Hey all,

As we approach the critical date we’re dotting the Is and crossing the Ts on all of our policies and procedures. We want to make the policies that we share publicly, such as this Privacy Policy, as easy to understand and readable as possible.

It’s important to us that users understand what we do and why, and how it might impact them.

It’s written in plain English, short enough to read in one sitting and easy to navigate. That’s the theory, anyway - let us know if you have any thoughts!

This might also be a good thread to share examples of companies simplifying legal-ese and helping normalise readable agreements between companies and users. We know Monzo does this very well.

A quick note on what we want to achieve here - collecting views on clarity and readability, rather than the substance of the policy. Drop me a line if you have questions on the latter, though.

Here’s the next iteration of our Privacy Policy:

Privacy Policy (including Cookies)

Reading time: 4 minutes

TL;DR

The bite-sized summary of our policy is that we collect your personal information and statistics in various ways to help make our stockbroking services the best they can be and to keep you up to date with the latest goings on at Freetrade HQ.

We share this data with select third parties to help us achieve these aims only, and not for any other reason. For the detail, read on!

Who we are

Freetrade Limited (“Freetrade”, “we”, “our”, “us”) is authorised and regulated by the Financial Conduct Authority (Firm Reference Number: 783189). Your privacy and the security of your personal data is extremely important to us. This document is our Privacy Notice to you.

If you have any questions about this notice please email us or write to us at 86-90 Paul Street, London, EC2A 4NE. You can also ping us on live chat through the app!

Our Information Commissioner’s Office registration number is ZA179260.

What information we hold about you

• Information submitted through our mobile application or our website - for example, when you sign up for an account and provide details such as your name and address, or data we collect about how you use our products;
• Details of your transaction history, such as the shares you’ve bought and sold over time; and
• Information which is tied to your usage or settings on your phone or computer - for example, the mobile network you use, your IP address or operating system.

We are committed to making sure that the data we collect and retain about you is always adequate, relevant and not excessive.

Please let us know if your information changes so that we can ensure the data we hold is accurate. You can do this by emailing us or writing to us at 86-90 Paul Street, London, EC2A 4NE. You can also ping us on live chat through the app!

How we use your information

To offer the services you instruct us to carry out as outlined in the Terms & conditions, we use your information to:

• Help manage your account and resolve any problems;
• Track and analyse the performance of the services we provide you and other users with a view to improving them;
• Make regulatory or governmental reports based on your activity where necessary;
• Help prevent illegal activities;
• Market and communicate our products and services where we think these will be of interest to you. You can always unsubscribe from receiving these if you want to; and
• There may be times when you give us sensitive information such as any physical or mental health details. We’ll only use this information in strict accordance with the law with a view to giving you the best service possible.

Our basis for processing your information (the reason why we need it) is always lawful and as a result of:

• Our commitment to uphold contractual agreements between us;
• If we have your permission to do so;
• To comply with legal or regulatory obligations; or
• If we deem that doing so benefits you or us and does not infringe on your rights to privacy. This is known as a ‘legitimate interest’.

Who will we share it with?

We may disclose your personal information to:

• Anyone who works for us if they need it to do their job;
• Select third parties that support us in offering services to and communicating with you;
• Certain authorities to detect and prevent terrorism or other illicit activities; and
• Anyone who you give us explicit permission to share it with from time to time.

We may also do so if we must to comply with the law, or to enforce the Terms & conditions or other agreements between us, or to protect the rights, property, or safety of us, our users, or others.

Our internal systems consist of Slack, G Suite and Intercom, amongst others. Our community runs on Discourse.

Rights

You have the rights:

• To access the personal data we hold about you
• To obtain a copy of the data and request that we delete it.

If you want to action this, please email us or write to us at 86-90 Paul Street, London, EC2A 4NE. You can also ping us on live chat through the app!

Things we don’t do

• We don’t share identifiable personal data with third parties for their direct marketing; and
• We don’t keep your personal information for longer than we are compelled to by regulation. We’ll then delete it securely and safely.

Where your data is stored

The data we collect from you may be transferred to and stored somewhere outside the European Economic Area (“EEA”) if we have specific agreements and/or due diligence in place.

In certain circumstances it may also be processed by staff outside the EEA who work for us or a select third party.

Cookie Policy

Like almost everyone else on the internet, we use cookies and you should be conscious to accept this when using our mobile application or website.

As well as delicious snacks, cookies also refer to small text files used to store information on web browsers. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. We refer to all of these instances as cookies.

Note that cookies do not store any of your financial details.

Cookies help both us and select third parties to improve our website and mobile application and give users a better experience. We use them to:

• Keep track of how often users come to our website and see how they interact with it (Google Analytics);
• Let users chat to us and ask question (Intercom);
• Let users share content and posts they find interesting (social plugin tools like AddToAny);
• Manage the waitlist queue as effectively and efficiently as possible (KickoffLabs); and
• Perform analysis on how people interact with our job listings so we can hire the best talent (Workable).

If you wish to block cookies you can do this in your browser’s settings. Alternatively, just search ‘how to block cookies’. This may make using our site slightly less fun.

Changes to this policy

We continuously review our policies and procedures in order to improve. We’ll let you know about any important changes being made here.

A small comment from me, do you need to include ‘and’, ‘or’ at the end of bullet points?

I’m not a master of gramma but it looks odd to me.

Thanks!

Edit: my bad habits! - but certainly worth considering whether it works and makes sense for the majority of readers, which we now will

I thought the ANDs signal those points always apply, and ORs as one or more apply.

Without which you might think they all apply every time or they all apply some of the time?

A minor point, but bullet points should not have punctuation at the end, nor should they have ;and there, that’s very confusing. They are standalone points, not parts of a sentence split up. This makes the text far harder to read for me at least and seems superfluous - it’d be clearer without them and any points that read together with and should be combined or rewritten. This reads like you’ve taken a paragraph of legalese (where ; to separate points in a list is common), and turned it into bullet points, which is probably not how you want it to be perceived if it is a plain english summary of the terms.

Select third parties that support us in offering services to and communicating with you

As a customer I would appreciate more detail here (which third parties), and also more clarity on exactly what data is shared for which purpose. A simple list of the main partners would be good. I assume given your other statement under things we don’t do this is operational data not for marketing purposes, so might be good to restate that here?

While you mention legitimate interest as the basis for your retention of data it might be worth name-dropping GDPR here somewhere just to show you have considered it (saying we’re fully compliant or similar) and also mentioning that you have a point of contact for requests.

Looks good otherwise though.

I think you need the AND/OR which then forces you to have the ; but it could perhaps be rewritten so the sentence before the bullet points introduces the logical AND/OR.

And/or don’t belong in bullet points, particularly not in some but not others in the same list, the implication being only those connected with ; and are related. Looking again at the lists, they all share ; and at the end of the penultimate point, which is an odd coincidence - seems more like the legal list style of foo; bar; and baz translated directly to bullet points, which doesn’t work IMO.

If this is supposed to be a clear summary I’d remove them, they add nothing but confusion.

Don’t think the semi colons should be there. I think you would normally assume bullet points are logically AND unless the sentence before states “One of the following”

If you need an OR it should possibly be two clauses in the same bullet point?

The good news is this is the only “; or”, so if the sentence before those bullet points is reworded then it’s done until/if they need it again

is it an inclusive or or an exclusive or?

It’s possible, indeed likely, that some data is processed using multiple bases.

E.g. we need to store your trading history to know what stock you own and allow you sell out of a position (contractual) and also for the benefit of the FCA in the event that they inquire about it in the future (regulatory).

But every base does not apply to every piece of data, which is the logic behind ‘or’.

Is this free or does it come at a cost? £10 is something that’s often quoted to satisfy such requests, so it’d be transparent to maybe include any such costs if they exist.

Correct - the legislation allows firms to charge up to £10 for subject access requests. We do not

I didnt even notice but these ands and ors dont look professional and there is no point in puting them in your bullet points.
Just list your bullet points plain and simple without anything in the end.

Thanks all, we’re now live . This will be notified in the upcoming newsletter / group mail shot.

• Formatting of lists is now much clearer (thanks @Stephen, @saf, @kenny, @Dave and @Geo0rgi for the feedback). I’ll make sure to watch for this across all of the policies and other things I write!
• Some minor stylistic choices have been implemented as recommended privately by @saf, thanks for that.
• I’ve been able to share some information with @DaveTMG and @Diversify which wouldn’t have been prompted without this exercise, so I’m grateful for the opportunity to do that.

We reference the major processors (and incidentally, expect a blog post on our operational stack soon). They are mostly household names and just about always act as hosts of data on our behalf rather than ‘using’ it actively.

We took the view that referencing GDPR directly is jargon, despite it probably still being fresh in the mind of some. I’m happy that we’ve struck a balance. We also have plenty of calls to action to get in touch with us if required.

We’ll keep improving it over time - look forward to doing this again!