Privacy and Cookies Policy
Effective Date: February 2021
Last Reviewed: January 2022
Privacy Notice
At BestX we are committed to handling your personal information or personal data (“Personal Data”) responsibly and transparently. This Privacy Notice (“Notice”) is intended to comply with the relevant transparency requirements under the applicable privacy or data protection laws. This Notice explains how BestX, a State Street subsidiary, and State Street Corporation (together “we”, “our”, “us”) collect, use, share or otherwise process your Personal Data in connection with your relationship with us. The Notice applies to any Personal Data we may collect from you through our websites or applications, accessed using your device (e.g., mobile, computer) or various other offline means, such as when you attend our events, or when you otherwise interact with us as described below.
We may amend this Notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please check these pages regularly for the latest version of this Notice.
This Notice contains the following sections:
What Personal Data we may collect
How we collect your Personal Data
Sensitive Personal Data and criminal records
How we use your Personal Data
Marketing communications and your choices
Cookies and online tracking
How we share or disclose your Personal Data
Categories of third parties to whom we may disclose your Personal Data
No Sale of Data
How we transfer and store your Personal Data
How we protect your Personal Data
How long we retain your Personal Data
Your rights and choices
How to exercise your rights or contact us
What Personal Data we may collect
Subject to the laws or regulations applicable to the relevant jurisdiction, we may collect the following categories of Personal Data about you or your device:
Effective Date: February 2021
Last Reviewed: January 2022
Privacy Notice
At BestX we are committed to handling your personal information or personal data (“Personal Data”) responsibly and transparently. This Privacy Notice (“Notice”) is intended to comply with the relevant transparency requirements under the applicable privacy or data protection laws. This Notice explains how BestX, a State Street subsidiary, and State Street Corporation (together “we”, “our”, “us”) collect, use, share or otherwise process your Personal Data in connection with your relationship with us. The Notice applies to any Personal Data we may collect from you through our websites or applications, accessed using your device (e.g., mobile, computer) or various other offline means, such as when you attend our events, or when you otherwise interact with us as described below.
We may amend this Notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please check these pages regularly for the latest version of this Notice.
This Notice contains the following sections:
What Personal Data we may collect
How we collect your Personal Data
Sensitive Personal Data and criminal records
How we use your Personal Data
Marketing communications and your choices
Cookies and online tracking
How we share or disclose your Personal Data
Categories of third parties to whom we may disclose your Personal Data
No Sale of Data
How we transfer and store your Personal Data
How we protect your Personal Data
How long we retain your Personal Data
Your rights and choices
How to exercise your rights or contact us
What Personal Data we may collect
Subject to the laws or regulations applicable to the relevant jurisdiction, we may collect the following categories of Personal Data about you or your device:
|
Category |
Examples |
|
A. Business contact information |
first name, middle name, last name, alias username or similar identifier, title, internet protocol, signature, or other similar identifiers. Some information included in this category may overlap with other categories. |
|
B. Other Identity Information |
date of birth, marital status, gender, state or national identification number (such as a driver license or social security number), passport number, internet protocol, signature, physical characteristics or description or other similar identifiers, as part of AML/KYC and other corporate compliance functions, and employment screening only. Some information included in this category may overlap with other categories. |
|
C. Demographic information |
Age, race, color, national origin, citizenship, marital status, sex (including gender), as part of AML/KYC and other corporate compliance functions, and employment screening only. |
|
D. Contact information |
Billing address, delivery address, email address or telephone numbers. |
|
E. Contractual information |
Information collected as part of the products and services we provide to you. |
|
F. Commercial information |
Records of products or services purchased, obtained, or considered, or other commercial interests. |
|
G. Financial information |
Bank account and payment card details for financial corporate functions, billing and payments and otherwise as part of employment screening only. |
|
H. Internet or another similar network activity |
Browsing history, search history, information on a consumer's interaction with a website, application, advertisement, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites or applications. |
|
I. Sensory data |
Audio, visual, or similar information. |
|
J. Professional or employment-related information |
Education, current employment, employment history as part of AML/KYC and other corporate compliance functions, and employment screening only. |
|
K. Inferences drawn from other personal information |
Profile reflecting a person's household, individuals associated with your account(s), information regarding your relationship with these individuals, or information about your business relations with us as part of AML/KYC and other corporate compliance functions, and employment screening only . |
How we collect your Personal Data
We collect your Personal Data in a variety of ways and from various sources. For example, we may collect your Personal Data:
Through direct interactions with you, for example, when you fill out a form, send us mail or email, when you call us or in person.
Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
Indirectly from our clients or their agents. For example, through information we collect from our clients while providing services to them.
Directly and indirectly from activity on our websites or our mobile applications. For example, from submissions through our website or website usage details collected automatically.
From affiliates and third party service providers (such as our marketing partners including LinkedIn and Twitter) acting on our behalf in connection with the services we perform.
From publicly available sources, including social media, to the extent that you manifestly choose to make your profile publicly visible.
From automated technologies or interactions that collect technical data about your equipment, browsing actions and patterns. This information is collected by using cookies, server logs or other similar technologies.
Sensitive Personal Data and criminal records
The Personal Data that we collect from you may include sensitive Personal Data. We recognize that certain jurisdictions have enacted laws that require higher protection of certain sensitive Personal Data. Sensitive Personal Data includes categories of information identified by the applicable privacy laws as requiring special treatment or protection. This information may include, but is not limited to, racial or ethnic origin; political opinions; religious, philosophical, or other similar beliefs; membership of a trade union or profession or trade association; physical or mental health; or sexual orientation.
We do not collect, use, share or otherwise process sensitive Personal Data or criminal records unless permitted to do so by law. For example, we may collect, use, share or otherwise process your sensitive Personal Data or criminal records to perform Know Your Customer (KYC) checks to comply with applicable Anti-Money Laundering (AML) laws and employee screening.
How we use your Personal Data
We use Personal Data for the following purposes:
To fulfill our contractual obligations. For example, if you provide us with Personal Data to open, manage and administer your account, we will use that Personal Data for such purpose.
To comply with a legal obligation that we have, for example where we are required to report to tax authorities, to perform KYC checks to comply with applicable AML laws or to prevent and detect financial crime.
You have provided your consent, for example for a compatible reason as is described to you at the time of collection.
For a purpose that is compatible with the original purpose as is described to you at the time of collection.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
For our legitimate interest, as a commercial organization, provided our use is proportionate and respects your privacy rights. Such legitimate interests may, for example, include:
To provide you with information on products or services that you request from us.
To provide you with, email alerts, event registrations, social media activity, and other notices concerning our products or services, or events or news that may be of interest to you, including through targeted messages and advertisements on or through our websites and apps and through third-party websites and apps. For more information, see the “marketing communications and your choices” section below.
To enforce our rights arising from any contracts entered between you or the entity you represent and us, including for billing and collections.
To improve our website and present its contents to you in a tailored and personalized manner.
For market analysis and product development.
Authenticate you as an authorized user and to facilitate communications between us.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information held by us is among the assets transferred.
Monitor and record calls and electronic communications for (a) processing and verification of instructions, (b) investigation and fraud prevention purposes, (c) for crime detection, prevention, investigation and prosecution, (d) to enforce or defend our company, partners or affiliates', directly or through third parties to whom they delegate such responsibilities or rights, (e) to comply with any applicable legal obligation, (f) for quality, business analysis, training and related purposes
To operate our business in a prudent manner in accordance with industry standards and applicable laws, which may include, monitoring and recording calls and electronic communications, responding to inquiries and requests, preventing fraud, research, to obtain advice from our advisors, as well as governance and management purposes.
If you do not provide us with your Personal Data when requested, it may prevent us from being able to carry out the tasks listed above.
Marketing communications and your choices
We may use certain Personal Data to market to you. Specifically, we may collect, use, or otherwise process your Business Contact Information and other information regarding your contracted services and indicated preferences and share it with our affiliates and service providers to provide you with thought leadership materials, industry information, invitations to events and webinars, and other communications or solicitations that we believe will be of interest to you. We target and tailor such communications based on your interaction with us, via mail, email, online, telephone, or in-person. If you do not wish to receive this information from us, please manage your preferences by clicking on the unsubscribe link in any of our emails or letting your relationship manager know.
Cookies and online tracking
We use cookies on our websites or applications. Cookies are small files stored on a computer that are designed to hold small amounts of data specific to a user and the websites or applications to help tailor that user’s experience and to authenticate users of our products and services. If you choose not to accept certain cookies you may not be able to use some parts of our products and services. For more information see our Cookies Disclosure.
How we share or disclose your Personal Data
We may disclose the categories of your Personal Data described above to our affiliates, service providers, and other third parties for the business purposes set out in this Notice. When we do so, we will make sure that your Personal Data is used in a manner consistent with this notice, or enter into a contract that describes the business purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract.
We may also use or disclose your Personal Data:
To regulators, government agencies, exchanges, self-regulatory organizations or law enforcement authorities.
If we are required to do so by law or if we reasonably believe that such disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity,
When disclosure is necessary to protect our rights or to comply with a judicial or regulatory requirement or to pursue our legitimate interest or the vital interests of a person.
Categories of third parties to whom we may disclose your Personal Data
We may disclose your Personal Data to the following categories of third parties:
Our affiliates, to the extent they employ or engage BestX personnel for the performance of the contracted services, the marketing of related services we believe will be of interest to you, or otherwise perform aligned corporate business functions, such as legal, compliance, KYC/AML, HR, business continuity, accounts and audit.
Service providers with whom we have contracted to perform services on our behalf
Third parties, to whom you, your agents or the company you represent authorize us to disclose your Personal Data in connection with products or services we provide to you
Regulators or other government agencies
Exchanges or other self-regulatory organizations
Law enforcement authorities
With a successor entity in the event of a merger, acquisition or similar transaction.
No Sale of Personal Data
We do not sell any of your Personal Data including Personal Data of minors under the age of 16 or as defined by applicable laws or regulations.
How we transfer and store your Personal Data
We operate globally and we may, in accordance with this Privacy Notice, share some of your Personal Data, with organizations (including our affiliates and our service providers) who are outside of the jurisdiction in which the Personal Data was collected. Because we are headquartered in the United States, Personal Data collected in other countries is routinely transferred to the United States for processing. That is, Personal Data collected in one jurisdiction may be transferred, stored, and processed outside the country of origin. For these transfers, we have the relevant legal safeguards in place, including (for example) by way of contractual arrangements based on sets of standard contractual clauses that have been pre-approved by the European Commission (or otherwise consistent with the requirements of the relevant jurisdiction) to ensure adequate protection, or in certain circumstances we may rely on one of the exceptions to the rules that allows us to perform these transfers. This reflects our commitment to protecting your personal data regardless of where your personal data resides. Personal Data stored or processed in a foreign jurisdiction may be accessed under a lawful order made in that jurisdiction.
How we protect your Personal Data
We are committed to protecting the security of your Personal Data. We use reasonable technical and organization measures, in compliance with applicable law, to protect your Personal Data from unauthorized access, unlawful processing and against accidental loss, destruction or damage.
How long we retain your Personal Data
We will retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected, such as providing our services, or as required by applicable laws or regulations. This period may extend beyond the termination of our relationship with you.
Your rights and choices
Depending on the jurisdiction, and subject to certain exceptions, you may have specific rights regarding your Personal Data. This section describes such rights and how you may exercise them.
Access to Specific Information
You may have the right to request that we disclose certain information to you how we use your Personal Data. Once we receive and verify your request, we will disclose to you (depending on your request or unless an exception applies):
The categories of Personal Data we have collected about you.
The categories of sources from where the Personal Data was collected.
Our purpose for collecting or sharing your Personal Data.
The categories of third parties with whom we share your Personal Data.
The specific pieces of Personal Data we have collected about you.
Where specifically required, we will provide specific pieces of Personal Data we have collected about you in a structure, commonly used or in machine-readable format, and to have it transmitted directly to another person or entity (data portability).
Request Deletion or erasure of your Personal Data in certain circumstances.
Request that your Personal Data be rectified where it is inaccurate or incomplete
Request restriction or object to the processing of your Personal Data for certain circumstances (for example for marketing purposes)
Lodge a complaint with your local data protection authority
Withdraw your consent
If we are relying on your consent to use or share your Personal Data, you have the right to fully or partially withdraw your consent, subject to certain exceptions defined in applicable laws and regulations. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
How to exercise your rights or contact us
The primary point of contact for all issues arising from this Notice is our Chief Privacy Officer or Data Protection Officer. If you wish to exercise your rights, or have questions or comments about this Notice or about how your Personal Data is processed, please contact our Chief Privacy Officer or Data Protection Officer by email or via our website at:
o Email: notices@bestx.co.uk
o Website: https://www.bestx.co.uk/contact-us
Cookies and Online Tracking Disclosure
At BestX (“we”, “our”, “us”) we are committed to handling cookies and online tracking methods responsibly and transparently. This Cookies and Online Tracking Disclosure (“Cookies Disclosure”) contains the following sections:
What are cookies?
What categories of cookies do we use?
Strictly Necessary Cookies
Performance Cookies
Functionality Cookies
Security Cookies
How we share the information we collect using cookies
Third party websites and cookies
How do I refuse or withdraw consent to the use of cookies?
What are the most frequently used or a representative sample of the cookies on our Websites?
Cookie lifespan
What are cookies?
Cookies are small text files downloaded to your computer or device by websites you visit. Cookies are widely used to allow websites to function properly, as well as to provide business and marketing information to the operators of the site.
What categories of cookies do we use?
We use the following four categories of cookies on our Websites https://www.bestx.co.uk/ , https://tca.bestx.co.uk/tca/ and https://uat-tca.bestx.co.uk/tca/ (Websites).
Strictly Necessary Cookies
These cookies are essential to enable you to navigate our Website and use its features, such as accessing secure areas. Without these cookies, we cannot provide the services you have requested.
Performance Cookies
These cookies are used to gather statistics on how visitors use our Websites. This allows us to gain insight so that we may make improvements to its usability.
We categorize the following as performance cookies:
Session management cookies: these cookies allow us to follow the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close their browser window. Our session management cookies are created temporarily. Once you close your browser, our session management cookies are deleted.
Functionality Cookies
These cookies are used to enhance your experience when you visit our Websites such as by capturing your preferences so that they are remembered for subsequent visits to improve your experience.
These cookies allow a site to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For instance, a site may be able to provide you with local information by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, font, and other parts of web pages that you can customize. They may also be used to provide services you have requested such as watching a video or commenting on a blog. In most cases we will not be able to track individuals by name. However, cookies may associate registered users with their names.
These cookies cannot track your browsing activity on other websites. They do not gather any information about you that could be used for online advertising on other websites or remember where you have been on the internet outside our Websites.
We categorize the following as functionality cookies:
Registered visitor cookie - a unique identifier given to each registered user to our Website, or each user who voluntarily provides Personal Data on our Websites to request information from us, used to serve them content and offers based on their profiles. Also used for analysis and marketing purposes (see also Strictly necessary cookies above).
Security Cookies
These identify authenticated users sessions and browser requests for retrieving or submitting data to our servers.
These cookies are set only after a user successfully logs in to the web application, and will expire when a user logs out of the application or closes the browser tab.
These cookies are strictly necessary and are required to ensure the integrity of user requests and that these requests originate from authenticated users with appropriate permissions.
Third party websites and cookies
Our Websites may contain links to third party sites. Please review the cookie and privacy policies of these third-party sites to understand how they may use cookies and your information. We are not responsible for the contents, operations or security of other websites.
Third-parties may also place cookies on their own. We do not have control over the placement of cookies by another website, even if you are directed to them from our Websites. These companies use the data they process in accordance with their privacy policies, which may enable these companies to collect and combine information about your activities across website, apps, or online services. Please review the cookie and privacy policies of these sites to understand how they may use Cookies and your information.
How do I refuse or withdraw consent to the use of cookies?
While we may automatically use some cookies that are strictly necessary to provide the services you request or enable communications, we request your consent for all other cookies used. If you want to remove existing non-essential cookies from your device, you may do so by selecting the options in the cookie banner. You may also refuse to accept cookies by changing your browser settings. For more information on managing cookies and other tracking methods see www.allaboutcookies.org/manage-cookies.
**** Please note that deleting and blocking cookies will have an impact on your user experience as parts of the Websites may not function properly or be accessible.
What are the most frequently used or a representative sample of the cookies on our Websites?
The following tables detail the most frequently used or a representative sample of the cookies our Websites uses and explains their use.
Strictly Necessary Cookies
|
Cookie |
Cookie Type |
Duration |
Description |
|
AWSALB |
Performance |
7 days |
Used by Amazon AWS Load balancing to direct requests to our webservers depending on availability |
|
AWSALBCORS |
Performance |
7 days |
Used by Amazon AWS Load balancing to direct requests to our webservers depending on availability |
|
session |
Security & Functionality |
1 day |
Identifies an authenticated user, when making requests for data to our webservers |
|
_csrf |
Security |
Browser session |
Used to ensure user data submission are only from web pages delivered by our webservers |
|
_csrfToken |
Security |
Browser session |
Used to ensure user data submission are only from web pages delivered by our webservers |
Performance Cookies
|
Cookie |
Cookie Type |
Duration |
Description |
|
Io |
Performance |
Browser session |
Used to gather information about how our users interact with our application, for improving and enhancing features |
Cookie Lifespan
The lifespan of cookies is shown in the tables above.