Cogress are committed to protecting and respecting your privacy, please read how we use your information
From 25 May 2018, this policy applies to any person –including existing investors, potential investors, developers, service providers and introducers – registering, using or interacting with Cogress’ website www.cogress.co.uk (“website”), applications, offline activities, products and services, from any device, and any other instances where Cogress collects your personal data.
In this policy, we aim is to provide you information which is concise, transparent, intelligible, easily accessible and uses clear and plain language. We take your privacy seriously and will only use your personal information to provide the products and services you have requested from us.
“Personal data” is information that can be used to identify you, directly or indirectly, alone or together with other information (e.g. full name, contact details, precise location, device IDs, certain cookie).
For complete information on GDPR and related topics, visit the Information Commissioner’s Office (“ICO”) website at www.ico.org.uk.The ICO is the UK’s independent regulatory office (national data protection authority) dealing with the Data Protection.
As applicable, we are the data controller of your personal data. “Data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
Cogress is registered with the Information Commissioner’s Office (“ICO”).
Contact Details & Data Protection Officer
We have voluntarily appointed the role of Cogress’ Data Protection Officer (“DPO”) to Ilanit Orly, Director and Chief Operating Officer. For any queries or questions on this policy, or to contact the DPO, contact details are as follows:
- Address: Cogress Limited, 50 Eastcastle Street, 2nd Floor, London, W1W 8EA, UK
- E-mail: [email protected]
- (+44) 020 7100 9744
Information that you provide to us
Cogress may obtain personal information about you because you or other third parties (e.g. a service provider in respect of the products and services) provide it to us, or because the information is publicly available (e.g. on your LinkedIn profile).
The personal data that we may collect and process may include your full name, age, date of birth, gender, contact details, proof of identity and address, nationality, employment and investments history, financial information, bank account details, complaint details and how you interact with our website.
We will process personal information that you give to us as follows:
- Signing up to receive information on Cogress’ products and services– when you register on our website (i.e. as a high net worth investor or a self-certified sophisticated investor) to become an investor or a potential investor of Cogress; or when, in any capacity (e.g. existing or potential service provider), you contact us with queries (i.e. via phone or e-mail); or respond to our communications.
- In connection with the provision of our products and services to you– you will provide us with personal information, when you, or the company you represent, or we will obtain information about you, when you wish to become or become an investor of Cogress (e.g. information you provide by completing our Appropriateness Questionnaire and when we conduct anti-money laundering (“AML”) and Know Your Customer (“KYC”) checks on you). If you are not an investor, we may also collect or receive your personal information because you are involved in one of our investor’s matters (i.e. you referred an investor to us, or are an introducer). This process may include processing special category of data (e.g. biometrics where used for ID purposes).
- Developers– when, as a Developer or related party, you contact us to explore the possibility of doing business with Cogress. Subsequently, Cogress may process extensive information about a developer to undertake the due diligence process, and during the business relationship.
Cogress does not intentionally request or collect or store information about children.
If you change your mind about being contacted in the future by Cogress, please let us know.
Other information that we otherwise collect from you
What do we use your personal data for?
Your information will enable us to keep you informed of and to supply our products and services. By registering on the website, you also agree that we may contact you as necessary. We may use the information we obtain about you as follows:
- To comply with our legal and regulatory obligations (e.g. record-keeping requirements, conducting AML and KYC checks, at application and periodically thereafter, and to determine your appropriateness to investment).
- To provide products and services to investors.
- To provide information on investment opportunities to potential investors and repeated investors (including about important changes, or developments to, as applicable, the website, our products and services and business).
- To operate and improve our products, services and business.
- To provide personalised content to you (e.g. tailoring our products and services and our digital customer experience to you).
- To update and enhance our investors’ and potential investors’ records.
- For advertising, marketing and business development purposes (e.g. to provide you with innovative products and services, including sending you newsletters, updates, marketing communications and other information that may be of interest to you, including via social media and digital channels (e.g. LinkedIn)); to make automated decisions on whether to offer you a product or service.
- To establish, exercise or defend our legal rights, or for the purpose of any legal proceedings, and for crime prevention (e.g. manage any actual or potential fraud or illegal activity).
- For our legitimate business interests (e.g. undertaking business research, analysis, due diligence on developers, managing the operation of our websites and our business and general analysis for management purposes).
- To investigate any complaint or expression of dissatisfaction we may receive from you, and to contact you for your views on our services (e.g. survey).
- To monitor and to keep records of our communications between you and our staff.
Transfers of the personal data to any third countries
We may transfer and share, as applicable, your personal data, or part of, with third parties (e.g. a data processor (“data processor” is a person, or organisation, which processes personal data for the data controller), or entities that make up our international network) located outside of the European Economic Area (“EEA”). We will only transfer, or share, your personal data to such parties where:
- The European Commission has decided that the third country in question ensures an adequate level of protection, for the rights and freedoms of data subjects in relation to the processing of personal data; and
- There is a GDPR complaint contract/agreement between Cogress and the third party in respect of such transfer.
By providing us with your personal data, you are agreeing to the transfer, storing, and/or processing of your personal data as explained above. Please contact us with any questions you may have regarding such transfers.
How we share information with third parties
We may share your personal information outside of the Firm, and this may include with:
- Third party agents/suppliers, or contractors (e.g. IT and communications service providers).
- Third parties relevant to the product and services we provide (e.g. banks, law firms, developers).
- To the extent required by law, regulation or court order (e.g. FCA, if we are under a duty to disclose your personal information in order to comply with any legal obligation).
- Our partner investment platform which allows Cogress to offer the innovative Finance ISA to our clients. Our partner investment platform is authorised and regulated by the Financial Conduct Authority and is a HMRC-authorised ISA Manager.
We will only share personal information with a third party bound by obligations of confidentiality and in accordance with legal and regulatory requirements.
What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to process your personal information, namely:
- Consent– we may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us for some of our processing of special categories of personal data, such as your health and if you are a vulnerable individual).
- Performance of a contract– we rely on this lawful basis if we need to process your personal data to fulfil our contractual obligations which you have requested from us (e.g. becoming an investor of Cogress), including steps we may need to take at your request before entering into a contract.
- Legitimate interest– we may use your personal information for our legitimate interests. Under legitimate interests we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests (e.g. use this information to share updates with you about our products and services, which we believe may be of interest to you; or because of our legitimate interests in the performance of activities that form part of the operation of our business).
- Compliance with law or regulation– we may use your personal information as necessary to comply with applicable law and/or regulation (e.g. AML and KYC checks).
Under GDPR, you have a number of legal rights in relation to the personal information that we hold about you, and you can request to exercise any of the rights by contacting us at [email protected]
Your rights are:
- Right to be informed– to be given information about how your data is being processed and why. (e.g. the information provided to you in this policy)
- Right of access– you have the right to access the personal data which we hold about you.
- Right to rectification– to have your personal information corrected if inaccurate or incomplete.
- Right to erasure– to have your personal data erased.
- Right to object and to restrict processingof your personal data.
- Right to data portability– it allows you to obtain and reuse their personal data for their own purposes across different services (only applies to information you have provided to us).
- Right to withdraw consent
- Right to lodge a complaint with the relevant data protection authority– if you think that any of your rights have been infringed by us, you can lodge a complaint with the ICO.
Please note that your rights may be limited and subject to restrictions in certain situations. However, you always have the right to object to processing for the purposes of direct marketing, whatever lawful basis applies.
For complete information on your rights under the GDPR, you can visit www.ico.org.uk.
Security and data retention
When you give us personal information, we take steps to make sure that it is treated securely.
Non-sensitive details (e.g. your email address, etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
How long will we hold your data for?
We will retain your information for the appropriate period of time to ensure that we can provide you with a continuous service, or as long as the legal or regulatory requirements require.
- Marketing– when you register on the website, we will hold your data for a period of 6 years, with a review every 3 year. You will have the opportunity to opt out (unsubscribe) at any point should you wish to do so, as you have a right at any time to stop us from contacting you for marketing purposes. To opt out/unsubscribe, please click on “unsubscribe” link in any of our communications, or send your request to [email protected]
- Contracted services– in line with regulatory and legal requirements, we will hold your data for 5 years from the end of the business relationship, in line with legal and regulatory requirements.
- Any other type of personal data– we will hold your personal data for a period of 6 years, or for the retention period required by law or regulation.
This policy was last updated on 24 May 2018.