Bricklane Investment Services Ltd (“We” or “Our”) are committed to protecting and respecting your privacy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting bricklane.com you are accepting and consenting to the practices described in this policy.
For the purpose of the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”), the data controller is Bricklane Investment Services Ltd of 20 Baltic Street, London, EC1Y 0UL. We are registered with the Information Commissioner’s Office with reference number ZA203927.
Information we may collect
We may collect and process the following data about you:
Information you give us:
You may give us information about you by filling in forms on the website or on paper, or by corresponding with us by phone, e-mail, online chat, face-to-face meetings with our team, customer surveys or otherwise. This includes information you provide when you register to use the website, subscribe to our service, make an investment through the website, and/or when you report a problem with the website. The information you give us may include:
- Contact details and information to confirm your identity, such as name, address, date of birth, e-mail address, phone number and password (your password is hashed so we can never see it)
- Registered company information, such as company name, registration number, registered office, operating and trading activities, shareholders information, details on directors (current and previous) and contact details for the registered contact
- Financial information, such as debit card and banking details
- Nationality and tax identification numbers e.g. National Insurance number
- Information on transactions carried out using our website
- ‘KYC’ information, such as identification documents or other verification documents, as well as information in relation to or documents to evidence your source funds or wealth
- Communications with us, such as emails, online chats and phone calls
- Consents or any permissions that you give us to process your personal data, including communications that you would like to receive from us
Information we collect about you:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- Information about your visit to our website including the full Uniform Resource Locators (URL) clickstream to, through and from the website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number
Information we receive from other sources:
The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors, our ‘KYC’ provider, our card payment provider, your financial adviser or wealth manager, companies that have introduced you to us, your existing financial services provider, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Referral Program: If you participate in our referral program (or other “Invite a Friend” features that may be available on our website), we may collect your email address if submitted by another user participating in our referral programme. We will only use this information to send the recipient containing information about the referral program and a description of the Bricklane’s product. We do not use the email addresses submitted in these circumstances for any other purpose without the consent of the email recipient to do so. Please ensure that you only submit email addresses of individuals with whom you have a personal or family relationship and who would want to receive the email from you.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
Strictly necessary cookies
These are cookies that are required for the operation of our website, including our internet chat service. They include, for example, cookies that enable you to log into secure areas of our website, continue your application process, or manage your account.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and provide customer support via website chat.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Uses made of the information
We are only allowed to use your personal information if we have a lawful reason for doing so. We will use your information if we can satisfy that processing it is necessary:
- to provide our product and/or services to you;
- in order for use to comply with a legal or regulatory obligation;
- when it is in our ‘legitimate interests’. This is where we have a business or commercial interest to use your information as long as it does not overly prejudice you); and/or
- when you consent to it.
We use information held about you in the following ways:
To deliver our product and services to you: Where you have opened an account with us we have contractual obligations to meet and so we will process your personal data to provide these services to you. Our use of your personal data in this way enables us to:
- carry out our obligations arising from any contracts entered into between you and us, such as completing investments transactions and reporting transaction activity to you, and
- carry out business, financial and strategic planning and reporting for our business so that we can continue to offer our services to customers. We want to ensure that content from the website is presented in the most effective and secure manner for you and for your devices. We also need to administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
To make our website better and administer it effectively: We want to ensure that content from the website is presented in the most effective and secure manner for you and for your devices. We also need to administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
The legal basis on which we process your personal data in these circumstances is our legitimate interest to provide you with the best possible website we can, and to ensure that our website is kept secure.
To communicate with you: This may include:
- Providing you with information you’ve requested from us or information we are required to send to you
- Operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
- Asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with)
- Assisting with the resolution of support issues or other issues relating to the website or services, whether by email, internet chat, by telephone or otherwise
- Marketing communications (about Bricklane or another product or service we think you might be interested in). In addition to sending you marketing communications directly, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms. We also measure the effectiveness of advertising we serve to you. (The legal basis for our marketing communications is outlined below.)
To fight against fraud and meet our anti-money laundering obligations: We have legal obligations to verify your identity and perform other verification procedures to protect customers against fraud and comply with financial crime laws.
To meet our legal and regulatory obligations: We are required to meet various regulatory requirements, including undertaking financial and regulatory audits, providing reports and filings to regulatory and tax authorities, and meeting requirements set out by regulatory bodies.
Who do we share your information with?
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- A member of the Bricklane group, which means our holding companies and any subsidiaries, as well our investment vehicles.
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, such as our card payment provider, our banking provider, our regulatory principal (Gallium Fund Solutions Limited), IT and cloud service providers and our auditors.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
- Analytics and search engine providers that assist us in the improvement and optimisation of the website.
- Credit reference agencies and third party providers for the purpose of confirming your identity to meet anti-money laundering regulations and for assessing your credit score where this is a condition of us entering into a contract with you.
- Tax authorities, regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights.
- Other people where we have your consent.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Bricklane Investment Services Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of website use, investment terms and conditions and other agreements; or to protect the rights, property, or safety of Bricklane Investment Services Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us and with controls in place in order to protect your information.
We do not sell your data to any third parties.
What marketing do you carry out?
We may use your personal information to provide you with information about products or services that may be of interest to you.
We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so. ‘Legitimate interest’ is where we have a business or commercial reason to use your information as long as it does not overly prejudice you.
You may opt-out of receiving marketing communications from us or withdraw your consent by contacting us at email@example.com or, where relevant, by following the unsubscribe link in any email that you receive from us.
Irrespective of your contact preferences, you will still receive transaction statements from us, and other important information such as any changes to existing products or services.
How long do we keep your personal information for?
We only keep personal information for as long as reasonably necessary to fulfil the relevant purposes described in this policy and in order to comply with our legal and regulatory obligations.
Where do we store your personal information?
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA”). You are deemed to accept and agree to this by using our website and submitting information to Us. If we do store data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
All information you provide to us is stored on secure servers. Any payment transactions will be transmitted via encrypted channels using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. You must not share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
As a data subject, you have various rights to protect your data, which are:
- The right to be informed about our collection and use of personal data;
- The right of access to the personal data we hold about you;
- The right to rectification if any personal data we hold about you is inaccurate or incomplete;
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained above, but if you would like us to delete it sooner, please contact us using the details below);
- The right to restrict - i.e. prevent the processing of your personal data;
- The right to data portability - i.e. obtaining a copy of your personal data to re-use with another service or organisation; and
- The right to object to us using your personal data for particular purposes.
You can exercise such rights by contacting us at firstname.lastname@example.org
How to complain
If you want to make a complaint about how we have handled your personal information, please contact us at email@example.com and we will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the UK’s data protection regulator – the Information Commissioner’s Office – https://ico.org.uk.
Links on our website or email communications
The website or emails that we send you may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Data Protection Officer
We have appointed a data protection officer ("DPO"), Richard Hodgson. Our DPO has a number of important responsibilities including:
- Monitoring our compliance with the GDPR and other data protection laws;
- raising awareness of data protection issues, training staff and conducting internal reviews; and
- cooperating with supervisory authorities such as the ICO on our behalf.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us or our DPO by emailing firstname.lastname@example.org.