1.2. Scalable Capital Limited with business address 71-73 Carter Lane, London EC4V 5EQ, United Kingdom (“Scalable Capital”, “we”) is the service provider and controller under the EU General Data Protection Regulation (EU GDPR), national data protection laws as well as other data protection regulations. You can contact us via telephone at +44 (0) 20 3750 0703 or via email at email@example.com.
1.3. Please find below our appointed data protection officer:
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Telephone: +49 221 - 222 183 0
1.4. The responsibility under data protection law for our presence in social networks as well as for linked external content may be shared between us and the operator of the corresponding social network or the service providers of the corresponding linked website.
2.1. We process personal data only insofar as
2.1.1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 para. 1 lit. a EU GDPR);
2.1.2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 para. 1 lit. b EU GDPR);
2.1.3. processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 para. 1 lit. c EU GDPR); and/or
2.1.4. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Article 6 para. 1 lit. f EU GDPR).
2.3. The personal data of the data subject will be deleted or blocked at regular intervals after the purpose of storage no longer applies. If storage or recording obligations are provided for by relevant European or national laws or other regulations, the personal data will be stored for the prescribed period and then deleted, provided that at that time they are no longer required for the assertion, exercise or defense of legal claims.
3.1. We process your personal data, therefore you are a data subject under the EU GDPR. You have the following rights, which we would like to explain to you in more detail as follows:
3.1.1. You have the right of requesting information about the personal data stored about you, its origin, recipients or categories of recipients to whom the data is transferred, as well as the purpose of the storage (right to information).
3.1.2. You have a right towards the responsible party to rectification and/or integration if the personal data processed concerning you is incorrect or incomplete (right of rectification).
3.1.3. You can ask us to delete your personal data immediately. However, there is no right to deletion if there are legal, regulatory or other sovereign storage obligations to the contrary (right to deletion).
3.1.4. You may, under certain conditions (disputed accuracy, unlawful processing, loss of the purpose of processing or lodging of an objection), request that the processing of personal data concerning you be restricted (right to limitation of processing).
3.1.5. You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format (right to data transmission).
3.1.6. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is processed on the basis of Art. 6 paragraph 1 letter e or letter f EU-DSGVO (right of objection). We will then no longer process your data unless there are compelling reasons for processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
3.2. We are happy to answer your questions by email to firstname.lastname@example.org, by telephone at +44 (0) 20 3750 0703 or in writing to Scalable Capital Limited, 71-73 Carter Lane, London EC4V 5EQ, United Kingdom. Please note that under “Personal data” on our website you may assert your rights as data subject vis-à-vis us. Despite a request for deletion, we will continue to store your data for as long and as far as this is necessary to fulfill a legal obligation to which we are subject or to assert, exercise or defend legal claims.
3.3. In accordance with Article 77 EU GDPR, you have the right to complain to a supervisory authority if you believe that the processing of personal data is not in accordance with the law. A concern can be reported directly to the Information Commissioner's Office via their website https://ico.org.uk/concerns/.
4.1. Our system automatically collects data and information from the computer system of the accessing end device (so-called log files) every time our digital content is accessed. If you are using your browser, the data in question is inter alia the browser type and version, the operating system, the IP address and the time of the server query. In the case of the app, the data in question is inter alia the device label, the access provider, model of the mobile phone used and the version of the app used. The app runs on the Android and iOS platforms in a so-called "sandbox" (i.e. access to the system and access of the system to the data of the app are subject to special restrictions) and all access rights of the app to system functions (camera, location localization, push notifications and push ID) must be explicitly allowed by you. This allowance can be reversed at any time on the mobile device. The data is stored in our IT systems and sent to Amazon Web Services EMEA SARL ("AWS"). AWS is a data processor of Scalable Capital.
4.2. The legal basis for the processing of data and log files in the customer area is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)), for the use of the digital offer is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest) applicable.
4.3. If you are logged in to the customer area, the data will be deleted after the expiration of the regulatory retention obligations. When using the digital content, the data is automatically deleted every twelve months.
4.4. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user.
5.4. We use both our own Cookies and Cookies from third parties. You can control the use of both types of Cookies via the Consent Management Tool. In the following we inform you about the processing of personal data in connection with Cookies.
6.3. We use our own cookies to monitor the traffic on our website ("traffic"), which are assigned to you pseudonymously when you visit our website. With the help of these cookies we measure from which websites users reach our website, which and how many of these users become customers and which of our advertising measures are efficient or effective. These analyses are group-related and are not used by us for individual evaluation.
6.5. The data is stored in our IT systems and transmitted to AWS or salesforce.com Germany GmbH (“Salesforce”).. AWS and Salesforce are data processors of Scalable Capital. Data processors are used by us on the basis of corresponding contractual agreements and within the framework of legal requirements.
6.6. The purpose of using our own Cookies is to ensure the reliable functionality of our website as well as our service in general. The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
6.7. The data is automatically deleted every 24 months. If you are registering your email address with Scalable Capital, the data will be deleted in accordance with the regulatory storage requirements.
6.8. The collection of data for the provision and functionality of our website is mandatory. Consequently, there is no possibility of objection by the user.
7.1. Website and App Analysis Services
7.1.3. When using our apps, the services Firebase (specifically Crashlytics) from Google Ireland Ltd. ("Google") come into play. The services record data in connection with the use of the app, including crash reports, performance data and information about the end device. This is done by assigning so-called unique identifiers. This is a pseudonymized character string which can be assigned to the browser, terminal or app and thus enables the data to be recorded. It is not possible to object to the services of Google, as this is a necessary functionality of our app. We also use the analysis technology "adjust" of adjust GmbH ("Adjust"). Adjust uses only anonymous user IDs for the analysis. A conclusion on a natural person is not possible thereby.
7.1.4. The purpose of using these services is to analyse the user behaviour of the digital content and to optimise our service and our digital content through the knowledge and feedback gained through this method. The legal basis for the transfer of data is Art. 6 para. 1 lit. a EU GDPR (consent of the data subject) respectively.
7.1.5. The data in Google Analytics is automatically deleted every 14 months.
7.1.6. The collection and storage of data for analysis and optimisation of digital content can be revoked at any time. The user has the possibility to object via the Consent Management Tool or by changing the settings in the internet browser or in the app. The data collection and storage by Adjust can be deactivated at any time with effect for the future under https://www.adjust.com/opt-out.
7.2. Advertising and marketing services
7.2.1. We advertise through various channels. In the context of the usage of Google Analytics in combination with Google Adwords as well as Double Click of Google LLC ("Google"), Bing ads of Microsoft Inc. ("Bing ads") and the networks dianomi Ltd. ("dianomi"), Quantcast International Ltd. ("Quantcast") and Outbrain Inc. ("Outbrain") we place ads on the Internet. In addition, we use advertising services of social networks Facebook Inc., Instagram Inc., LinkedIn Inc. and Twitter Inc. ("social networks"). Our ads are displayed on third-party websites, including Google and Bing. For this purpose, cookies are used which store personal data (IP address and usage data). This allows us to target, optimize and place advertisements based on your previous visits to our website.
7.2.2. Furthermore, we advertise our webinars and events ("information events") on the social networks mentioned above. So-called "leadcards" are created. These leadcards contain details of the information events and are displayed to selected users logged into the social network. If you have registered for one of our information events via a leadcard, we will receive your email address.
7.2.3. With the help of the technology used, we can present you with interesting advertising and market our services to you in a more targeted manner. This data is not used to identify you personally, but is used solely for a pseudonymous evaluation of usage behavior and to display targeted advertising. The data will never be merged with the data stored by us. If you have registered for one of our information events via a social network, your data will be stored in accordance with Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
7.2.4. The data stored pursuant to Art. 6 para. 1 lit. a EU GDPR (consent), Art. 6 para 1 lit. b EU GDPR (performance of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1) lit. f EU GDPR (protection of a legitimate interest) will be deleted in accordance with the regulatory storage requirements.
7.3. For a data transfer to the USA there may not be any suitable guarantees at present. This may result in restrictions on the protection of personal data.
8.1. We operate so-called fan pages on the platforms of various social networks (Facebook, LinkedIn, Xing, YouTube, Instagram and Twitter). Social plugins on our website take you to Scalable Capital's social networking sites (fan pages). When clicking on these plugins, personal data may be collected from the respective social network as described below. If you access such a plugin, the social network immediately establishes a direct connection with your browser. This gives the social network the information that you have visited this website with your IP address/device ID, among other things. This happens regardless of whether you are currently logged in to the social network or registered at all. If you are logged in to the social network at the same time, the social network automatically assigns your page views to your profile. If you do not want the social network to associate your visit to our website with your respective user account, we recommend you to log out of the respective network when using our digital content.
8.2. We would like to point out that the data collected in connection with the fan pages and plug-ins are exchanged exclusively between your browser and the operator of the social networks. We have no knowledge of the content of the data collected and transmitted. Against this background, we recommend that you read the current data protection declarations of the operators of the social networks.
9.1. For the execution of webinars, events as well as informative talks, your data will be stored or transmitted. We use the GoToWebinar webinar software ("GoToWebinar") from LogMeIn, Inc. to conduct webinars. For the execution of personal information talks we provide our clients with the possibility to book time slots via the service of YouCanBook.me Ltd. ("YouCanBookMe"). For the registration and execution of webinars, the name and email address of the user is stored in our IT system. After the webinar is completed, GoToWebinar will inform us whether a user has attended the webinar, the registration date, the user's registration time and the duration of participation. To arrange an information consultation via the YouCanBookMe service, we need your telephone number.
9.2. With the help of the technology used, we can hold information events for interested parties and potential clients. We need this data to verify you for our events and webinars or to call you at your desired time for an information consultation. In addition, the data is used to stay in personal contact with you via our newsletter. You can unsubscribe from the newsletter at any time. The legal basis for the transmission of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
9.3. If you have attended a webinar, the data will be stored for 12 months. If you have arranged a personal meeting via our website, the data will be stored for 24 months.
9.4. The data is collected on a voluntary basis when registering for the events mentioned or booking a callback for an information meeting and is required in order to carry out the events or discussions. Consequently, there is no possibility of objection on the part of the user.
10.1. If you have provided us with your email address for our newsletter, we will regularly send you our newsletter by email. The newsletter you receive can be customised to be relevant to you. We will send you an email to confirm your registration. We process data regarding your location once at the time of registration to provide you with purposeful notifications. The determination is only vague and regional, an exact determination of your location is not possible.
10.2. We use a service by salesforce.com Germany GmbH (“Salesforce”) to send notifications. The information we obtain when you register to receive notifications is transferred to Salesforce and stored there. We are provided with analysis capabilities for the use of notifications ("Tracking"). These analyses are group-related and are not used by us for individual evaluation. For example, we receive information about what percentage of the sent newsletters could actually be delivered or what percentage of recipients of the newsletter clicked on a certain link.
10.3. The data mentioned in 10.1. is processed to send you our newsletter. The legal basis for processing the data is Art. 6 para. 1 lit. a EU GDPR (consent of the data subject). The legal basis for tracking your use of the notifications and the singular processing of data regarding your location is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
10.4. The data will be deleted after the expiration of the storage obligations provided by the law.
10.5. The consent for the reception of receiving the newsletter can be revoked at any time via the link "Unsubscribe".
11.1. When using our service telephone line we employ the services of RingCentral Ltd. ("RingCentral") as well as Aircall.io, Inc. ("Aircall"). Your phone number and the date and duration of the call are saved. In addition to the service telephone line, you can also contact Scalable Capital via our contact form, via chat or by email. When sending the contact form or an email, you send us (as applicable) your name, your email address and the content of your personal message. When using the chat, the chat history and your usage data are stored. In order to ensure an efficient response to your requests and a high service level, user input during the current request ("session") can be viewed by our staff during the live chat. These are not stored at any time.
11.2. The data is stored in salesforce.com Germany GmbH ("Salesforce"), our client management system and the email system (Gmail from Google G Suite). This data as well as the content of your message will not be used for any other purpose than responding to your contact, i.e. you will not receive any further messages from us other than responding to your inquiry.
11.3. We store the data on the basis of ensuring a functioning client relationship management as well as on the basis of legal requirements. The legal basis for the storage of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. c EU GDPR (fulfilment of a legal obligation).
11.4. The data will be deleted after the expiration of the regulatory storage obligations.
11.5. The collection of data is mandatory for our services. Consequently, there is no possibility of objection by the user.
12.1. We use the Typeform S.L. service ("Typeform") to conduct surveys on new features of our service and to obtain feedback. If you participate in a survey conducted on our website, your details will be transmitted to Typeform. Depending on the type and scope of the survey, your email address, your responses, the date and the identification data of the end device will be transmitted.
12.2. The data is stored in order to obtain feedback for our services and to strengthen our client relationships. The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
12.3. The data will be deleted after the expiration of the regulatory storage obligations.
12.4. The collection of data is voluntary when using the survey. Consequently, there is no possibility of objection by the user.
13.1. For the uniform display of fonts on our website, we use so-called web fonts developed by Adobe Typekit, Adobe Inc. ("Adobe") and Google Fonts, Google LLC ("Google Fonts"). When you access our site, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. We also use Google Maps and Apple Maps to display geographic information in our digital content in a visually appealing way. Google Maps is a map service of Google LLC ("Google Maps"), Apple Maps is a map service of Apple Inc. ("Apple Maps").
13.2. For this purpose, the browser or app you are using must connect to the servers of these services. This enables the services to know that our website has been accessed via your IP address. The use of web fonts and the map services mentioned is in the interest of a uniform and appealing presentation of our digital content. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR.
13.3. The collection and storage of data within the scope of the use of the website can be revoked at any time. The user has the possibility to object via the Consent Management Tool.
14.1. In addition to the purely informational use of our digital content, you can also make use of our financial services. To do this, you must register and create a user account ("Login"). This requires data to be entered. We need information about your knowledge and experience with regard to financial instruments/securities services, investment objectives and your financial circumstances in order to be able to recommend an appropriate investment strategy to you. Furthermore, we need information about the person, contact details, reference account and tax information. Finally, as part of the identification process, we may collect further data with the help of Onfido Ltd. (“Onfido”) such as copies of the identification document and photographs/videos of the client. If additional voluntary information is possible, it is marked accordingly.
14.2. We use the so-called double opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in an email sent to you for this purpose. Your data will be stored in our IT systems during registration and in this process will be passed on to service providers acting as data processors in accordance with Article 28 of the EU GDPR (e.g. software as a service provider (SaaS) and cloud service providers). These services include Amazon Web Services (AWS), Salesforce and Google G Suite. Some of your data will also be transmitted to the custodian bank. For further information, please send an inquiry to email@example.com.
14.3. When making use of our financial services you may receive relevant notifications to our services occasionally. For that matter we revert to data we obtained from you during registration or fulfilment of the contract between you and us. We use the service Salesforce to send notifications. We are provided with analysis capabilities for the use of notifications ("Tracking"). These analyses are group-related and are not used by us for individual evaluation. For example, we receive information about what percentage of sent notifications could actually be delivered or what percentage of recipients of the notifications clicked on a certain link.
14.4. As a financial services institution, we are subject to various statutory recording and retention obligations, which result primarily from the Financial Services and Markets Act, the Money Laundering and Terrorist Financing Regulations, the Companies Act and the UK tax code. In addition, the civil law limitation periods for the duration of storage are also relevant.
14.5. These legal recording and storage obligations require us to store data for at least five years, depending on the regulations, and also apply to processes that serve to prepare or initiate a business relationship or the conclusion of a contract.
14.6. We delete your data after complete termination and handling of the legal relationship with you, at the earliest, however, after the expiry of the statutory, supervisory or other sovereign retention periods.
14.7. The purpose of processing the aforementioned data is to identify our clients in accordance with legal requirements, to carry out the legally prescribed suitability test and to enable the conditions for the provision of our financial services in general. The legal basis for the processing of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. c EU GDPR (fulfilment of a legal obligation). The legal basis for sending notifications is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
14.8. The collection of this data is mandatory for our services. Consequently, there is no possibility of objection on the part of the user.
14.9. The legal basis for tracking your use of the notifications (see Section 14.3.) is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest). You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you being processed on the basis of Art. 6 para. 1 lit. e or lit. f EU-DSGVO. Furthermore, the data processing described in this point 14 is absolutely necessary for our service (see Art. 6 para. 1 lit. b EU GDPR). Consequently, the user has no possibility of objection.
15.1. We determine an investment strategy suitable for you as a client. This is done on the basis of your provided information about your investment objectives (including risk appetite), financial situation with regard to risk-bearing capacity and knowledge and experience with regard to understanding risk (“suitability test”).
15.2. This is based on automated decision-making, which is necessary both for the conclusion or fulfilment of the contract between you and us and is permissible under European and national law (and this law contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the person concerned).
Updated: 4th of December 2020