Privacy Policy
Effective Date 08/01/2024
1. Introduction
We are Round, a financial technology platform that is based in London and operates roundtreasury.com. We operate under the following company:
Round Financial Limited, a company registered in England and Wales with company number 14609702, Information Commissioners Office number 00014788205 and registered address 5th Floor 167- 169 Great Portland Street, London, England, W1W 5PF.
Round (FRN: 995009) is an appointed representative of Wealthkernel Limited, which is authorised and regulated by the Financial Conduct Authority (FRN: 723719).
Round (FRN: 1005355) is also a PSD Agent of Yapily Connect Ltd (FRN: 827001)
This Privacy Policy is an overview of how we collect, use, and process your personal data when you use our Website and our App.
This policy details the personal information we collect and use, how we look after it, andthe circumstances in which we may share it with someone else. It also sets outyour rights around how we handle your information and lets you know how to contact us if you have any concerns.
Please read this Policy carefully, as it becomes legally binding when you use our Services and access our Website. We take privacy and protection of your data very seriously and are committed to responsibly handling the personal information of those we engage with and in a way that meets the legal requirements of the countries in which we operate. By agreeing to use our Services, you agree that your personal data will be handled by Round Financial Limited. If you have any questions about how we protect or use your data, please email us at dpo@roundtreasury.com.
2. Definitions
Agreement - means Round Financial’s Terms of Service and its Schedules, as amended from time to time and made available in the App and the Website.
App - means our web application through which we will provide to you the Services.
Data controller - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data processor - means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Data processing - means activities which are performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
EEA - means the European Economic Area.
GDPR - means the Regulation (EU) 2016/679, referred to as “the General Data Protection Regulation”.
UK GDPR - mean regulation Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419).
Round, we, us, our - means Round Financial Limited.
Services - means the services that we provide to you under the Agreement.
KYC - means “know-your-client”, a regulatory obligation to identify and verify the clients who use our services
Personal data - means any information relating to an identified or identifiable physical person - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the identity of that natural person
Policy - This privacy policy, as amended from time to time and made available in the App and the Website
Website - Means the website of Round, currently: https://roundtreasury.com
3. What data we collect about you
When you sign up to use our Services, we need to process your personal data. On a high level, we use and process the following data:
Personal detailssuch as your full name, personal identification number (or an equivalent identifying code), date of birth, age;Contact informationsuch as your email address, residence address and supporting documentation thereof (for example utility bills), phone number;Background information to fulfil our regulatory requirementssuch as bank account information (and information in the bank statements), IP address, tax residency and tax identification numbers, citizenship, employment information, source of wealth, information provided in the identification documents (date of issue, expiry date, picture, country of issuance, etc.);Data on how you use the Servicesvarious statistics and information on your Service usage, for example how many times a month you use the Services and what features do you use and how;Data to facilitate the usage of Servicesfor example your login details, payment information (your bank account number to make the deposits and withdrawals), browser type and version, time zone settings, operating system of your device to access the Services.
To learn how specifically we process your personal data, please find a detailed overview of personal data processing in the Annex 1 below. Please be aware that we may collect the information provided in the Annex 1 but depending on specifics, we do not always collect all of those data points in respect to each individual data subject.
4. Why do we use your data
It is necessary for us to process your data in order to provide the Services to you and to fulfil our legal requirements. If you decline to share with us the data we request, we are unable to provide the Services to you. We use your personal data in order to:
- carry out our obligations relating to your Agreement (Terms of Service) with us and to provide you with the information, products and Services, as well as facilitate social features connected to our Services;
- comply with any applicable legal and/or regulatory requirements;
- notify you about changes to our Services;
- keep our Services safe and secure;
- administer our Services and for internal operations;
- improve our Services;
- measure or understand the effectiveness of advertising we serve
- deliver relevant advertising to you;
- analyse, identify and categorise customers who use or may be interested in the Services;
- combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
5. Legal basis for using your data
To use the information as provided in section 4, we rely on following data processing grounds:
- Consent ((UK) GDPR Article 6 (1)(a)). We can process your data based on your consent. We for example may send you marketing materials based on your consent;
- Performance of a contract ((UK) GDPR Article 6 (1)(b)). We may process your data to perform our obligations pursuant to the Agreement to provide the Services to you. This might for example be the case if you contact customer support with any questions you might have;
- Legal obligations ((UK) GDPR Article 6 (1)(c)). We may process your data if it is necessary to meet legal obligations we are subject to. This for example might be data processing we conduct during our anti-money laundering activities;
- Legitimate interest ((UK) GDPR Article 6 (1)(f)). We may process your data if we have a legitimate interest to do so. Such necessity might arise for example for business development, to ensure information security, during fraud investigations, if required so by our external cooperation partners or if necessary to protect our legal interest.
6. Sharing data
We aim to share as little personal data on your as possible to service providers, especially outside the UK and EEA region. Whenever possible, we anonymize the shared data so that you cannot be identified based on that data. In addition to that, we may transfer your personal data to countries outside the UK and EEA area if it is necessary for the purposes as provided in Annex 1 of this Policy. In such cases we shall ensure that adequate safeguards are in place to protect your rights. You may request a copy of such safeguards we have put in place by contacting us via email.
We may also share your personal data if we are legally required to do so, for example in cases of financial supervisory authority, financial intelligence unit, tax authority or other relevant authority requesting personal data from us.
More specifically, we may share your data to following parties:
- Public authorities – upon receiving a valid request from a public authority, we shall share personal data to comply with our legal obligations. Public authorities are deemed to function as independent controllers in such cases;
- Service providers – in order to provide you with the best Service, we are cooperating with various service providers to (this list is high-level and not conclusive):
- facilitate the participation in financial markets (for example trade execution and settlement partners);
- deliver to you the relevant data (such as market data, information concerning the financial instruments, etc.);
- support and maintain our IT infrastructure (for example servers);
- meet our regulatory obligations (KYC and sanction-related monitoring for example), etc. In such situations the service providers will function as data processors.
As referred in this section above, from time to time, we also may share aggregated data, such as statistical or demographic data with our service providers to better understand our customer behaviour, which allows us to improve our services and target our marketing efforts more knowingly. Before sharing such data we aggregate and anonymize it so that you nor any other customer will be identifiable within the dataset.
7. Where we store your data
Protection of personal data is very important to us. We use various technical and organisational measures to ensure that your data is safe with us.
Your personal data is stored either in our databases or in databases of our service providers. Servers storing such data are physically located in the UK. In some instances, we may share your data with service providers located outside the UK region, please see section 6 for more details.
8. How long we keep your data
We generally store your personal data as long as necessary for the purpose under which we collected the information. As a regulated financial institution, we are required by law to store some of your personal and financial data beyond the closure of your account with us. We will delete data that is no longer required by a relevant law or jurisdiction in which we operate. Our general data retention period is 5 years after ending the business relationship with you. This is a statutory data retention period which we have to follow to be compliant with our legal obligations. In some cases we may need to hold your personal data for longer to meet our legal obligations or if we have a legitimate interest (if longer data retention is for example required by our cooperation partners) to do so.
9. Your data protection rights
Under relevant data protection laws and this Policy, you have various rights related to your personal data as provided below:
- Right to access. You have the right to request access to the information we hold about you. Please be aware that this right can sometimes be limited by our regulatory obligations. We are unable to provide you access to personal data that would cause us to break the law, for example.
- Right to rectification. You have the right ask us to update any of the information about you that you think is inaccurate or incorrect.
- Right to erasure and restriction of processing. You have the right to ask us to delete, stop processing or limit our use of your information that we hold. To do this, please see Section 11 below. Please be aware that if we have a regulatory obligation to still retain this information, we might be unable to facilitate this request until the required retention period has elapsed.
- Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to request us to transmit this data to another data controller if the data was gathered by your consent, pursuant to the Agreement between us or via automated means.
- Right to withdraw your consent. Your consent is voluntary, and you have the opportunity to withdraw your consent at any time. Please be aware that in such cases we may not be able to provide Services to you. In addition to that, you always have the right to withdraw your consent from receiving marketing materials from us. We provide you with the option to unsubscribe from such communications in each email, via the unsubscribe link. We still shall send you relevant information regarding the Services and our Agreement.
10. Requesting deletion of data
You have the right to ask us to delete, stop processing or limit our use of your information that we hold. To do this, please email dpo@roundtreasury.com and detail the data you may have shared. We will respond within 30 days to your request. In some instances, we may be unable to erase data due to regulatory requirements that require us to retain records for a certain period of time. If this is the case, an explanation will be provided in the response to your request. The request may also result in restriction to Services we are able to provide to you.
11. Complaints
If you have any concerns about our use of your personal data, you can make a query or a complaint to us at help@roundtreasury.com and we will do our best to address the issue.
If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to:
- the Information Commissioner’s Office (ICO) in the UK. The ICO’s contact details: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, Helpline number: 0303 123 1113, ICO website: https://www.ico.org.uk.More information can be found at https://ico.org.uk/make-a-complaint/ You have a right to bring an action before a court.
12. Applicable law and jurisdiction
In respect to Round Financial Limited, this Policy will be governed by and construed in accordance with English law. Without prejudice to any rights you may have to refer a complaint to the authorities, the courts of England and Wales have exclusive jurisdiction to settle any dispute arising in connection with this Agreement and for such purposes we and you irrevocably submit to the jurisdiction of English courts.
13. Changes to this Policy
We continuously review our policies and procedures. We’ll post any changes we make to this policy on this page and let you know about any significant changes via email. You are advised to review this Privacy Policy periodically for any changes.
Annex 1
Personal data processing details:
Personal data | Purpose | Source | Legal basis |
---|---|---|---|
Personal data: first and last name, phone number, date of birth, personal identification number (or equivalent), age | To meet our regulatory obligations for the provision of Services | Directly from the data subject, some data points are verified using public databases, which depends on the residence of the data subject | Legal obligations ((UK)GDPR art 6 (1)(c) |
To identify the person who is party to the Agreement | Performance of a contract ((UK) GDPR art 6 (1)(b)) | ||
Contact information: email address, residence address, geographical location (IP address) supporting documentation (utility bills, bank statements, other equivalent documents) | To know how we can contact you | Performance of a contract ((UK) GDPR art 6 (1)(b)) | |
For regulatory purposes | Legal obligations ((UK) GDPR art 6 (1)(c) | ||
Background information: bank account information, IP address, tax residency and tax ID number, if applicable, citizenship, employment information, source of wealth, personal identification card data points (date of issue, expiry date, picture, country of issuance) | To understand to who we shall provide the Services | Legitimate interest ((UK) GDPR art 6 (1)(f) | |
To fulfil our regulatory obligations (related to KYC) as a provider of investment services | Legal obligations ((UK) GDPR art 6 (1)(c), | ||
Data on how you use the Services: information on how long and how often you use the Services, what features you use the most and how and what not, etc. In connection to this data we may also capture relevant demographic factors associated with you. | To improve the platform and our Services and how we market our Services | Directly from the data subject | Legitimate interest ((UK) GDPR art 6 (1)(f)) |
Marketing: email address, citizenship, etc. | To provide you with marketing materials such as new feature and product releases | Consent ((UK) GDPR art 6 (1)(a)) | |
Financial data: your payment information (cards, bank accounts, etc.), orders, deposits, investments, etc. | To provide the Services | Directly from the data subject, from service providers used by the data subject | Performance of a contract ((UK) GDPR art 6 (1)(b)) |
To provide the Services & to improve the platform | Legitimate interest ((UK) GDPR art 6 (1)(f)) | ||
Information around our Services: email address, first and last name, your in-platform onboarding state | To provide the Services as well as informational and educational content about App features, financial markets, remaining actions in the onboarding flow | Directly from the data subject | Legitimate interest ((UK) GDPR art 6 (1)(f)) |
Contact information of a company’s representative | To introduce the Services and provide information content about Round | Publicly available data | Legitimate interest ((UK) GDPR art 6 (1)(f)) |
Customer support: different kinds of communications (emails, other messages, phone calls, etc.), information provided in those communications | To provide the Services | Directly from the data subject | Performance of a contract ((UK) GDPR art 6 (1)(b)) |
Data related to information security measures (technical information on how our Website and App is accessed and used) | To provide the Services | Directly from the data subject, public databases | Legitimate interest ((UK) GDPR art 6 (1)(f)) |