CROWDCUBE LIMITED (“Crowdcube” “we”, “us”) are committed to protecting and respecting your privacy.
Last Update Effective Date 9 May 2017
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you provided at the time of requesting goods, services or information from us:
• Information that you provide to us by filling in forms on our site supdate.com and mobile applications (“Our Site”). This includes contact information such as name, email address, mailing address, phone number, financial information such as bank or brokerage account numbers, unique identifiers such as user name, account number, password, date of birth and preferences information such as favourites lists, transaction history, marketing preferences. If you chose to list your company and shareholder investor relations with us, we may ask for information about your business such as company name, company size, business type and personal data such as a professional profile and for a list of investors and their email address which you must have either consent or a legitimate purpose to both contact and to share with us. Where we process third party personal data on your behalf Crowdcube is the data processor and you are the data controller.
• Information that you provide to us when you write to us (including by email).
• Information that you provide to us when we speak to you by telephone. We may make and keep a record of the information you share with us.
• Information that you provide to us by completing surveys.
• Details of transactions you carry out through Our Site and of the fulfillment of your orders.
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, to analyze trends, to administer Our Site, to track users’ movements around Our Site and to gather demographic information about our user base as a whole.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
• To ensure that content from Our Site is presented in the most effective manner for you and for your computer. This is in our legitimate business interests.
• To provide you with information, products or services that may be of interest to you, where you have consented to be contacted for such purposes.
• To carry out our obligations arising from (i) legal obligations and/or (ii) any contracts entered into between you and us to provide information, products or services that you have requested and notify you about changes to our goods and services.
If you are an existing customer/member, we may contact you by electronic means (fax, email or SMS) with information about goods and services similar to those which were the subject of a previous sale to you. We will not otherwise contact you by electronic means to provide you with information about goods and services which may be of interest to you, unless you have consented to this.
If you do not want us to use your data in one or more of the ways mentioned above, please let us know by contacting us at firstname.lastname@example.org or refer to additional instructions in the “Your rights” portion of this policy.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
In addition to the above, we may disclose your personal data to third parties:
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. You will be notified via email and/or prominent notice on Our Site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
• If Crowdcube or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are, or believe in good faith that we are, under a duty to disclose or share your personal data in order to comply with any legal obligation,; or permitted by law in order to enforce or apply our Terms and Conditions of Website Use and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
• If you have made an investment or applied to invest in a company via www.crowdcube.com, your personal data may be disclosed to the company (or the company’s professional representatives) that you have invested or applied to invest in. If you request a business plan or contact a business or entrepreneur via a pitch page your contact details may also be shared with that business or entrepreneur.
We may provide your personal data to companies that provide services to help us with our business activities such as shipping your order, processing payments, offering customer services or to improve our business operations. These companies are authorized to use your personal data only as necessary to provide these services to us.
We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisements to that target audience.
You have the right to access information that is held about you. To protect your privacy and security, we’ll take reasonable steps to verify your identity before providing copies of any relevant materials.
You may be entitled to ask us:
• for a copy of your information;
• to correct or erase your information;
• to restrict or stop the processing information;
• to transfer some of this information to other organisations; and
• where we have asked for your consent to process your data, to withdraw this consent.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
Where we require information to comply with legal or contractual obligations, then provision of such data is mandatory: if such information is not provided, then we will not be able to meet obligations placed on us or manage your transactions on Our Site. In all other cases, provision of requested information is optional.
We hope that we can satisfy queries you may have about the way we process your information and resolve any complaints you may have. We encourage you to come to us in the first instance but you are entitled to complain directly to the relevant data protection authority.
How to exercise your rights
You can correct, change or delete your information in your member account setting page. You can stop receiving our newsletters or marketing emails by following the unsubscribe instructions included in these emails or accessing the email preferences in your account settings page. Alternatively, or to access any of the other above rights, you can email our Customer Support at email@example.com or by contacting us by telephone or postal mail at the contact information listed below.
HOW LONG WE RETAIN YOUR INFORMATION
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, which in some cases involving the collection and processing of financial data may require a retention period of 7 years (or longer if required by law).
COOKIES and Tracking Technologies
Technologies such as: cookies, beacons, tags and scripts are used by Crowdcube Limited and our partners, including marketing partners affiliates, or analytics service providers and business process service providers. These technologies are used in analyzing trends, administering Our Site, tracking users’ movements around Our Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Additionally, we use an ad-publishing service to display 3rd party ads on Our Site. When you view or click on an ad a cookie will be set to help better provide advertisements that may be of interest to you on this and other Web sites. You may opt-out of the use of this cookie by visiting the above tracking preference managers.
Local Storage Objects (Flash/HTML5): Third parties with whom we partner to provide certain features on Our Site or to display advertising based upon your Web browsing activity use LSOs such as HTML 5 or Flash to collect and store information.
Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
HOW WE STORE, PROCESS AND SECURE YOUR INFORMATION
The data that we collect from you may be transferred to, and stored at, a destination inside or outside the European Economic Area (“EEA”). It may also be processed by staff operating inside or outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services. Access to your information is limited to those who have a need to manage it. Where your information is transferred from the EEA to a country that is not subject to an adequacy decision by the EU Commission, we will seek to ensure that it is adequately protected by (i) ensuring that EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules are in place or (ii) relying on derogations (e.g. contractual necessity). A copy of the relevant mechanism can be provided for your review on request, using the contact details provided below.
All information you provide to us via email or Our Site is stored on our secure servers.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of Our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The security of your personal data is important to us. When you enter sensitive information (such as bank account information) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on Our Site, you can contact us at firstname.lastname@example.org
ADDITIONAL PRIVACY INFORMATION
Blog / Discussions
Our Site offers a publicly accessible blog and community discussions. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community discussions, contact us at email@example.com.In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why.
Links to 3rd Party Sites
Our Site may, from time to time, contain links to and from the websites of our suppliers, partner networks, advertisers, affiliates and other third parties. If you follow a link to any of these websites, please note that these websites should have their own privacy policies and we do not accept any responsibility or liability for these policies or the content or operation of these websites. Please check these policies and the terms of the websites before you submit any personal data to these websites.
We will list you in our publicly accessible member directory. If you wish to request removal of your information or the deletion of an unauthorized profile from our directory, you can contact us at firstname.lastname@example.org.
The profile you create on Our Site will be publically accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Social Media Widgets
You can log in to Our Site using the sign-in service such as LinkedIn, Facebook and Google. These services will authenticate your identity and provide you the option to share certain personal data with us such as your name and email address to pre-populate our sign up form. Services like LinkedIn, Facebook and Google may give you the option to post information about your activities on Our Site to your profile page to share with others within your network.
We provide an integration with Slack.
When you connect your Supdate account to your Slack account we store your channel information so that we can send the requested notifications in to your channel.
We do not (and do not have the ability to) read or store any information from your Slack channel.
Fourth Floor Broadwalk House
Data Protection Officer; Paul Massey (contact at support address below).
Office Opening Times:
Mon to Fri – 0900 to 1700
Saturday – CLOSED
Sunday – CLOSED
Tel. 01392 241319