Stake (“we”, “our”, “us”) is the trading name of:
Hellostake Limited (Company no. 11676409), authorised and regulated by the UK Financial Conduct Authority (Firm Reference Number: 830771). Our Information Commissioner’s Office (UK) registration number is ZA551937.
Personal data means any personal information that can be used to identify you either directly or indirectly. For example, this may include, your name, gender, age, an identification number, your financial information, location data, contact details, or one or more factors specific genetic, economic, or social identity.
What personal information do we collect?
We may collect personal data in a number of ways. For example, we may collect personal data:
- When you open an account with us through our website or mobile app;
- Through any communication with us by any means e.g. via telephone or email, or when you share information with us from other applications, services or websites;
- When you respond to surveys;
- When you give us access to your other financial accounts (for example, through Open Banking);
- When you interact with our website, services, content ad advertising or;
- When you use our services or enquire as to a potential business relationship.
The table below explains the type of personal information that we collect:
Type of Personal Data
Information you give us
Documentary Data: Information about you that is stored in different documents / forms, including but not limited to:
Any information obtained through surveys;
Any other personal information that may be required in order to facilitate your dealings;
Information collected from your use of our products and services and/or website and/or mobile application
Technical and location data:
Any additional information relating to you that you provide to us directly through our website or app or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information.
Information from others including publicly available information
What is the legal basis for collecting your information?
We must have a legal basis to collect and use your personal information.
Our legal basis may be one of the following:
|Meeting legal or regulatory obligations|
We may have a legal or regulatory responsibility to collect and store your personal information for a set period of time. For example, under anti-money laundering laws we must hold certain information about our customers.
|Reasonable and legitimate interests|
We may collect and use your personal information, or share it with our partners, because we or they have a legitimate reason to have it and this is reasonable when considering your right to privacy.
|Adhering to our contracts and agreements with you|
We need certain personal data to provide our services and cannot provide them without this personal data.
|With your consent|
Where you've agreed to us collecting your personal data, for examplewhen you tick a box to indicate you’re happy for us to use your personal data in a certain way.
Why do we collect, use and disclose your personal information?
We may collect, hold, use and disclose your personal information for the following purposes:
to enable you to access and use our website and services (as set out in our respective Terms & Conditions);
to operate, protect, improve and optimise our website and services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
Marketing purposes/Opt-out – Subject to any preferences you may have expressed, we may use your personal information to deliver marketing or promotional communications to you. Please be advised, that you are entitled to withdraw your consent and/or update your marketing preferences at any time by sending as an email at firstname.lastname@example.org. We note that even if you opt-out of receiving marketing communications, we may still send you important information related to your account with us and our services to you. This will be required for the purposes of our (or a third party’s) legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
to administer rewards, surveys, or other promotional activities or events sponsored or managed by us or our business partners;
to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our rights and agreements with third parties.
We may disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it, and us, to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive. More information in relation to this is set out in our Cookies Policy.
Do we use your personal information for direct marketing?
We may use your personal information for direct marketing purposes, such as sending you promotional emails, newsletters, or other marketing materials, provided that we have a lawful basis to do so. This may include obtaining your explicit consent, or using legitimate interests as a basis, where we have determined that such interests are not overridden by your fundamental rights and freedoms. You have the right to opt out of receiving marketing communications at any time by contacting us at email@example.com or by using the opt-out facilities provided (e.g. an unsubscribe link). We note that even if you opt-out of receiving marketing communications, we may still send you important information related to your account with us and our services to you.
To whom do we disclose your personal information?
- Our employees and related bodies corporate;
- Our existing or potential third party suppliers and service providers in connection with providing you products or services or improving the products and services provided to you. For example, this may include (without limitation):
Payment systems operators (e.g. merchants receiving card payments or funds transfer) or financial services partners and payments networks;
Foreign exchange providers, brokers and dealers, and partners who facilitate the deposit and custody of funds;
Suppliers who provide us with IT, payment and delivery services;
Electronic Identity Verification Providers to verify your identity during onboarding process;
Bank Account Verification providers;
Communication service providers to help us send you emails, push notifications and text messages.
Other existing or potential third party service providers (including providers for the operation or optimisation of our websites and/or our business or in connection with providing you, or improving our, products and services);
Our existing or potential agents, professional advisers, auditors, or business partners;
Our sponsors or promoters of any competition that we conduct via our services;
Anyone to whom our assets or businesses (or any part of them) are transferred;
Specific third parties authorised by you to receive information held by us;
Other financial institutions, regulatory bodies, government authorities, law enforcement authorities, competent courts or as required, authorised or permitted by law, tax authorities, companies and fraud prevention agencies to check your identity, protect against fraud, adhere to tax laws, anti-money laundering laws, or any other laws and confirm that you're eligible to use our products and services.
International Transfers – Transferring personal data to third parties outside the UK or the European Economic Area (the “EEA”):
The UK GDPR restricts transfers of personal data outside the UK or EEA, unless the rights of the individuals in respect of their personal data are protected and the relevant requirements of the GDPR are satisfied. In particular, transfers of personal data may be based on a decision issued by the European Commission which determines whether a country outside the European Union offers an adequate level of data protection (the “adequacy decision”). In the absence of an adequacy decision, we may transfer personal data to a third country or international organization, only where we have provided “appropriate safeguards” and that enforceable rights and legal remedies for individuals are available. These appropriate safeguards ensure that both we and the receiver of the personal data are legally required to protect individuals’ rights. For example, we will make sure that a contract with strict data protection clauses and/or safeguards are in place before transferring your personal data.
The data we collect from you may be transferred to and stored somewhere outside of your local jurisdiction if we have specific agreements and/or due diligence in place. In certain circumstances it may also be processed by staff outside of the United Kingdom and those who work for us or a select third party.
Transfers under an exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:
you have explicitly consented to the proposed transfer after having been informed of the possible risks;
the transfer is necessary for the performance of a contract between us or in your interests between us and another person or to take pre-contract measures at your request;
the transfer is necessary to establish, exercise or defend legal claims.
We may also transfer information for the purpose of our compelling legitimate interests, as long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
Security & Storage of Information
We may hold your personal information in either electronic or hard copy form. We store any electronic information on secure servers. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, we encrypt all data and have it stored in secured facilities. However, we cannot guarantee the security of your personal information. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
As your personal information is available inside the Stake app or website, we require you to set a strong password when creating an account and encourage users to set up multi-factor authentication. We request that you do not share your password with anyone and it remains confidential.
How long will you keep my personal data for?
We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Generally, we are required to retain personal data for a minimum of five years after the end of our business relationship. However, we may be required to retain personal data for a longer period of time if these are subject to other legal obligations, such as a potential or ongoing court claim or any other legal reason.
In some instances, we may use automated decision making, meaning that we may use technology that can evaluate information that you submit to us to predict risks or outcomes. This is sometimes known as profiling, which is employed to achieve the efficient functioning of our services and uphold the principles of fairness and consistency. As stated below, where we make an automated decision about you, you have the right to ask that it is manually reviewed by a person.
For example, we may make automated decisions during the account opening process or our business relationship. This could include KYC, anti-money laundering and sanctions checks, as well as identity and address checks. These processes use information about your identity, via a third party processor, to decide whether we can provide financial services to you in compliance with anti-money laundering and terrorist financing laws. Depending upon the results, customers may pass our checks or we may require human intervention for further investigation.
Under the UK GDPR, you have the rights listed below. Please note that certain exceptions and limitations may apply to these rights.
Right of access: You have the right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; and details about how and why it is being used.
Right to rectification/correction/update of personal information: If any of the information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, you are entitled to request any necessary amendments to be made.
Right of erasure: In certain circumstances, you can request from us to erase your personal data where there is no compelling reason to continue processing. We will be obliged to erase your personal data without undue delay where one of the following grounds applies:
- the personal data is no longer necessary for the purpose which we originally collected or processed it for;
- you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
- you exercise your right to object and there are no overriding legitimate grounds for the processing in accordance with the requirements of the UK GDPR the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation.
However, please note that this right only applies in certain circumstances and it is not absolute right. For i nstance, we may be required to retain your personal data where processing is necessary for exercising the right of freedom of expression and information and/or for compliance with our legal and/or regulatory obligations.
Right to restrict processing: In certain circumstances, you have the right to request that we suspend our processing of your personal data. This means that you can limit the way we use and/or otherwise process your personal data. However, this right is not absolute. In particular, we are required to restrict the processing where one of the following applies:
- you contest the accuracy of your personal data for a period enabling us to verify the accuracy of such data;
- the data has been unlawfully processed and you oppose erasure and request restriction of their use instead;
- we no longer need your personal data for the purposes of the processing, but you need us to keep them in order to establish, exercise or defend a legal claim; or
- you have objected to you processing their data under Article 21(1), and we are considering whether our legitimate grounds override yours.
Right to data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations.
Right to object: You have a right to ask us to stop using your personal information for direct-marketing purposes. You also have the right to object (in certain other situations) to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
If you would like to exercise any of these rights, you can email us at firstname.lastname@example.org. Information under such requests will be provided within one (1) calendar month of the request, unless the request is complex, in which case we may notify you that an extension of up to two (2) calendar months is necessary. Normally, no fee will be charged for the first request, but Hellostake is allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
If you wish to delete or deactivate your account, please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time.
Making a complaint
If you think we have breached the General Data Protection Regulation (GDPR) or the Data Protection Act 2018, or you wish to make a complaint about the way we have handled your personal information, you can contact us at email@example.com
Please include your name, email address and/or telephone number and clearly describe your complaint. For security reasons, we can’t deal with your request if we are not sure of your identity, so we may ask you for proof of your ID. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.
In accordance with GDPR, as a UK resident, you can lodge a complaint about our collection and use of your personal information to the Information Commissioner’s Office (ICO) or to the data protection authority in the country where you usually live or work, or where the alleged infringement has taken place. For more information, please contact the ICO by mail at, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, by phone on 0303 123 1113 or through their website.
Effective: 8 July 2021
Last updated: 2 May 2023