Privacy Policy

1. Introduction

WealthGrowth Capital Limited (referred to as "we", "us", or "our") is the data controller responsible for your personal data. We are registered in England and Wales with our registered office at 42 Gresham Street, London, EC2V 7BN, United Kingdom. This Privacy Policy applies to all users of our website located at wealthgrowthcapital.com and all associated services, including our investment research platform, market analysis tools, portfolio tracking systems, and educational resources.

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you should not use our services. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will notify you by email or through a prominent notice on our website at least fourteen days before the changes take effect.

2. What Personal Data We Collect

We collect various types of personal data depending on how you interact with our services. The categories of personal data we may collect include:

• Identity Data: Full name, username, title, date of birth, and government-issued identification numbers when required for regulatory compliance
• Contact Data: Email address, postal address, telephone numbers, and other contact information you provide to us
• Financial Data: Payment card details, bank account information, transaction history, and investment preferences
• Account Data: Username, password (stored in encrypted format), subscription plan details, account settings, and preferences
• Profile Data: Investment experience level, risk tolerance, financial goals, areas of interest, and any information you choose to include in your user profile
• Technical Data: IP address, browser type and version, device type, operating system, time zone setting, browser plug-in types and versions, screen resolution, and other technology on the devices you use to access our services
• Usage Data: Information about how you use our website, products, and services, including pages visited, time spent on pages, links clicked, search queries, features used, and navigation paths
• Marketing and Communications Data: Your preferences in receiving marketing communications from us and third parties, your communication preferences, and records of your interactions with our customer support team
• Location Data: Approximate geographic location derived from your IP address or precise location data if you grant permission through your device settings

We do not intentionally collect special categories of personal data about you, such as details about your race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health data, genetic data, or biometric data. However, if you choose to provide such information in your communications with us, we will handle it with appropriate care and in accordance with applicable data protection laws.

3. How We Collect Your Personal Data

We collect personal data through various methods and from different sources:

• Direct Interactions: You provide personal data when you create an account, subscribe to our services, request marketing materials, contact our customer support team, participate in surveys or promotions, provide feedback, or communicate with us through any channel
• Automated Technologies: As you interact with our website, we automatically collect technical data about your equipment, browsing actions, and usage patterns using cookies, server logs, web beacons, and similar tracking technologies
• Third-Party Sources: We may receive personal data from analytics providers such as Google Analytics, advertising networks, payment processors such as Stripe or PayPal, fraud prevention services, and publicly available sources such as company registries or professional networking sites
• Cookies and Tracking Technologies: Our website uses essential cookies required for site functionality, analytics cookies to understand how visitors use our site, and marketing cookies to deliver relevant advertisements. You can manage your cookie preferences through our cookie consent banner or your browser settings

When you visit our website, our web servers automatically log technical information including your IP address, browser type, referring URLs, and pages accessed. This information helps us diagnose technical problems, administer our website, analyze trends, track user movements, and gather demographic information for aggregate use.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data only when we have a valid legal basis under GDPR Article 6. The legal bases we rely on are:

• Consent (Article 6(1)(a)): You have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications or using non-essential cookies. You have the right to withdraw consent at any time
• Contract Performance (Article 6(1)(b)): Processing is necessary to fulfill our contractual obligations to you, such as providing access to our investment research platform, processing your subscription payments, and delivering the services you have purchased
• Legal Obligation (Article 6(1)(c)): We must process your data to comply with legal obligations, including financial regulations, anti-money laundering laws, tax reporting requirements, and responding to lawful requests from regulatory authorities
• Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, such as fraud prevention, network security, improving our services, conducting market research, and direct marketing to existing customers, provided these interests do not override your fundamental rights and freedoms

When we rely on legitimate interests as the legal basis, we have conducted a legitimate interests assessment to ensure that our interests do not override your rights. You have the right to object to processing based on legitimate interests at any time by contacting us using the details provided in this policy.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• Service Delivery: To create and manage your account, process your subscription payments, provide access to our investment research and analysis tools, deliver personalized market insights, send service-related notifications, and provide customer support
• Service Improvement: To analyze how users interact with our platform, identify areas for improvement, develop new features and services, conduct research and analysis, test new technologies, and optimize user experience
• Marketing and Communications: To send you newsletters with market updates and investment insights, inform you about new features and services, deliver targeted advertisements based on your interests, conduct market research surveys, and send promotional offers (only if you have consented to receive marketing communications)
• Security and Fraud Prevention: To detect and prevent fraudulent transactions, protect against unauthorized access, monitor for suspicious activity, enforce our terms of service, and maintain the security and integrity of our systems
• Legal Compliance: To comply with applicable laws and regulations, respond to legal requests from government authorities, enforce our legal rights, resolve disputes, and fulfill our contractual obligations
• Analytics and Performance: To measure the effectiveness of our marketing campaigns, analyze user behavior patterns, understand demographic trends, generate statistical reports, and make data-driven business decisions

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so.

6. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, tax, accounting, and reporting requirements. Specific retention periods include:

• Account Data: Retained for the duration of your active subscription plus seven years after account closure to comply with financial regulations and potential legal claims
• Contact Form Submissions: Stored for two years from the date of submission unless you request earlier deletion
• Marketing Consent Records: Maintained for three years after you withdraw consent to demonstrate compliance with data protection regulations
• Financial Transaction Records: Kept for seven years from the transaction date as required by UK tax law and financial services regulations
• Website Analytics Data: Aggregated and anonymized analytics data is retained indefinitely; individual user data is retained for twenty-six months
• Essential Cookies: Session cookies expire when you close your browser; persistent essential cookies last up to twelve months
• Analytics Cookies: Stored for thirteen months from your last visit to our website
• Marketing Cookies: Retained for thirteen months or until you withdraw consent, whichever comes first
• Customer Support Communications: Email correspondence and support tickets are kept for three years to maintain service quality and resolve disputes

When determining retention periods, we consider the nature and sensitivity of the personal data, the purposes for which we process it, applicable legal requirements, and the potential risk of harm from unauthorized use or disclosure. Once the retention period expires, we securely delete or anonymize your personal data so that it can no longer identify you.

7. Data Sharing and Third-Party Recipients

We do not sell your personal data to third parties. However, we may share your data with the following categories of recipients for the purposes described in this policy:

• Service Providers: Cloud hosting providers who store our data on secure servers, email delivery services that send our newsletters and notifications, payment processors who handle credit card transactions and billing, customer relationship management platforms, and IT security providers
• Analytics Providers: Google Analytics for website traffic analysis and user behavior insights, which may transfer data to the United States under appropriate safeguards
• Marketing Partners: Advertising networks and social media platforms to deliver targeted advertisements, only if you have consented to marketing cookies
• Professional Advisors: Lawyers, accountants, auditors, and other professional advisors who provide legal, tax, audit, and consulting services to our business
• Regulatory Authorities: Financial services regulators, tax authorities, law enforcement agencies, and courts when required by law or to protect our legal rights
• Business Transferees: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the new owner subject to the same privacy protections

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with applicable laws. We only permit them to process your data for specified purposes and in accordance with our written instructions. We conduct due diligence on all service providers to ensure they implement appropriate technical and organizational security measures.

8. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). However, some of our service providers are located outside the EEA, which may involve transferring your data to countries that do not provide the same level of data protection as EEA countries. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place to protect your data.

These safeguards include:

• Standard Contractual Clauses (SCCs): We use European Commission approved Standard Contractual Clauses with service providers in countries without adequacy decisions, which contractually obligate them to protect your data to EEA standards
• Adequacy Decisions: We transfer data to countries that have been deemed by the European Commission to provide adequate data protection, such as Switzerland, Japan, and certain other jurisdictions
• Certification Schemes: Some of our service providers participate in recognized certification mechanisms that demonstrate their commitment to data protection principles
• Supplementary Measures: Where necessary, we implement additional technical, organizational, and contractual measures to ensure data protection equivalent to EEA standards, including encryption, pseudonymization, and access controls

You have the right to obtain details of the safeguards we have in place for international data transfers by contacting us using the details provided in this policy. We will provide you with copies of the relevant safeguard documents upon request.

9. Your Rights Under GDPR (Articles 15-22)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, together with information about how we process it. We will provide this information free of charge, unless your request is manifestly unfounded or excessive
• Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data and to have incomplete data completed. We will make corrections within one month of your request
• Right to Erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing based on legitimate interests
• Right to Restriction of Processing (Article 18): You have the right to request that we temporarily stop processing your personal data in certain situations, such as when you contest the accuracy of the data or object to processing
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from us
• Right to Object (Article 21): You have the right to object at any time to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests
• Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
• Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you

To exercise any of these rights, please contact us using the contact information provided at the end of this policy. We will respond to your request within one month, although this period may be extended by two further months for complex requests. We may request specific information from you to help us confirm your identity and ensure your right to access the data.

Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, telephone 0303 123 1113, or visit www.ico.org.uk. However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users, remember your preferences, analyze how you use our services, and deliver relevant advertisements. Cookies are small text files stored on your device that contain information about your browsing session. We use the following types of cookies:

• Essential Cookies: These cookies are strictly necessary for the operation of our website and cannot be switched off. They enable core functionality such as security, network management, user authentication, and access to secure areas. Without these cookies, services you have requested cannot be provided. Essential cookies do not require your consent
• Analytics Cookies: These cookies collect information about how visitors use our website, including which pages are visited most often, how long users spend on each page, and what error messages they receive. All information collected is aggregated and anonymous. We use this data to improve how our website works and to understand user behavior patterns. Analytics cookies require your consent before being placed on your device
• Marketing Cookies: These cookies track your browsing activity across different websites and are used to display advertisements relevant to your interests. They may be set by our advertising partners and can build a profile of your interests to show you relevant ads on other websites. Marketing cookies require your explicit consent
• Preference Cookies: These cookies remember your settings and preferences, such as language selection, region, or text size. They enhance your user experience by personalizing your interaction with our website

You can manage your cookie preferences through the cookie consent banner that appears when you first visit our website, or by adjusting your browser settings. Most web browsers allow you to control cookies through their settings preferences. However, if you block or delete cookies, some features of our website may not function properly. You can find information about managing cookies in popular browsers at their respective support pages.

We also use web beacons, pixel tags, and similar technologies in our emails to track whether messages have been opened and which links have been clicked. This helps us measure the effectiveness of our communications and improve our content.

11. Children's Privacy

Our services are not directed at children under the age of sixteen years. We do not knowingly collect personal data from children under sixteen. Our website and services are designed for adult users interested in investment strategies, financial markets, and wealth management. If you are under sixteen years old, you must not use our services or provide any personal information to us.

If we become aware that we have collected personal data from a child under sixteen without verification of parental consent, we will take immediate steps to delete that information from our systems. Parents or legal guardians who believe that we might have collected information from a child under sixteen should contact us immediately using the contact details provided in this policy, and we will investigate and take appropriate action.

Our subscription services require users to confirm they are at least eighteen years old when creating an account, as investment services are legally available only to adults in most jurisdictions.

12. Data Security Measures

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using TLS/SSL protocols and encryption of sensitive data at rest using industry-standard encryption algorithms
• Secure server infrastructure hosted in certified data centers with physical security controls, redundant power supplies, and environmental controls
• Regular security assessments, vulnerability scanning, and penetration testing conducted by independent security professionals
• Access controls ensuring that only authorized personnel can access personal data on a need-to-know basis, with unique user credentials and multi-factor authentication
• Employee training on data protection principles, security best practices, and their responsibilities under GDPR and other applicable laws
• Incident response procedures to detect, investigate, and respond to data security incidents, including notification to affected individuals and authorities as required by law
• Regular backups of data with secure off-site storage to ensure business continuity and disaster recovery capabilities
• Firewalls, intrusion detection systems, and malware protection to defend against external threats and unauthorized access attempts

Despite our security measures, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, business operations, or technological developments. When we make changes to this policy, we will update the "Last Updated" date at the top of this page. If we make material changes that significantly affect your rights or how we process your personal data, we will provide prominent notice on our website and send you an email notification at least fourteen days before the changes take effect.

Material changes include modifications to the purposes for which we collect data, new categories of personal data collected, changes to data retention periods, new third-party recipients of data, transfers of data to new countries, or changes that reduce your rights or protections. For non-material changes, such as clarifications or minor administrative updates, we will simply update this policy without advance notice.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our services after changes to this policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you should discontinue using our services and contact us to close your account.

14. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us using the following information:

We aim to respond to all privacy-related inquiries within five business days. For formal data subject access requests or other rights requests under GDPR, we will respond within one month as required by law, with possible extensions for complex requests.

When contacting us about your personal data, please provide sufficient information to allow us to verify your identity and locate your data in our systems. This helps us prevent unauthorized disclosure of personal information and ensures we respond to legitimate requests efficiently.