Effective Date: 28 July 2018
Under the General Data Protection Regulation (GDPR) Spread Co is required to notify the use of personal data to its supervisory authority, the Information Commissioner’s Office (ICO). Our registration number is Z9317258.
Data protection laws and regulations state that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
- Email: email@example.com
- Telephone: +44 (0)192 383 2682
- Post: Data Privacy, 1stFloor North, Argyle House, Joel Street, Northwood Hills, Middlesex HA6 1NW
1. What personal information do we collect about you?
We collect the following types of personal information about you which are explained in more detail below:
- Identity details
- Account information
- Information about your income and wealth
- Technical information
- Marketing and communications information
If you provide us with personal information on someone else (such as a joint applicant or you authorise an individual who will be permitted to instruct Spread Co to take action on your behalf), you must have their permission to do so.
We may also collect such information from third party websites or introducing brokers with whom we have a mutual relationship or through our ‘refer a friend’ scheme.
1.1. Identity details
Your salutation/title, full name, date of birth, current residential address, previous residential address (where applicable), telephone number(s), e-mail address, nationality, copies of your identity documents (including some form of ID and/or passport number), national/tax identification number, employment status and employment details.
1.2. Account information
Your username, password, account balance, trading history, trading performance, interests and preferences for certain types of products and services.
1.3. Information about your income and wealth
Your income, source of funds, value of your savings and investments, and copies of tax and financial statements.
1.4. Technical information
Your Internet Protocol (IP) address, login information, browser type and version, operating system and platform, information on which pages you look at on our website, and other similar data.
1.5. Marketing and communications information
Your preferences on marketing, information collected for marketing or survey purposes, information collected in relation to subscribing for news updates, and records of any correspondence you have entered into with us.
2. Use of your personal information
We are only allowed to use your personal information if we have a proper reason to do so:
- To fulfil a contract we have with you. This means processing your information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- When it is our legal duty. This means processing your information where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- When it is in our legitimate interest. This means processing your information where it is in the interest of our business to do so in order to enable us to give you the best product and/or service and most secure experience. We ensure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your information for our legitimate interests. We do not use your information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- When you have provided your consent.
2.1. Verify your identity and establish and manage your account
We collect certain personal information in order to be able to set up and effectively manage your account. We also use this information to verify your identity. This includes using third parties to carry out identity, fraud and credit checks on our behalf. We may also ask you to provide us with documents to confirm your identity.
We are under a legal duty to do this because we have to ‘know who you are’ under certain laws and regulations before you can open an account with us. It is also in our legitimate interest in order to prevent money laundering and other criminal activities.
2.2. Provide you with products and services, or information about our products and services
Once you open an account with us or subscribe to an update or webinar, we will need to use your personal information to provide you with our products and services.
We process your personal information in this way to fulfil the contract we have with you.
2.3. Improve our products and services
We may, from time to time, use personal information provided by you through your use of the services and/or through customer surveys to help us improve our products and services.
It is in our legitimate interest to use your personal information in this way to ensure that we provide you with the best products and services.
We may, from time to time, use your personal information to form profiles about you. We may also make decisions about you through automated profiling or automated identity, or credit checks, which may affect your ability to use our services.
We do this either to perform our legal obligations or because it is in our legitimate interest to use your personal information in such a way so that we can understand you and provide you with the best products and services.
2.5. Settlement of Enquiries and Disputes
We may need to use personal information collected from you to investigate issues and/or settle disputes with you.
It is in our legitimate interest to do this to ensure that issues and/or disputes get investigated and resolved as quickly and efficiently as possible.
2.6. Data analysis
Our web pages and e-mails may contain web beacons or pixel tags or any other similar type of data analysis tools, which allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence.
Where your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. However, where your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market. See our Cookies policy for more information about how we collect data about your online activity.
We may, from time to time, send you surveys as part of our customer feedback process and it is in our legitimate interest to ask for feedback to ensure that we provide the best service to you.
However, we may also ask you to participate in other surveys and if you agree to participate in such surveys we rely on your consent to use the personal information we collect as part of such survey. All responses to any survey we send out, whether for customer feedback or otherwise, will be aggregated and depersonalised before survey results are shared with any third parties.
2.8. Internal business purposes and record keeping
We may need to process your personal information for internal business and research purposes and record keeping purposes.
This is in our own legitimate interest and is also required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the services we provide to you and our relationship with you. We will also keep records to ensure that you comply with your obligations under any contract you have entered into with us.
2.9. Corporate restructuring
If we undergo a corporate restructuring or part or all of our business is acquired by a third party, we may need to use your personal information in association with that restructure or acquisition. This may involve disclosing your details as part of a due diligence exercise.
It is in our legitimate interest to use your information in this way in order to ensure a restructuring of the business or sale of the business to a third party is informed.
If you enter any of our premises your image may be recorded on CCTV for security reasons. We may also take your details to keep a record of who has entered our premises including day & time, who you are visiting, employer, contact details and vehicle registration number. If you have an accident at our premises, this may include an account of your accident.
It is in our legitimate interest to do this to maintain a safe and secure working environment.
2.11. Compliance with Applicable Laws and Regulations
We may need to use your personal information to comply with applicable laws and regulations, court orders or other judicial processes, or the requirements of any applicable regulatory authority.
We do this because it is our legal duty to act in compliance with all of the above.
We may use your personal information to send you marketing communications by email or phone or other agreed forms (including social media campaigns) to ensure that you are always kept up to date with our latest products and services.
Where we send you marketing communications we will either do so as it is for the purposes of performing the contract we have with you or where you have otherwise consented.
We never share your name or contact details with third parties for marketing purposes unless we have your “opt-in” consent to share your details with a specific third party for them to send you marketing. We do use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
3. How we obtain your consent
Where the use of your personal information by us requires your consent, such consent will be provided in accordance with the applicable customer terms and conditions available on our website(s) or any other contract we may have entered into with you or stipulated in our communication with you from time to time.
4. Disclosure of Personal Data and Transfer outside of the European Economic Area
In the standard operation of our business, we may disclose your personal information to the following:
- Our associated companies
- Successors in title to our business
- Professional advisors such as our solicitors in connection with any ongoing or prospective legal proceedings or in order to establish exercise or defend our legal rights, and our auditors and accountants in order to satisfy our regulatory and financial reporting obligations
- Credit or reference agencies
- Any organisation or person expressly instructed by you
- Any relevant regulatory, governmental or law enforcement authority and fraud prevention agencies
- Third parties necessary to provide the products and services requested by you
- Introducing brokers with whom we have a mutual relationship
Please note that third parties such as credit reporting, identity and reference agencies may keep a record of any searches and may use the search details to assist other companies in performing their searches.
We may transfer your personal information outside the EEA to other of our group companies as well as processors, who are engaged on our behalf. To the extent we transfer your information outside the EEA, we will ensure that the transfer is lawful and that there are appropriate security arrangements.
Where we make transfers to third parties in the US, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, the EU-US Privacy Shield or any other equivalent applicable arrangements.
5. Security and Storage of Personal Information
When we consider that personal information is no longer needed, we will remove any details that will identify you and we will securely destroy the records.
Please note that we are subject to certain laws (for example anti-money laundering laws) and regulations, which require us to retain a copy of the documents we used to comply with our customer due diligence obligations, and supporting evidence and records of transactions with you and your relationship with us for a period of five years, after our relationship with you has terminated.
Personal information held in the form of a deed is subject to a storage period of twelve years, after our relationship with you has terminated.
If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be held in line with local regulatory requirements, which is five years, after our business relationship with you has ended.
Where you have opted out of receiving marketing communications we will hold your details on our suppression list so that we know you do not want to receive these communications.
This website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network.
8. Links the third party websites
9. Technology Improvements
10. Your Rights
You have a number of rights when it comes to personal information we hold about you under data protection laws and regulations. Depending on the circumstances, these include:
10.1. Right to be informed
10.2. Right to access your personal information
You have the right to access the personal information which we hold about you, known as a ‘subject access request’. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure that you have the right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is only disclosed to the person who has the right to receive it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request, but if the request is going to take longer to deal with or is complex in which case we may extend this period by up to a further two months, but we will let you know.
10.3. Right to rectification of your personal information
10.4. Right to request erasure
You have the right to request erasure of your personal information in certain circumstances, known as the ‘right to be forgotten’, such as where we no longer need it or you withdraw your consent or we have processed your personal information unlawfully.
The right to erasure does not apply where processing is necessary for one of the following reasons:
- to exercise the right of freedom of expression and information
- to comply with a legal obligation
- for the performance of a task carried out in the public interest or in the exercise of official authority
- for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
- for the establishment, exercise or defence of legal claims
10.5. Right to objection
You have the right to object to the processing of your personal information altogether or for a certain purpose.
If you exercise your right to object, we will stop processing your personal information unless:
- there are compelling legitimate grounds for us to continue to process, which override your interests, rights and freedoms
- the processing is for the establishment, exercise or defence of legal claims
However, this may result in us being unable to continue to provide you with our products or services, and as a result, we may have to close your account with us.
10.6. Right of restriction
You have the right to restrict the processing of your personal information in the following circumstances:
- you contest the accuracy of your personal information and we are verifying its accuracy
- the information has been unlawfully processed and you oppose erasure, requesting restrictions instead
- we no longer need the personal information but you need us to keep it in order to establish, exercise or defend a legal claim
- you have objected to us processing your personal information and we are considering whether our legitimate grounds override your request
10.7. Right to transfer data
You have the right to transfer your personal information to another party of your choice where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
10.8. Right not to be subject to automated decision-making
If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can ask to not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even where a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention.
We would hope to be able to deal with any complaint you may have to your satisfaction, but in the event you are not satisfied with our response to your complaint you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). Our registration number is Z9317258. You can find details about how to do this on the ICO website at https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113 or by writing to:
Information Commissioner’s Office