Privacy Policy
Our role in your privacy
If you are a Door customer or subscriber, or just visiting our website, this policy applies to you.
This privacy policy explains our standards for protecting your Personal Data in relation to its collection, handling, processing, storage, use, transportation and destruction by us and any third party dealing with your Personal Data on our behalf.
If Door transfers your Personal Data outside of the European Union or the European Economic Area, such as to its business in the Americas, we will ensure that your Personal Data is only accessed by approved Door employees, kept secure and treated like it would be in Europe.
We are registered as a data controller at the UK Information Commissioner’s Office: CSN7608100.
Our responsibilities
If you are a registered Door customer or a visitor to our website we act as the ‘data controller’ (https://ico.org.uk/for-organisations/guide-to-thegeneral-data-protection-regulation-gdpr/key-definitions/) of personal data. This means we determine how and why your data are processed.
Your responsibilities
- Read this Privacy Policy.
- If you are a Door customer, please also check the contracts between us which may contain further details on how we collect and process your data.
- If you provide us with personal information about other people or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Privacy Policy.
When and how we collect data
From the first moment you interact with Door, we are collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.
Here’s when and how we do this:
- You browse any page of our website
- You send us emails with personal data
- You request a demo of the Door Platform
- We call you
- You use the Door Platform
- You receive emails from us
- You chat with us for customer support
- You opt-in to marketing messages
Types of data we collect
Contact details
Your name, email address, job title, telephone number, email address...
Data that identifies you
Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version...
Data on how you use Door
Your URL clickstreams (the path you take through our site and application, products and services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions...
Do we collect sensitive data?
We don’t collect any "sensitive data" about you, like racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences….
What about children’s data?
Door is a business-to-business service directed to and intended for use only by working professionals who are generally 18 years of age or over. We do not target Door at children, and we do not knowingly collect any personal data from any person under 16 years of age.
How do we use your data?
Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:
So we can keep Door running: LEGAL BASIS: CONTRACT AND LEGITIMATE INTERESTS
Managing your requests (like onboarding users, connecting your Door account to other services), login and authentication, remembering your settings, hosting and back-end infrastructure).
Improving Door: LEGAL BASIS: CONTRACT AND LEGITIMATE INTERESTS
Testing features, interacting with feedback platforms and questionnaires, managing landing pages, traffic optimisation and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this.
Customer support: LEGAL BASIS: CONTRACT
Notifying you of any changes to our service, solving issues via telephone support or email including any bug fixing.
Aggregate usage reports: LEGAL BASIS: LEGITIMATE INTERESTS
We will not distribute or publish reports containing personally identifiable information. However, Door may create, distribute and publish reports containing information derived from aggregated user-driven data or interactions on the Door application.
Marketing purposes (with your consent) LEGAL BASIS: CONSENT
Sending you emails and messages about new features, products and services, and content.
The specifics
Here are the details about how we collect and use personal information collected on the Door application and marketing website.
| Information type | What is the data? | How is the data collected? | How is the data used? | Where does Door store data? |
|---|---|---|---|---|
| User login/registration information | Business email, name, job title, company name, company location, business telephone number. | Information is provided by users as part of their registration process and sent by email to Door or via an online form. | Data is used to identify user login credentials. It is also used for client support communications. When users request access to fund information, this data will be displayed to the asset manager to allow them to identify their clients. Data can be amended on Door. The user makes an active decision to request access. This data is sent as an email alert to the asset manager when users make a request. A footnote informs the asset manager not to circulate data outside of their organisation. | Data is stored in Amazon Web Services in
the EEU and encrypted. Data may also be stored in Door’s CRM system (HubSpot) and which is only accessed by approved individuals and used for customer support. |
| Fund data on Door | Data are responses
to questions on
Door’s Standard
Questionnaire. Personal data comprises names and job titles of key personnel in the asset manager’s firm, across operational and investment divisions. Data may include short biographies of the investment personnel. | Data is entered into and maintained on a secure and encrypted database by asset managers’ approved employees (e.g. RFP Teams). | Accessed by asset managers’ clients when they grant access to fund information. | Data is stored in Amazon Web Services in
the EEU and encrypted. Data may also be stored in Door’s CRM system (HubSpot) and which is only accessed by approved individuals and used for customer support. |
| User activity information on the Door application | Data is individual usage tracking | Buttons clicked and values entered | Data is used to enhance and develop the Door application in addition to creating aggregate reports on usage. All personally identifiable information is masked. | Data is stored in a proprietary database hosted in AWS in the EEU. |
| User activity information Door marketing website | Data is individual usage tracking | Buttons and links clicked and | Data is used to enhance and develop the Door website. | Data is stored in HubSpot |
| Client contacts | Data defined as individuals signing on client contracts | Data is provided in the process of agreeing master services agreements | Contractual process | Contracts are stored on Box. |
HERE IS WHAT "LEGAL BASES" MEAN:
Consent
You have given clear consent for us to process your personal data for a specific purpose. You can change your mind. If you have previously given consent to our processing your data you can freely withdraw such consent at any time. You can do this by emailing us at support@doorfunds.com. If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights.
Contract
Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
Legitimate Interests
Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
- gaining insights from your behaviour on our website or in our application
- delivering, developing and improving the Door service
- enabling us to enhance, customise or modify our services and communications
- determining whether marketing campaigns are effective
- enhancing data security
In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests
Your privacy choices and rights
Your choices
- You can choose not to provide us with personal data. If you choose to do this, you will not be able to use the Door application.
- You can turn off cookies in your browser by changing its settings. You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and browse its pages, but Door may not work effectively.
- You can ask us not to use your data for marketing. We will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at support@doorfunds.com.
Your rights
You can exercise your rights by sending us an email at support@doorfunds.com.
You have the right to access information we hold about you.
This includes the right to ask us supplementary information about:
- the categories of data we’re processing
- the purposes of data processing
- the categories of third parties to whom the data may be disclosed
- how long the data will be stored (or the criteria used to determine that period)
- your other rights regarding our use of your data
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
You have the right to make us correct any inaccurate personal data about you.
You can object to us using your data for profiling you or making automated decisions about you.
We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behaviour). Otherwise, the only circumstances in which we will do this is to provide the Door service to you.
You have the right to port your data to another service.
We will give you a copy of your data in CSV or JSON so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be ‘forgotten’ by us.
You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your use of Door.
You have the right to lodge a complaint regarding our use of your data.
Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.
How secure is the data we collect?
We have physical, electronic, and managerial procedures to safeguard and secure the information we collect. For more information on our efforts to ensure your data is held in a secure manner, please see our information security policy.
And please remember:
- You provide personal data at your own risk. Unfortunately, no data transmission is guaranteed to be 100% secure.
- You are responsible of your username and password. Keep them secret and safe!
- If you believe your privacy has been breached, please contact us immediately on support@doorfunds.com.
Where do we store the data?
The personal data we collect is processed at our offices in London and Liverpool and in any data processing facilities operated by the third parties identified below. By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer, process or store your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.
How long do we store your data?
We will archive and stop actively using any personal identifiable information about you within 12 months from the last time you used Door. We will delete your personal data from our archives no later than 6 years from the last time you used Door or as agreed with you in a separate contract.
Third parties who process your data
Tech businesses often use third parties to help them host their application, communicate with customers, power their emails, etc. We partner with third parties who we believe are the best in their field at what they do.
When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.
Here are the details of our main third-party service providers, and what data they collect or we share with them, where they store the data and why they need it:
| Service Provider | Data collected or shared | Purpose | Place of processing |
|---|---|---|---|
| Amazon Web Services (https://aws.amazon.com/privacy/) | Login credentials, including
business email and name Fund information, including key personnel, fund manager biographies. | This is a web hosting provider. We use it to store fund information and other data you generate by using the service securely in the cloud. | EU (Dublin and Frankfurt) |
| HubSpot Inc. (https://legal.hubspot.com/privacy-policy) | Contact details Data in how you use Door Cookies | We use this service for customer communications, hosting landing pages and sending marketing emails to those who have opted in | US |
| QuickBooks | Billing contacts | We use QuickBooks to manage our billing process | US |
