My Nest Egg Ltd Privacy Policy

Version number	1.1
Last updated	January 2024

mynestegg.com – Privacy Policy

My Nest Egg Limited is committed to protecting the privacy and security of personal information. This Privacy Policy, together with our Terms and Conditions, explains how and why we use the information we collect about you and tells you what to expect when we collect personal information from you. It also explains how we will store, handle and keep your personal information safe.

This policy sets out how your personal information will be processed, stored and how this applies to your use of our website, our mynestegg.com mobile application service (App) and any of the services accessible through our website or our App that are available on the mynestegg.com website or any other site of ours.

We collect and process various categories of personal and confidential information about you and it is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during our relationship with you.

We keep our Privacy Policy under regular review to make sure it is up to date and accurate.

Please read the following carefully to understand our practices regarding your personal information and how we will treat it.

Who are we?

My Nest Egg Limited is the controller for the personal information we process unless otherwise stated and is responsible for your personal information, collectively referred to “we,” “us,” “our” or “mynestegg.com.”

Registrations

Our company registration number is: 14593331

We are also registered with the Information Commissioner's Office (ICO). Our ICO registration number is: ZB524933

You can contact us at:

Postal address: X+why, East Embankment Tower, 100 Cathedral Approach, Manchester, M3 7FB

Email address: dataprotection@mynestegg.com

General information

All your personal Information will be held and used in accordance with the relevant data protection legislation.

For individuals based in the UK, all personal data will be held and used in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 and any other legislation relating to the protection of personal data.

Changes to our Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Please check back frequently to see any updates or changes to our Privacy Policy.

Third-party Links

Our website or our App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy statements or policies. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

Collection of your Personal Information

We use different methods to collect information from and about you.

We collect personal information to provide you with services. We also collect personal information when you visit our website, use our App, contact us by email or social media, to comply with our contractual obligations or where we are legally required to do so.

If we do not receive the information that we request, we may not be able to provide you with services. We and our agents, affiliates and service providers collect your personal information in a variety of ways, including:

• Through the provision of services: We collect personal information directly from you through providing the services.
• Other than through the services: We may collect personal information about you in other ways, such as when you meet with us, request information from us, participate in a live chat, a transaction, an investment or other contractual arrangement with us.
• From Other Sources: We may receive personal information from other sources, such as public databases, employers, entities we provide services to and from other third parties.

Personal Information That We Collect and Process

When you provide personal information to us, we will treat that information in accordance with this Privacy Policy.

Personal information or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Personal information includes but is not limited to:

• Name
• Account details and related contact information
• Postal address
• Telephone or fax number
• Email address and other identifying addresses for electronic
  communications
• Date of birth
• Details from passports and other government or state issued forms of personal identification (including social security, driver’s license, national insurance and other identifying numbers)
• Telephonic or electronic recordings

Personal information we may collect, use, store and transfer about you, which we have grouped together, are as follows:

• Identity Data includes first name, last name, username or similar identifier, title.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Financial Data includes bank account and / or payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Usage Data includes information about how you use our website, products, and services.
• Marketing and communications data includes your preferences in
  receiving marketing from us and our third parties and your
  communication preferences.

Most of the personal information we process is provided to us directly by you for the purpose of providing you with our services. You provide us with personal information and other information which is necessary to provide the services as part of the account opening process through our website or App. We may also receive from you, or third parties, information including:

• Employment related information (salary information, personal account trading, shareholdings, pension, and CVs);
• Investment risk levels
• Information about regulatory and other investigations or litigation, and sanctions lists and any other legal restrictions to which you are or have been subject;
• Source of wealth of beneficial owner(s); and
• Other elections and disclosures from relevant subscription documents.

We collect and process your personal information through your use of your account, online account and App, including any information you may provide through this website, or when you correspond with us by phone, email, live chat or otherwise.

We use your information to provide you with the service requested, to follow-up requests from you, to verify your identity, search for a product or service, to contact you when necessary, when you use other social media functions on our website, or enter a competition, promotion, or survey, and when you report a problem with our website to match you with content that is associated with your interests and to direct you to additional resources and tools that can save you time. We may also use this information to send you our electronic newsletter, other information and content.

This list is not exhaustive, and, in specific instances, we may need to collect additional information for the purposes set out in this Privacy Policy.

Our website is not intended for children as you have to be aged 18 or over to open a Stocks & Shares ISA or Self-Invested Personal Pension (SIPP) and our website does not knowingly collect information relating to children.

Sensitive Information

Sensitive information or Special category data is information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership (“Special Category Data”).

Please do not send us any personal information which would be categorised as Special Category Data through the services or otherwise, unless we specifically request this information from you or make a due diligence enquiry of you where the response necessitates you disclosing Special Category Data to us. This will most likely only occur if we request a biometrics check to verify your identity. If you need to provide us with Special Category Data, please ensure you notify us beforehand.

We may receive Special Category Data from third party service providers and others in support of due diligence activities we undertake to satisfy various legal and regulatory requirements to which we are subject.

Financial information

We process your financial information in order to provide and ensure we offer you the best service, we also use financial information for payments, and onboarding and ongoing client checks, due diligence and verification requirements, and tax reporting.

Payment Card information

We may process your personal information to process any payments made for the provision of services. The information may include information for identification and verification, such as your name, account number and sort code, or credit, debit or other card number, card expiration date, and CVV code.

Any payment transactions carried out by us, or our chosen third-party provider of payment processing services will be kept securely. If you would like a copy of your personal information held by the provider we use, or if you want further details of how your personal information will be used by the provider, please visit the website https://gocardless.com/privacy/.

mynestegg.com Account information

Some personal information is required to set up your mynestegg.com account, whether you set up your account on the website, online or via the App, personal information including your name, contact details, email address, and date of birth will be required.

When you download our and / or use our App or our software, information may be transferred from your device. This information is used to improve your experience and enable you to interact with our App and services. We may also process information about your browser type, settings and information about how and when you used our services, information about the type of device and/or operating system you are using, which videos you have watched, what content you like or share, and which adverts you saw and responded to.

Information Received from Third Parties

This is information we receive about you from third parties, for example we receive information from third parties who provide services to us or you, including where appropriate from credit reference agencies, fraud prevention, law enforcement, and / or government agencies or regulators.

We will only use this information and the combined information where we have a lawful basis.

We sometimes combine information received from other sources with information you give to us and information we collect about you. We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

Any data obtained from third parties will be kept in accordance this Privacy Policy, and with any additional restrictions imposed by the third party that shared your personal information.

If You Fail to Provide Personal Information

Where we need to collect personal information by law, legitimate interest or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with the services requested). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

How We Use the Information We Collect

The law on data protection sets out a number of different reasons for which a company may collect and process your personal information.

We will only use your personal information when the law allows us to do so. The lawful basis that we most commonly use to collect and process your personal information are:

• Where you have consented before the processing.
• Where we need to perform a contract, we are about to enter or have entered with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

In certain circumstances, we need your personal information to comply with our contractual obligations or to pursue our legitimate interests in a way which might be reasonably expected as part of running our business.

For example, we use your personal information for our legitimate interests including, but not limited to the following:

• to authenticate information you provide;
• validate authorised signatories when concluding agreements and transactions;
• to contact nominated individuals in connection with existing transactions and contractual agreements;
• to respond to enquiries and fulfil requests where information is required as a necessary part of the provision of the services and to administer account(s) and manage our relationships;
• to inform our clients and potential clients about products or services which we believe may be of interest, including marketing proposals or offers;
• to verify an individual’s identity and/or location (or the identity or location of our client’s representative or agent) to allow access to client data;
• to protect the security of accounts and personal information;
• for information and relationship management purposes and business purposes, including audits, developing and improving products and services and enhancing, improving or modifying our services;
• for risk management purposes;
• to comply with laws and regulations (including any legal or regulatory guidance, codes or opinions) and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions);
• to provide, and perform our obligations with respect to, the Services or otherwise in connection with fulfilling instructions; and
• to send administrative information to clients, such as changes to our terms, conditions and policies.

Additionally, we and our service providers may use personal information to comply with our contractual obligations we have with you, or to enforce our agreements, including investigation of any potential violations of our terms.

We may use personal information where we need to comply with a legal or regulatory obligation to detect, prevent or otherwise address economic criminal activity (including financial crime, fraud, money laundering etc).

Whenever you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Marketing

We strive to provide you with choices regarding certain personal information uses, particularly around marketing and advertising.

If you have given your consent to receive marketing emails you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing you can object. In either case, just let us know. If you have received a direct marketing email from us and no longer wish to do so, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails.

You can also opt out of marketing by selecting “account” within your mynestegg web portal or mobile app followed by “marketing preferences”. This will allow you to customise the types of marketing you would or would not like to receive.

Cookies

When you visit our website, we may collect certain information by automated means, such as using cookies. A cookie is a piece of data stored locally on your computer containing information about your activities on the Internet. Each website can send its own cookie to your web browser if your browser's preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows.

For further information about what a cookie is and how we use them, please see the “cookies policy”.

Webchat

You will find the Live Chat service available on our webpage, within your account and App. Please note that certain cookies are necessary to display the chat button on your website and / or App. Information recorded via live chat is held on the live chat platform provided by “Intercom” (a third party) to facilitate the live chat between you and us, your live chat communication can only be seen by specified live chat operators who work within mynestegg.com.

Our preference is that you do not share sensitive information via live chat. If it becomes necessary to share sensitive information, we will request alternative contact details.

Profiling and/or Automated Decision Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to not be subject to solely automatic decisions in relation to any processes that have a legal or similarly significant effect on you.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Where we are allowed to use automated decision-making, we will have notified you of the decision and given you 21 days to request a reconsideration, where it is necessary to perform a contract with you or with your explicit written consent.

Information We Share

Personal information may be shared or disclosed to trusted third parties in connection with the services we are providing.

Where personal information is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal information is secure and protected at all times. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Our contracts with third parties make it clear that they must hold personal information securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal information held by them will either be deleted or rendered anonymous.

We may also disclose your personal information to comply with a regulatory or legal duty, or if it is necessary to disclose personal information in connection with an investigation of suspected or actual fraudulent activity or is based on a lawful disclosure request.

We may also disclose personal information where such disclosure is necessary to protect the safety or security of any persons, and/or otherwise as permitted under applicable law.

The recipients of any such information will depend on the services being provided. We only provide third parties with the information they need to know to perform their specific services. Examples of when we share personal information include to:

• our affiliates and subsidiaries of mynestegg.com for the purposes described in this Privacy Policy;
• our third-party service providers who provide services such as website hosting, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other services;
• third party experts and advisers (including external legal counsel, notaries, auditors and tax advisers);
• fraud protection agencies and industry regulators;
• payments, banking and communication infrastructure providers including SWIFT, credit reference agencies, financial institutions or intermediaries with which we may have dealings including correspondent banks, insurers, insurance brokers, financial brokers, banks, middleware platforms, service agents and other service providers;
• third party storage providers (including archive service providers, document repositories and deal sites);
• third party platforms and to operators of private or common carrier communication or transmission facilities and mail or courier services;
• translation service providers;
• counterparties, vendors and beneficiaries, and other entities connected to you (including guarantors affiliates, underlying clients, obligors, investors, funds, accounts and/or other any principals connected); and
• other persons as agreed with you or as required or expressly permitted by applicable law.

We work closely with all the third parties to ensure that your personal information is kept secure and protected at all times. Our contracts with third parties make it clear that they must hold all information confidentially and securely, abide by the principles and provisions of the relevant data protection legislation, and only use information as we instruct them to.

If you would like a copy of your personal information held by the credit reference agencies we use, or if you want further details of how your personal information will be used by the agency, please visit their website https://www.creditsafe.com/gb/en/legal/privacy-policy.html.

Other Uses and Disclosures

In some circumstances we are legally obliged to disclose personal information. We will only share or disclose information in circumstances where we believe that the sharing of this information is necessary or appropriate for example where the sharing is:

• to comply with applicable law or agreements or to cooperate with law enforcement, governmental, regulatory, securities exchange or other similar agencies or authorities including tax authorities to which we or our affiliates are subject or submit, or for other legal reasons;
• to central banks, regulators or approved reporting mechanisms:
• to courts, litigation counterparties and others, pursuant to a court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings; and
• to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

In addition, we may process, disclose or transfer Personal Data to a third party:

• in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business and/or
• to third parties, as requested by clients or their representatives.

Where Your Personal Information May Be Processed

Your personal information will be stored on systems with technical and organisational security measures and controls located within the UK. Sometimes we will need to share your personal information with third parties and suppliers outside the UK such as Europe and the USA. Transfers may also be made when conforming to contracts or at your request.

If we do this, we have procedures in place to ensure your personal information receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times.

Any transfer of your personal information will follow applicable laws and we will follow the guiding principles of this Privacy Policy.

How Long We Will Retain Your Personal Information

We will only retain your personal information for as long as is necessary for the purpose or purposes for which we have collected it. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Data Security

We work hard to keep your information safe. We use a combination of technical, administrative, and physical controls to maintain the security of your personal information and protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. All information you provide to us is stored on secure servers. Some of the controls we have in place to protect your personal data include technological controls such as firewalls, user verification, strong data encryption. We utilise industry best practice standards to support the maintenance of a robust information security management system. Any payment transactions will be encrypted.

We have put in place procedures to deal with any suspected personal information data breach and will notify you and any applicable regulator when we are legally required to do so.

Your Rights

You are also able to exercise your rights which include:

1. Your Right to be Informed

   We aim to be transparent within our Privacy Policy and provide you with information about how we use your personal information.

2. Your Right to Object

   In some circumstances you can stop the processing of your personal information for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal information.

   Where your details are used for marketing, you can opt out at any time. You are able to unsubscribe from marketing on each contact or you can contact us to object to any processing.

3. Your Right to Rectification

   You have the right to request the correction of your personal information when it is incorrect, out of date or incomplete. If you notify us that the personal information we hold is complete or inaccurate we will correct or complete the information as soon as possible.

4. Your Right to Erasure or the Right to be Forgotten

   You have the right to request that your personal information be deleted; including if we no longer need it for the purpose we collected it, you withdraw your consent or you object to its processing.

   Following your request, we will erase your personal information without undue delay unless the continued retention is necessary and permitted by law. If we make the personal information public, we shall take reasonable steps to inform other data controllers processing about your erasure request.

5. Your Right to Restrict Processing

   You have the right to request that we restrict the processing of your personal information. This can be done in circumstances where we need to verify the accuracy of the information, if you do not wish to have the information erased or you have objected to the processing of the information, and we are considering this request. Once the processing is restricted, we will only continue to process your personal information if you consent, or we have another legal basis for doing so.

6. Your Right to Access

   You have the right to access the personal information we hold about you. Any access request will usually be free of charge and responded to within one month. We will endeavour to provide information in the format requested, but we may charge you a reasonable fee for additional copies.

7. Your Right to Data Portability

   You have the right to receive a copy of your personal information which you gave to us. The copy will be provided in a commonly used and machine-readable format. You can also have it transmitted directly from us to another data controller, where technically possible.

8. The right not to be subject to automated decision making and profiling

   You have the right to not be subject to solely automatic decisions (i.e., decisions that are made about you by computer without any human input) in relation to any processes that have a legal or similarly significant effect on you.

   You will be notified if we make a solely automated decision which produces a legal effect or significantly affects you.

9. When you request to exercise your rights

   You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee, which we will make you aware of, if your request is clearly unfounded or excessive, including where requests are repetitive. Alternatively, we could refuse to comply with your request in these circumstances.

   We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

   We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How can we help?

If you have any questions about our use of your personal information, you can contact us at dataprotection@mynestegg.com or by post using our postal address.

For further information on data protection please visit the Information Commissioner Office (ICO) website. The Information Commissioner Office regulates data protection. If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or visit the website.