Who is Goji?
Goji ("we", "us", "our") develops, implements and operates private markets technology and services. Goji is comprised of the following entities registered in England and Wales:
- Goji Administration Services Limited whose registration number is 10249853 (the data controller);
- Goji Holdings Limited whose registration number is 09429688;
- Goji Financial Services Limited whose registration number is 10234133; and
- Goji Nominee 2 Limited whose registration number is 12318485.
The registered office and main trading address for all the above entities is:
10-12 Alie Street,
Where Goji is a data processor, meaning that Goji is processing personal data on the written instructions of a data controller, that data controller is responsible for providing you with information on how your personal data is collected and processed.
As a data controller, Goji may process the personal data of:
- visitors to our website;
- prospective, current and past clients of Goji; and
- prospective, current and past employees of Goji.
We are committed to protecting and respecting your privacy and delivering good outcomes when doing so.
What is personal data?
Personal data, sometimes referred to as personal information, means information which identifies you, like your name or email address. Any information that falls outside of this is "non-personal data".
If we store your personal data with data that is non-personal, we will consider the combination as personal data. If we remove all personal data from a set of data, then the remaining is non-personal data.
What personal data does Goji collect?
Personal data collected from you or your authorised representative
You, or your authorised representative, may give us information about you by:
- creating accounts or filling in forms on our sites;
- corresponding with us by phone, e-mail or otherwise;
- registering to use and engaging with our sites;
- subscribing to our services;
- reporting a problem with our site(s); and
- completing surveys.
The categories of personal data you give us may include:
- biographic details such as your name, date of birth and nationality;
- contact details such as your email address, postal address and phone number;
- employment information;
- identification numbers such as national insurance number and Financial Conduct Authority (FCA) registration numbers;
- financial information;
- copies of documents needed to verify your identity or other information you have provided; and
- other personal information or descriptions that may be necessary for us to provide services to you. #### Personal data we collect about you
With regard to each of your visits to our sites we may collect the following categories of personal data:
Technical information about your device. This may include the Internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform; and
Information about your visit. This may include the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time), investments you viewed or searched for, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
If we send you emails, we may collect data from each email, including:
- whether the email was delivered successfully; and
- unsubscribes from our marketing emails.
Our emails may contain small images known as web beacons or open trackers which record data about the email being opened. These images do not collect any data about or from your device. This data is used primarily to track the open rates and measure the success of our email campaigns.
We may also track click throughs to our website(s) from unique URLs contained in our emails.
Telephone calls that you make to us may be recorded and those recordings may be used for training purposes or to meet our regulatory requirements. We may collect the phone number used to call us. Any personal data provided during the call will be used and held in accordance with provisions of this policy.
Personal data we receive from other sources
We work closely with third parties (including, for example, business partners and sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) and may receive information about you from them. This may include financial data needed to provide our services to you and criminal data for Goji to comply with our legal obligations.
Special Category Data
Special category data, sometimes referred to as sensitive personal information, is a type of personal data that requires additional protections due to it being highly sensitive in nature. You or your authorised representative may voluntarily disclose special category data to us for the purposes of ensuring you are treated fairly and not negatively impacted due to any vulnerabilities.
How does Goji use personal data and on what lawful basis?
The below table lists the ways we might use your personal data and our lawful bases for those uses under the General Data Protection Regulation (GDPR).
|Carrying out our obligations arising from any contracts entered into between you and us and to provide you with the information that you request from us as part of the contracting process||Contract (GDPR Article 6(1)(b))|
|Conducting due diligence on investors including know your customer ("KYC") and anti-money laundering ("AML") checks.||Legal obligations (GDPR Article 6(1)(c))|
|Engaging in sales, marketing and lead generation activities and assessing the effectiveness of those activities.||Legitimate interests (GDPR Article 6(1)(f)). Consent (GDPR Article 6(1)(a))|
|Notifying you of changes or disruptions to our services.||Contract (GDPR Article 6(1)(b))|
|Presenting the content from our sites the most effective manner for you and for your computer and improving our sites.||Legitimate interests (GDPR Article 6(1)(f))|
|Administering our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.||Legitimate interests (GDPR Article 6(1)(f))|
|Enabling you to participate in interactive features of our services when you choose to do so.||Contract (GDPR Article 6(1)(b)). Consent (GDPR Article 6(1)(a))|
|Keeping our sites safe and secure.||Legal obligations (GDPR Article 6(1)(c))|
We may combine personal data we receive from other sources with personal data you give to us and personal data we collect about you. We may use this personal data and the combined personal data for the purposes set out above (depending on the types of information we receive).
What cookies does Goji use?
Cookies are very small text files that are stored on your computer when you visit some websites.
We may use the following cookies:
- strictly necessary cookies, required for the operation of our website. These cookies will enable you to log into secure areas of our website and ensure your session is secure;
- functionality cookies, used to recognise you for the next time you visit our website. These allow us to personalise content and remember your preferences from your previous visits. Our website may also offer live chat services (if available);
- analytics and performance cookies, used to collection information about how you use our website. This will help us understand how our users navigate around our website and any errors that may be experienced. The information will be used to help us to improve our system for our users. We use Google Analytics for some of our website analytics;
- marketing cookies, used to access personal information about you from your web browser to help us understand who is visiting our website and interested in our products.
Who does Goji share personal data with?
We may share your personal data with any member of our group of companies, which includes our subsidiaries and our ultimate holding company, as defined in section 1159 of the UK Companies Act 2006.
We may share your personal data with selected third parties including business partners, suppliers and sub-contractors to further the legal purposes detailed in the table above (for example to deliver contracted services to you).
Goji will always take reasonable steps to ensure partners are legitimate and trustworthy and that any personal data shared with them is handled appropriately, including:
- conducting due diligence and ongoing monitoring on material partners; and
- ensuring a written contract is in place which requires the supplier to only process personal data as necessary to fulfil its contract with Goji and in accordance with Goji's instructions.
We may also disclose your personal information to third parties:
- if Goji or substantially all our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
Where does Goji process and store personal data?
Goji primarily stores personal data in the United Kingdom and the European Economic Area ("EEA"). Goji is based in the United Kingdom and will normally access and use your data from this location as appropriate. The data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
it is to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission; or
we have entered into standard contractual clauses approved by the European Commission or the UK, which gives personal data the same protection as it has in the EEA or the UK.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long does Goji keep personal data for?
Goji does not store personal data for longer than necessary. We will generally retain your records and personal data for five years from cessation of your client relationship with us as defined by our regulatory obligations under the relevant rules of the FCA Handbook.
What rights do I have?
Under the Data Protection Act 2018 and associated regulations and guidance, you have various rights regarding your personal data.
You have the right to request access to, deletion of or correction of your personal data stored by us. You can also request that your personal data stored by us is transferred to another person or service provider. You have the right to ask us not to process your personal data for marketing purposes.
You can exercise these rights at any time by contacting us at firstname.lastname@example.org.
How can I contact Goji?
If you have any questions or concerns about our use of your personal data, you can contact us at email@example.com or write to us at:
10-12 Alie Street,
How can I make a complaint about the use of my data?
If you would like to make a complaint about how Goji handles your personal data, please consider contacting us using the details above so we can investigate in the first instance.
You also have the right to lodge a complaint with the relevant data protection authority. You can contact the Information Commissioner's Office ("ICO") if you are unhappy with how we have used your data using the contact details below.
Information Commissioner's Office.
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk