Who we are
IPSX UK Limited operates a Recognised Investment Exchange (as defined in the Financial Services and Markets Act 2000) and a Recognised Stock Exchange for the purposes of Section 1005 of the Income Tax Act 2007.
We collect, use and are responsible for certain personal data about you. When we do so, we are regulated by the General Data Protection Regulation (“GDPR”) which applies across the European Union (“EU”) and the United Kingdom (“UK”) and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
Our contact details
We can be contacted by telephone, email and post as follows:
Telephone: 0203 931 8779
Post: Head of Compliance and Legal, IPSX, 1 Farnham Road, Guildford, Surrey GU2 4RG
The personal data we collect
Personal data is information that can be used to identify a living person. The types of personal data we collect and process will depend on the service you receive from us. However, the following provides an overview of the types of personal data we collect:
- email address and personal contact details;
- job title, employer and corporate contact details; and
- information about the services we provide to you.
Where you or your firm have/has requested a service from us, we may collect the following types of personal data:
- passport number, national insurance number and trader identifier (for trading staff at IPSX member firms who use IPSX’s trading platform in order to comply with regulatory reporting requirements);
- date of birth;
- account details such as username and login details (where required for access to certain IPSX systems);
- underlying client identifier (where required for regulatory purposes);
- professional registration number (where you are registered with a body such as the Financial Conduct Authority or the Royal Institute of Chartered Surveyors); and
- your career history, professional background and other employment-related information (where you have provided this in connection with a job application).
Through your use of our website, we may also collect data on an automated basis including your:
- IP address;
- browser type; and
- operating system.
Under very limited circumstances, we may collect certain types of sensitive personal data which are protected more strictly by law. These include:
- disability information (where you choose to share this with us in relation to accessing our premises or those where we are holding events); and
- religious affiliation (where you choose to do so in relation to, for example, your dietary requirements for an IPSX event).
We will only collect personal data that is necessary for us to provide you with the product or service that you have requested, such as your email address and subscription preferences when you sign up to our email alerts. Data will be subscribed to our email alert database but you can be removed or unsubscribed from IPSX emails directly by calling 020 3931 8800 or by emailing firstname.lastname@example.org with your request. Requests to unsubscribe may take up to 5 days to action.
Our Website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
When we collect personal data
Most of the personal information we collect is provided to us directly when:
- you have made an enquiry to us;
- you use our products or services;
- you wish to attend, or have attended, one of our events;
- you subscribe to any of our email alert services;
- your organisation has applied to become, or is, a member of IPSX;
- your organisation has applied to for its securities to be admitted to trading on one of the markets operated by IPSX;
- your organisation has entered into an agreement to provide services to IPSX; or
- you have applied for a job with us.
We may also collect personal information indirectly through your browsing activity whilst on our Website (please see the IPSX Cookies Policy for further information).
Why we need your personal data
We need your personal data in order to:
- provide you with specific services in accordance with a contract you are entering into our have entered into with us;
- onboard you and carry out background screening checks (where, for example, your organisation applies for membership of IPSX);
- compile and maintain files on directors and controllers of IPSX member firms in order to be able to carry out background screening checks on such individuals;
- carry out regulatory reporting as required by the rules of the Financial Conduct Authority and the requirements of financial services legislation such as the Markets in Financial Instruments Regulation;
- provide you with newsletters, emails and alerts where you have signed up for these via our Website;
- notify you of any changes to our Website or to our services that may affect you.
In limited circumstances, we may send you marketing communications in relation to carefully selected and relevant third-party partners, whose products and services may be of interest to you. You may opt out of certain kinds of marketing, or all forms of marketing, by calling 0203 931 8800 or by emailing email@example.com with your request. Alternatively, you can click on the "opt-out" link provided in all our marketing emails.
Basis for processing your personal data
Under the GDPR, we are required to have a lawful basis for processing your personal data. There are various different lawful bases on which we may rely, depending on what personal data we process and why. In the majority of cases, our processing of your personal data will be justified on the basis that:
- consent: where you have given clear consent for us to process your personal data for a specific purpose;
- contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
- legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations); or
- legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time and you can do so by contacting us on 0203 931 8800 or at firstname.lastname@example.org.
How we store your data
We have security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal information will only do so in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will retain your personal data for as long as required to fulfil the purposes for which it was collected. However, in some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax or accounting obligations.
In specific circumstances, we may also retain your personal data for longer periods of time where required for regulatory purposes.
Who we share your personal data with
We may share your personal data within the IPSX group of companies in order to provide you with our services. Access to your personal data is limited to those employees, agents and contractors of IPSX who need access to it in order to provide you with our services, to communicate with you, and to fulfill legal or regulatory obligations.
We may also employ third-party service providers to help us in certain areas, such as website hosting, physical security, marketing and market research. Where third-party service providers receive your personal data, we will take appropriate steps to ensure that such third parties treat your personal data in an appropriate manner.
We may from time to time be required to disclose your personal data to law enforcement bodies, regulators, agencies or third parties under a legal requirement or court order. We will act responsibly and take account of your interests when responding to any such requests.
Transfer of your personal data out of the UK and EEA
It is our policy to only enter into arrangements with service providers outside the EU and EEA where we are satisfied that adequate levels of protection are in place to protect any information held in the country in which they are located or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws, we will take appropriate measures to ensure that personal data handled in other countries will receive at least the same level of protection as it is given in the EU and EEA, for instance by entering into contracts incorporating the European Commission approved model contract clauses.
Privacy policies of other websites
Your data protection rights
Under the GDPR, you have a number of important rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we will respond to your request within one calendar month.
If you would like to exercise any of these rights, please contact Head of Compliance and Legal by any of the means identified in the section containing our contact details at the start of this policy.
How to complain
If you have any concerns about our use of your personal data, you may address these to our Head of Compliance and Legal by any of the means identified in the section containing our contact details at the start of this policy.
You can also complain to the Information Commissioner’s Office (“ICO”) if you are unhappy with how we have used your data.
The ICO’s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk