- Your use of our website, whether as a visitor or as an actual or prospective user;
- Your use of the Floww platform as a user; and
- Your receipt of our services as a user.
It is important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship with us.
Who we are
We are FOMTech Limited of 123 Victoria Street London SW1 6DE.
We are the owner and operator of the Floww platform and the data controller of your personal data where we use your personal data for our own business purposes, which we have explained further below.
There are instances of collection and handling of your personal data that we carry out for and on behalf of firms. We have made it clear below when this applies. In these instances, we are the data processor of your personal data for and on behalf of the firm as the data controller.
We will refer to ourselves in this privacy notice in the first person, e.g. “we”, “us” and “our”.
How to contact us
If you have any data related queries or questions about this privacy notice, including any requests to exercise your legal rights relating to your personal data or to make a complaint about how your personal data is being handled, please contact us here.
Who is involved in collecting, handling and use of your personal data
We will collect a certain amount of your personal data from your navigation and use of our website and the Floww platform.
Third party service providers:
A description of the type of third-party service providers that we currently use and what we use them for is set out in Appendix 1. We will update this from time to time. If you would like to receive a list of the third-party providers that we use in relation to your personal data, please contact us.
Third party hyperlinks & connectors:
Other Floww platform users:
We may receive information about you from other Floww platform users, for example, representatives from firms or companies. In most cases, this will be where that Floww platform user has input information about you onto the Floww platform on your behalf and with your approval.
What personal data do we collect
Personal data means any information about an individual from which that person can be identified. It does not include data where the person is no longer identifiable (anonymous data).
We will collect, use, store, share and transfer the different kinds of personal data and associated information about you which we have grouped together below.
- Identity Data, which includes your title, first name, maiden name, last name, date of birth, gender, nationality, and job information;
- Contact Data, which includes your billing address, delivery address, email address and telephone numbers and contact details history;
- Opinions, which includes where a user of the Floww platform may have uploaded comments about potential or actual investments within the Floww platform
- Technical Data, which includes your internet protocol (IP) address, MAC address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile phone location data and other technology on the devices you use to access our website and the Floww platform;
- Usage Data, which includes information about: how you use and navigate around our website and the Floww platform; answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events; the types of, and specific ventures, assets, transactions and investments within the Floww platform that you have shown an interest in; those that you have invested in and when you have sold those investments. We will also keep records of your contact with us and any feedback and survey responses that you have submitted; and
- Marketing Data, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, handle, use and share:
- Anonymised Data is data created from your personal data where your identity has been removed so that you are no longer identifiable.
We do not collect any Special Categories of Personal Data about you, which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We do not intentionally collect personal data relating to children.
Where we source your personal data from and how
We use different methods to collect personal data from and about you, including through:
- Direct interactions: you may give us your Identity and Contact by filling in our web forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide, or which is generated about you, when you:
– Subscribe to our publications;
– Request marketing to be sent to you;
– Enter a competition, promotion or survey; and/or
– Give us some feedback.
– Request a demo from our signup site.
- Automated technologies or interactions: as you interact with our website and the Floww platform, we will automatically collect your Technical Data about your equipment, browsing actions and patterns and your Usage Data. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy for further details.
Do you have to provide the information that we have requested from you?
If you don’t want us to collect any personal data from you, please do not use our website or the Floww platform.
We collect the same types of personal data from all users of our website and the Floww platform and so cannot filter what we collect from individual users.
You can, however, ask us not to carry out any automated decision-making in relation to you by contacting us at any time.
What we do with your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
We set out below the personal data handling activities that we carry out in respect of your personal data. We have set out in Section 12 what our data protection personality (i.e. data controller or data processor) in respect of such activities and our legal justification for doing so:
- Marketing purposes – where you tell us you are happy to receive information from us, we may send you, using your Identity Data, communications which may include the following:
- Emails about the investments and transactions we offer information about;
- Emails about new venture and product launches; and
- Opportunities to participate in market research.
The majority of our marketing communications will be made via and within the Floww platform. That said, depending on the contact preferences you select, we may also communicate with you by post, telephone, SMS, email or other electronic means such as via social and digital media.
We will provide you with information, products or services that you request from us or which we feel may interest you. We may use your Usage Data to help ensure that this messaging is personalised and relevant to you;
- Promotional communication – we may use your Identity, Contact, Technical and Usage Data to form a view on what information we think may be of interest to you (we call this promotions).
You will receive promotional communications from us if you have:
- Requested information from us;
- you are a registered user of the Floww platform;
and, in each case, you have not opted out of receiving that promotion;
- Automated decision-making – we sometimes make decisions about you using only computer programs, i.e. where none of our employees or any other individuals are involved.
You can ask us not to carry out this automated decision-making by contacting us at any time;
- Tracking activities – where you are a client of a firm, we will track, for and on behalf of that firm, when you are navigating around or using our website and the Floww platform and what you are looking at. We will provide this information (together with your Identity and Usage Data) to this firm in order for them to service their clients better.
Using Anonymised Data and in order to optimise distribution channels, we will keep track of what types of users are interested in the different ventures, investments, transactions and assets on the Floww platform; and
- Monitoring purposes – this activity refers to listening, recording, viewing, intercepting or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications between us. We may use all types of your personal data in this case.
We’ll do this where the law requires it, to comply with regulation, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information will be shared only for the purposes described above.
- Data sharing purposes – information uploaded to the Floww platform by you or on your behalf may be shared with other Floww platform users, including firms and companies (eg. to inform investment decisions).
We use Google reCAPTCHA v3, a SPAM protection service provided by Google. This service analyses the traffic of our signup website only potentially containing your Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.
Failure to implement this can cause our systems to be spammed by bots which could enable the malicious actor(s) to carry out phishing campaigns on our staff and potential customers. We can also be used as a relay to spam and phish other non-suspecting individuals by using our trusted domains to bypass their spam filters.
Other use related information
- Preferences – we strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising;
- Opting out/withdrawing consent – you can ask us or the third parties with whom we (as a data controller) share your personal data to stop sending you promotional or marketing messages at any time by contacting us at any time;
- Change of purpose – we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like us to explain how the handling and processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Other use related information
We may share your personal data with the following entities for the purposes set out in Section 12 and as set out in Appendix 1:
- Firms, where we act as a data processor for and on their behalf
- Market research organisations who help us to develop and improve our products and services;
third party marketing companies, we will obtain your express opt-in consent before we share your personal data with any company outside our organisation or group of companies for marketing purposes;
- Governmental and regulatory bodies such as the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman Service and the Information Commissioner’s Office;
- The entities listed in Appendix 1; and
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
What are the legal grounds for our collection, handling, use and sharing of your personal data
Collection, handling and usage
|Purpose/Activity||Type of personal data||Data controller/data processor||Legal basis for collection, handling and usage – Controller Only|
|Marketing purposes||Identity Data
|Data controller||Your consent|
|Cookies||Technical Data||Data controller||Your consent|
|Promotional offers||Identity Data
|Data controller||Legitimate interests|
|Automated decision-making||Usage Data||Data controller||Legitimate interests|
|Tracking activities||Identity Data
|Data processor||N/A; Legitimate interests|
|Monitoring purposes||Identity Data
|Compliance with a legal obligation of us|
|Data sharing purposes||Identity Data
|Data controller||Legitimate interests|
|Entity with whom personal data is shared||What personal data is shared||Purpose of sharing||Legal basis for sharing|
|To fulfil data processor duties||For and on behalf of the firm as the data controller|
|Other Floww platform users||Identity Data
|To inform investment decisions||Legitimate interests|
Where do we send your personal data to for storage or other specific purposes?
We’re based in the UK and will not transfer your personal data outside the EEA other than in accordance with the law. We will send your personal data for processing to our third party services providers who may be based outside the EEA, including in the Philippines. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
We will provide you with details of the safeguards that we have implemented, if you would like to know what they are.
In addition, we cannot control where other Floww platform users may access the Floww platform from, but any such access will be in accordance with the applicable terms of service.
How we look after your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an authorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legal required to do so.
How long do we keep your personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we handle your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will carry out a review of all the personal data that we hold and make the determination detailed above every 2 calendar years.
In some circumstances, you can ask us to delete your personal data. Please see the Right of erasure below for further information.
We will keep and use Anonymised Data indefinitely without further notice to you.
What your legal rights are in respect of the activities listed above
We set out below a list of the legal rights that all individuals have under data protection laws in relation to our handling of your personal data. They don’t apply in all circumstances:
- Right to be informed – about your personal data and details of the handling and processing of that personal data and information, including the safeguards used to protect any of your personal data in the event that we transfer it outside the EEA;
- Right of access – to your personal data and to obtain information about how we handle and process it;
- Right to have inaccuracies corrected – this is a right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- Right of erasure – of your personal data, which is also known as the “right to be forgotten”;
- Right to restrict handling and processing – of your personal data, which includes requesting us to suppress your personal data file;
- Right to move, copy or transfer– your personal data to another organisation, also known as “data portability”;
- Right to object – to the handling and processing of your personal data for certain purposes, in particular to personal data processed for direct marketing purposes and to personal data that is handled and processed for certain reasons based on our legitimate interests;
- Right to withdraw consent – you may withdraw any consent or permission that you have previously provided to us in relation to our handling and processing of your personal data, such as for the purposes of marketing by electronic means;
- Rights in relation to automated decision making – where such automated decision making has a legal effect on you or otherwise significantly affects you; and
- Right to complain – in all circumstances, you may complain to:
– Us in relation to the handling of your personal data; or
– The Information Commissioner’s Office which enforces data protection laws, whose contact details are set out on www.ico.org.uk.
Procedure to exercise your legal rights
- Contact us – if you wish to exercise any of your legal rights please contact us.
In this instance, we’ll explain first whether or not the right you wish to exercise applies and whether we are the data controller in that respect.
If we are not the data controller, we will direct you to the appropriate entity that is.
If we are the data controller and the right you wish to exercise applies, we will facilitate your request in accordance with the procedure below.
- Fees – you will not have to pay a fee to access your personal data or to exercise any other rights that apply. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- Our request for further information – we may need to request certain information from you to help us confirm your identity and ensure that your right to access your personal data (or to exercise any of your other rights that apply. This is a security measure to ensure that any personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- Response time – we will respond to all legitimate requests as soon as we can. It should not take longer than a month to do so. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your FAQs Answered
Who can I ask about this policy?
Can I see what data you hold about me?
If you want to be informed about your personal data that we hold, to have access to it or wish for it to be changed in any way, moved or deleted, please follow the Procedure to exercise your legal rights above.
What should you do if your personal data changes?
You should tell us by contacting us, so that we can update our records.
Do you have to provide your personal data to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
Do we do any monitoring of your personal data?
Monitoring refers to: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
Appendix 1. Third-Party service providers
- Data storage providers – we store all of our data with at least one data storage provider.
- Visitors to our websites – when someone visits floww.io we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
- Company data processing – we have outsourced data processing to a third party.
- Third party payment providers – when someone makes an online payment to us, in particular, as part of a subscription to access the Floww platform, we use a third party payment provider to facilitate this transaction.
- Cloud platform providers – the Floww platform is hosted in the cloud using a third party platform provider.
- Integrated authentication and authorisation providers – to ensure that access to the Floww platform is kept secure, we use a third party integrated authentication and authorisation provider to ensure that only authorised users are able to access the Floww platform.