HUBX & GDPR

On 25th May 2018 the European Union’s General Data Protection Regulation will come into force. This will have a significant impact on businesses handling personal data within the EU or about EU residents. As personal data is key to the financial services industry, and more specifically us, the HUBX team have been working hard to ensure we are compliant and have the highest standards to keep your data safe.

We would like to explain HUBX’s roles and responsibilities regarding data when you become one of our clients as we take the requirements of the GDPR very seriously.

 

HUBX AS A DATA PROCESSOR

Any person you upload to HUBX as a Contact or Investor is deemed your data subject, and you are considered the data controller for this personal data.

 

Correspondingly, HUBX is regarded as the data processor in relation to performing processing activities on your behalf when you use HUBX web and mobile solutions. The relationship between data controller and data processor must be made in writing, according to Article 28 of the legislation, where electronic form is accepted under subsection 9. We define this relationship in our Privacy Policy which all our clients must agree to when you first access the platform. The policy sets out the data processing practices in relation to personal information and any data which is collected, stored and retained through the use of electronic communications by HUBX. By accepting these terms you are agreeing to the stated data processing contract.

 

Transferring Data

Any person you upload to HUBX as a Contact or Investor is deemed your data subject, and you are considered the data controller for this personal data.

Correspondingly, HUBX is regarded as the data processor in relation to performing processing activities on your behalf when you use HUBX web and mobile solutions.

The relationship between data controller and data processor must be made in writing, according to Article 28 of the legislation, where electronic form is accepted under subsection 9. We define this relationship in our Privacy Policy which all our clients must agree to when you first access the platform. The policy sets out the data processing practices in relation to personal information and any data which is collected, stored and retained through the use of electronic communications by HUBX. By accepting these terms you are agreeing to the stated data processing contract.

 

HUBX as Data Controller

In certain situations, HUBX also has a role as the data controller for the personal data we collect about users who are signed up to our platform directly. This involves complying with 3 key articles:

  1. That we process the data that is essential for us to fulfil our contract with you (GDPR Article 6(1)(b)).
  2. That we ensure we meet our accountability obligations with regard to holding financial data (GDPR Article 6(1)(c)).
  3. That the personal data we process is in our legitimate interests (GDPR Article 6(1)(f)), legitimate interests being:
    1. To improve our technology to offer a better service to our clients
    2. To ensure your data and HUBX’s servers and systems are both safe and secure
    3. To market our products in a responsible way

HUBX is dedicated to upholding our user’s rights under the GDPR.

 

How is HUBX Committed to GDPR?

In certain situations, HUBX also has a role as the data controller for the personal data we collect about users who are signed up to our platform directly. This involves complying with 3 key articles:

 

Internal processes & Security

As a regulated entity HUBX have implemented the relevant Chinese Walls and ringfences for our client data across all our solutions to ensure compliance. HUBX technology is built to meet with the auditing and mapping requirements of GDPR. In our role as data processor, we maintain limited access to client data with internal procedures and audit trails to guarantee this is the case.

 

Complying with access requests

Data ownership is the concept that underpins the GDPR legislation, and the ability to take control of it is crucial. We have built systems to ensure we are available and ready to deal with requests to delete, change or transfer client data. Our Client Coverage team along with our developers and engineers are on hand throughout office hours to help with such requests, and any other matters about your personal data.

 

Documentation

Our User Terms and Privacy Policy are the basis for our legal relationship with you once you have registered on the platform either through an advisor or directly.

 

Training

Accompanying our commitment to ensuring GDPR compliance across our technology and within our organisational systems, we have emphasised the importance of internal training within the company to support these processes. Our onboarding process incorporates sessions on data privacy and security. Additionally, each HUBX team receives ongoing training to support their work involving personal data. Furthermore, all our client facing team are CISI qualified and regulated as approved persons by the FCA.

 

For HUBX, GDPR is not simply a tick-box exercise. We believe it is a cornerstone by which companies can and must respect individual’s privacy and take full responsibility when handling personal data.

 

If you have any questions or comments on this topic, feel free to drop us an email at team@hubx.capital and we are on hand to respond to your queries.