1. Introduction

 Welcome to the Fern Trading privacy policy (“Privacy Policy”)
Fern Trading respects your privacy and is committed doing the right thing when it comes to protecting your personal data, including how we collect, use and protect your personal data. This Privacy Policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Specifically, and in relation to the (as defined below) this Privacy Policy aims to give you information on

  • the types of personal data that the Fern Trading will collect;
  • why the Fern Trading will collect and use your personal data;
  • when and why we will share personal data with the Octopus Group and with other organisations;
  • the rights and choices you have when it comes to your personal data; and
  • why and how it collects and processes your personal data through your use of its website, including any data you may provide through its website when you use any of the services by the Fern Trading.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements any other privacy notices or policies and is not intended to override them.

Please take the time to read this Privacy Policy. If you have any questions about this Privacy Policy or our use of your information you can contact us at [email protected] or on telephone number +44 800 316 2295.

This Privacy Policy may change from time to time and if it does, the up-to-date version will always be available on the website. Please note that by continuing to use the Fern Trading websites, you are agreeing to any updated versions of the Fern Trading Privacy Policy.

2. Third party links

The Fern Trading websites may include links to third-party advertisers, affiliates, websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, notices or policies. When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to these websites.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3. Fern Trading and the Data Controller

3.1. Fern Trading

The Fern Trading (“Fern Trading”) consists of the parent company, Fern Trading Limited (a private limited company with registered company number 06447318 and registered office address at 6th Floor, 33 Holborn, London EC1N 2HT).
This Privacy Policy applies to all of those subsidiaries and affiliated companies, irrespective of location or jurisdiction. In particular, the data controller (as referred to below) is a subsidiary or wholly owned by Fern Trading Limited. 

3.2. Data Controller

The data controller (as defined under European Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) for the Fern Trading is Octopus Capital Limited. Octopus Capital Limited is registered as a data controller with the UK Information Commissioner’s Office (“ICO”) and our registration number is Z3288555.

This Privacy Policy is issued on behalf of the Fern Trading and the entity which is responsible for processing your data on behalf of the Fern Trading, is Fern Trading Limited. Accordingly, “we”, “us” or “our” in this Privacy Policy, refers to Octopus Capital Limited. Where specifically not in relation to the obligations of the data controller under GDPR, “we”, “us” or “our” may also refer to any of the subsidiaries, affiliates or divisions of the Fern Trading.

You have the right to make a complaint at any time to the (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

4. Why we may collect data about you

 There are many reasons why we may legitimately collect and process your personal information and data, including:

1. Consent In specific situations, we can collect and process your data with your consent.
2. Contractual obligations We may process your information where it is necessary to either enter into a contract with you for the provision of our products or services or to perform our obligations under that contract or to provide you with advice or guidance in relation to our products or services that are offered by us.
3. Legal compliance If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator
4. Legitimate interest We may process your information in the day to day running of our business, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.

5. How we may obtain your data and information

 We may obtain information in several ways which may include:

  • Information which you give to us;
  • Information that we receive from third parties – including other companies in the Fern Trading, third parties who provide services to you or us (including via credit reference agencies, fraud prevention agencies or government agencies), and other banks (where permitted by law);
  • Information that we learn about you through our relationship with you and the way you operate your accounts and/or services, such as the payments made to and from your accounts;
  • Information that we gather from the technology which you use to access our services (for example an IP address or telephone number;
  • Information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.

6. What information we may collect and process

 We collect and process various categories of personal information and data at the start of, and for the duration of, your relationship with us. We will limit the collection and processing of data and information to that which is necessary to achieve one or more legitimate purposes as identified in this Privacy Policy.
The types of personal information and data may include (but is not limited to):

  • basic personal information, including name and address, date of birth and contact details;
  • financial information, including account and transactional information and history;
  • information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
  • information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
  • education and employment information;
  • goods and services provided;
  • visual images and personal appearance (such as copies of passports or CCTV images); and
  • online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example your banking profile and login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns.

Where permitted by law or to fulfil our regulatory requirements, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.

7. How we use your information

We may use your personal information and/or data to:

  • Administer, operate, facilitate and manage your relationship and/or account within the Fern Trading and the Octopus Group. This may include sharing such information internally as well as disclosing it to third parties.
  • Contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account;
  • Provide you with information relating to our products and services
  • Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.

If your relationship with us ends, we will continue to treat your personal information, to the extent we retain it, as described in this Privacy Policy.
We do not sell or share your personal information and/or data to third parties for third party direct marketing purposes.

We record telephone lines and other communications including mails, emails, or documentation of client orders. Copies of these recordings and/or other communications set out in this paragraph may be delivered to any court of or regulatory authority in a competent jurisdiction.

8. Disclosure of your information (including outside of the European Economic Area “EEA”)

 We may share your personal information within the Fern Trading and with the Octopus Group companies.

 When we share your information with third parties they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data with such third party. We will only share your personal data in compliance with the applicable data protection laws and regulatory requirements.

 We may disclose your information to third parties:

  • When you specifically request this, such as when you submit information to apply for funding from the Fern Community Funds through the Fern Community Funds websites.
  • When other products and services within the Fern Trading may interest you provided we have your consent;
  • including buyers or sellers or any of our business or assets in which case;
  • if we are under a duty to disclose or share your personal data to comply with any legal obligations or regulatory requirements or to protect the rights, property or safety of: (i) the Fern Trading websites, (ii) our customers, or (iii) This includes (but is not limited to) exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may transfer data from Fern Trading to the Octopus Group so that Fern Trading can comply with the terms of this Privacy Notice and for the marketing of goods and services within the Fern Trading.

 We may share the information provided in Fern Community Funds application forms to us with organisations we consult with when assessing applications, when monitoring grants and evaluating our programmes. Such organisations may include the local community funding panel, other grant providers, statutory bodies or governmental departments.

 Transfers may be made outside the EEA where we are satisfied that appropriate safeguards are in place over the transferring and processing of such information or data.

 We may share some broader statistics and customer profiling information with third parties and within the Fern Trading, but the information or data will be anonymised, so you will not be identifiable from that data. We will not rent or sell your data and/or information details to any other organisation or individual.

9. Storage of your personal data (including outside of the “EEA”)

 The data and information that we collect, and process may be transferred to, and stored at, a destination outside of the UK. We will only do so on the basis that anyone to whom we transfer it to, protects it in the same way that we would and such entity or person or other third party is subject to the appropriate safeguards.

In the event that we transfer information to countries outside of the EEA, we will only do so where:

  • the European Commission has decided that the country or the organisation, entity or individual to whom we are transferring to or sharing your data and/or information with, will protect your information adequately;
  • the transfer has been authorised by the relevant data protection authority; and/or
  • we have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information (on such terms as approved by the European Commission), to ensure your information is adequately protected. If you wish to obtain a copy of the relevant data protection clauses in such contracts, please contact us at [email protected]

10. Security

 We will take all steps reasonably necessary to ensure that your information and/or data is treated securely and in accordance with this Privacy Policy.

We follow strict security procedures as to how your information and/or data is stored and used, and who sees it, to help stop any unauthorised third parties getting hold of it. Once we have received your information and/or data, we will use strict procedures and security features to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your information and/or personal data, we cannot guarantee its security completely. Accordingly, in the case of a security breach we do not accept any liability for the direct or indirect loss, theft or misuse of the any information and/or data that you have provided to us and/or which you have registered on the Fern Trading websites.

11. Your rights

We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights and the circumstances in which they apply, in the table below

RightsDescription
Access – You have the right to get access to the information and/or data that we hold about you.If you would like a copy of the information and/or data that we hold about you please contact us at [email protected]or write to us at Data Protection, 33 Holborn, London, EC1N 2HT
Rectification – You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you.If you believe that any of the information and/or data that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and/or data and to rectify any inaccurate data and/or information that we hold about you.For any rectification requests please call us on +44 800 316 2295 or email us at [email protected]
Erasure – You have a right to request that we delete your information and/or data.You may request that we delete your information and/or data, if you believe that:
• we no longer need to process your information and/or data for the purposes for which it was provided;
• we have requested your permission to process your information and/or data and you wish to withdraw your consent; or
• we are not using your information and/or data in a lawful mannerFor any deletion requests please email us at [email protected]
Restriction – You have a right to request that we restrict the processing of your information and/or data.You may request that we delete your information and/or data if you believe that:
• we no longer need to process your information and/or data for the purposes for which it was provided;
• we have requested your permission to process your information and/or data and you wish to withdraw your consent; or
• we are not using your information and/or data in a lawful mannerFor any restriction requests please email us at [email protected]
Portability – You have a right to data and/or information portability.Where we have requested your permission to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible.If you would like to request the information you provided to us in a portable format, please contact us at [email protected] or write to us at Data Protection, 33 Holborn, London, EC1N 2HT
Marketing – You have a right to object to direct marketing.You have a right to object at any time to processing of your information and/or data for direct marketing purposes, including profiling you for the purposes of direct marketing.
If you would like to change your marketing preferences please contact us at [email protected] or write to us at Data Protection, 33 Holborn, London, EC1N 2HT or call us on+44 800 316 2295.
Lodge complaints – You have a right to lodge a complaint with the regulator.If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter via e-mail at [email protected] or write to us at Data Protection 33 Holborn, London, EC1N 2HT or call us on +44 800 316 2295.
We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk

12. How long we keep your information

 By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and formats.

We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.

Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements.We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.
If you would like more information about how long we keep your information, please contact us at [email protected]