Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect the following personal information when you use our services:

• Contact Information: Name, email address, phone number, postal address
• Investment Information: Investment preferences, risk tolerance, financial information relevant to our services
• Communication Records: Records of communications between you and EnchiTorch
• Identification Information: Government-issued ID, proof of address, and other verification documents
• Financial Information: Bank account details, investment history, source of funds information

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Information: Pages visited, time spent on pages, referral sources, search terms
• Location Information: General geographic location based on IP address
• Cookies and Tracking: Information collected through cookies and similar technologies

2. How We Use Your Information

2.1 Primary Uses

We use your personal information for the following purposes:

• Service Provision: To provide investment services, process transactions, and manage your account
• Communication: To respond to inquiries, provide customer support, and send service-related communications
• Compliance: To comply with legal and regulatory requirements, including anti-money laundering and know-your-customer obligations
• Risk Management: To assess investment suitability and manage operational risks
• Service Improvement: To analyze and improve our services, website functionality, and user experience

2.2 Marketing and Communications

With your consent, we may use your information to:

• Send newsletters and investment updates
• Provide information about new investment opportunities
• Send promotional materials about our services
• Invite you to events and webinars

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.

3. Legal Basis for Processing

Under UK data protection law, we process your personal information based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our investment services contract with you
• Legal Obligation: Processing required to comply with legal and regulatory obligations
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention and service improvement
• Consent: Where you have provided explicit consent for specific processing activities

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our business:

• Technology Providers: Cloud hosting, email services, website analytics
• Financial Services: Payment processors, banking partners, investment platforms
• Professional Services: Legal advisors, accountants, auditors, compliance consultants
• Marketing Services: Email marketing platforms, customer relationship management systems

All third-party service providers are contractually obligated to maintain the confidentiality and security of your information.

4.2 Regulatory and Legal Disclosure

We may disclose your information when required by law or regulation:

• To comply with legal obligations and regulatory requirements
• To respond to lawful requests from government authorities
• To protect our rights, property, and safety or that of others
• In connection with legal proceedings or investigations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to appropriate data protection safeguards.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

• Encryption: Data encryption in transit and at rest using industry-standard protocols
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring
• Physical Security: Secure data centers with restricted access and environmental controls
• Regular Testing: Penetration testing and vulnerability assessments

5.2 Data Breach Response

In the unlikely event of a data breach, we have procedures in place to:

• Contain and assess the breach within 24 hours
• Notify relevant authorities within 72 hours where required
• Inform affected individuals without undue delay
• Take immediate steps to prevent further unauthorized access

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Active Clients: For the duration of the business relationship and 7 years thereafter
• Prospective Clients: Up to 3 years from last contact unless consent is withdrawn
• Marketing Contacts: Until you opt out or 5 years of inactivity
• Legal Requirements: As required by applicable laws and regulations

We regularly review our data retention practices and securely delete information that is no longer required.

7. Your Rights

Under UK data protection law, you have the following rights regarding your personal information:

7.1 Right of Access

You have the right to request a copy of the personal information we hold about you, along with information about how we process it.

7.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal information we hold about you.

7.3 Right to Erasure

In certain circumstances, you can request that we delete your personal information, such as when it is no longer necessary for the purposes for which it was collected.

7.4 Right to Restrict Processing

You can request that we restrict the processing of your personal information in certain circumstances, such as while we verify its accuracy.

7.5 Right to Data Portability

Where technically feasible, you can request that we provide your personal information in a structured, commonly used format for transfer to another service provider.

7.6 Right to Object

You can object to processing of your personal information based on legitimate interests or for direct marketing purposes.

7.7 Exercising Your Rights

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section. We will respond to your request within one month.

8. Cookies and Tracking Technologies

8.1 Cookie Usage

Our website uses cookies and similar technologies to enhance your browsing experience:

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand website usage and improve performance
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

8.2 Cookie Management

You can manage your cookie preferences through our cookie banner or by adjusting your browser settings. Please note that disabling certain cookies may affect website functionality.

For detailed information about our cookie practices, please see our Cookie Policy.

9. International Data Transfers

Your personal information may be transferred to and processed in countries outside the UK. When we transfer information internationally, we ensure appropriate safeguards are in place:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by UK authorities
• Binding corporate rules for intra-group transfers
• Certification schemes and codes of conduct

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a prominent notice on our website

The date of the last update is indicated at the top of this policy. We encourage you to review this policy periodically.

12. Contact Information

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

13. Complaints and Regulatory Authority

If you believe we have processed your personal information in violation of data protection law, you have the right to lodge a complaint with the UK's data protection regulator:

However, we encourage you to contact us first so we can address your concerns directly.