Privacy Policy

1. General Information

1.1. Data protection is an important issue for us. Therefore, with this Privacy Policy, we would like to inform you about how we collect, process and use personal data within the context of our website (“Website”), our mobile app (“App”) and our other online content (“Digital Content”) as well as our investment management services (“Investment Management Services”). Personal data means any information relating to an identified or identifiable natural person. The content of this Privacy Policy may be amended from time to time. For this reason, we recommend that you regularly review this privacy policy.

1.2. Scalable Capital Limited with business address 4 Christopher Street, London EC2A 2BS, United Kingdom (“Scalable Capital”, “we”) is the service provider and controller under the EU General Data Protection Regulation (EU GDPR), national data protection laws as well as other data protection regulations. You can contact us via telephone at +44 (0) 20 3750 0703 or via email at support@scalable.capital.

1.3. Please find below our appointed data protection officer:

Mr Helge Kauert, LL.M
dataLEGAL Rechtsanwaltsgesellschaft mbH
Oskar-von Miller-Ring 33
80333 Munich, Germany
Phone: +49 89 248 82 68 - 0
Fax: +49 89 248 82 68 - 68
Email: DPO.Scalable@datalegal.de
www.datalegal.de

1.4. The responsibility for data protection for our presence in social networks as well as for linked external content lies not with us, but with the operator of the corresponding social network and with the service providers of the corresponding linked internet presence, respectively.

2. Processing of Personal Data, Transfer to Third Parties and Duration of Storage

2.1. We process personal data only insofar as

2.1.1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 para. 1 lit. a EU GDPR);
2.1.2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 para. 1 lit. b EU GDPR);
2.1.3. processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 para. 1 lit. c EU GDPR); and/or
2.1.4 processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Article 6 para. 1 lit. f EU GDPR).

2.2. We will pass on your data to affiliated companies, external service providers or other third parties to the extent disclosed in this privacy policy. These third parties were selected by us with due care and, in the case of data processors, commissioned with data processing agreements accordingly. The contractors are employed by us on the basis of corresponding contractual agreements and within the framework of legal requirements. Data may also be transferred to a third country outside the EU/EEA (e.g. USA). Such data transmission takes place exclusively on the basis of an adequacy decision (Art. 45 EU GDPR) and/or subject to appropriate safeguards (Art. 46 EU GDPR).

2.3. The personal data of the data subject will be deleted or blocked at regular intervals after the purpose of storage no longer applies. If storage or recording obligations are provided for by relevant European or national laws or other regulations, the personal data will be stored for the prescribed period and then deleted.

3. Data Subject Rights

3.1. We process your personal data, therefore you are a data subject under the EU GDPR. You have the following rights, which we would like to explain to you in more detail as follows:

3.1.1. You have the right of requesting information about the personal data stored about you, its origin, recipients or categories of recipients to whom the data is transferred, as well as the purpose of the storage (right to information).
3.1.2. You have a right towards the responsible party to rectification and/or integration if the personal data processed concerning you is incorrect or incomplete (right of rectification).
3.1.3. You can ask us to delete your personal data immediately. However, there is no right to deletion if there are legal, regulatory or other sovereign storage obligations to the contrary (right to deletion).
3.1.4. You may, under certain conditions (disputed accuracy, unlawful processing, loss of the purpose of processing or lodging of an objection), request that the processing of personal data concerning you be restricted (right to limitation of processing).
3.1.5. You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format (right to data transmission).
3.1.6. You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation (right of objection).

3.2. We are happy to answer your questions by email to support@scalable.capital, by telephone at +44 (0) 20 3750 0703 or in writing to Scalable Capital Limited, 4 Christopher Street, London EC2A 2BS, United Kingdom. Please note that under “Personal data” on our website you may assert your rights as data subject vis-à-vis us.

4. Provision of the Digital Content and Creation of Log Files

4.1. Our system automatically collects data and information from the computer system of the accessing end device (so-called log files) every time our digital content is accessed. If you are using your browser, the data in question is inter alia the browser type and version, the operating system, the IP address and the time of the server query. In the case of the app, the data in question is inter alia the device label, the access provider, model of the mobile phone used and the version of the app used. The app runs on the Android and iOS platforms in a so-called "sandbox" (i.e. access to the system and access of the system to the data of the app are subject to special restrictions) and all access rights of the app to system functions (camera, location localization, push notifications and push ID) must be explicitly allowed by you. This allowance can be reversed at any time on the mobile device. The data is stored in our IT systems and sent to Amazon Web Services Inc. ("AWS"). AWS is a data processor of Scalable Capital.

4.2. The legal basis for the processing of data and log files in the customer area is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)), for the use of the digital offer is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest) applicable.

4.3. If you are logged in to the customer area, the data will be deleted after the expiration of the regulatory retention obligations. When using the digital content, the data is automatically deleted every seven days.

4.4. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user.

5. Use of Cookies in General

5.1. When using our digital content, text files are used which are stored on your hard disk and which provide us or our appointed data processing companies with certain information ("Cookies"). This information is stored in the browser and varies according to use. Each Cookie contains a characteristic string of characters that uniquely identifies the user when the website is accessed again. Most of the Cookies we use are automatically deleted from your hard drive at the end of your browser session. In addition, we also use Cookies that remain on your hard drive. During a further visit it is then automatically recognized that you have already been with us and which entries and settings you prefer. These Cookies are stored on your hard disk and are deleted automatically after certain periods of time.

5.2. Cookies are stored on the user's computer and the information is transmitted to our website. Therefore, you as a user also have full control over the use of Cookies. You can deactivate or restrict the transmission of Cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. If Cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

5.3. When you visit our website or app, an interface appears that asks every visitor for consent to the use of Cookies and age and enables them to make individual data protection settings ("Consent Management Tool", “Tracking settings”). You can also use this Consent Management Tool to exercise your right to object at any time by deactivating the corresponding Cookies.

5.4. We use both our own Cookies and Cookies from third parties. You can control the use of both types of Cookies via the Consent Management Tool. In the following we inform you about the processing of personal data in connection with Cookies.

6. Own cookies

6.1. We use technically necessary Cookies. These are used to improve the user experience and functionality of the registration process and of the website. The use of our own Cookies is a necessary measure for Scalable Capital so that we can make our digital content available to you appropriately.

6.2. Some elements of our website require that the accessing browser can be identified even after a website change. Furthermore, we want to make the registration process as easy and pleasant for you as possible by storing your data.The following data is stored and transmitted in the Cookies: Last status of the registration process, choice of language, selected settings of our website and selection of portfolio/investment strategy. In addition, we use Cookies which identify and store system errors during the use of our website. The data is stored in our IT systems and transmitted to AWS or Salesforce Inc. (“Salesforce”). AWS and Salesforce are data processors of Scalable Capital. Data processors are used by us on the basis of corresponding contractual agreements and within the framework of legal requirements.

6.3. The purpose of using our own Cookies is to ensure the reliable functionality of our website as well as our service in general. The legal basis for the temporary storage of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)).

6.4. The data is automatically deleted every six months.

6.5. The collection of data for the provision and functionality of our website is mandatory. Consequently, there is no possibility of objection by the user.

7. Third-Party Cookies

7.1. Website Analysis Services

7.1.1. We use Google Analytics, Google Optimize, Google Firebase or Crashlytics and Google Tag Manager, combined web and app analysis services of Google LLC ("Google"), the analysis service Twitter Analytics of Twitter Inc. ("Twitter Analytics") and the web analytics service of Hotjar Ltd. ("Hotjar"). These analysis services use cookies, which record data when you visit and use our website and when using the app. The following data is stored and transmitted in the cookies: IP address, usage data, performance data (apps), survey answers when using the survey.
7.1.2. The purpose of using these cookies is to analyse the user behaviour of the digital content and to optimise our service and our digital content through the knowledge and feedback gained through this method. The legal basis for the transfer of data is Art. 6 para. 1 lit. a EU GDPR (consent of the data subject).
7.1.3. The data is automatically deleted every six months.
7.1.4. The collection and storage of data for analysis and optimisation of digital content can be revoked at any time. The user has the possibility to object via the Consent Management Tool.

7.2. Advertising and marketing services
7.2.1. We advertise through various channels. In the context of the usage of Google Analytics in combination with Google Adwords as well as Double Click of Google LLC ("Google"), Bing ads of Microsoft Inc. ("Bing ads") and the networks dianomi Ltd. ("dianomi") and Outbrain Inc. ("Outbrain") we place ads on the Internet. Our ads are displayed on third-party websites, including Google and Bing. For this purpose, cookies are used which store personal data (IP address and usage data). This allows us to target, optimize and place advertisements based on your previous visits to our website.
7.2.2. In addition, we use advertising services of social networks Facebook Inc., Instagram Inc., LinkedIn Inc. and Twitter Inc. ("social networks"), in particular the product "Custom Audiences". If you have provided us with your email address and given your consent to use your email address for custom audiences, a non-reversible and non-personal checksum (hash value) generated from personal data and usage data will be sent to the social networks ("custom audiences from your client list"). If you are a visitor to our website and have clicked on our advertising on one of the social networks, a cookie can be addressed which transmits your IP address and usage data to the social networks ("Custom Audiences from your website").
7.2.3. Furthermore, we advertise our webinars and events ("information events") on the social networks mentioned above. So-called "leadcards" are created. These leadcards contain details of the information events and are displayed to selected users logged into the social network. If you have registered for one of our information events via a leadcard, we will receive your email address. This is provided by the service Zapier Inc. ("Zapier") into our client management system (CRM).
7.2.4. We also use the services of our sales partners affilinet GmbH ("affilinet") and financeAds International GmbH ("financeAds"). Our advertisements are shown on partner websites of the networks (third party providers). Cookies are used for this purpose, which assign the user a pseudonymised user ID when accessing an advertisement based, among other things, on the type and time of the clicked advertisement. We can then use the stored data to determine whether the user has subscribed to our newsletter or has become our client.
7.2.5. With the help of the technology used, we can present you interesting advertising and market our services in a more targeted manner. This data is not used to identify you personally, but is used solely for a pseudonymous evaluation of usage behavior and to display targeted advertising. The data will never be merged with the data stored by us. The legal basis for the transfer of data is Art. 6 para. 1 lit. a EU GDPR (consent of the data subject). If you have registered for one of our information events via a social network, your data will be stored in accordance with Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).
7.2.6. The data stored pursuant to Art. 6 para. 1 lit. a EU GDPR are automatically deleted every six months. The data stored pursuant to Art. 6 (1) (b) EU GDPR (performance of a contract (or implementation of pre-contractual measures)) and Art. 6 (1) (f) EU GDPR (protection of a legitimate interest) will be deleted in accordance with the regulatory storage requirements.
7.2.7. The collection and storage of data for advertising purposes can be revoked at any time. The user has the possibility to object to the use of cookies via the Consent Management Tool and to the use of your email address via the link “Unsubscribe”.

8. Fan pages and Social-Media-Plugins

8.1. We operate so-called fan pages on the platforms of various social networks (Facebook, LinkedIn, Xing, YouTube, Instagram and Twitter). Social plugins on our website take you to Scalable Capital's social networking sites (fan pages). When clicking on these plugins, personal data may be collected from the respective social network as described below. If you access such a plugin, the social network immediately establishes a direct connection with your browser. This gives the social network the information that you have visited this website with your IP address/device ID, among other things. This happens regardless of whether you are currently logged in to the social network or registered at all. If you are logged in to the social network at the same time, the social network automatically assigns your page views to your profile. If you do not want the social network to associate your visit to our website with your respective user account, we recommend you to log out of the respective network when using our digital content.

8.2. We would like to point out that the data collected in connection with the fan pages and plug-ins are exchanged exclusively between your browser and the operator of the social networks. We have no knowledge of the content of the data collected and transmitted. Against this background, we recommend that you read the current data protection declarations of the operators of the social networks.

9. Webinars and Information Talks

9.1. For the execution of webinars, events as well as informative talks, your data will be stored or transmitted. We use the GoToWebinar webinar software ("GoToWebinar") from LogMeIn, Inc. to conduct webinars. For the execution of personal information talks we provide our clients the possibility to book time slots via the service of YouCanBook.me Ltd. ("YouCanBookMe"). For the registration and execution of webinars, the name and email address of the user is stored in our IT system. After the webinar is completed, GoToWebinar will inform us whether a user has attended the webinar, the registration date, the user's registration time and the duration of participation. To arrange an information consultation via the YouCanBookMe service, we need your telephone number. When using GoToWebinar, the service Zapier Inc. "("Zapier") is employed to import the data from GoToWebinar into our client management system (CRM).

9.2. With the help of the technology used, we can hold information events for interested parties and potential clients. We need this data to verify you for our events and webinars or to call you at your desired time for an information consultation. In addition, the data is used to stay in personal contact with you via our newsletter. You can unsubscribe from the newsletter at any time. The legal basis for the transmission of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).

9.3. The data is automatically deleted every six months.

9.4. The data is collected on a voluntary basis when registering for the events mentioned or booking a callback for an information meeting and is required in order to carry out the events or discussions. Consequently, there is no possibility of objection on the part of the user.

10. Newsletter, other notifications and tracking

10.1. If you have provided us with your email address for our newsletter, we will regularly send you our newsletter and other notifications (referred to as "Notifications") by email. We use the Salesforce service to send notifications. The information you provide when you register to receive notifications is transferred to Salesforce and stored there. Salesforce will send you an email to confirm your registration. Salesforce offers extensive analysis capabilities for the use of notifications ("Tracking"). These analyses are group-related and are not used by us for individual evaluation.

10.2. The data is stored in Salesforce to send you our newsletter and other notifications. The legal basis for storing your email address is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest). For tracking your use of the notifications, we require your consent in accordance with Art. 6 para. 1 lit. a EU GDPR.

10.3. The data will be deleted after the expiration of the regulatory storage obligations.

10.4. The registration as well as the storage of the data for registration for the newsletter can be revoked at any time via the link "Unsubscribe". The sign-out from tracking is done via the Consent Management Tool.

11.Contact form, email contact and service telephone line

11.1. When using our service telephone line we employ the services of RingCentral Ltd. ("RingCentral") as well as Aircall.io, Inc. ("Aircall"). Your phone number and the date and duration of the call are saved. In addition to the service telephone line, you can also contact Scalable Capital via our contact form, via chat or by email. When sending the contact form or an email, you send us (as applicable) your name, your email address and the content of your personal message. When using the chat, the chat history and your usage data are stored. The data is stored in Salesforce Inc. "("Salesforce"), our client management system and the email system (Gmail from Google G Suite). This data as well as the content of your message will not be used for any other purpose than responding to your contact, i.e. you will not receive any further messages from us other than responding to your inquiry.

11.2. We store the data on the basis of ensuring a functioning client relationship management as well as on the basis of legal requirements. The legal basis for the storage of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. c EU GDPR (fulfilment of a legal obligation).

11.3. The data will be deleted after the expiration of the regulatory storage obligations.

11.4. The collection of data is mandatory for our services. Consequently, there is no possibility of objection by the user.

12. Surveys and feedback

12.1. We use the Typeform S.L. service ("Typeform") to conduct surveys on new features of our service and to obtain feedback. If you participate in a survey conducted on our website, your details will be transmitted to Typeform. Depending on the type and scope of the survey, your email address, your responses, the date and the identification data of the end device will be transmitted.

12.2. The data is stored in order to obtain feedback for our services and to strengthen our client relationships. The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f EU GDPR (protection of a legitimate interest).

12.3. The data will be deleted after the expiration of the regulatory storage obligations.

12.4. The collection of data is voluntary when using the survey. Consequently, there is no possibility of objection by the user.

13. Presentation of the website

13.1. For the uniform display of fonts on our website, we use so-called web fonts developed by Adobe Typekit, Adobe Inc. ("Adobe") and Google Fonts, Google LLC ("Google Fonts"). When you access our site, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. We also use Google Maps and Apple Maps to display geographic information in our digital content in a visually appealing way. Google Maps is a map service of Google LLC ("Google Maps"), Apple Maps is a map service of Apple Inc. ("Apple Maps").

13.2. For this purpose, the browser or app you are using must connect to the servers of these services. This enables the services to know that our website has been accessed via your IP address. The use of web fonts and the map services mentioned is in the interest of a uniform and appealing presentation of our digital content. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR.

13.3. The data is automatically deleted every six months.

13.4. The collection and storage of data within the scope of the use of the website can be revoked at any time. The user has the possibility to object via the Consent Management Tool.

14. Use of our financial services

14.1. In addition to the purely informational use of our digital content, you can also make use of our financial services. To do this, you must register and create a user account ("Login"). This requires data to be entered. We need information about your knowledge and experience with regard to financial instruments/securities services, investment objectives and your financial circumstances in order to be able to recommend an appropriate investment strategy to you. Furthermore, we need information about the person, contact details, reference account and tax information. Finally, as part of the identification process, we may collect a copy of the identification document and a photograph of the client. If additional voluntary information is possible, it is marked accordingly.

14.2. We use the so-called double opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in an email sent to you for this purpose. Your data will be stored in our IT systems during registration and in this process will be passed on to service providers acting as data processors in accordance with Article 28 of the EU GDPR (e.g. software as a service provider (SaaS) and cloud service providers). These services include Amazon Web Services (AWS), Amazon Inc, Salesforce Inc. and Google G Suite, Google LLC. Some of your data will also be transmitted to the custodian bank. For further information, please send an inquiry to support@scalable.capital.

14.3. We delete your data after complete termination and handling of the legal relationship with you, at the earliest, however, after expiry of the statutory, supervisory or other sovereign retention periods. If you do not complete your registration within six months (and therefore do not become a client), we will delete your data.

14.4. The purpose of processing the aforementioned data is to identify our clients in accordance with legal requirements, to carry out the legally prescribed suitability test and to enable the conditions for the provision of our financial services in general. The legal basis for the processing of data is Art. 6 para. 1 lit. b EU GDPR (fulfilment of a contract (or implementation of pre-contractual measures)) and Art. 6 para. 1 lit. c EU GDPR (fulfilment of a legal obligation).

14.5. The collection of this data is mandatory for our services. Consequently, there is no possibility of objection on the part of the user.

15. Automated decision making

15.1. We determine an investment strategy suitable for you as a client. This is done on the basis of your provided information about your investment objectives (including risk appetite), financial situation with regard to risk-bearing capacity and knowledge and experience with regard to understanding risk.

15.2. This is based on automated decision-making, which is necessary both for the conclusion or fulfilment of the contract between you and us and is permissible under European and national law (and this law contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the person concerned).

Updated: 24. May 2018