1. Personal Information we collect about you
“Personal Information” (“PI”) is information, or a combination of different types of information, that could reasonably allow you to be identified. PI does not include information where the identity of the individual or the specific detail of the information has been removed and is therefore anonymous. SPI is a sub-category of PI that includes PI relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.
The nature of the information that we collect will depend on the services we provide and our relationship with you. We categorize PI we process as follows (the PI listed for each category are non-exhaustive examples):
- Identification data
Full name, title, gender, marital status, date of birth, passport number, driving licence number, national identification number, signature, identification documents (for example, your passport or driving licence number), copies of any documents you have provided for identification, onboarding or verification purposes
- Contact data
Personal or business address, telephone number, email address
- Electronic Monitoring data
To the extent permitted by law, we may record and monitor your electronic communications with us
- Billing Data
Debit/credit card holder information (name/billing address) of whoever purchased something from HighCastle (processed by Stripe)
- Financial Data
Although we rely on Stripe to retain and store your credit/debit card information and we do not retain it ourselves, in the course of your use of the Platform, you may state the bank account number to be disclosed to your investors and consideration amount of investments
- Transaction Data
Details about payments from you for products and purchases you have made from HighCastle
- Marketing and Communications
Marketing and communication preferences; tracking data relating to whether you have read marketing communications from us
- Professional Information
Position/job title, work address; telephone number; email address
- Profile data
Username and password for our online services that you have access to; investment portfolio data (holdings), orders, and other activity, including your preferences and other settings; services requested; marketing communications responded to; survey responses
- Services data
Payment details to and from you; details of services you have provided to us or we have provided to you
- Technical data
Your use of and interaction with our online services; your IP address; browser type and version; browser plug in types and versions; operating system.
In limited circumstances, and where allowed by law, we may collect information about criminal convictions and offences, when legally required; dietary requirements if we are arranging catering; disability so that we can make reasonable accommodations for you in our buildings; sexual orientation if you provide details of your spouse or partner; political affiliations for us to determine whether you are a politically exposed person.
2. How do we collect personal information
We collect personal information in a number of ways, including:
- when you establish an account with us, or when another user (for instance, a user from your company) creates an account for you;
- when you create or amend your profile;
- when you use the HighCastle platform, products and services;;
- through your device or browser;
- when you submit personal information directly to us, including through the use of our websites and use of product and services at our Platform, where you submit online forms, and where you send emails or other communications to us;
- from third parties. To ensure we are providing you with information, marketing, offers and opportunities that are relevant to you, we may collect information about you from sources including our marketing partners, publicly-accessible databases and social media. We may also collect information about our user base and our marketing campaigns from our related bodies corporate, our service partners, or others;
- from your third-party service providers. We may collect information from the providers of third-party services you integrate when using our Site or Platform; and
- by running analytics or generating analytics data in connection without Site or Platform, including through queries we run in respect of use of the services and content contained in the services.
We may also create or derive PI such as creating records of your interactions with us, subject to applicable law.
Unless we otherwise indicate that the provision of specific PI is optional, any PI we request is necessary for us to provide you or your organization or entity with the products and services requested. If you do not provide the PI requested, we may not be able to provide those products and services.
3. How we use your personal information and the basis on which we use it
We use your personal information to:
- Identify and authenticate you: We use your identification information to verify your identity when you access and use our services and to ensure the security of your personal information. We do this to comply with our contractual obligations to you or your organization.
- Provide you with services: We process your personal information to provide the services you or your organization have requested. We do this to comply with our contractual obligations to you or your organization.
- Improve our services: We analyze information about how you use our services to provide an improved experience for our customers of all our services, including product testing and site analytics. It is in our legitimate interest to use the information provided to us for this purpose, so we can understand any issues with our services and improve them.
- Communicate with you: We may use your personal information when we communicate with you, for example if we are providing information about changes to the terms and conditions or if you contact us with questions. It is in our legitimate interest to provide you with appropriate responses and provide you with notices about our services.
- Market our services: We may use your personal information to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you. It is in our legitimate interest to provide more relevant and interesting advertising messages. Where necessary, we will obtain your consent before sending such marketing messages.
- Exercise our rights: We may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our applicable contract terms and conditions.
- Comply with our obligations: We may process your personal information to, for example, carry out fraud prevention checks or comply with other legal or regulatory requirements, where this is explicitly required by law.
- Customize your experience: When you use the services, we may use your personal information to improve your experience of the services, such as by providing interactive or personalized elements on the services and providing you with content based on your interests.
4. Customer Testimonials
We may post customer testimonials on our websites which might contain personal information. We obtain the customer’s consent via email prior to posting the testimonial to post their name, title, and organization name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org
5. The information we collect on behalf of our customers
Where a customer of ours has retained us to provide services and either provides us with personal information or requires us to collect personal information on their behalf in connection with such services, then our use of such personal information shall be limited to the purpose of providing these services.
In the circumstances described under this Section, we have no direct relationship with the individuals whose personal information we process. If your data is processed on behalf of one of our customers, please contact the customer you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers (Terms of Services).
An individual whose data is being processed in the circumstances described in this section should direct any queries with respect to access, correction, amendment, or deletion of inaccurate data to our customer (the data controller). If requested to remove data, we will respond within a reasonable timeframe.
Personal information processed under this section will be retained as long as needed to provide services to our customer. We will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
6. To whom we disclose your PI
We may disclose the personal information we collect:
- Business Partners. We disclose personal information with our third-party partners, when such sharing is necessary to provide a Service you request. For example, we will share your information with authorities when you requested filings services.
- Service Providers. We disclose personal information with our third-party vendors, consultants and other service providers that perform services on our behalf, which may include hosting services, administrative or business management services, analytics services, technology services (including web and mobile platforms, email communications providers and data storage providers) and payment processing services for any orders you may make.
- Business Transaction or Reorganization. If HighCastle or some or all of our assets are acquired or otherwise transferred, or in the unlikely event that we go out of business or enter bankruptcy, the personal information of our users may be transferred to or acquired by a third party.
- Legal Obligations and Rights. We may disclose
personal information to third-parties, such as legal advisors and law
- satisfy any applicable law, regulation, subpoena/court order, legal process or other government request;
- enforce our Terms of Service, including the investigation of potential violations thereof;
- investigate and defend ourselves against any third-party claims or allegations;
- protect against harm to the rights, property or safety of HighCastle, our users or the public as required or permitted by law; and
- detect, prevent or otherwise address criminal (including fraud), security or technical issues.
- Consent. We may disclose personal information about you to certain other third-parties, including publicly or privately, with your consent. For example, if you post comments on our public blog, we share the information you provide, such as your name and the content you post, with the general public. Or you give your consent to be included in our database for a purpose to disclose your contact to a company admin if the company has been matched according to your investment preferences.
7. International transfers and transfers to service providers
Your personal information may be transferred to, stored and processed in various countries, including those that are not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
8. Your privacy rights
You have the following privacy rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by using the setting made available via the Site or Platform or by, if settings are not available via the Site or Platform, by contacting us using the contact details provided under the “Contacting HighCastle about Privacy” heading below.
- In addition, if you are a resident of the European Union, you can object to processing of your personal information or ask us to restrict processing of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contacting HighCastle about Privacy” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contacting HighCastle about Privacy” heading below.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a privacy authority about our collection and use of your personal information. For more information, please contact your local privacy authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable privacy laws.
Please note that we do not offer any of the rights described above with respect to any personal information that is incorporated in any User Content. We process such content on behalf of our customers and if your personal information is contained in any such content, you should contact the customer on whose behalf we have stored the information
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to email@example.com
9. Age limitations
HighCastle does not allow the use of our Services by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data through the Services, please contact us and we will take steps to delete such information.
10. Third-party marketing/sale of PI
We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes.
11. Links to Third-Party Websites and Services
The Services may contain links to and from third-party websites of our business partners, advertisers, and social media sites and our users may post links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third-party sites.
12. PI retention
We will process your PI for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements or for the establishment or defense of legal claims.
13. PI security
We use a range of physical, electronic and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include:
- education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;
- administrative and technical controls to restrict access to PI;
- technological security measures, including fire walls, encryption (industry standard SSL encryption with 128-bit key lengths), and anti-virus software;
- physical security measures, such building access controls;
- external technical assessments, security audits and vendor due diligence;
- perimeter security;
- segregation of networks;
- application security;
- endpoint security;
- real-time monitoring of data leakage controls;
- layered and comprehensive cybersecurity defences; and
- security incident reporting and management.
The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any PI by open/unsecure channels over the internet. We endeavour to protect personal information but cannot guarantee the security of data transmitted to us or by us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
15. Contacting us
If you wish to exercise any of your rights, or have questions concerning this notice, please contact:
HighCastle Technologies Ltd, 81 Unit C, Curtain Road, London, England, EC2A 3AG, United Kingdom.
16. Updates to this Policy
We may update this Policy from time to time. If we make any changes to this Policy, we will change the "Last Updated" date at the top of the Policy and will post the updated Policy on this page. If we make material changes to this Policy, we will notify you by email to your registered email address, by prominent posting on this website or our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.
Last Updated: 8th of May, 2021