Privacy Policy

This Privacy Policy is effective as of 25 November 2022


1. Who are we?

1.1 illio is made up of a group, including:

• illio Technology Limited, a company incorporated in Hong Kong (No. 2845489) with its registered address at Level 43, Champion Tower, Three Garden Rd, Central, Admiralty, Hong Kong;

• illio UK Limited, a company incorporated in England (No 11542344), with its registered address at 85 Great Portland Street, London, England, W1W 7LT; and

• illio Corporation, a company incorporated in Delaware, with its registered office at 874 Walker Road, Suite C, Dover, Delaware, 19904, County of Kent.

1.2 When this policy refers to "illio", "we" or "us", we are referring to the relevant company in the illio group responsible for processing your data, referred to as the “data controller” of all Personal Data that is collected from our customers for the purposes of Applicable Data Laws.

1.3 We are committed to protecting your privacy as a user (referred to as "User", "you" or "your"), and we take our responsibility regarding the security of your Personal Data (defined below) very seriously. We will be clear and transparent about the Personal Data we are collecting and what we will do with that Personal Data. This privacy policy (the "Privacy Policy") describes:

(a) the types of Personal Data we collect on the illio website, or one of our other products or services, all of which are part of illio's platform (the "Platform") and how we collect it; (b) how we hold and use the Personal Data; (c) with whom we may share it; (d) the choices available to you regarding our use of your Personal Data; (e) the measures we take to protect the security of your Personal Data; and (f) how you can contact us about our privacy practices.

1.4 This Privacy Policy is addressed to: (i) Users who are individuals ("Individual Users"), with respect to all Personal Data collected with respect to them; and (ii) named individuals whose Personal Data is made available to illio as part of the registration and/or use of the platform by any User who is not an individual or natural person, regardless of where the entity is incorporated or established ("Corporate User"), with respect to such Personal Data .You can navigate to the relevant section of this Privacy Policy by clicking on the links below:

• What Personal Data we collect (including by automated means)

• Why and how we use your Personal Data

• How do we protect and manage your Personal Data (including international transfers and retention periods)

• Who do we share your Personal Data with

• Your rights and choices

• Links to other websites

• Updates to this Privacy Policy

• How to contact us

1.5 illio's collection, processing and retention of the Personal Data may be governed by various laws, principles and regulations which may apply to you depending on your location (which may include the European General Data Protection Regulation ("GDPR"), the UK Data Protection Act 2018 the version of the GDPR retained in UK law (the “UK GDPR”), the Hong Kong Personal Data (Privacy) Ordinance (Cap 486) ("PDPO"), the Singapore Personal Data Protection Act 2012 ("PDPA") and/or the Australian Privacy Act 1988 (Cth) ("APA")) (together, the "Applicable Data Laws").The Applicable Data Laws of the EU and UK require that certain information be given to you in relation to your Personal Data, which is set out in this Privacy Policy.

2. What Personal Data do we collect (including by automated means)?

2.1 We may ask for and collect your Personal Data (either directly through your use of the Platform, or in communications relating to your registration to use the Platform or when you communicate with us in any other way (for example in any feedback or queries you send in a number of ways to provide you with the products or services that you request, and payment for such processes).

2.2 As you interact with our Platform we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies for more information, please refer to our Cookie Policy available at the following webpage: https://www.illio.com/cookie-policy.

2.3 We may also receive Personal Data indirectly through our third party partners who help provide the Platform, including: Hubspot CRM to hold account data including email for communications and AWS Cognito authentication which stores email and password for login

2.4 Personal Data has the meaning given in the Applicable Data Laws and includes any information or opinion relating to you which allows us to identify you, such as your name, phone number, postal address, email address, details of products or services you have purchased, payment details and information about your access to the Platform.

2.5 Specifically, we may (either directly or indirectly through our third party partners) collect the following categories of Personal Data with respect to Individual Users (the collection of those items marked with an asterisk is necessary for the purposes of the creation and administration of your user account on the Platform ("User Account") and illio may not be able to continue providing access to the Platform in the event that any of this information is withheld):

(a) name,* home address,* e-mail address,* mobile telephone number,* credit/debit card or other payment details*;

(b) information, excluding anonymised or aggregated data, relating to your portfolio activity (“Portfolio Data”);

(c) information you provide about yourself and any preferences in your User Account;

(d) communications with us or directed to us via letters, emails, chat services and calls;*

(e) where you have selected particular services or features on the Platform (e.g. receiving contacts and calendar information, including credentials and any information from your communications with us); and

(f) the location of your computer or device through which you access the Platform.*

2.6 We may (either directly or indirectly through our third party partners) collect the following categories of Personal Data with respect to individuals who act on behalf of a Corporate User in connection with the use of the Platform:

(a) name, contact address, contact e-mail address, mobile telephone number, credit/debit card or other payment details if paying on behalf of the Corporate User;

(b) certain information relating to the individual’s position with the Corporate User and capacity to act on behalf of the Corporate User in connection with the Platform;

(c) communications with us or directed to us via letters, emails, chat services and calls*; and

(d) the location of the computer or device through which the Platform is accessed.*

2.7 Children – As specified in the Terms of Use, Users must be of legal age in their respective countries and not under 18 years old. This Platform is not available to persons under the age of 18 years old. If you are under 18 years old, you must not use this Platform.

3. Why and how do we use your Personal Data?

We will only use your Personal Data when the Applicable Data Laws allow us to. Most commonly, we will use your Personal Data in the following circumstances:

• where we need to perform the contract we are about to enter into or have entered into with you;

• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or

• where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your Personal Data. If we do rely on consent, you have the right to withdraw consent to marketing at any time by contacting us.

Specifically, your Personal Data (which for our Individual Users includes Portfolio Data) may be used for the following purposes:

3.1 Provide features of the Platform and the products and services you request: We use the Personal Data you give us to provide the Platform and the products and services you request, including:

(a) to create and set up your User Account; and (b) if you use the Platform to track your portfolio activity, we will collect and store Portfolio Data so that you can review it on the Platform and track your progress.

3.2 Communicate information about our services and for other promotional purposes: With your consent, or as otherwise permitted by Applicable Data Laws (for example where you have already purchased access to the Platform), we will use your Personal Data to provide information that we believe is of interest to you, prior to, during, and after your interactions with us, including marketing communications and news concerning our products, services, events and other promotions. You can opt-out of such communications at any time by contacting us.

3.3 Customer service communications: we use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us (e.g. to respond to your inquiries when you reach out to us). From time to time, we may also conduct customer surveys to gauge satisfaction with our Platform and the services and products that we provide.

3.4 Administrative or legal purposes: We use your Personal Data to operate our business, systems testing and to diagnose technical and service problems, maintenance and development of our Platform, or in order to deal with a dispute or claim. We may also perform data analysis based on the data we collect from you for statistical and marketing analysis purposes – for example, we may use information about how users of our Platform search for and find specific content or functionality to better understand the best ways to organise and present the content that we offer.

3.5 Security, administrative, crime prevention/detection and legal purposes: We may use your Personal Data to verify your information and identity, and to protect against, identify and prevent fraud and other unlawful activities. We may also share your Personal Data with government authorities or law enforcement bodies for compliance with legal requirements, or as otherwise required or permitted by Applicable Data Laws.

4. How do we protect and manage your Personal Data (including international transfers and retention periods)?

4.1 Encryption and security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected or actual Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the internet.

4.2 International transfers of your Personal Data illio operates businesses in multiple jurisdictions, some of which are not located in the United Kingdom or European Economic Area (EEA). The Personal Data that illio collects from users will be stored in the EEA but might also be shared with third party data recipients that are not located in the UK or EEA. Therefore, the Personal Data that you provide to illio maybe transferred internationally to countries other than the jurisdiction in which you initially provided your data. While countries outside the UK or EEA do not always have strong data privacy laws, we take measures to protect your Personal Data as described in this Privacy Policy and in compliance with Applicable Data Laws. We also require all third party data recipients (including our partners and service providers) to process your information in a secure manner and in accordance with Applicable Data Laws (e.g. through the signing of the UK’s International Data Transfer Agreement or EU Standard Contractual Clauses, or such other equivalent safeguards as may be approved by the EU or UK). If you have further questions about this, please contact us at the details provided below.

4.3 Retention of your Personal Data We will not retain your data for longer than is necessary to fulfil the purpose for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the purposes for which we process it, and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements. We also consider the periods for which we might need to retain Personal Data in order to comply with applicable laws (including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirement), or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made. In general, this means that we will likely keep your Personal Data from your account for as long as your User Account is open. Following closure of your User Account, we will retain your Personal Data for a period of up to thirty (30) days after your account closes so that we can contact you if necessary and to comply with our internal processes and any Applicable Laws. After thirty (30) days, all Personal Data will be deleted unless you have another active account. When we no longer need your Personal Data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the Personal Data that we use, and if we can anonymise your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

5. Who do we share your Personal Data with?

We may share your Personal Data, with the following persons for the purposes described in this Privacy Policy:

(a) other companies and members within the illio group;

(b) our third party ancillary partners who may offer products and services on, through or which link to our Platform. If you choose to purchase services offered on or which link to our Platform by third parties, you may be a customer of both illio and these third parties, and we and our partners may collect and share information about you, such as your contact details and your billing information. We are not responsible for third parties’ use of your Personal Data where such use is permitted for their own purposes. You should consult their privacy policies for further information;

(c) other companies, contractors or agents that assist us in providing services to you, including cloud storage, authentication, administering correspondence and emails, debt collection, administration services, payment services, customer services and information technology support;

(d) credit and debit card companies which facilitate your payments to us, and for anti-fraud screening, which may need information about your method of payment to process or ensure the security of your payment transaction.  Before entering your personal details we suggest that you read and become familiar with the privacy policy for any such third-party provider;

(e government authorities, law enforcement bodies and regulators for compliance with applicable laws and regulations, or where otherwise required by applicable laws;

(f) our legal and other professional advisers in order to enforce our legal rights in relation to our contract with you; and

(g) third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

6. Your rights and choices

6.1 In certain circumstances, under Applicable Data Laws, you may have the right to:

(a) Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it;

(b) Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;

(c) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

(d) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see (e) below);

(e) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;

(f) Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you;

(g) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;

(h) Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format; and

(i) Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so.

6.2 If you wish to exercise your rights related to your Personal Data (including the rights set out above), please contact the illio team using the details below. While you will generally not be required to pay a fee to access your Personal Data or to exercise any of your other statutory rights, we may charge a reasonable fee if your request for access is unfounded or excessive or decline to comply with such requests where permitted by Applicable Data Laws. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it and to prevent unauthorised modification of your Personal Data. You also have the right to lodge a complaint about our processing of your Personal Data with the body regulating data protection in your jurisdiction.

6.3 Links to other websites Our Platform may link from or provide links to other websites for your convenience and information. These websites may operate independently from us. If you visit any website linked to our Platform, you are subject that website’s own privacy policies. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.

6.4 Updates to this Privacy Policy and Informing us of Changes

illio may revise and update this Privacy Policy at any time by posting an updated Privacy Policy on the Platform. All such changes to the Privacy Policy are effective immediately when posted to the Platform and apply to all access to and use of the Platform thereafter, but we may update you directly (such as emailing you regarding updates the updated Privacy Policy) to ensure you are aware of any material changes. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

6.5 How to contact us? We welcome questions and comments about this Privacy Policy and our privacy practices. If you wish to provide feedback or if you have questions or concerns or wish to exercise your rights related to your Personal Data, please contact the illio team at the following email address: privacy@illio.com.

6.6 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.