Privacy policy for private investors

May 2018 Ionic Information Limited - ShareScope, SharePad

Thank you for subscribing to one of our products or visiting one of our websites. This is the privacy policy for Ionic Information Ltd in which we explain our procedures and justifications for collecting and using your personal information. It also explains what, if any, data we collect whilst you are visiting our websites. We take your privacy extremely seriously, and we never sell, rent or otherwise disclose your personal data to third parties for marketing purposes.

Our methods for collecting and processing personal data comply with the General Data Protection Regulation (GDPR) introduced by the European Union on 25th May 2018.

If you have any concerns about how your personal data has been collected, processed or used by Ionic Information, please email mydata@ionic.co.uk. Alternatively, you can write to:

Data Protection Officer, Ionic Information Ltd, 3 Bath Place, London, EC2A 3DR, UK

Your information

We collect and store the following information which you give us voluntarily:

Customers - When you subscribe to one our products we collect the following information: name, address, telephone number, email address, credit card details and your bank account details (if you pay by direct debit). We also record details of your subscription history. We require this information in order to take your subscription payments and provide you with customer support.

Mailing list subscribers - When you subscribe to one of our mailing lists, we collect your name and email address.

When you use our products and connect to our servers we collect and store your MAC address or the last four IP addresses that you have used. We do this to ensure that you are not abusing our service. These addresses are linked to your account number in a location which does not include your personal data.

If you subscribe to SharePad, our web-based service, your portfolios are stored on our secure servers. They are stored in a separate location to your contact details. Ionic Information does not use, nor allow third parties to use, customer portfolios to derive information of any kind.

We do not hold or use profiling data for our customers or mailing lists other than that you provide voluntarily through our customer surveys. This data is not recorded or stored in our customer database but analysed separately to help improve our products and service.

Marketing

If you are a customer, an ex-customer or a subscriber to one of our mailing lists, we may send you emails or letters about our products, news, events and special offers. Infrequently, we may send details of a special offer from a third party. We only do this if we think the offer will be of genuine interest to you. Such offers would be sent to you from us. We never sell, rent or otherwise disclose your data to third parties for marketing purposes.

Ionic collects personal data via methods compliant with the General Data Protection Regulation (GDPR). The lawful basis on which we collect, process and use personal data, based on GDPR's six lawful bases, is consent.

This consent must be specific and verifiable. Verifiable consent requires a record of when and how you agreed to let us use your personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.

When you subscribe to one of our products or mailing lists, we ask you to choose your contact preferences. Your choice determines which types of email we send you.

All emails from Ionic Information include options for you to unsubscribe completely from marketing communications or update your preferences.

Ionic uses MailChimp (www.mailchimp.com), an online email list management and delivery service based in the US, for sending emails to customers and subscribers to our mailing lists. By subscribing to our products or our mailing lists, you acknowledge that the information you provide - excluding credit card or bank account information - will be transferred to MailChimp for processing in accordance with their Privacy Policy. Third party processors of data are not allowed to use or sell your personal data.

Disclosure of personal information

Ionic never discloses personal information to third parties, unless one of the following limited exceptions applies.

  • As part of our data and exchange reporting obligations we may disclose personal information to entities (including but not limited to data owners and stock exchanges) that provide price and other data for your ShareScope or SharePad account. Ionic understands that the exchanges require this information to maintain effective controls over the distribution of their data.
  • Ionic may disclose personal information to companies that help us process transactions on your account. Such companies are not allowed to use or sell your personal data.
  • We may disclose information to group companies of Ionic Information.
  • Ionic may use the services of GDPR-compliant third party companies to manage email or postal marketing campaigns. Such companies are authorised to use your personally identifiable data only for the benefit of Ionic and its group companies and ONLY where you have indicated that you are happy to receive communications from Ionic.
  • Where required by law or to protect and defend its rights or property Ionic may disclose or report personal information. For example, Ionic may be required to co-operate with regulators or law enforcement authorities, resolve consumer disputes or to perform credit or authentication checks that require the use of your personal information.
  • Where information is disclosed to third parties we ensure that they have suitable policies in place to protect your personal information, which prohibit them from using your personal information for their own marketing purposes, or sell it on, and require them to maintain the confidentiality of your personal information.

Your rights

You have the following rights:

  • To request what personal information of yours we hold.
  • To request that this data be updated.
  • To request that this data is deleted or partially deleted from our systems.

When you ask us to delete your personal data, we will delete it from all mailing lists within 7 days.

If you stop subscribing to our products we delete your bank account details (if held) immediately.

If requested, we will delete all other personal information one year after you cease to be a customer in order to comply with our contractual and legal obligations, resolve disputes, prevent abuse, and enforce our agreements. Note that if you have previously subscribed to our SharePad product, and think you may resubscribe in the future, asking us to remove your personal details will also mean losing any portfolios or customised settings in your account.

If you wish to exercise any of these rights, please email mydata@ionic.co.uk. Alternatively, you can write to:

Data Protection Officer, Ionic Information Ltd, 3 Bath Place, London, EC2A 3DR, UK

Personal data breach

Upon becoming aware of a breach to our systems involving personal data, Ionic will notify each affected customer of the breach without undue delay.

3rd Party websites

While browsing any of our websites, you may be able to access third party websites through a hyperlink. Ionic assumes no responsibility for the content or privacy policies at such third party websites.

Cookies & web server logging

Ionic Information collects information on its websites through the use of temporary "session cookies" and web server logging.

Session cookies are short pieces of data used to reference a user's basket or form contents in a temporary database while browsing the website. When an order is placed the details entered are stored in a database at Ionic Information and the session cookie is deleted. A session cookie is not an executable program and cannot do anything harmful to your machine.

We also have Google Analytics enabled which uses cookies to track your usage of our website. This provides us with information which helps us make our website easier to use. It does not provide us with information about you. Google Analytics includes an option to share data about your usage of our website with other Google services. We do NOT allow this. Google's privacy policy. (www.google.com/privacypolicy.html)

Ionic Information does NOT use text or "permanent" cookies for the purpose of tracking usage of its site or to store personal information on a user's device.

Web server logging provides Ionic with aggregate website usage data to find out how often and when site content is requested. For example, Ionic may identify the pages on our websites that your browser requests or visits and the type of browser that you use. This information is used to improve the usability of our website. IP addresses are also logged for usage statistics and for security purposes to protect against actual or attempted abuse or misuse of Ionic's websites. The information is only personally identifiable if you have chosen to identify yourself; for example, by opting in to a mailing list.

Secure transactions

Ionic uses secure servers to process transaction data. Our secure servers use 128-bit high encryption technology and our secure server certificates are issued by recognised and trusted Internet security certificate issuing authorities. Look out for the padlock symbol on your browser to confirm that you are using a secure connection when entering your payment details.

Ionic Information will never ask you to provide or confirm your payment details by email. We will always ask you to use our website to make a secure payment or to call us during office hours with the details. Do not send credit card details by email as they can be intercepted.

Ionic Information does not store your credit card details. This information is processed by a third party payment processing company. Bank account details are held in a password-protected database.

Security

Ionic takes reasonable and prudent precautions to ensure that your personally identifiable data is protected against unauthorised access, use, or disclosure. Your personal data will be stored on our secure servers which incorporate both password and firewall protection.

All data stored that requires to be encrypted uses AES with a 128 bit key. The key is constructed from a password and MD5 hash to create the 128 bit key.

If we hold your bank account details, this information is deleted when you cancel your subscription to our products.