FundApps_Sustainable

Privacy policy

Who are we and what do we do?

FundApps (“FundApps”, “we”, “our” or “us”) has developed and owns a cloud hosted SaaS platform that enables businesses to monitor and report on their compliance with regulatory requirements (Services).

This privacy policy gives you information about how we collect, store, use, disclose and process and uses your personal data through:

  1. your use and visitation of fundapps.co and other FundApps websites (Websites); and
  2. your use of our Services as a client or
  3. an employee of a client.

The Websites and Services are not intended for children and we do not knowingly collect data relating to children.

Please note that this privacy policy does not cover our practices regarding prospective candidates or job applicants. Please visit https://www.fundapps.co/candidate-privacy-policy which describes our practices relating to such personal data processing.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact our legal counsel who is responsible for overseeing questions in relation to this privacy policy by email on privacy@fundapps.co.

You have the right to make a complaint at any time to the relevant regulator for data protection issues (such as the ICO in the UK). We would, however, appreciate the chance to deal with your concerns before you approach a regulator so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated in November 2024. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

The Websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Websites, we encourage you to read the privacy policy of every website you visit.

1. The types of personal data we collect about you and where we get it from

The personal information we process about you broadly falls into four main categories: (i) Contact Information; (ii) Service and Billing Information; (iii) Browsing and Device Usage Information; and (iv) Marketing Preferences.

We collect your personal information from various sources. The table below sets out the different types of personal information that we collect and the sources we collect it from.

Category
Types of personal data

Collected from
Contact Information
  • Name
  • Username or similar identified
  • Address
  • Email Address
  • Telephone number
  • Organisation details (i.e. your place of work, job title and organisation contact information
  • Video/call recordings
  • You; such as for example when you apply for our products/services, attend demonstrations and sales calls
  • Publicly available resources such as LinkedIn, your organisations website, governmental company registers
  • Data brokers or aggregators such as Preqin
Service and Billing Information
  • Details related to your use of the Services such as service or support enquiries, including service-related communications with you
  • Information about other people (i.e. your customers, consultants, suppliers and/or staff) that you share with us in connection with the Services
  • User IDs and passwords used by you in relation to our Websites and Services
  • You/your organisation’s billing, payment and banking details
  • You; such as for example when you subscribe to our Services and create a user account to use our Services
  • Advisors or any third parties working on your/our behalf
Browsing and Device Usage Information
  • Information about how you interact with and use our Websites and Services including an action audit log
  • IP address
  • Information revealing the location of your electronic device
  • You and your use of our Websites and Services through browsing actions and patterns including cookies, audit logs and other similar technologies
  • Analytics and search information providers such as Google
Marketing Information
  • Preferences in receiving marketing and communications from us
  • Your interests, preferences, feedback and survey responses
  • You; such as for example when you request marketing to be sent to you, enter a competition, promotion or survey, attend a webinar and give us feedback or contact us
  • Publicly available information from online resources such as LinkedIn

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Browsing and Device Usage Information to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Websites and using our Services to help improve the website and our service offering.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

2. How we use your personal data

We have set out below, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so.

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

 

Purpose/Use
Type of data
Legal basis
Establishing and registering you/your organisation as a client on our systems
  • Contact
  • Service and Billing
  1. To perform a contract with you
  2. To comply with a legal obligation
  3. Your consent
To facilitate, operate and provide our Services which you have requested from us including:
  1. Responding to your support requests and queries by providing client services/technical support by email/phone
  2. Monitoring and analysing the use of the Services
  3. Providing training
  4. Sharing relevant know-how and updates for the Services and sending service-related communications
  5. Notifying you about changes to our terms or privacy policy
  6. Asking you to leave a review, provide feedback or take a survey about the Services
  • Contact
  • Service and Billing
  • Browsing and Device Usage
  • Marketing
  1. To perform a contract with you
  2. To comply with a legal obligation
  3. For our legitimate interests (in order to provide the Services and give you access to them in accordance with our obligations and ensure performance, high quality service, to keep clients up to date with latest relevant service developments/upgrades, manage our relationship with you, remediate/resolve any issues raised by you, to keep our records updated and to study how you use our products/services for continual improvements)
To process and manage payments from you in respect of our Services
  • Contact
  • Service and Billing
  1. To perform a contract with you
  2. For our legitimate interests (to recover and collect debts due to us)
To administer and protect our business, Services and Websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) including:
  1. to support and enhance our data security measures;
  2. to monitor service levels and produce statistical information regarding the use of our platforms, and analysing and improving their functionality;
  3. to maintain the security and integrity of our systems, platforms, premises and communications (and detecting and preventing actual or potential threats to the same);
  4. to send notifications of changes and updates to our Websites/Services, billing issues, service changes, login attempts, password reset etc.
  • Contact
  • Service and Billing
  • Browsing and Device Usage
  1. To comply with a legal obligation
  2. To perform a contract with you
  3. For our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent or mitigate the risks of fraud, misuse of the Services/Websites, error or any illegal or prohibited activity and in the context of a business reorganisation or group restructuring exercise, to perform routine monitoring to make sure our platforms work properly, analyse how they are used and improve them)
To use data analytics to improve our Websites, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing
  • Contact
  • Marketing
 For our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Sending you electronic direct marketing communications
  • Contact
  • Marketing
  Consent (according to your specific content, communications and sender preferences)
 To analyse how our electronic marketing communications are used by you including whether you open them and click through to access their contents.
  •  Contact
  • Browsing and Device Usage
  • Marketing
 For our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services, to ensure we are providing you with the information you are interested in).
Conduct surveys for benchmarking, continuous improvement and marketing purposes. To carry out market research and enable you to partake in a prize draw, or competition.
  • Contact
  • Browsing and Device Usage
  • Marketing
  1. Consent (according to your specific 
    content, communications and sender preferences)
  2. For our legitimate interests (to study how customers use our products/services, to develop them and grow our business, in order to resolve any problems or complaints and improve and innovate)
To enable integration with and sourcing of data from 
data/information providers 
instructed and used by you
  • Contact
  • Service and Billing
 To perform a contract with you
Complying with our general 
regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws) and any requests/requirements from your regulators
  • Contact
  • Service and Billing
  • Browsing and Device Usage
  • Marketing
 To comply with a legal obligation

Direct marketing 

You will receive marketing communications from us if you have requested information from us via our Websites or purchased our Services and you have not opted out of receiving the marketing.

We may also analyse your Contact and Marketing Information to form a view as to which products, 
services and offers may be of interest to you so that we can then send you relevant marketing 
communications. 

Third-party marketing 

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

Opting out of marketing 

You can ask to stop sending you marketing communications at any time by following the opt-out links  within any marketing communication sent to you or by contacting us at marketing@fundapps.co. 

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

Cookies 

When you visit any website, it may store or retrieve information on your browser, mostly in the form of  cookies. This information might be about you, your preferences or your device and is mostly used to 
make the site work as you expect it to. 

The information does not usually directly identify you, but it can give you a more personalised web  experience. Because we respect your right to privacy, you can choose not to allow some types of cookies using the “Accept” or “Decline” our use of cookies that are not strictly necessary. However, blocking some types of cookies may impact your experience of the Websites and the Services we are able to offer.

You can also manage and control the use of cookies through your browser, including removing cookies by deleting them from your browser history when you leave our Websites. You can also opt out of being tracked by Google Analytics across all websites. 

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our Websites 
    and cannot be switched off. They are usually only set in response to actions made by you which 
    amount to a request for services, such as setting your privacy preferences, logging in or filling in 
    forms. You can set your browser to block or alert you about these cookies, but some parts of the 
    Websites will not then work. These cookies do not store any personally identifiable information.
  • Analytical or performance cookies. These allow us to recognise and count the number of visitors 
    and to see how visitors move around our Websites when they are using it. This helps us to improve the way our Websites work, for example, by ensuring that users are finding what they are looking for easily. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our Websites and will not be able to monitor their performance.
  • Functionality cookies. These are used to recognise you when you return to our Websites. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our Websites, the pages you have visited and the links you have followed. We or our advertising partners may then use this information to make our Websites and the advertising displayed on it more relevant to your interests. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
3. Disclosures of your personal data

We may share your personal data with third parties for the purposes set out under How we use your personal data above. We’ve broken down the list of third parties into relevant sections to give you a greater understanding over how these services may have access to your information.

The FundApps group is formed of 3 separate entities located in the UK, Singapore and USA and each will contribute to the provision of the Services and are therefore considered internal third parties:

FundApps Entity
Registered Address
Service
FundApps Ltd
6th Floor 9 Appold Street, London, EC2A 2AP, United Kingdom
Provider of the Services depending on which entity is named in the contract. Includes the provision of support and maintenance services across all entities to ensure relevant time zone support access (and out of hours) for clients
FundApps Pte Ltd
 38 Beach Road, #29-11 South Beach Tower,  Singapore 189767
FundApps Inc Corporation Trust Center, 1209 Orange  Street, Wilmington, New Castle County,  Delaware 19801, USA   

Outside of the FundApps group we also use the following external third parties: 

1. Infrastructure/Hosting Sub-Processors – we use these organisations to store/host/collect  personal information or to provide other infrastructure/hosting that helps with the delivery of  the Services.
Third Party Third Party Service Location Transfer Mechanism 
Amazon Web Services Inc
Address: Seattle, 
410 Terry Ave North, 
United States
 Provides cloud infrastructure, primary 
hosting services and data warehousing for our Services		 Germany and Ireland DPA incorporating EU 
SCC’s
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF certified
Datadog Inc
Address: 620 8th Ave Fl 45 New York, NY 10018
 Provides infrastructure for user log monitoring, analytics and security 
information and event management for troubleshooting any issues that clients 
may encounter and protection our platform from malicious actors.		 USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
Google LLC (G Suite)
Address: 1600 Amphitheatre Parkway in Mountain 
View, California
 Email and office applications and infrastructure used internally. USA
DPA incorporating EU SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
Scalr Inc
Address: 1990 N California BlvdSuite 20 PMB #1152  Walnut Creek, CA 94596
 Cloud automation and collaboration software for Terraform to help deploy IT resources using infrastructure as code. USA
DPA incorporating EU SCC’s and UK IDTA
2. Service Specific Sub-Processors – we work with other third parties to provide specific functions or features within or linked to the Services including support functionality and administrative tasks (like billing). These providers will have access to relevant personal information in order to provide the specified functions for the purposes outlined.
Third Party Third Party Service Location Transfer Mechanism 
AgileBits Inc t/a 
1Password

Address: 4711 Yonge St, 10th Floor, Toronto, Ontario, M2N 6K8, Canada
 Secure password manager/vault that stores client credentials that relates to their data provider setup, sftp setup and API user setup which is shared with us by clients for  implementation purposes. EU DPA incorporating EU 
SCC’s and UK IDTA
Auth0 Inc

Address: 100 First Street, Floor 6, San Francisco, CA 94105
 Authentication platform we use that verify a user’s identity before providing them with access to our applications/Websites/Services. USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
ClientSuccess Inc

Address: 770 E Main Street, #151 Lehi, UT 84043
 Post-sales customer success management platform that helps measure customer health and provides 
a framework for identifying opportunities for customer lifecycle 
expansion/growth		 USA

DPA incorporating EU SCC’s

  • EU-US DPF certified
  • Swiss-US DPF  certified
DocuSign Inc

Address: 221 Main Street, Suite 1550 San Francisco, CA 94105
 Contract administration and signature tool USA
DPA incorporating EU 
SCC’s and UK IDTA
GitHub Inc

Address: 88 Colin P Kelly Jr Street, San Francisco, CA 94107
 Developer platform that allows for the creation, storage, management and sharing of code including tracking of software feature requests, task management and managing allowed/whitelisted IP addresses. USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
Hubspot Inc

Address: 2 Canal 
Park Cambridge, MA 
02141, United States
 Customer relationship management platform that assists with consolidation and tracking of communications with 
clients including status of tasks  associated with management of client relationships.		 USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
PagerDuty Inc
 
Address: 600 Townsend St., #125 San Francisco, CA 94103
 Incident reporting that centralizes, simplifies, and automates the incident response process to assist with 
resolving issues efficiently, providing 
context around incidents, runbook 
information, and previous remediation details to accelerate incident resolution and run postmortems.		 USA
DPA incorporating EU 
SCC’s and UK IDTA
Shortcut Software 
Company

Address: 201 Allen St, Unit #10004, New York, NY 10002
 Software that allows our engineers to monitor ticket status relating to issues raised by clients and to project manage effectively. USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
The Rocket Science 
Group LLC d/b/a Mailchimp  Intuit Inc
Address: 2700 Coast 
Ave, Mountain View, CA 94043
 Email marketing and automation tool that assists with client engagement via 
email and general advertising		 USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • Swiss-US DPF 
    certified
Xero UK Limited

Address: 5th Floor, 
100 Avebury Boulevard, Milton Keynes, MK9 1FH
 Accounting software for processing invoices and payments from clients and suppliers. UK
DPA incorporating EU 
SCC’s and UK IDTA
Intercom Inc 
 
Address:  55 2nd 
Street, Suite 400 
San 
Francisco, CA 94105 
 Client support ticketing system for responding to and dealing with client 
support emails and queries.		 USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF certified
3. Add-On Integration Sub-Processors – the following are third parties we use to communicate with our clients and suppliers whose use is engaged directly by a party and is optional.
Third Party Third Party Service Location Transfer Mechanism 
Delighted LLC (provided by Qualtrics LLC)

Address: 333 W River Park Dr Provo, UT 84604
 Customer feedback tool that enables gathering of actionable customer and product feedback USA DPA incorporating EU 
SCC’s and UK IDTA
Dialpad Inc

Address: 12935 Alcosta Blvd. #559  San Ramon, CA 94583
 Telephone and communications tool. USA
DPA incorporating EU 
SCC’s and UK IDTA
ON24 Inc

Address: 50 Beale Street, Eighth Floor, San Francisco, CA 94105
 Webcasting and virtual event technology used to host webinars and 
other interactive demonstrations		 USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
Zoom Video Communications Inc

Address: 55 
Almaden Blvd
San Jose, CA 95113
 Videoconferencing and communications tool USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
4. Internal Productivity and Communication Sub-Processors – we use these providers specifically for internal purposes which may integrate with other sub-processor tools and any personal information shared within such tools (and therefore stored within them) will be directly related to our provision of the Services.
Third Party Third Party Service Location Transfer Mechanism 
Notion Labs Inc

Address: 2300 Harrison Street, San Francisco, CA 94110
 Productivity and note taking web application used as our internal organisation tool for task management, project tracking, to do lists and bookmarking. USA DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF certified
Slack Technologies LLC
Address: 415 Mission St FL 3, San Francisco, CA 94105
 Communication/messaging tool used for internal communication and resolution discussions. USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
5. Other Sub-Processors – we use these providers to help run our business, including gathering sales insights and improving the efficiency of our prospect/client engagement so our approach is relevant, targeted and bespoke.
Third Party Third Party Service Location Transfer Mechanism 
Demandbase Inc

Address: 680 Folsom Street, Suite 400 San Francisco, CA 94107
 Account based marketing, advertising 
and sales intelligence platform that is used to provide customer service, monitor and analyse trends, understand activity and usage, and to provide improved products and services.		 USA DPA incorporating EU 
SCC’s and UK IDTA
Ebsta Limited

Address: Third Floor, 79-81 Paul St, London EC2A 4NQ
 Tool to assist our sales teams with more effective sales processes, pipeline reviews and forecast calls with insights. UK
DPA incorporating EU 
SCC’s and UK IDTA
Valuecase GmbH
Address: Axel-Springer-Platz 3, 20355 Hamburg, Germany
 Prospecting tool that assists with prospect engagement, creating a digital sales process and streamlined onboarding. Germany
DPA incorporating EU 
SCC’s
ZoomInfo Technologies LLC

Address: 805 Broadway St Ste 900 Vancouver, WA 98660
 Business information provider that providers access to business contacts, company profiles and general sales intelligence. USA
DPA incorporating EU 
SCC’s and UK IDTA
  • EU-US DPF certified
  • UK Extension to EU-US DPF certified
  • Swiss-US DPF 
    certified
The following third parties are engaged on an ad-hoc basis as and when the relevant circumstance 
arises:
  • We partner with investment management and compliance professionals/consultants such as 
    Simcorp A/S, Optima Partners Holdings LLC and Enfusion Ltd LLC who may refer to us, with consent, any of their clients who are interested in our Services.
  • We also work with, on request from our clients, data providers such as: FIA Tech, Refinitiv and Bloomberg – therefore Contact Information may be shared between us and the providers on request from you.
  • Aosphere Limited is an information provider that our clients must have a subscription with before using our Services and therefore we would need to share Contact Information with them in order for that to be actioned.
  • Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in the UK, USA and Singapore who provide consultancy, banking, legal, insurance and accounting services may have incidental access to personal information. This will also include 
    auditors that audit us yearly on our security and other internationally recognised standards/accreditations.
  • Regulators and other governmental authorities acting as joint controllers based in the UK, USA and Singapore who require reporting of processing activities in certain circumstances may also have incidental access to personal information.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.  Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

4. International transfers

We will transfer the personal information we collect about you inside of and transfer between the USA, UK and Singapore where our Internal Third Parties are located in order to perform our contract with you. Such transfers are governed by an intragroup arrangement that contains specific standard 
contractual terms approved for use in the UK, USA and Singapore which give the transferred personal data the same protection as it has in its originating jurisdiction.

We may transfer your personal data to External Third Parties that carry out certain functions on our behalf. This may involve transferring personal data outside of your home jurisdiction to countries which have laws that do not provide the same level of data protection as the laws of your home jurisdiction. Whenever we undertake such transfers, we ensure a similar degree of protection is afforded to you by  ensuring that the following safeguards are implemented: 

  • We conduct enhanced due diligence on all External Third Parties which includes a full security 
    and legal review prior to onboarding them.
  • We only transfer your personal data to countries that have been deemed by the EU (pursuant to article 45 of Regulation (EU) 2016/679) to provide an adequate level of protection for  personal data, namely, the UK under GDPR and the United States (for organisations 
    participating in the EU-US and UK extension of the Data Privacy Framework).
    • We use specific standard contractual terms approved for use in the UK and EU which give 
      the transferred personal data the same protection as it has in the UK and EU, namely the 
      EU Standard Contractual Clauses, the International Data Transfer Agreement or the 
      International Data Transfer Addendum to the EU SCCs for international data transfers.
    • We will conduct transfer risk assessments and data protection impact assessments where 
      applicable to identify and minimise any risks associated with such third-party processing 
      and transferring any personal data.
    • We shall remain responsible for the acts and omission of any External Third Parties as if 
      they were our acts and omissions

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of your home jurisdiction.

5. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We are ISO27001 certified and comply with SOC 2 – further details on our security processes can be found here.

6. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including Contact Information and Service and Billing Information) for six years after they cease being customers for tax purposes.Otherwise, we will retain all other personal data for the length of our contractual agreement with you or until such time as we receive a deletion request.

In some circumstances you can ask us to delete your data: see section 7 for further information.

7. Your legal rights

Under data protection laws in relation to your personal data, you have the right to:

  • Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object. You also have the absolute right to object any time to the processing of your personal 
    data for direct marketing purposes (see OPTING OUT OF MARKETING for details of how to do so).
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our Services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
    • If you want us to establish the data's accuracy;
    • Where our use of the data is unlawful but you do not want us to erase it;
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact privacy@fundapps.co. 

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

8. Supplemental Notice for the United States

This section provides additional details about the personal information we collect about individuals and the rights afforded to them under various applicable U.S. state data-protection and privacy laws, including the California Consumer Privacy Act, as amended (CCPA), the Colorado Privacy Act (CPA), 
the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Protection Act (VCDPA).

Your Rights

Subject to applicable law, you have the following rights with respect to your personal information.

  • Right to access. You have the right to request that we disclose to you in a portable format the personal information we collect, use, disclose, share, and sell about you.
  • Right to correct. You have the right to correct errors in your personal information.
  • Right to delete. You have the right to request that we delete your personal information that we’ve collected.
  • Right to update. You have the right to request that inaccurate personal information we hold about you be corrected.
  • Right to restrict the use and disclosure of your sensitive information. You have the right to request that we limit our use and disclosure of your sensitive personal information.
  • Right to non-discrimination. You have the right not to receive discriminatory treatment because you’ve exercised any of your rights under the CCPA.
  • Right to opt out. You have the right to opt out of behavioural or targeted advertising, automated profiling, and sales of personal information.

If you or your authorised agent wishes to exercise any of these rights, please contact 
privacy@fundapps.co. Please note that we may ask you or your agent to provide us with additional information to confirm your identity.

If you submit a request to exercise one of the above rights and you disagree with our decision regarding your request, you may have the right to appeal our decision under applicable law. To do so, please reply to our response.

Categories of Personal Information Collected

The personal information that we’ve collected in the past 12 months fall into the following categories specifically established under the CCPA:

  •  Identifiers such as a real name, postal work address, work email address and IP address.
  •  Information under Cal. Civ. Code §1798.80(e), such as your name, work address or telephone number.
  • Commercial information, such as information related to the Services you’ve purchased or are interested in.
  • Professional or employment related information such as title and organisation name.
  • Internet or other electronic network activity information, such information regarding your interaction with our Websites or Services.
  • Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
  • Inferences drawn on the information above, such as aggregated metrics and preferences.
  • Account log-in in combination with your credentials allowing access to your account.

For more information about the categories of personal information we collect, please see the “The types of personal data we collect about you” section above.

Categories of Personal Information Disclosed for a Business Purpose

The personal information that we’ve disclosed for a business purpose (including to the Internal and External Third Parties) in the past 12 months fall into the following categories specifically established under the CCPA:

  •  Identifiers such as a real name, postal work address, work email address and IP address.
  •  Information under Cal. Civ. Code §1798.80(e), such as your name, work address or telephone number.
  •  Commercial information, such as information related to the Services you’ve purchased or are interested in.
  •  Professional or employment related information such as title and organisation name.
  • Internet or other electronic network activity information, such information regarding your interaction with our Websites or Services.
  • Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
  • Inferences drawn on the information above, such as aggregated metrics and preferences.
  •  Account log-in in combination with your credentials allowing access to your account.

For more information about the categories of personal information we disclose to Internal and External Third Parties, including to our services providers, please see the “The types of personal data we collect about you” section above.

No Sale or Sharing of Personal Information

We do not sell or share (for the purpose of cross-context behavioural advertising) your personal information, as those terms are defined under the CCPA.

9. Supplemental information for other regions 
  •  Australia: Personal data that is collected, stored, used, and/or processed by us, as described 
    in this policy, is done so in accordance with the Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles. If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the 
    Australian Information Commissioner (OAIC) by contacting the OAIC using the methods listed on their website. Alternatively, you may request that we pass on the details of your complaint 
    to the OAIC directly.
  •  Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (PIPEDA) will be collected, stored, used, and/or processed by us in accordance our obligations under PIPEDA.
  • European Union: Personal data that is collected, stored, used, and/or processed by us, as described in this policy, is done so in accordance with our obligations under the General Data 
    Protection Regulation (EU) 2016/679 (GDPR).
  •  Japan: Personal data that is collected, stored, used, and/or processed by us, as described in this policy, is done so in accordance with Japan’s Act on the Protection of Personal Information 
    (APPI).
  • Nevada: We do not presently sell personal data as defined under Nevada law. If you are a Nevada resident, you may nevertheless email us using the information above to exercise your 
    right to opt-out of sale under Nevada Revised Statutes §603A et seq.
  • Singapore: Personal data that is collected, stored, used and/or processed by us, as described in this policy, is done so in accordance with our obligations under the Personal Data Protection Act 2012 (PDPA).
  •  United Kingdom: Personal data that is collected, stored, used, and/or processed by us, as described in this policy, is done so in accordance with our obligations under the UK Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic 
    Communications (Amendments, etc.) (EU Exit) Regulations 2019, as amended, superseded or replaced (UK GDPR).

Community privacy policy

Read it here

GCD terms and conditions

Read it here