Information you provide to us
Personal information you may provide to us through the Service or otherwise includes:
- Contact data and biographical details, such as your first and last name, salutation, email address, billing and mailing addresses, date of birth, professional title and company name, phone number, country of residence and nationality.
- Profile data, such as the username and password that you may set to establish an online account on the Service, preferences, and any other information that you add to your account profile.
- Communications data based on our exchanges with you, including when you contact us through the Service, social media, or otherwise.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us. For example, we may obtain such data if you make your will or other beneficiary details available to us. We may also obtain such data through our “refer-a-friend” programme.
- Financial and investment data, such as your income, economic standing, assets (such as pensions, bank accounts, vehicles, properties, etc.), liabilities (such as mortgages, credit card debt, loans, interest rates, etc.), expenses, balances, transactions, individual investments, and economic/investment performance.
- Identity documents, such as national identification number (e.g., National Insurance Number, taxpayer reference, passport and driver’s licence images of the relevant identification cards, wills, and account statements.
- Beneficiary data, such as beneficiary’s full name and email address, relationship to a Hoxton Capital Management user, and inheritance details.
We may receive data falling within the categories identified above from other sources and combine such data with other personal information we have regarding you. These other sources of personal information include:
- Public sources include government agencies, public records, and other publicly available sources.
Private sources, such as data providers, data licensors and data aggregators.
- Our affiliates and partners, including Hoxton Capital Management firms with which you hold certain assets, or other third-party financial or asset management institutions with which we partner.
- Marketing partners, such as joint marketing partners and event co-sponsors.
- Third-party integrations, such as banks and other financial institutions that we integrate with and that you can log into through, or otherwise link to, your Service account. This data may include your username, financial and investment data, and other information associated with your account on that third-party service made available to us.
Automatic data collection
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications, and other online services, such as:
- Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
- Location data when you authorise the Service to access your device’s location.
- Communication interaction data such as your interactions with our email, text, or other communications (e.g., whether you open and/or forward emails) – we may do this through the use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
Cookies and similar technologies
The following technologies facilitate some of the automatic collection described above:
- Cookies are small text files that websites store on user devices, allowing web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
- Local storage technologies, like HTML5 that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened or that certain content was viewed or clicked.
- Session-replay technologies, such as those provided by Clarity – Microsoft, employ software code to record users’ interactions with the Service in a manner that allows us to watch video replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements, and scrolls during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can learn more about Clarity at https://privacy.microsoft.com/en-us/privacystatement
- Data analytics technologies, such as those provided and Google Analytics that employ software code to gather user analytics https://policies.google.com/privacy?hl=en-US and provide useful insights to improve the software, services, features and functionality that matters to you.
Data about others
We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.
We may use your personal information for the following purposes or as otherwise described at the time of collection:
Service delivery and operations
We may use your personal information to:
- Provide and operate the Service and our business, including aggregating and generating insights from your financial and investment data, including insights related to your spending habits, pension forecasting, liability/debt analysis, and peer comparisons, among other things and create a financial profile of you;
- Develop and design financial plans for you as part of our engaged services. Provide investment, pension, insurance and product advice in line with our licensed activities.
- Personalising the service, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
- Establish and maintain your user profile on the Service;
- Facilitate your invitations to friends who you want to invite to join the Service;
- Enable security features of the Service;
- Communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages; and
- Support the Service, and respond to your requests, questions and feedback.
Research, development, and analytics
We may use your personal information to improve the Service and other products and services we may offer and our business, including through research and development purposes and data analysis. For example, we may use your personal information to analyse your usage of the Service and help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services.
Marketing and advertising
We, our service providers, and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
- Direct marketing. Where we have your consent, we may send you direct marketing communications and may personalise these messages based on your needs and interests. You may Opt-out of marketing communications as described in the Opt-out of Marketing section below.
Compliance and protection
We may use your personal information to:
- comply with applicable laws, lawful requests, and legal processes, such as responding to subpoenas, investigations or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements or our internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft.
With your consent
In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create aggregated, de-identified and/or anonymised data
We may create aggregated, de-identified and/or anonymised data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymised data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymised data and share it with third parties for our lawful business purposes, including to analyse and improve the Service and promote our business.
Cookies and similar technologies
In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:
- Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site and whether you are logged in when you visit password-protected areas of the Service.
- Functionality. To enhance the performance and functionality of our services.
- Advertising. To help our third-party advertising partners collect information about how you use the Service and other online services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform.
Analytics. To help us understand user activity on the Service, including which pages are most and least visited, how visitors move around the Service, and user interactions with our emails. [For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.
We generally retain personal information to fulfil the purposes we collected it, including to satisfy any legal, accounting, or reporting requirements, establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we may either delete it, anonymise it, or isolate it from further processing.
In different territories we operate in, regulatory requirements may be placed on us to retain your information, even when the original purpose for collection no longer exists.
We will only process your data where there is a legal basis for the processing. This means that we will only process your data where:
- The processing is necessary to perform our obligations under our contract with you or to take steps to enter into the contract with you;
- We have a legitimate interest for doing so (for instance, providing the app to our users and running our business or maintaining our systems) as considered by our legitimate interests assessment;
- Where your consent has been provided to process the API information. This consent will be required to be given once in every 90 days to comply with Open Banking regulations and to ensure we consistently have access to this information (please see our client applications terms and conditions for more information);
- Where your consent has been provided to process your data to enable us to carry out direct marketing as described above; and/or
- We need to comply with a legal obligation to which we are subject.
Our affiliates and partners
We may share your personal information with affiliates (such as our parent, subsidiary or sister entities) and partners or enable our affiliates and partners to collect information directly via our Service. For example, we may share your personal information with capital management firms with which you hold certain assets or other third-party financial or asset management institutions with which we partner. Please see our list of third-party Privacy Policies here for more information.
Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and analytics).
Third-party advertising companies for the interest-based advertising purposes described above.
We may share your personal information with partners or enable partners to collect information directly via our Service. For example, we may be integrated with a capital management firm with which you hold assets, in which case we may exchange your personal information with such firm.
We may share your personal information with our third-party financial data aggregators. Please see our list of third-party companies that we use and their Privacy Notices.
Third parties, such as banks and other financial institutions that we integrate with and that you can log into through, or otherwise link to, your Service account. This data may include your username, financial and investment data, and other information associated with your account on that third-party service made available to us. Please see our list of third-party Privacy Policies here for more information.
Business and marketing partners
Third parties with whom we co-sponsor events or promotions, jointly offer products or services, or whose products or services may interest you.
Professional advisers, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others
Law enforcement, government authorities, and private parties, as we believe in good faith, are necessary or appropriate for the Compliance and protection purposes described above.
We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Hoxton Capital Management, financing of Hoxton Capital Management, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of Hoxton Capital Management as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.
In respect of your personal data, you have the following rights:
- to request information about how your personal data are processed and to request a copy of that personal data;
- to request that any inaccuracies in your personal data are rectified without delay;
- to request that any incomplete personal data are completed, including by means of a supplementary statement;
- to request that your personal data are erased if there is no longer a justification for them to be processed;
- in certain circumstances (for example, where accuracy is contested), to request that the processing of your personal data is restricted;
- to not be subject to a decision based solely on automated processing which produces legal effect concerning you or significantly affects you;
- to object to the processing of your personal data where it is processed for direct marketing purposes; and
- to object to the processing of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that the Service may not work correctly if you set your browser to disable cookies. For more information about cookies, including seeing what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.
Blocking images/clear gifs
Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.
Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.
We make available certain privacy settings on the Service, including options to disable individual financial account connections. You can do this by clicking on the ellipsis symbol at the end of each linked account.
You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:
- Browser settings. Changing your internet web browser settings to block third-party cookies.
- Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.
- Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option at the following websites:
- Google https://adssettings.google.com/
- Facebook https://www.facebook.com/about/ads
- Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
- Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
- Digital Advertising Alliance: optout.aboutads.info.
- AppChoices mobile app, available at https://www.youradchoices.com/appchoice, will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.
- Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes.
We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.
Do Not Track
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com
Declining to provide information
We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
If you choose to connect to banks and other financial institutions with which we integrate through the Service, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party. Please see our list of third-party Privacy Policies here for more information.
Delete your content or close your account
You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.
The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations do not endorse or represent that we are affiliated with any third party. We do not control websites, mobile applications or online services operated by third parties and are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use. Please see our list of third-party Privacy Policies here for more information.
We employ technical, organisational, and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.
Some of our group companies and service providers are in countries outside the UK and the EU. For example, some of the companies in our group are based in the United States, United Arab Emirates and Australia, so your data may be transferred to servers, and processed, in the United States, United Arab Emirates and Australia.
As a result, it may be necessary for the personal data that we collect from you to be transferred to or accessed from outside the UK or the EU for us to provide our services.
If we do this, we have procedures in place to ensure your data receives the necessary protections. Where we transfer your personal information to countries deemed to provide an adequate level of data protection by the European Commission or the UK Government as applicable, we rely on that decision to transfer your personal information. For transfers to group companies and service providers outside the UK or the EEA where no adequacy decision applies, we use approved transfer agreements, standard contractual clauses or other transfer tools provided for in the applicable data protection legislation to protect your personal information. Any transfer of your personal data will follow applicable laws, and we will treat the information according to the principles set out in this policy.
As we process personal data relating to individuals who are residents in the European Economic Area, we have appointed a European Representative who is the key point of contact in relation to any personal data we process about EEA residents. Our European Representative will also be representing us in relation to our obligations under the EU GDPR.
Contact information for our European Representative:
Hoxton Capital Management (EU) Ltd
Mesogiou 9, Upper Floor,
7041, Larnaca, Cyprus
The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
We aim to ensure all information collected about you is done so fairly and lawfully whilst implementing robust measures to keep your information secure. If you are not satisfied with the information provided in this notice, please contact us in the first instance so we can resolve your queries or provide you with any additional information required.
If you have any queries about this notice or need more information, please do not hesitate to contact us at: firstname.lastname@example.org
Alternatively, it is your right to contact your local data protection authority (this varies depending on which country you are resident in) and lodge a complaint or refer a complaint to them that you feel we have not dealt with to your satisfaction. In the UK, the data protection authority is the Information Commissioner. For more information, please visit the Information Commissioner’s Office at www.ico.org.uk/concerns, call them on 0303 123 1113, or write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.