Privacy & Cookies policy

1.1 CapitalRise Finance Limited is authorised and regulated by the Financial Conduct Authority, with firm reference number 816789. CapitalRise® is a registered trademark of CapitalRise Finance Ltd, a limited company registered in England and Wales (No. 09571824) with its registered office at 7-9 Swallow St, London W1B 4DE. Copyright © 2023 CapitalRise. All rights reserved.

1.2 For the purposes of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (the "Act"), we act as controller of data processed by us or on our behalf. We will always comply (and be able to demonstrate our compliance) with the GDPR and the Act when processing personal data. Further details on the GDPR and DPA can be found at the Information Commissioner’s Office website (www.ico.gov.uk).

1.3 We will process personal data in accordance with the GDPR, the Act, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and any other applicable privacy laws.

1.4 CapitalRise For the purposes of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (the "Act"), we act as controller of data processed by us or on our behalf. We will always comply (and be able to demonstrate our compliance) with the GDPR and the Act when processing personal data. Further details on the GDPR and DPA can be found at the Information Commissioner’s Office website (ico.org.uk).

1.5 If you have any questions in relation to this privacy policy or how we collect, use or store your personal information, you can contact our Data Protection Administrator by post at: CapitalRise Finance Limited, 7-9 Swallow St, London W1B 4DE or by email at: info@capitalrise.com or 0203 869 2620.

We may collect and process any of the following information about you:

2.1 Information you give us. You may give us information about yourself by using the online forms provided on the Website or by corresponding with us by e-mail or otherwise. This includes, without limitation, information you provide when you sign-up and register to use the Website, enter into a deal via the Website, ask a question via the Website, participate in discussion boards or other social media functions on the Website and/or when you report a problem with the Website or our services.

The information you give us may include:

(a) your name (including copies of Proof of Identity documents);

(b) your date of birth;

(c) your current and (where necessary) previous postal address (including copies of Proof of Address documents);

(d) your telephone number and email address;

(e) your bank or building society account details and credit or debit card information;

(f) your nationality;

(g) your National Insurance number.

Please note that certain information is necessary in order for you to register for a CapitalRise account and to use our services. However, we will not collect or process more personal data than is required for the specific purpose(s) notified to you, nor will we keep the data for longer needed for such purposes or process it for other purposes unless we have your consent or we are authorised to do so by law.

We may collect and process further personal information if you update any information on your account.

2.2 Information we collect about you. Each time you visit the Website we may automatically collect any of the following information:

(a) technical information, including the Internet protocol (IP) address used to connect your computer or device to the internet, your login information, browser type and version, browser plug-in types and versions, operating system and platform. Please note this information identifies the device being used and does not necessarily identify the user of that device; and

(b) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page. By analysing this information, we can identify which parts of the Website are popular and which are not, helping us to improve the Website. The Website uses these log files to compile non-personal statistical information about matters such as length of stay on the Website, type of pages visited and other general information. This information is mostly anonymous: we usually want to know how people in general are using the Website, not what you in particular are doing on the Website. However, we are able to track individual cookied customers to help improve their individual journey and also to provide them with support should they need it.

2.3 Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on the Website. We work closely with third parties (including, for example, business partners, suppliers of technical and payment processing services, advertising networks, analytics and search information providers and credit reference agencies) and may receive information about you from them.

3.1 We, or third party data processors acting on our behalf, may collect, use and store the personal information listed above for the following reasons:

(a) to allow you to access and use the Website and to register for an online account;

(b) to provide you with content which is tailored specifically to you;

(c) to provide you with the information and services that you request from us;

(d) to enable you to make applications to become either an investor or developer;

(e) to verify your identity in order to prevent and detect money laundering and fraud;

(f) to carry out credit reference checks and other regulatory checks;

(g) to carry out statistical analysis and market research;

(h) for marketing, advertising and promotional purposes;

(i) to notify you about changes to our services and to keep you informed about our fees and charges;

(j) with your consent, to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you. Please note that under PECR we will be entitled to assume that our clients have consented to receiving marketing communications from us in respect of goods and services similar to those they have previously purchased from us providing we always offer an "opt-out" or "unsubscribe" option with each such communication;

(k) with your consent only, to disclose your personal information to carefully selected third parties, so that they might contact you (including by email or post) with information about products and services which may be of interest to you.

3.2 We will process your personal data in accordance with the following principles:

(a) all personal data must be processed lawfully, fairly and in a transparent manner;

(b) all personal data must be collected for one or more specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes;

(c) all personal data shall be restricted to what is adequate, relevant and limited for those purposes;

(d) all personal data shall be kept accurate and up to date (and reasonable steps must be taken to erase or rectify inaccurate personal data);

(e) all personal data must be kept for no longer than is necessary for those purposes;

(f) all personal data must be protected by appropriate technical and organisational security measures to prevent unauthorised or unlawful processing and accidental loss, destruction or damage.

3.3 Where your personal data is inaccurate or out of date, it will be corrected, pseudonymised, anonymised, destroyed or erased as appropriate. Please let us know if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

4.1 We may share your personal data with any company that is a member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) in connection with the specified purposes notified to you in respect of that data. Our group members will act as processor of that data and will process it in accordance with our instructions as controller.

4.2 We may share your personal information with selected third parties, including:

(a) our service providers and sub-contractors, including but not limited to card payment and direct debit payment processors, suppliers of technical and support services and companies that assist us in carrying out identification and fraud checks;

(b) credit reference agencies for the purpose of assessing your credit score, where this is a condition of us entering into a contract with you;

(c) companies that assist us in our marketing, advertising and promotional activities;

(d) analytics and search engine providers that assist us in the improvement and optimisation of our site.

Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

4.3 We may also disclose your personal information to third parties in accordance with our legitimate interests or as otherwise required by law:

(a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

(b) if CapitalRise or substantially all of its assets are acquired by a third party, in which case personal information held by CapitalRise will be one of the transferred assets;

(c) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions or any other agreement; or

(d) to protect the rights, property, or safety of CapitalRise, our customers, or other persons. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.

4.4 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without your consent. Where you have given your consent for us to share your information, but later change your mind, you should contact us and we will stop doing so.

5.1 You have the following rights in respect of your personal data held by us. Please send all requests in respect of these rights to our Data Protection Administrator:

(a) to access your personal data;

(b) to be provided with information about how your personal data is processed (this information is set out in this Policy);

(c) to have your personal data corrected where necessary (please contact our Data Protection Administrator promptly should you become aware of any incorrect or out-of-date information);

(d) to have your personal data erased in certain circumstances (please refer to the appropriate data protection legislation or consult the ICO for details);

(e) to object to or restrict how your personal data is processed;

(f) to have your personal data transferred to yourself or to another business.

5.2 If you consider that we have not complied with this Policy or the relevant data protection legislation in respect of your personal data or someone else’s, you should raise the matter with our Data Protection Administrator. Any such breach will be taken seriously and will be dealt with in accordance with the relevant data protection legislation.

5.3 You have the right to take any complaints about how we process your personal data to the Information Commissioner:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

https://ico.org.uk/concerns/

0303 123 1113.

5.4 For more details, please consult the relevant data protection legislation or address any questions, comments and requests regarding our data processing practices to our Data Protection Administrator.

6.1 The personal information that we collect from you may be transferred to, and stored at, a destination outside of the UK or European Economic Area ("EEA"). It may also be processed by staff operating outside the UK or EEA working for us, other members of our group or third-party data processors. Such staff may be engaged in, among other things, the provision of our services to you, the processing of transactions and/or the provision of support services.

6.2 We will only transfer personal data outside the UK or EEA subject to appropriate safeguards. These safeguards will usually consist of standard data protection clauses which we will adopt and implement with the relevant data processor or third party service provider; we will inform you in advance if other safeguards are to apply.

7.1 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk. All information you provide to us is stored on our secure servers. Payment transactions may be undertaken by third party service providers and will be encrypted using industry standard SSL technology. Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7.2 We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Although we make every effort to protect the personal information which you provide to us, the transmission of data over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your information transmitted to the Website and that any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

The Website may, from time to time, contain links to websites operated by third parties. Please note that this privacy policy only applies to the personal information that we collect through this Website and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not accept any responsibility or liability for third party terms and conditions or policies.

9.1 Our Website uses cookies, which are small files placed on your internet browser when you visit our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.

9.2 For detailed information on the cookies we use and the purposes for which we use them, please refer to our cookies policy. By continuing to use the Website and/or our services, you are agreeing to our use of cookies as described in our cookies policy.

We may update our privacy policy from time to time. By continuing to use the services and our Website, you agree to the latest version of our privacy policy. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.