Cogress are committed to protecting and respecting your privacy, please read how we use your information
Cogress Limited – company number 08950180
Cogress Finance Plc – company number 11888685
Cogress Lending Limited – company number 11895120
MIS Operations Limited – company number 09120003
In this Policy ‘Cogress Entities’ or ‘we’ or ‘us’ or ‘our’ means all the firms listed above.
All the Cogress Entities are companies registered in England and Wales, with registered address at 5 Broadbent Close, Highgate, London, N6 5JW, United Kingdom. All are registered with the Information Commissioner’s Office (‘ICO’).
The Cogress Entities are committed to protecting and respecting your privacy and that of your personal data in accordance with the General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018.
What is ‘personal data’?
Personal data, also referred to in this Policy as ‘personal information’, is any information that can be used to identify you, directly or indirectly, alone or together with other information, for example your full name, contact details, email address, precise location, device IDs, bank account information and certain computer cookies.
Personal data about you we may process includes your full name, age, date of birth, contact details, email address, home address, proof of identity, passport number, bank account details, IP address and information regarding how you interact with our websites.
Purpose of this Policy
This Policy provides you with information we are required to provide to you by the GDPR. It lets you know how the Cogress Entities collect, process, protect, use and share (‘process’) the personal information you provide to us and the personal data we collect from you and about you in the course of operating our business and our websites in respect of our products and services (‘products’).
This Policy applies to any person including, amongst any others, existing investors, potential investors, persons registering on our websites, developers, job seekers, contractors and service providers who are, from any device, visiting, using, registering on, or interacting in any other way with our websites, applications, offline activities, products and services It applies to any other instance where we may collect personal data from individuals such as during events and webinars organised by us. It also applies to any personal data we may collect or obtain through any medium, including telephone, email, letter, registration form, via social media, online, via our relevant service providers, or during face-to-face meetings or at events.
Information you may provide to us
The Cogress Entities may process your personal data because you, or other relevant third party (e.g. a service provider), provide it to us, or because the personal information is publicly available.
We may process data about you because, amongst any others:
- You registered via our websites - including completing our online forms, to receive information on our products to become a potential or actual investor.
- You contacted, interreacted or communicated with us - to receive information on our products, to attend an event or webinar organised by us, or to become an Introducer, an investor or a potential investor; or to offer us your products and services, or looking for a job opportunity, or you responded to our communications; or you contacted us with a query, complaint or expression of dissatisfaction; or you are not an investor but are involved in one of our investor’s matters (i.e. you are an Introducer and referred an investor to us, or you are an investor’s ‘primary contact’ or an investor’s legal counsel).
- Via social media - you interacted with us on our social media accounts.
- In connection with the provision of our products to you - you will provide us with personal information about you when you, or the company you represent, wish to invest in our products or become a business partner (e.g. when you complete the Investor Profile & Appropriateness Questionnaire, and when we conduct the required anti-money laundering (‘AML’) and Know Your Customer (‘KYC’) checks on you).
- You called our offices - we keep a record of your telephone number, and call as applicable. We record our calls for training purposes only, and these are purged after a very short period of time. We only keep a small sample of calls as proof of internal monitoring regarding staff training.
Information about you we may receive from other third parties
To continually improve our products, websites, business and marketing activities and to comply with legal and regulatory requirements, we may engage third parties such as lead providers, marketing and technology consultants, accountants regarding tax matters, media agencies, online providers of Anti Money Laundering and KYC services, credit checks agencies, recruitment agencies, artificial intelligence marketing consultants and other business partners. As such, we may receive and process personal data from them.
How we may use your personal data
We may use your personal data for the following purposes:
- To provide our products to you - for our and your legitimate interest, as it enables us to send you information about upcoming investment opportunities, new products, events, webinars and on progress of your existing investment(s).
- To comply with our legal and regulatory requirements - when we are required to undertake, for example, initial and ongoing anti-money laundering (‘AML’) and Know Your Customer (‘KYC’) and investor appropriateness checks; or we need to investigate and manage a complaint or expression of dissatisfaction we may receive from you. We have a legitimate interest in conducting such checks, in addition to being an obligation.
- To enter into a contract - if we need to process personal data to fulfil our contractual obligations, which you have requested from us (e.g. becoming our investor), including steps we may need to take at your request before entering into a contract. The processing is necessary for a potential or existing contract we have with an individual or company.
- For the legitimate interest of improving our products and business - For advertising, marketing and business development purposes, including marketing activities, building up investor profiles and that of persons interacting with our websites, managing a survey and undertaking business research and analysis.
- For the legitimate interest of operating our products and business - including to monitor and keep records of communications between you and our staff, to conduct required due diligence, managing and operating out websites, for training purposes, to update and enhance our records, to ensure the security of our systems and websites and for general overall business analysis for management purposes.
- To establish, exercise or defend our legal rights - or for the purpose of any legal proceedings and for crime prevention (e.g. manage any actual or potential fraud or illegal activity).
Where we rely on our legitimate interest to process personal data we do so because we have a genuine and legitimate reason to do so and we are trust we are not harming any of your rights and interests.
Transfers of personal data to any third countries
We may transfer and process your personal data, or part of it, with third parties located outside of the European Economic Area (‘EEA’). (e.g. to entities that make up our international network). We will only transfer and process your personal data with such parties in strict compliance with GDPR requirements, and only if the European Commission has decided that the third country in question ensures an adequate level of protection of your personal data. We will also ensure there is a GDPR complaint contract/agreement in place between the parties.
By providing us with your personal data, you are agreeing to your personal data being transferred and processed as described above. Please contact us if you have any questions regarding such transfers.
How we may share information about you with third parties
We may share your personal data as follows:
- With third party service providers - agents, suppliers, contractors or consultants (e.g. IT, CRM and communications service providers, legal advisors, banks, developers, external compliance consultants, providers of online AML and KYC checks and companies assisting us with the optimisation of our websites (e.g. search engine optimisation and analytics).
- With law enforcement agencies and regulators - to the extent required by law (e.g. court order, police) and regulation (a request by a regulator).
- With business partners - with our business partner investment platform and HMRC-authorised ISA Manager which allows the relevant Cogress Entities to provide, deliver and operate the innovative Finance ISA (‘IFISA’) and the Cogress Finance Property Bonds investment products.
- Within the Cogress Entities - We may process your personal information with any member of the Cogress Entities, including all companies and persons included in the organisational structure.
- With affiliated companies - we may share personal data with any affiliated companies of the Cogress Entities; current and any future ones.
- To a buyer or potential buyer - of all, or part, of our business, in the event that we sell or buy any business or assets, we may be required to disclose your personal data to the prospective seller or buyer, including any third-party service provider involved in the transaction.
We will only share personal data with a third-party subject to satisfactory due diligence, bound by obligations of confidentiality, and in accordance with any applicable legal and regulatory requirement, and subject to a GDPR compliant legal agreement being in place.
GDPR rights for individuals
Under GDPR and the Data Protection Act 2018 you have a number of rights in relation to the processing of your personal data. Please note that rights may be limited and subject to restrictions in certain situations. Regarding personal data we may hold and process, you have the:
- Right to be informed - we keep you informed about the collection and use of your personal data via this Policy.
- Right of access - to request access to the data we may hold about you
- Right to request deletion
- Right to rectification - to request that your personal data we hold is corrected / updated
- Right to request data portability - that the personal data we hold about you is transferred to another person.
- The right to object - to your personal data being processed for marketing purposes.
- Right to complaint - to the Information Commissioner’s Office (‘ICO’) if you believe we processed your personal data inappropriately. You can do this at org.uk/make-a-complaint/.
If you no longer wish to receive marketing communications from us, emails us, or simply click on the ‘unsubscribe’link which you’ll find at the end of all our communications.
However, note that the use of email communication is at the center of our business model. Once you register via the Cogress Entities websites we will send you emails about our products. If you become an investor, via email we will send you regular updates and important communications about your investment(s). By registering on our websites, you are accepting that we will communicate with you via email. If you opt-out of receiving email, it may be difficult or impossible for us to deliver our products and services to you.
The Cogress Entities will not charge for subject access requests, and we will respond within one month of receiving your request. We may charge you if the request(s) are manifestly unfounded or excessive (e.g. repetitive). If we consider your request to be complex, a further two months may be required. We will always keep you updated on progress.
Rest assured that we will only email you about products that may be of interest to you based on your registration or/and investment with us, and to make improvements to that product and service which will benefit all involved. Emails we send to you will not be excessive and we will never send unsolicited email messages sent in bulk (spamming).
For complete information on your individual rights under the GDPR visit the ICO website.
Security and data retention
We strive to ensure your personal information is kept and managed securely. All personal data we hold is stored on secure systems and monitored on an ongoing basis.
You are fully responsible for keeping secure and strictly confidential any password we may provide to you to access the relevant parts of the Cogress Websites (i.e. Investor Portal, IFISA / Bonds online platform). We strongly recommend you do not share your passwords with other people.
We cannot guarantee that your personal data will be secure when it is being transmitted via email / the internet, because of the inherent risks presented by such systems. We cannot guarantee the security of any information you transmit to us in such way, and you do so at your own risk. We accept no responsibility or liability whatsoever for any loss or damage you may suffer as a result of such transmission; you are fully responsible. Once we receive your personal information, we make our best effort to ensure it is kept securely on our systems at all times.
Personal data retention period
Typically, we retain personal data for a period of 6 years - to ensure we can provide you with a continuous service and for legal and regulatory purposes.
Cogress does not intentionally request or collect or store information about children.
Keeping information up to date
We strive to keep personal data we hold up to date and to ensure it is accurate. Please contact us if you wish to let us know that the information we hold about you needs updating or correcting.
Changes to this Policy
We keep this Policy under regular review and will place any updates on this webpage. To ensure you are aware of any changes to this Policy which may be relevant to you, please check this Policy every time you visit our websites.
For complete information on GDPR and all related matters, visit the Information Commissioner’s Office (‘ICO’) website at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/. The ICO is the UK’s independent regulatory office (national data protection authority) dealing with the Data Protection.
For any questions regarding our GDPR arrangements or your personal data, or to exercise any of your rights under GDPR, please contact Ilanit Orly as follows:
Address: Cogress Limited, 50 Eastcastle Street, 2nd Floor,
London, W1W 8EA, UK
E-mail: [email protected]
Tel.: (+44) 020 7100 9744