GDPR Statement

The legal bits.

Overview

21Finance Ltd is committed to protecting your right to privacy as a user of our online documents. It is our policy to respect the privacy of private communications.

The information you provide to us will be held for 21Finance on servers based in the UK, and, except as explained below, we will not transfer it, or authorise its transfer, outside the UK.

We collect information about our users in order to help us continually improve the products and facilities we offer and so that we can enter into commercial arrangements, including the sale of advertising space. 21Finance will always adhere to UK Data Protection Legislation which, from 25 May 2018, includes EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).

Other than as stated below, we do not hold or use any information that you provide, or which we collect, outside the European Economic Area (“EEA”), nor do we transfer it to, or share it with, others within or outside the EEA (except when we believe in good faith that the law requires it).

This Privacy Policy only relates to the 21Finance site and does not extend to your use of the Internet outside of the 21Finance site.

Information About Us

21Finance Ltd (incorporated in England & Wales: Co. No. 12347126) has its registered office at 12 Helmet Row, London, EC1V 3QJ.

General

1. Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

7. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.

8. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested or to employ you, or we may stop providing existing services to you.

9. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

10. Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

What Data Do We Collect?

We will collect personal data as provided to us during the registration or purchase process, which you agree to supply us as accurate.

We do not monitor your use of the Internet, but we do use cookie technology to monitor your use of 21Finance. This information is not stored alongside your personal data and will only be used on an anonymous, aggregated basis. We may process your personal data in conjunction with the documents and forms downloaded in order to maintain and improve the facilities we offer and to send you alerts about important updates to such content.

What Do We Use Your Data For?

We use your personal data for the following purposes:

  • Providing and managing your account.
  • Supplying you with information, documents, forms, and other content either through the 21Finance site or by email. You can control your email preferences from ‘My Preferences’ and can opt-out of our emails and phone calls/texts when you register (or at any time thereafter). Please note that some emails are an integral part of the 21Finance service you sign up for when registering with 21Finance and cannot be opted out of and that by registering, you are consenting to us using your personal data to send such emails. We will never send you any spam.
  • Communicating with you. This may include responding to emails or calls from you.
  • Building up a profile of your interests and preferences based on your investment history.

Our processing of your personal data is in our legitimate interests and is necessary to provide the 21Finance service to you and to continually improve it and the content available through it.

Our use of your personal data is limited to that which is reasonably required in order to provide our service to you and to make improvements to that service that benefits both us and you. We do not use your personal data for any reasons not stated in this Privacy Policy and never use it in an excessive manner that is disproportionate to our aims of providing and improving our service or in a way that is contrary to your interests.

What Cookies Do We Use?

We use the following cookies:

(i) Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. They do not gather information about you that could be used for marketing purposes or remembering where you’ve been on the Internet.

(ii) Analytical/performance cookies. They allow us to collect information about how you use our website, such as, how you move around our website and if you experience any errors. These cookies do not collect any information that could identify you; all of the information collected is anonymous and is only used to help us improve the way our website works, understand what interests our users and measure how effective our advertising is.

(iii) Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences and improve your visit.

Generally, cookies that are strictly necessary for the operation of the website will expire when you leave the website. Other cookies may be more permanent or not expire unless you actively delete them.

How Long Do We Keep Your Personal Data?

We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The retention period will vary depending on the purposes for which the information was collected. We are sometimes legally obliged to retain the information, for example, for tax and accounting purposes. In the absence of a specific legal or regulatory requirement to retain your data we typically retain it for the applicable legal limitation period for bringing legal claims. This is six years where the claim arises from a simple contract.

How And Where Do We Store Or Transfer Your Personal Data?

We only store your personal data in the UK. This means that it will be fully protected under the GDPR.

As explained below, certain personal data will be made accessible to our third-party IT contractor, based outside of the European Economic Area. Additional steps have therefore been taken to ensure that your personal data will be treated just as securely and safely as it would be in the UK and under the GDPR, as embodied in a data processing agreement between us and our contractor based on model contractual clauses provided by the European Commission, which impose suitable data protection standards on a contractual basis.

Do We Share Your Personal Data?

We may share your information with any member of the 21Finance and with some of our business partners, service providers and subcontractors in connection with the performance of any contract we enter into with you or them. We may also disclose your information to third parties where you have consented for us to do so, where we are under a legal, regulatory or professional obligation to do so, where we need to enforce or apply our various terms, policies and other agreements, or if it becomes necessary to protect the rights, property or safety of 21Finance, our customers or any other person. If we merge, re-organise or transfer all or part of our business, we may disclose the information we hold about you to successors (and potential successors) of the business.

If we refer any dispute between us to the ODR Platform<http://ec.europa.eu/consumers/odr>, and/or we agree to engage in any alternative dispute resolution (“ADR”) procedure with you through the ODR Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute.

What Are Your Rights As A Data Subject?

Individual data subjects have the following rights under the GDPR which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data (as described in this Privacy Policy).
  • The right to access your personal data by means of a subject access request (see below).
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. You can do this by contacting us at hello@21finance.com
  • The right to erasure (also known as the right to be forgotten). You can exercise this right by contacting us at hello@21finance.com
  • The right to restrict or object to our processing of your personal data for particular purposes. Email preferences can be changed using the ‘Email Preferences’ link in ‘My Preferences’. Using this link you can opt-out of our alerts. For further information, please contact us.
  • The right to data portability. This means that you can ask us for a copy of your personal data to re-use with another service or business. Please note, however, that this right applies only if you have provided personal data to us directly, we are using it with your consent or for performance with a contract, and your data is processed using automated means.
  • Rights relating to automated decision-making and profiling. We do not, however, use your personal data in this way.

Further information about your rights can be obtained from the Information Commissioner’s Office. You also have the right to lodge a complaint with the Information Commissioner’s Office if you feel that your rights have been breached.

How Can You Access Your Personal Data?

All personal data provided by you during registration, along with details of your download history, can be accessed via ‘My Account’.

If you wish to make a data subject access request, please do so in writing, sent to the email or postal address shown below, clearly marking your correspondence as a subject access request.

We do not normally charge for subject access requests unless they are ‘manifestly unfounded or excessive’ (e.g. repetitive). We will respond to your subject access request within one month of receiving it. In the unlikely event that your request is particularly complex, a further two months may be required but we will keep you informed if this is the case.

How To Contact Us

To contact 21Finance about anything to do with your personal data and data protection, including to make a subject access request, please use the following details and we will respond as soon as possible:

Note: We may change our Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be notified to you the first time you log in to 21 Finance after the changes have been made.