In accordance with the General Data Protection Regulations (GDPR) we are required to clearly state what personal data we process, why we process it and what your rights are when it comes to this data and its use.
CrowdX (“CrowdX Ltd” or “We”) is a data controller and is responsible for your personal data.
Why We Hold Your Data
CrowdX Ltd is the appointed representative of Prosper Capital LLP which is authorised and regulated by the Financial Conduct Authority in the UK to carry out certain regulatory activities.
We process certain personal data whenever we enter into a business relationship with someone.
We collect personal data from you under the following lawful bases as allowed under the GDPR:
- in order to carry out our contract with you;
- in compliance of a legal or regulatory obligation, such as carrying out anti-money laundering checks or monitoring our appointed representatives; or
- for our legitimate interests as long as they do not override your interests or fundamental rights or freedoms. This might include the legitimate interest of third parties as well.
The purposes for which we collect your data include:
- identifying you and processing applications to any funds;
- carrying out any appropriateness or suitability assessments;
- carrying out anti-money laundering checks to prevent fraud;
- monitoring our appointed representatives to ensure compliance with regulation;
- carrying out our services under any contracts;
- managing our business;
- carrying out our regulatory and legal reporting obligations;
- dealing with any legal disputes.
We will only process your personal data for the purpose that it is collected, unless we reasonably consider that we need to use it for another purpose which is compatible with the original purpose. If we need to use the personal data for another purpose, we will contact you beforehand to let you know of the lawful basis for the use, unless we are permitted by law to process the data without doing so.
Failure to provide the personal data may mean that we are unable to carry out our contract with you or approve your application to any fund that we manage.
Types Of Personal Data We Collect
The types of personal data we collect may be:
- identity data, such as passport and driving licence,
- contact data,
- financial data, such as source of funds, bank account details,
- transaction data, including past transactions you may have carried out,
- technical data and
- marketing and communication data.
In certain circumstances we may be required to carry out enhanced due diligence checks to comply with our obligations under the Money Laundering Regulations 2019. These enhanced checks may reveal information about criminal convictions or information about an individual’s political opinions and associations and/or other special categories of personal data which are subject to additional protections under the GDPR. We will only collect and process such information to the extent necessary to comply with our legal or regulatory obligations and in accordance with the applicable data protection laws.
Where Do We Collect The Data From?
Most of our data is obtained directly from you, however we may collect data from third parties such as independent financial advisors or credit agencies or from public sources such as Companies House.
We also collect data through our website [details of data collected].
Sharing Your Data
When required we may share your data:
- with our Principal, Prosper Capital LLP and the Financial Conduct Authority;
- with other governmental organisations such as the National Crime Agency or the Financial Ombudsman Service;
- Law enforcement agencies;
- with third parties, such as a financial or tax advisor at your request;
- we may need to share your data with third parties, such as a custodian or nominee, in order to carry out our services, or in order to protect our rights, systems and services, for example with legal counsel or information security personnel.
Retaining Your Data
We will retain your data only as long as is necessary, or as we are required to do so under our legal and regulatory obligations, depending on the nature and sensitivity of the data. We have processes in place to destroy personal data when we are permitted to do so.
Under the GDPR you have certain rights in relation to your personal data as set out below:
- Right of subject access.
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to opt out of marketing
- Right to object to processing of personal information in certain circumstances
- Right to data portability
- Right to withdraw consent.
In addition you also have the right to make a complaint at any time to the Information Commissioner’s Office, which is the supervisory authority for data protection issues at www.ico.org.uk