Privacy & Cookies policy

1.1 CapitalRise Finance Limited is authorised and regulated by the Financial Conduct Authority, with firm reference number 816789. We are a limited company registered in England and Wales (No. 09571824) with its registered office at 33 Cavendish Square, London W1G 0PW.

1.2 For the purposes of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (the “Act”), we act as controller of data processed by us or on our behalf. Our ICO registration number is ZA161980. We strive always to comply (and to be able to demonstrate our compliance) with the GDPR and the Act when processing personal data. Further details on the GDPR and DPA can be found at the Information Commissioner’s Office website (ico.org.uk).

1.3 We will process personal data in accordance with the GDPR, the Act, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and any other data protection and privacy laws applicable to us.

1.4 If you have any questions in relation to this privacy policy or how we collect, use or store your personal information, you can contact our Data Protection Administrator by post at: CapitalRise Finance Limited, 33 Cavendish Square, London W1G 0PW or by email at: customercare@capitalrise.com or 0203 869 2620.

We may collect and process any of the following information about you:

2.1 Information you give us. You may give us information about yourself by using the online forms provided on the Website or by corresponding with us by e-mail or otherwise. This includes, without limitation, information you provide when you contact us (e.g. by phone, online messaging / live chat or email), sign-up and register to use the Website, enter into a deal via the Website, ask a question via the Website, participate in discussion boards or other social media functions on the Website and/or when you report a problem with the Website or our services.

The information you give us may include:

(a) your name (including copies of Proof of Identity documents);

(b) your date of birth;

(c) your current and (where necessary) previous postal address (including copies of Proof of Address documents);

(d) your telephone number and email address;

(e) your bank or building society account details and credit or debit card information;

(f) your nationality;

(g) your National Insurance number;

(h) if you are a borrower, or investor in certain circumstances, source of wealth statement and (potentially) related information;

(i) if you are a borrower, copies of A&L statements and (potentially) related documentation.

Please note that certain information is necessary in order for you to register for a CapitalRise account and to use our services. However, we will not collect or process more personal data than is required for the specific purpose(s) notified to you, nor will we keep the data for longer than is needed for such purposes or process it for other purposes unless we have your consent or we are authorised to do so by law.

We may collect and process further personal information if you update any information on your account.

2.2 Information we collect about you. Each time you visit the Website, we may automatically collect any of the following information:

(a) technical information, including the Internet protocol (IP) address used to connect your computer or device to the internet, your login information, browser type and version, browser plug-in types and versions, operating system and platform. Please note this information identifies the device being used and does not necessarily identify the user of that device; and

(b) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page. By analysing this information, we can identify which parts of the Website are popular and which are not, helping us to improve the Website. The Website uses these log files to compile non-personal statistical information about matters such as length of stay on the Website, type of pages visited and other general information. This information is mostly anonymous: we usually want to know how people in general are using the Website, not what you in particular are doing on the Website. However, we also have the ability to track individuals to help improve their individual journey and also to provide them with support should they need it. Please see our Cookies Policy for further details.

2.3 Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, suppliers of technical and payment processing services, advertising networks, analytics and search information providers and credit reference agencies) and may receive information about you from them.

2.4 We do not generally seek to collect special categories of personal data. This is defined by data protection laws to include personal data revealing a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning a person’s sex life or sexual orientation or data concerning health.

3.1 We, or third party data processors acting on our behalf, may collect, use and store the personal information listed above for the following reasons:

(a) to allow you to access and use the Website and to register for an online account;

(b) to provide you with information which is tailored specifically to you;

(c) to raise capital from our investors and provide loans to developers / borrowers and to carry out all associated administration, record keeping and accounting;

(d) to provide you with the information and any other services that you request from us;

(e) to enable you to make applications to become either an investor or a borrower;

(f) to verify your identity in order to prevent and detect money laundering and fraud;

(g) to carry out credit and Fraud (Please see 11 Fraud Reference Checks below) reference checks (if you are a borrower) and, in any case, other regulatory checks;

(h) to carry out statistical analysis and market research;

(i) for marketing, advertising and promotional purposes;

(j) to notify you about changes to our services and to keep you informed about our fees and charges;

(k) to perform our professional, legal and regulatory obligations;

(l) to comply with our internal business policies and contracts with applicable third parties;

(m) to address any complaints or claims and to enforce legal rights or defend or undertake legal proceedings;

(n) to protect the security of our systems and data used to provide services and to prevent unauthorised access and modifications to our systems;

(o) to contact you (including by email or post) with information about our products and services which either you request, or which we feel will be of interest to you;

(p) with your consent only, to disclose your personal information to carefully selected third parties, so that they might contact you (including by email or post) with information about products and services which may be of interest to you.

3.2 We will process your personal data in accordance with the following principles:

(a) all personal data must be processed lawfully, fairly and in a transparent manner;

(b) all personal data must be collected for one or more specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes;

(c) all personal data shall be restricted to what is adequate, relevant and necessary for those purposes;

(d) all personal data shall be kept accurate and up to date (and reasonable steps must be taken to erase or rectify inaccurate personal data);

(e) all personal data must be kept for no longer than is necessary for those purposes;

(f) all personal data must be protected by appropriate technical and organisational security measures to prevent unauthorised or unlawful processing and accidental loss, destruction or damage.

3.3 Where your personal data is inaccurate or out of date, we will do our best to ensure it is corrected, pseudonymised, anonymised, destroyed or erased as appropriate. Please let us know if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

3.4 To ensure that our processing of personal data is lawful, we are required to have a lawful basis in respect of each purpose. In relation to the activities listed in paragraph 3.1, we generally do so as necessary to pursue our legitimate interests in establishing and maintaining a business relationship with you and also protecting, promoting and growing our business generally. We consider these activities to be proportionate and will not be prejudicial or detrimental to you. Some of the processing activities we carry out are done so because they are necessary for the performance of our contract with you. In addition, we may be required to carry out certain processing (in particular, credit reference checks) in order to comply with our legal and regulatory obligations (for example, to meet our anti-money laundering requirements and/or requirements imposed on us by the FCA).

3.5 Where we rely on, and where you provide, consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal.

3.6 Occasionally, CapitalRise would like to contact you with the products/services/promotions that we provide. We will only send you marketing messages if we have your consent or, if consent is not required under applicable law, you have not opted out of receiving messages from us. You can withdraw your consent, or opt out of receiving further communications at a later date, by clicking on the unsubscribe link at the bottom of our marketing emails or, if you are logged in, toggling your preferences within your account settings. Please note that we do not need your approval to send you transactional communications, which we do not regard as marketing. For example, if you are an investor, we will from time to time need to send you transactional – or important service-related – messages which include key updates on your investment.

4.1 We may share your personal data with any company that is a member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) in connection with the specified purposes notified to you in respect of that data.

4.2 We may also share your personal information with certain third parties, including:

(a) our service providers and sub-contractors, including but not limited to card payment and direct debit payment processors, hosting providers, marketing providers, suppliers of technical and support services and companies that assist us in carrying out identification verification, anti-money laundering and fraud checks;

(b) professional advisers acting on our behalf or providing services to us as appropriate such as counsel, lawyers, debt collection agencies, accountants, valuers, project monitoring surveyors, insurers or financial advisers;

(c) our business partners (including developers, lenders, custodians and/or financial institutions with whom we have a business relationship) including potentially Aros Kapital Limited, whose Privacy Policy can be found here: https://aroskapital.co.uk/privacy;

(d) (if you are a borrower) our investors and also our credit reference agencies (for example, for the purpose of assessing your credit score);

(e) companies that assist us in our marketing, advertising and promotional activities;

(f) analytics and search engine providers that assist us in the improvement and optimisation of our site.

Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

4.3 We may also disclose your personal information to third parties:

(a) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

(b) if CapitalRise or substantially all of its assets are acquired by a third party, in which case personal information held by CapitalRise will be one of the transferred assets;

(c) if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or in order to enforce or apply our terms and conditions or any other agreement; or

(d) to protect the rights, property, or safety of CapitalRise, our customers, or other persons. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.

5.1 You have the following rights in respect of your personal data held by us. Please send all requests in respect of these rights to our Data Protection Administrator (contact details are in the “About Us” section above):

(a) to access the personal data we hold about you;

(b) to have your personal data corrected where necessary (please contact our Data Protection Administrator promptly should you become aware of any incorrect or out-of-date information);

(c) to have your personal data erased in certain circumstances;

(d) to object, on grounds relating to your particular situation, to processing of your personal data which is based on our legitimate interests;

(e) to object to direct marketing;

(f) to restrict how your personal data is processed;

(g) in certain circumstances, to have your personal data transferred to yourself or to another business in a structured, commonly used and machine-readable format.

5.2 We may ask requestors for additional information as is necessary to confirm their identity.

5.3 Also, please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply. For example, we can refuse your request if it is manifestly unfounded or excessive. Also, we are not always obliged to erase personal data when asked to do so; if we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to the request.

5.4 If you have any concerns regarding the way we are processing your data, we encourage you to raise the matter with our Data Protection Administrator (contact details are in the “About Us” section above).

5.5 Whilst we ask that you attempt to resolve any privacy concerns you have with us in the first instance, you also have the right to take any complaints about how we process your personal data to the Information Commissioner:

Information Commissioner’s Office

https://ico.org.uk/concerns/

0303 123 1113.

6.1 The personal information that we collect from you may be transferred to, and stored at, a destination outside of the UK or European Economic Area ("EEA"). It may, for example, need to be processed by staff operating outside the UK or EEA working for us, other members of our group, our third-party data providers or business partners located in other countries.

6.2 We will only transfer personal data outside the UK or EEA subject to appropriate safeguards. These safeguards will usually consist of standard data protection clauses (prescribed by the appropriate regulatory body), which we will adopt and implement with the relevant recipient, or making transfers to those countries deemed by the appropriate regulatory body(ies) as providing an adequate level or protection of personal data.

7.1 We have implemented appropriate technological and organisational security measures in order to protect personal data from loss, misuse, or unauthorised alteration, access or destruction. All information you provide to us is stored on our secure servers. Payment transactions may be undertaken by third party service providers and will be encrypted using industry standard SSL technology. Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7.2 We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Although we make every effort to protect the personal information which you provide to us, please note that the transmission of data over the internet is not completely secure. As such, we cannot guarantee the security of your information transmitted online and that any such transmission is at your own risk.

The Website may, from time to time, contain links to websites operated by third parties. Please note that this privacy policy only applies to the personal information that we collect through this Website and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not accept any responsibility or liability for third party terms and conditions or policies (including privacy policies).

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting, or other requirements.

10.1 Our Website uses cookies, which are small files placed on your internet browser when you visit our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.

10.2 For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookies policy.

11.1 General

(a) Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

(b) The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

(c) Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

(d) We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

(e) We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

(f) Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

11.2 Data Transfers

(a) Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

11.3 Your Rights

(a) Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.

(b) For more information or to exercise your data protection rights, please contact us using the contact details above.

(c) You also have a right to complain to the Information Commissioner's Office, which regulates the processing of personal data.

11.4 Consequences of Processing

(a) If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

(b) A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on our Website and, where appropriate, notified to you by email.

Please check back frequently to see any updates or changes to our privacy policy.