Privacy Policy

Overview

Primary Bid Limited (“we”, “us”, or “our”) thinks it is important that you as our customer (“you” or “your”) know what personal data we collect about you and how we use it. Personal data is any information relating to an identified or identifiable person. Your name, address, phone number, bank account details, email address and/or IP address are all examples of your personal data. 

This policy sets out the details of the personal data we collect about you and how we use it. Please read this policy carefully. By using our website and/or our app (together, our “Website”), contacting us by telephone, by emailing us or otherwise providing personal data to us (for example through our social media), you agree to the terms of this policy. 

We may change this policy from time to time to keep it accurate and up to date. If we change this policy, we will endeavour to tell you about it. That way you can check to see if you are happy with our policy, before proceeding any further.  Please look out for notices from us. If, following any changes, you continue to use our Website, or otherwise provide information to us, we will take it that you agree to those changes.

Data we collect from you

We only collect personal data about you that we will genuinely use for the purposes set out in this policy. Types of personal data we collect and use include:

  1. Contact information – where you live and how to contact you;

  2. Identity information – your name, nationality, gender, social security number (or local equivalent), or other information contained in identity-related documentation (such as, passport, driving license, or birth certificate);

  3. Transactional information – details about payments to and from your accounts (including broker name and account number) and other details of products and services you have purchased from us;

  4. Contractual information – details about the products and services we provide to you;

  5. Technical information – details on the devices (such as IP addresses) and technology you use;

  6. Communications information  – information we obtain through letters, emails, conversations, social media interactions, or any other correspondence between you and us;

  7. Open Data and Public Records information – details about you that is available in public records or that is openly available on the internet; and

  8. Usage information – information about how you use the products and services we provide to you.

How and why we use your personal data

The processing of your personal data is subject to a strict purpose limitation principle under EU law. Therefore, we will only use your personal data when the law allows us to, for only legitimate purposes and will ensure that your data will not be further processed in a way incompatible with those purposes. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (“Performance of a contract”);

  • Where it is necessary for our legitimate interests (i.e. we have a business or commercial reason for using your information) and your interests and your fundamental rights do not override those interests (“Legitimate interests”);

  • Where we need to comply with a legal or regulatory obligation (“Legal obligation”); or

  • Where you consent (“Consent”).

What we use your personal data for

  1. To provide and manage our products and services (including any online account with us).

  • Our reasons: performance of a contract, legitimate interests, legal obligation.

  • Our legitimate interests: being efficient about how we fulfill our legal and contractual duties and providing high quality customer service.

2. To process and deliver the products or services you receive from us.

  • Our reasons: performance of a contract, legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us and being efficient about how we fulfill our legal and contractual duties.

3. To process transactions and carry out obligations arising from any contract entered into between you and us.

  • Our reasons: performance of a contract, legitimate interests, legal obligation.

  • Our legitimate interests: being efficient about how we fulfill our legal and contractual duties.

4. To communicate with you and respond to your enquiries, including responding to complaints and attempting to resolve them.

  • Our reasons: performance of a contract, legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us, being efficient about how we fulfill our legal and contractual duties and providing high quality customer service.

5. To transfer information to the Official Receiver or appointed insolvency practitioner(s) for the administration of your account, if we receive notice of or are informed of your insolvency or bankruptcy, or of any insolvency proceedings/arrangements.

  • Our reasons: legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us and being efficient about how we fulfill our legal and contractual duties.

6. To enforce or obtain settlement of debts owed to us or in relation to investments made on your behalf, including sharing your information with any debt collection, debt tracing or other agent for these purposes.

  • Our reasons: legitimate interests, performance of a contract

  • Our legitimate interests: being efficient about how we fulfill our legal and contractual duties.

7. To send you promotional and marketing materials, newsletters or other related communications (including making suggestions and recommendations to you about services that may be of interest to you).

  • Your consent

8. To conduct research and analysis to improve the quality of our marketing and the experience of and relationships with our customers.

  • Our reasons: performance of a contract, legitimate interests, legal obligation.

  • Our legitimate interests: developing products and services and what we charge for them, defining types of customers for new products or services, seeking your consent when we need it to contact you.

9. To comply with our legal and regulatory obligations (including verifying your identity and conduct identity and background checks for anti-money laundering, fraud, credit and security purposes) and to exercise our legal rights.

  • Our reasons: legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us and being efficient about how we fulfill our legal and contractual duties.

10. To communicate with you about operational changes to our products, services and website: for example, if we were to withdraw one of our products, or change this privacy policy.

  • Our reasons: performance of a contract, legitimate interests, legal obligation

  • Our legitimate interests: being efficient about how we fulfill our legal and contractual duties and providing high quality customer service.

11. To exercise our rights in agreements and contracts to which we are a party.

  • Our reasons: performance of a contract

12. To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

  • Our reasons: performance of a contract, legitimate interests, legal obligation

  • Our legitimate interests: developing and improving the network security, efficiency and technical specification of our IT systems and infrastructure.

13. To administer auditing, billing and reconciliation activities and other internal and payment-related functions.

  • Our reasons: performance of a contract, legitimate interests, legal obligation

  • Our legitimate interests: being efficient about how we fulfill our legal and contractual duties.

14. To detect, investigate, report, and seek to prevent financial crime and to manage risk for us and our customers.

  • Our reasons: performance of a contract, legitimate interests, legal obligation

  • Our legitimate interests: developing and improving how we deal with and manage financial crime, complying with regulations that apply to us, being efficient about how we fulfill our legal and contractual duties.

15. Where you have requested to take part in a PrimaryBid offer or hold any investment, we may provide such information relating to your request as may be reasonably requested by the issuer of that investment, or any managers acting on their behalf, in connection with the offer or issue of that investment.

  • Our reasons: legitimate interests, legal obligation.

  • Our legitimate interests: providing our customers with high quality products and services, complying with regulations that apply to us, being efficient about how we fulfill our legal and contractual duties.

16. To develop, manage and improve our products, services and the website (including conducting research and analysis) and to test new products, services, and features of the website.

  • Our reasons: performance of a contract, legitimate interests, legal obligation.

  • Our legitimate interests: providing our customers with high quality products, services and Website features and keeping our products, services and Website features updated and relevant.

17. To run our business in an efficient and proper way, including in respect of our financial position, business capability, corporate governance, audit, strategic planning and communications.

  • Our reasons: legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us and being efficient about how we fulfill our legal and contractual duties.

18. For quality control, training, security and regulatory purposes, we may monitor and/or record your communications with us.

  • Our reasons: legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us and being efficient about how we fulfill our legal and contractual duties.

19. To make national declarations which we have to provide to CREST for onward transmission to the registrar.

  • Our reasons: legitimate interests, legal obligation.

  • Our legitimate interests: complying with regulations that apply to us and being efficient about how we fulfill our legal and contractual duties.

20. To carry out segmentation of our customer database, along with propensity modelling (a customer insight technique which involves analysing past observations to predict future customer behaviour) and create event triggers for specific categories of customer for marketing and servicing purposes.

  • Our reasons: legitimate interests, your consent.

  • Our legitimate interests: providing our customers with high quality products, services and Website features and keeping our products, services and Website features updated and relevant.

Change of purpose

We will only use your personal data for the uses and purposes set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original uses and purposes. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Failure to provide personal data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Information shared

In order to run our business and provide you with many of our products and service, we sometimes have to pass your personal data to other people and businesses. However, except as described in this Privacy Policy, we will not provide any of your personal data to any third parties without your specific consent. We may share your personal information to the following categories of recipient: 

  • With group companies and affiliates. We may share the information with all of our group companies and business units that have relationships with you. For example, we share information to assist us in providing service and account maintenance, to help us design and improve products and to offer products and services that may be of interest to you.

  • With our service providers. We may disclose information to third party service providers who help us provide our website and related services to you, for example, information technology companies who design and host our websites, and payment services companies who enable us to store details of and allow you to use payment cards with us.

  • With brokers and intermediaries. We share your personal data with brokers and intermediaries to the extent necessary to facilitate settlement of your shares or other financial products.

  • Insurances and insurance brokers. We may disclose information in order for us to be able to obtain insurance against risks we face in running our business. They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services.

  • As part of business transactions. In relation to an ongoing or proposed business transaction (such as a transfer of the ownership or operation of our website to another organisation if we merge with or are acquired by another organization, or if we liquidate our assets), your information may be transferred to a successor organization. If such a transfer occurs, the successor organization’s use of your information will still be subject to this Policy and the privacy preferences you have expressed to us.

  • Third parties as permitted or required by law. This includes disclosing your information to regulators, law enforcement authorities, credit reference agencies and subject access requests. Personal information about employees or customers is only disclosed as required or permitted by law and in accordance with established company procedures. We may transfer and disclose the information we collect about you to comply with a legal obligation, including responding to a court order, to prevent fraud, to comply with an inquiry by a government agency or other regulator, to address security or technical issues, to respond to an emergency, or as necessary for other legal purposes. We may also disclose your information for the prevention of fraud and the detection of crime.

  • Our professional advisers. We may disclose your information, for example, to our lawyers and technology consultants when they need it to provide advice to us.

  • With your consent. We may disclose your personal information for any other purpose with your consent.

Marketing

In relation to marketing communication, we will provide you with an “opt in” or “opt-out” mechanism depending on where in the world you are located. An “opt-in” mechanism will provide you the opportunity to positively indicate that you would like or do not object to us sending you marketing communications. If you are based in a location that requires us to provide you with an “opt-in”, then we will not send you any marketing communications unless you have “opted-in”.

We may from time to time send you information regarding new products and promotions by email or post. Additionally, we may occasionally also contact you by telephone regarding such products or promotions.

You can unsubscribe from receiving marketing communications by clicking on the unsubscribe link contained in every marketing communication we send to you. You can also specify that you no longer wish to receive marketing emails from us by sending an email with “unsubscribe” in the subject field to [email protected] If you have registered more than one email address with us, please list all your email addresses to be removed from our marketing emails in the body of the email. Please note that, while we will remove you from future marketing emails, any marketing emails already in production may still be received for a short time after you send us your request.

If you have specified that you do not wish to receive marketing emails from us, we will still send you email messages which you specifically requested to receive, or which relate to the provision of our services to you including, for example, information about your account and regulatory information.

If, having specified that you do not wish to receive marketing communications from us, you then wish to do so, you should email us at [email protected] or contact our customer services at +44 20 3026 4750.

Other sites

We may include some links to other websites in our Website. Please note that these websites are controlled by other people, not us, and we are not responsible for them. Equally, any social media posts or comments you make to us (e.g. on our own LinkedIn page) will be shared under the terms of the relevant social media platform (e.g. LinkedIn or Twitter) on which they are made and could be made public by that platform.  These other sites may send their own cookies to your device, may independently collect data or solicit personal data or personally identifiable information, and may or may not have their own published privacy policies. You should read the privacy statements of other websites they visit for information regarding their specific privacy practices. The use of such other websites is at your own risk.

Your Log-In

If you choose to access the secure areas of our Website, you are able to access these only with your login details. Your login details should never be shared with anyone else and we recommend that any password you set is not easily guessable, and changed frequently. Because we cannot guarantee the confidentiality of information sent on the internet, you should never send your login details via email. Should you wish to contact us about your account, you should do so by e-mail or by telephone.

Information collected through our app

If you use our App, we may also collect the following information:

  • Geo-Location Information. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.

  • Mobile Device Access. We may request access or permission to certain features from your mobile device. If you wish to change our access or permissions, you may do so in your device’s settings.

  • Mobile Device Data. We may automatically collect device information such as your mobile device ID, model and manufacturer, operating system, version information and IP address.

  • Push Notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

Security of your personal data

Much of the information we receive is provided electronically, originating with your relevant device and then transmitted to us by your relevant telecoms network provider. Where it is within our control, we put measures in place to ensure that whilst the data is in transmission from your device to us, this data is reasonably secure.

Once your information is received by us, we take its security very seriously. We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites and offices as much as possible. It is our practice to protect the confidentiality of this information, limit access to this information to those with a business need, and not disclose this information unless required or permitted by law.

Unfortunately, no website, server or database is completely secure or “hacker proof.” We therefore cannot guarantee that your personal information will not be disclosed, misused or lost by accident or by the unauthorized acts of others. If you ever receive a communication from us that you are concerned may be from a third party impersonating one of our staff, please contact us immediately.

We will never ask for your password, but will ask security questions to confirm your identity before we can discuss matters relating to your account.

Accuracy of your personal data

It is very important to us that all the information we hold about you remains accurate and up-to-date to reduce the chances of us having a misunderstanding. We strive to keep our records accurate and will make appropriate corrections when you notify us. 

Please let us know if there is incorrect information in any statements or other communications that you receive from us. If you have an online account with us, please ensure that the information you provide to us through that account (e.g. any contact information you provide) remains accurate and up-to-date. Please review and update it regularly.

If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered accounts with us, please Contact us.

Retention of your data

Your personal data will not be retained for longer than necessary for us to achieve the purpose for which we obtained that data. For example, we may retain your personal data if it is necessary to comply with any legal obligations, meet any regulatory requirements, resolve any disputes or litigation, or as otherwise needed to enforce this policy and prevent fraud and abuse. 

To determine the appropriate retention period for the personal data we collect from you, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements. No purpose in this policy will require us keeping your personal information for longer than 5 years past the termination of your account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Data subject rights

To exercise any of the following rights, please contact us at [email protected]. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request if your request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We will respond to all legitimate requests within one month. 

  • Right to withdraw consent at any time: This applies where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

  • Request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that it is accurate and that we are processing it lawfully.

  • Object to processing of your personal data: This enables you to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. We will provide you with appropriate choices to opt-in or opt-out as set out above in our Policy.

  • Request correction of your personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Request transfer of your personal data: This enables you to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Request restriction of processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Right not to be subject to a decision based on automated profiling: This applies where the automated processing produces legal effects on you or similarly significantly affects you. Note, it does not apply if the decision (a) is necessary for the performance of a contract between you and us, (b) is authorized by applicable law, or (c) is based on your explicit consent. However, where (a) or (c) applies, you have the right to obtain human intervention. You also have the right to be informed of the logic involved in such processes. One common example is if we decline an order you place with us online for anti-fraud or credit check reasons. Please note that these decisions can come about due to policy decisions taken by banks, card and payment processing companies, and credit reference agencies who separately hold information about you and to resolve them you may have to speak to them directly.

  • Make a complaint: You have the right to make a complaint at any time to the relevant data protection supervisory authority in the EU member state in which you reside. Please consider raising any issue or complaint you have with us first though. Your satisfaction is very important to us, and we strive to solve all problems and complaints wherever possible.

You can get further information on your privacy rights on the UK Information Commissioner’s homepage, which can be accessed here.

International data transfers

We may transfer, store, and process your information in countries other than your own. Our servers are located in the United Kingdom. If you are accessing our Website from outside the current location of our servers, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, such as our third parties in India and other countries.

If you are not a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law.

Where we transfer personal data to a destination outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. Such measures implementing the European Commission's Standard Contractual Clauses for transfers of personal information between us and our third-party providers, which require all such recipients to protect personal information that they process from the EEA in accordance with European data protection laws.

  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Contact us

PrimaryBid Limited is a limited company registered in England and Wales (No. 08092575) with its registered office at 21 Albemarle Street, London W1S 4BS. PrimaryBid Limited is authorised and regulated by the Financial Conduct Authority (FRN 779021).

If you want any further information about our use of your information, our Website or have any other privacy questions relating to us, we’d be happy to help you. Please contact us by calling at +44(0)20 7491 6519 or email us at [email protected].