use our services.

We do this either to perform our legal obligations or because it is in our legitimate interest to use your personal information in such a way so that we can understand you and provide you with the best products and services.

2.5.         Settlement of Enquiries and Disputes

We may need to use personal information collected from you to investigate issues and/or settle disputes with you.

It is in our legitimate interest to do this to ensure that issues and/or disputes get investigated and resolved as quickly and efficiently as possible.

2.6.         Data analysis

Our web pages and e-mails may contain web beacons or pixel tags or any other similar type of data analysis tools, which allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence.

Where your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. However, where your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market. See our Cookies policy for more information about how we collect data about your online activity.

2.7.         Surveys

We may, from time to time, send you surveys as part of our customer feedback process and it is in our legitimate interest to ask for feedback to ensure that we provide the best service to you.

However, we may also ask you to participate in other surveys and if you agree to participate in such surveys we rely on your consent to use the personal information we collect as part of such survey. All responses to any survey we send out, whether for customer feedback or otherwise, will be aggregated and depersonalised before survey results are shared with any third parties.

2.8.         Internal business purposes and record keeping

We may need to process your personal information for internal business and research purposes and record keeping purposes.

This is in our own legitimate interest and is also required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the services we provide to you and our relationship with you. We will also keep records to ensure that you comply with your obligations under any contract you have entered into with us.

2.9.         Corporate restructuring

If we undergo a corporate restructuring or part or all of our business is acquired by a third party, we may need to use your personal information in association with that restructure or acquisition. This may involve disclosing your details as part of a due diligence exercise.

It is in our legitimate interest to use your information in this way in order to ensure a restructuring of the business or sale of the business to a third party is informed.

2.10.     Security

If you enter any of our premises your image may be recorded on CCTV for security reasons. We may also take your details to keep a record of who has entered our premises including day & time, who you are visiting, employer, contact details and vehicle registration number. If you have an accident at our premises, this may include an account of your accident.

It is in our legitimate interest to do this to maintain a safe and secure working environment.

2.11.     Compliance with Applicable Laws and Regulations

We may need to use your personal information to comply with applicable laws and regulations, court orders or other judicial processes, or the requirements of any applicable regulatory authority.

We do this because it is our legal duty to act in compliance with all of the above.

2.12.     Marketing

We may use your personal information to send you marketing communications by email or phone or other agreed forms (including social media campaigns) to ensure that you are always kept up to date with our latest products and services.

Where we send you marketing communications we will either do so as it is for the purposes of performing the contract we have with you or where you have otherwise consented.

You always have the right to “opt out” of receiving our marketing communications. You can exercise this right at any time or update your preferences by contacting us using the contact details set out in this Privacy Policy. When we send you marketing emails, we will always provide an unsubscribe option to allow you to ‘’opt out’’ of any further marketing emails. If you “opt-out” of receiving our marketing materials you will be added to our suppression list, which is kept indefinitely so as to comply with our legal obligation to ensure we do not accidentally send you further marketing.

We never share your name or contact details with third parties for marketing purposes unless we have your “opt-in” consent to share your details with a specific third party for them to send you marketing. We do use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

3.     How we obtain your consent

Where the use of your personal information by us requires your consent, such consent will be provided in accordance with the applicable customer terms and conditions available on our website(s) or any other contract we may have entered into with you or stipulated in our communication with you from time to time.

Where we rely on your consent, as our legal basis for processing your personal information, you have the right to withdraw your consent at any time by contacting us using the contact details set out in this Privacy Policy.

4.     Disclosure of Personal Data and Transfer outside of the European Economic Area

In the standard operation of our business, we may disclose your personal information to the following:

  • Our associated companies
  • Successors in title to our business
  • Professional advisors such as our solicitors in connection with any ongoing or prospective legal proceedings or in order to establish exercise or defend our legal rights, and our auditors and accountants in order to satisfy our regulatory and financial reporting obligations
  • Credit or reference agencies
  • Any organisation or person expressly instructed by you
  • Any relevant regulatory, governmental or law enforcement authority and fraud prevention agencies
  • Third parties necessary to provide the products and services requested by you
  • Introducing brokers with whom we have a mutual relationship

We require that organisations outside of our group of companies, who handle or obtain personal information as service providers, acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with the data protection laws and regulations, and this Privacy Policy.

Please note that third parties such as credit reporting, identity and reference agencies may keep a record of any searches and may use the search details to assist other companies in performing their searches.

We may transfer your personal information outside the EEA to other of our group companies as well as processors, who are engaged on our behalf. To the extent we transfer your information outside the EEA, we will ensure that the transfer is lawful and that there are appropriate security arrangements.

In order to transfer personal information to third parties in territories, where applicable legislation may not be adequate, we will enter into agreements with such parties, ensuring appropriate and suitable safeguards based on standard contractual terms adopted by the European Commission. You may contact us anytime using the contact details set out in this Privacy Policy for further information on such safeguards.

Where we make transfers to third parties in the US, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, the EU-US Privacy Shield or any other equivalent applicable arrangements.

Where any third party uses your personal information as data controller, such use is not covered by this Privacy Policy and is not subject to Spread Co’s privacy standard and procedures.

5.     Security and Storage of Personal Information

We take the safeguarding of your personal information very seriously. We hold personal information in secure computer storage facilities, paper-based files, and/or other records, and take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure (through means such as document encryption and/or any other such measures which we deem appropriate at the time). Our employees understand to respect the confidentiality of your personal information. Only authorised employees of Spread Co are permitted access to your personal information, strictly for business purposes. We have an Information Officer to ensure our compliance with this Privacy Policy and applicable laws and regulations.

When we consider that personal information is no longer needed, we will remove any details that will identify you and we will securely destroy the records.

Please note that we are subject to certain laws (for example anti-money laundering laws) and regulations, which require us to retain a copy of the documents we used to comply with our customer due diligence obligations, and supporting evidence and records of transactions with you and your relationship with us for a period of five years, after our relationship with you has terminated.

Personal information held in the form of a deed is subject to a storage period of twelve years, after our relationship with you has terminated.

If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be held in line with local regulatory requirements, which is five years, after our business relationship with you has ended.

Where you have opted out of receiving marketing communications we will hold your details on our suppression list so that we know you do not want to receive these communications.

6.     Cookies

Cookies are small computer files that get sent down to your PC, tablet or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from, when you go there again. Cookies store information about your visits to that website, such as your choices and other details. By using our website, you’re consenting to us using cookies in the ways described in our Cookie Policy.

7.     Remarketing

This website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network.

Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to the Spread Co website. Any data collected will be used in accordance with our own Privacy Policy and Google’s privacy policy.”

8.     Links the third party websites

Our websites or our apps may have links to external third party websites. Please note that third party websites are not covered by this Privacy Policy and those sites are not subject to our privacy standards and procedures. Please check with each third party as to their privacy practices and procedures.

9.     Technology Improvements

Technology improvements and developments may result in a change to the way in which we collect your personal information. If this occurs, we will notify you in this Privacy Policy at the time of the change.

10. Your Rights

You have a number of rights when it comes to personal information we hold about you under data protection laws and regulations. Depending on the circumstances, these include:

10.1.     Right to be informed

You have a right to be informed as to how we use your personal information in a concise, transparent, intelligible manner way. We do this through this Privacy Policy.

10.2.     Right to access your personal information

You have the right to access the personal information which we hold about you, known as a ‘subject access request’. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure that you have the right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is only disclosed to the person who has the right to receive it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request, but if the request is going to take longer to deal with or is complex in which case we may extend this period by up to a further two months, but we will let you know.

10.3.     Right to rectification of your personal information

You have the right to correct the personal information we hold about you if it is inaccurate or requires updating. You can do this any time by contacting us using the details included in this Privacy Policy. If we have shared your personal information with others, we will notify them about any rectification where possible.

10.4.     Right to request erasure

You have the right to request erasure of your personal information in certain circumstances, known as the ‘right to be forgotten’, such as where we no longer need it or you withdraw your consent or we have processed your personal information unlawfully.

However, this is not always possible, as there could be a reason for us continuing to process it (for instance, we may need to continue using your personal information to comply with our legal obligations); and such request will be subject to any retention limits we are required to comply with in accordance with applicable laws and regulations, and subject to the section 5 of this Privacy Policy. If we have shared your personal information with others, we will let them know about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.

The right to erasure does not apply where processing is necessary for one of the following reasons:

  • to exercise the right of freedom of expression and information
  • to comply with a legal obligation
  • for the performance of a task carried out in the public interest or in the exercise of official authority
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
  • for the establishment, exercise or defence of legal claims

10.5.     Right to objection

You have the right to object to the processing of your personal information altogether or for a certain purpose.

If you exercise your right to object, we will stop processing your personal information unless:

  • there are compelling legitimate grounds for us to continue to process, which override your interests, rights and freedoms
  • the processing is for the establishment, exercise or defence of legal claims

However, this may result in us being unable to continue to provide you with our products or services, and as a result, we may have to close your account with us.

10.6.     Right of restriction

You have the right to restrict the processing of your personal information in the following circumstances:

  • you contest the accuracy of your personal information and we are verifying its accuracy
  • the information has been unlawfully processed and you oppose erasure, requesting restrictions instead
  • we no longer need the personal information but you need us to keep it in order to establish, exercise or defend a legal claim
  • you have objected to us processing your personal information and we are considering whether our legitimate grounds override your request

10.7.     Right to transfer data

You have the right to transfer your personal information to another party of your choice where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.

10.8.     Right not to be subject to automated decision-making

If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can ask to not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even where a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention.

11. Complaint

If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us using the contact details set out in this Privacy Policy.

We would hope to be able to deal with any complaint you may have to your satisfaction, but in the event you are not satisfied with our response to your complaint you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). Our registration number is Z9317258. You can find details about how to do this on the ICO website at https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113 or by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF