Team Member Privacy Notice

What Does This Privacy Notice Cover?

Fundwell respects your privacy and is committed to protecting your Personal Data.

The purpose of this Privacy Notice is to provide our employees and contractors with information about how and why we process their Personal Data and to tell them about their privacy rights and how the law protects them.

Important notes:

  • This Privacy Notice is intended to meet our duties of transparency under the UK’s implementation of the General Data Protection Regulation (the “UK GDPR”) and the European Union’s General Data Protection Regulation (the “EU GDPR” and together with the UK GDPR, the “GDPR”).
  • It is important you read this Privacy Notice so that you are aware of how and why we are using your Personal Data, your rights and how the law protects you.
  • This Privacy Notice does not form an operative part of your employment or contractor agreement (even if it is referred to in that agreement).
  • You should be aware that if you fail to provide certain Personal Data when requested, we may not be able to perform your employment or contractor agreement (e.g., by paying you or providing a benefit) or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

We may update this Privacy Notice from time to time. If we do so, we will provide you with and/or make available, a revised Privacy Notice.

Table of contents
Table of contents
Text Link
Text Link
Text Link
Text Link

Who We Are and How to Contact Us

Who We Are

Fundwell, Inc., and its subsidiary, FDW UK Limited (together, “Fundwell”, “we”, “us” or “our”) are the Controllers (as defined in the GDPR) for the purposes of the Processing of your Personal Data described in this Privacy Notice. For employees and contractors engaged by FDW UK Limited, FDW UK Limited is the primary Controller. For contractors engaged directly by Fundwell, Inc., Fundwell, Inc. is the primary Controller.

Our addresses are: Fundwell, Inc., 450 N Park Rd, Suite #610, Hollywood, FL 33021, USA; and FDW UK Limited, B1 Vantage Park, Old Gloucester Road, Hambrook, Bristol, BS16 1GW.

How to Contact Us

To contact us, you can either:

Your rights relating to your Personal Data

Your Rights in Connection with Your Personal Data

Under certain circumstances, by law you have the right to:

  • Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest (defined below) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data which you have provided to us, in a structured, commonly used, machine-readable format. Note that this right only applies to Personal Data we process by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

How to Exercise Your Rights

If you want to exercise any of the rights described above, please contact us using the contact details shown in the “Who We Are and How to Contact Us” section above.

We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information to assist us in responding to your request.

Please also note that in certain circumstances the rights above will not apply and/or in certain circumstances some categories of Personal Data will be exempt from the scope of those rights. We will notify you where this is the case.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you would like to make a complaint regarding this Privacy Notice, you can contact us using the contact details shown in the “Who We Are and How to Contact Us” section above. We will reply to your complaint as soon as we can.

If you feel that your complaint has not been adequately resolved, please note that the GDPR also gives you the right to make a complaint directly to the relevant supervisory authority.

For UK-based Team Members, the relevant authority is the UK Information Commissioner’s Office:

Information Commissioner’s Office

Water Lane, Wycliffe House

Wilmslow - Cheshire SK9 5AF

Telephone: +44 303 123 1113

Website: https://ico.org.uk/make-a-complaint/

For Poland-based Team Members, the relevant authority is the Urząd Ochrony Danych Osobowych (UODO):

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2 00-193

Warsaw, Poland

Telephone: +48 22 531 03 00

Website: https://uodo.gov.pl

What Personal Data We Collect

All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.

Category of Personal Data collected What this means
Identity Data First name, middle name(s), surname, title, employee identification number, national identification and/or passport details, national insurance / social security number or other tax-related information, driver’s licence, photographs.
Contact Data Your home address, work address, email address and telephone numbers.
Biographical Data First name, middle name(s), surname, maiden name, marital/civil partnership status, title, date of birth, gender, ethnicity, education history, professional history, professional qualifications and memberships, references, information contained within letters of application and CVs, language proficiencies and other skills, certifications, certification dates and information in your Fundwell biography, photographs.
Immigration Data National identification and/or passport number, details of residency and/or work permit and other information that would allow us to verify your employment or engagement eligibility.
Related Persons Data First names, surnames, contact telephone numbers, email addresses and home addresses of your spouse, domestic/civil partner, dependents, beneficiaries and emergency contacts.
Compensation Data Fees, salary and bonus details, benefits information (including information regarding health insurance, pension entitlement and contributions), details on share options, share grants and other awards, pay frequency and currency, effective date of current compensation, salary reviews, bank account details and working time records (including holiday and other absence records, leave status, hours worked and department standard hours).
Expenses and Travel Data Information about your business travel and other business expenses.
Engagement Data Job title and description, department, work location, dates of employment or engagement, employment or engagement status and type (e.g., full-time/part-time), terms of employment or engagement, employment or contractor agreement, work history (current, past, or prospective), timekeeping information, personnel and disciplinary records, training and learning program participation, termination date(s) and reason, length of service, retirement eligibility, reporting manager(s) information, information necessary to complete background checks, drug and/or alcohol tests, and other screens permitted by law, and other information reasonably necessary to administer the employment or engagement relationship with you.
Performance Data Performance evaluations and feedback and promotion history.
Systems Data Your Fundwell email address, usernames, passwords, and keycard number; information about your use of, as well as content and communications you send and receive through, devices, communications, IT systems and applications (e.g., time of use, files accessed, search history, web pages viewed, IP address, device ID, device location); and information about your access to offices and facilities (e.g., keycard scans and security camera footage).

Please note that if you access our IT systems, networks, and applications using your personal device, this may mean that we collect certain information relating to your use of our IT systems, networks and applications using that device.
Compliance Data Details of any shareholding of common shares or directorships.
Health Data Information related to your health, such as any medical condition or sickness records which you provide to us, including:
  • your participation in Fundwell’s wellness programs, executive physicals and health insurance programs;
  • where you leave employment or your engagement ends, and the reason for leaving is determined to be ill health, injury or disability, the records relating to that decision (including in respect of administration of any share or equity incentive plan(s) operated by Fundwell);
  • details of any absences (other than holidays) from work including time on statutory parental leave and sick leave;
  • any health information in relation to a claim made under our private medical insurance scheme(s); and
  • where you leave employment or your engagement ends and the reason for leaving is related to your health, information about that condition needed for pensions and/or private medical insurance purposes.
Other Data This might include data not listed above that you provide to us, such as your feedback and survey responses where you choose to identify yourself.

Personal Data from Third-Party Sources

In addition to the Personal Data that we collect from you directly, in certain circumstances, we may also collect Personal Data from third-party sources. Please see below for a list of the types of third-party sources from which we may collect your Personal Data (including whether the source of that Personal Data is publicly available):

  • Employment agencies or recruiters.
  • Job board websites you may use to apply for a position with us.
  • Providers of services that we make available to our Team Members as part of our benefits program.
  • Prior employers or clients, when they provide us with references.
  • Professional references that you identify on your CV or authorise us to contact.
  • Providers of background check, credit check, or other screening services (where required and permitted by law).
  • Your social media profiles or other publicly-available sources (information gathered from these sources is publicly-available).
  • Your dependents and related persons who communicate with us directly.

We may also collect additional Personal Data in the course of your employment or engagement related activities throughout the period of your employment or engagement and otherwise in relation to your employment or engagement at Fundwell.

How We Use Your Personal Data and Why

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:

  • Where we need to perform an agreement or contract we are about to enter into with you or have entered into with you (“Contractual Necessity”) – e.g., this applies where the use of your Personal Data is necessary for us to perform your employment or contractor agreement, any share option agreement etc.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.

The table below shows at a very high-level how we may use your Personal Data and the relevant legal bases we rely upon for that use.

For more information – see the Appendix to this Notice. In that Appendix, we have set out in detail the purposes for which we may use your Personal Data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of Personal Data typically used for the relevant purpose.

Purpose Legal basis
Contractual performance. We may process your Personal Data (including sharing it with third parties, where appropriate) to perform, administer and manage any agreements we may have with you (e.g., your employment or contractor agreement or share option agreement (if applicable) we have with you. Contractual Necessity.
Talent management. We may process your Personal Data (including sharing it with third parties, where appropriate) for talent management purposes. Legitimate Interests.
Business operation and improvement. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our products and services and our business more generally. Legitimate Interests.
Systems and premises management. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our IT systems, premises and facilities. Legitimate Interests.
Protection of health and vital interests. We may process your Personal Data to protect your vital interests or those of a third party. Vital Interests.
Compliance and protection. We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes (including the establishment, exercise or defence of legal claims). Depending on the circumstances: Compliance with Law or Legitimate Interest.
Data sharing in the context of corporate transactions. We may Process and disclose Personal Data in the context of actual or prospective corporate transactions. Legitimate Interest.
Privacy Protective Steps. We may create aggregated, de-identified and/or anonymised data from your Personal Data. Legitimate Interest.
Further uses. In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to such use of your Personal Data for those further purposes in so far as they are not compatible with the initial purpose for which information was collected. Consent or the original legal basis where the relevant further use is compatible with the initial purpose.

In addition to establishing a legal basis, where we use any ‘special categories’ of Personal Data (e.g., your Health Data), we also have to satisfy an additional condition to process such Personal Data, because it is considered to be more sensitive in nature. The condition that may apply will depend on the circumstances and the purposes of the relevant processing. However, as examples of the conditions that we may rely upon:

  • We may need to Process that data to carry out our legal obligations or exercise rights in connection with employment or engagement and our role as an employer or engager (e.g., dealing with your sickness, sick-pay, accidents at work etc).
  • We may need to Process that data because it is necessary for reasons of substantial public interest (e.g., for equal opportunities monitoring, preventing or detecting unlawful acts etc).
  • We may need to Process that data because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

Who We Share Your Personal Data With

As part of our business and in relation to your employment or engagement, we may share your Personal Data with certain third parties – please see the list below for information about the categories of such third-party recipients:

Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent. For example, this may occur:

  • to enable our group to operate shared infrastructure, systems and technology,
  • as part of our reporting activities on performance of the group and its members,
  • in the context of a business reorganisation or restructuring exercise,
  • to enable participation in any share plans, pension arrangements or benefits operated or procured by particular group members for the benefit of our Team Members, so as to enable to administer those the plans, schemes and benefits.

Service Providers. Providers of services to Fundwell or our group. For example, this may involve sharing of Personal Data with such providers  for the purposes of:

  • payroll administration, benefits and wellness,
  • human resources, occupational health, performance management, training,
  • expense management, travel, transportation and accommodation,
  • IT systems and support, information and physical security,
  • background checks and other screenings,
  • equity award administration,
  • corporate banking and credit cards,
  • insurance brokers, claims handlers and loss adjusters, and any necessary third party administrators, nominees, registrars or trustees appointed in connection with benefits plans or programs.

Benefits Providers. Providers of services to eligible Team Members as part of our Team Member benefits program, who need your information to verify your eligibility and provide you with services. For example, this may include: financial advisors and institutions, pensions providers, insurance providers and intermediaries (such as health insurance providers), and providers of health, fitness, wellness, childcare and concierge services.

Professional advisers. Accountants, auditors, lawyers, insurers, bankers, and other professional advisors.

Our Marketing Audience, Current and prospective customers and other business contacts with whom we share your Fundwell bio, which may be shared on our website or in other publicly available marketing materials and communications as part of our marketing activities.

Customers and Business Partners. Customers, other companies and individuals with whom Fundwell does business or is exploring a business relationship.

Parties involved in corporate transactions. We may disclose Personal Data in the context of actual or prospective business transactions (e.g., investments in Fundwell, financing of Fundwell, public share/stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain Personal Data with prospective counterparties and their advisers. We may also disclose your Personal Data to an acquirer, successor, or assignee of Fundwell as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which Personal Data is transferred to one or more third parties as one of our business assets. Please note, we would always look to take steps to minimise the amount and sensitivity of any Personal Data shared in these contexts where possible and appropriate.

Compliance and protection related sharing. We may need to or may have a legitimate interest in, sharing your Personal Data with entities that regulate or have jurisdiction over us (such as regulatory authorities, public bodies and judicial bodies). We may also share your Personal Data in the context of protecting our, your or others' rights, privacy, safety or property (including by establishing, making and defending legal claims).

Future Employers or Engagers and their Vendors. Future employers or engagers and their vendors where you ask that we provide references or where we are otherwise required to provide such references by law.

Other third parties where requested. For example providing services to you (e.g. your mortgage provider) where you ask us to do so.

Data Transfers

We may share your Personal Data with third parties who are based outside the UK and EU (including with certain of our Affiliates) in connection with the Processing of Personal Data described in this Privacy Notice.

In such circumstances, their processing of your Personal Data will involve a transfer of your Personal Data to countries based outside the UK and EU. Whenever we transfer your Personal Data outside the UK and EU, we try to ensure a similar degree of protection is afforded to it by making sure that at least one of the following mechanisms is implemented:

  • Transfers to territories with an adequacy decision. We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK Government and the European Commission from time to time.
  • Transfers to territories without an adequacy decision. We may transfer your Personal Data to countries that have not been deemed to provide an adequate level of protection for Personal Data by the UK Government and the European Commission – provided that, in these cases:
    • we may use specific appropriate safeguards, which are designed to give Personal Data effectively the same protection it has in the UK and EU (e.g., the UK’s International Data Transfer Agreement or International Data Transfer Addendum to the European Commission’s ‘Standard Contractual Clauses’ or the European Commission’s ‘Standard Contractual Clauses’); or
    • in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your Personal Data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – e.g., reliance on your explicit consent to that transfer or because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

You can contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK and EU. You may have the right to receive a copy of the appropriate safeguards under which your Personal Data is transferred – you can make a request by contacting us using the contact details shown in the “Who We Are and How to Contact Us” section above.

How We keep Your Personal Data Secure

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.

How Long We Store Your Personal Data

Fundwell’s retention periods for Personal Data are based on business needs and legal requirements.  We retain Personal Data for as long as is necessary for the processing purpose(s) for which it was collected, as set out in this Privacy Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed.

When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the Personal Data.

No Automated Decisions

Fundwell’s does not envisage that you will be subject to decisions or profiling that will have a significant impact on you based solely on automated decision-making.

Appendix – Detailed Processing Information

In the table below, we have set out in detail the purposes for which we may use your Personal Data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of Personal Data typically used for the relevant purpose.

Processing activities Personal Data Legal basis

Contractual performance

We may process your Personal Data (including sharing it with third parties, where appropriate) to perform, administer and manage any agreements we may have with you (e.g., your employment or contractor agreement or share option agreement (if applicable)), including:

  • administering payroll, wages and other compensation;
  • granting and administering equity awards, bonuses, commissions and other incentive awards;
  • administering and evaluating Team Member benefits, including healthcare and pensions;
  • maintaining contact details of your designated dependents and beneficiaries and communicating with them as necessary in the administration of your Team Member benefits and awards;
  • administering and evaluating vacation, paid time off, sick leave, and other leaves of absence;
  • assisting with obtaining an immigration visa or work permit; and
  • otherwise administering our employment or contractor relationship with you or performing our agreements with you.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Immigration Data
  • Related Persons Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
  • Health Data
 Contractual Necessity

Talent management

We may process your Personal Data (including sharing it with third parties, where appropriate) for talent management purposes, including:

  • improving our application and/or recruitment process, including improving diversity;
  • providing training and career development opportunities;
  • in connection with performance and compensation evaluation and promotions;
  • administering business expense tracking, reimbursements and travel;
  • informing you of, or inviting you to participate in, any benefits programmes, share plans or similar operated or procured by us or any other member of the group;
  • administering Team Member transfers, reassignments and secondments;
  • conducting employee surveys and soliciting employee feedback;
  • performing background, reference, or credit checks, where these are not required by law;
  • managing disciplinary matters, grievances and terminations; and
  • communicating with you.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Related Persons Data
  • Compensation Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
 Legitimate Interests. We have a legitimate interest in assessing, managing, incentivising and rewarding our Team Members.

Business operation and improvement

We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our products and services and our business. For example, this may include:

  • developing, improving and innovating in respect of present and future products and services, business plans and strategies and associated operations;
  • managing and allocating assets and personnel, maintaining internal personnel directories, strategic planning and project management, budgeting, financial management and reporting, recordkeeping and archiving, and for business continuity;
  • operating our products and/or services;
  • promoting our business; and
  • communicating with our vendors and clients.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
 Legitimate Interests. We have a legitimate interest in operating, developing and improving our business and our products and services.

Systems and premises management

We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our IT systems, premises and facilities, including:

  • providing information technology resources and support;
  • operating, maintaining and protecting the security of our network systems and devices;
  • monitoring offices and facilities, IT and communications systems, devices, equipment and applications through manual review and automated tools such as security software, website and spam filtering software, and mobile device management software (including for the purposes of monitoring compliance with our policies, procedures and applicable laws (such as the GDPR and other applicable privacy laws));
  • ensuring physical security, including by controlling access to and monitoring our physical premises (including using security cameras and keycard scans) to help protect the rights, safety and property of Fundwell and our group, our staff and representatives, you and others;
  • investigating and responding to security and other incidents; and
  • for business continuity and disaster recovery.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Immigration Data
  • Related Persons Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
  • Health Data
 Legitimate Interests. We have a legitimate interest in managing and securing our IT systems, premises and facilities, including conducting monitoring and investigations for these purposes.

Protection of health and vital interests

We may process your Personal Data (including sharing it with third parties, where appropriate) to protect your vital interests or those of a third party. This may include:

  • the processing and disclosure of your data to relevant health authorities and/or health care providers in the event of a medical emergency.
 Any and all data types relevant in the circumstances. Vital Interests. We may need to process and share your Personal Data where necessary to protect your (or someone else's) vital interests – this typically means matters of life and death.

Compliance and protection

We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes, including to:

  • comply with applicable laws (including in relation to tax), lawful requests, and legal process, such as to respond to warrants, subpoenas, investigations or requests from government authorities;
  • protect our proprietary and confidential information and intellectual property;
  • protect our, your or others’ rights, privacy, safety or property (including by establishing, making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • look to protect the health and safety, including the personal safety and security of Team Members, contractors, vendors, clients and other visitors;
  • verify identity and eligibility to work;
  • conduct criminal background checks where required or appropriate to do so as a result of your role;
  • comply with equal opportunities monitoring requirements. Without limitation to the foregoing, we may use your diversity-related Personal Data (such as race or ethnicity) in order to comply with legal obligations relating to diversity and anti-discrimination.
 Any and all data types relevant in the circumstances.

Compliance with Law.

Legitimate Interests. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety.

Data sharing in the context of corporate transactions

We may Process and disclose Personal Data in the context of actual or prospective corporate transactions (for more information – see the details in “Who we share your Personal Data with” in the main body of the Privacy Notice).

 Any and all data types relevant in the circumstances. Legitimate Interests. We and any relevant third parties have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate transaction (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations).

Privacy Protective Steps

We may create aggregated, de-identified and/or anonymised data from your Personal Data and other individuals whose Personal Data we collect. We make Personal Data into de-identified and/or anonymised data by removing information that makes the data identifiable to you.

 Any and all data types relevant in the circumstances. Legitimate Interests. Where Compliance with Law is not applicable, we have a legitimate interest, and believe it is also in your interests, that we are able to take these privacy protective steps.

Further uses

In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to use of your Personal Data for those further purposes if they are not compatible with the initial purpose for which information was collected.

 Any and all data types relevant in the circumstances.

Consent, if the relevant further use is not compatible with the initial purpose for which the Personal Data was collected.

The original legal basis relied upon (which will be as set out in this Privacy Notice) if the relevant further use is compatible with the initial purpose for which the Personal Data was collected.

Who We Are and How to Contact Us

Who We Are

Fundwell, Inc., and its subsidiary, FDW UK Limited (together, “Fundwell”, “we”, “us” or “our”) are the Controllers (as defined in the GDPR) for the purposes of the Processing of your Personal Data described in this Privacy Notice. For employees and contractors engaged by FDW UK Limited, FDW UK Limited is the primary Controller. For contractors engaged directly by Fundwell, Inc., Fundwell, Inc. is the primary Controller.

Our addresses are: Fundwell, Inc., 450 N Park Rd, Suite #610, Hollywood, FL 33021, USA; and FDW UK Limited, B1 Vantage Park, Old Gloucester Road, Hambrook, Bristol, BS16 1GW.

How to Contact Us

To contact us, you can either:

Your rights relating to your Personal Data

Your Rights in Connection with Your Personal Data

Under certain circumstances, by law you have the right to:

  • Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest (defined below) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data which you have provided to us, in a structured, commonly used, machine-readable format. Note that this right only applies to Personal Data we process by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

How to Exercise Your Rights

If you want to exercise any of the rights described above, please contact us using the contact details shown in the “Who We Are and How to Contact Us” section above.

We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information to assist us in responding to your request.

Please also note that in certain circumstances the rights above will not apply and/or in certain circumstances some categories of Personal Data will be exempt from the scope of those rights. We will notify you where this is the case.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you would like to make a complaint regarding this Privacy Notice, you can contact us using the contact details shown in the “Who We Are and How to Contact Us” section above. We will reply to your complaint as soon as we can.

If you feel that your complaint has not been adequately resolved, please note that the GDPR also gives you the right to make a complaint directly to the relevant supervisory authority.

For UK-based Team Members, the relevant authority is the UK Information Commissioner’s Office:

Information Commissioner’s Office

Water Lane, Wycliffe House

Wilmslow - Cheshire SK9 5AF

Telephone: +44 303 123 1113

Website: https://ico.org.uk/make-a-complaint/

For Poland-based Team Members, the relevant authority is the Urząd Ochrony Danych Osobowych (UODO):

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2 00-193

Warsaw, Poland

Telephone: +48 22 531 03 00

Website: https://uodo.gov.pl

What Personal Data We Collect

All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.

Category of Personal Data collected What this means
Identity Data First name, middle name(s), surname, title, employee identification number, national identification and/or passport details, national insurance / social security number or other tax-related information, driver’s licence, photographs.
Contact Data Your home address, work address, email address and telephone numbers.
Biographical Data First name, middle name(s), surname, maiden name, marital/civil partnership status, title, date of birth, gender, ethnicity, education history, professional history, professional qualifications and memberships, references, information contained within letters of application and CVs, language proficiencies and other skills, certifications, certification dates and information in your Fundwell biography, photographs.
Immigration Data National identification and/or passport number, details of residency and/or work permit and other information that would allow us to verify your employment or engagement eligibility.
Related Persons Data First names, surnames, contact telephone numbers, email addresses and home addresses of your spouse, domestic/civil partner, dependents, beneficiaries and emergency contacts.
Compensation Data Fees, salary and bonus details, benefits information (including information regarding health insurance, pension entitlement and contributions), details on share options, share grants and other awards, pay frequency and currency, effective date of current compensation, salary reviews, bank account details and working time records (including holiday and other absence records, leave status, hours worked and department standard hours).
Expenses and Travel Data Information about your business travel and other business expenses.
Engagement Data Job title and description, department, work location, dates of employment or engagement, employment or engagement status and type (e.g., full-time/part-time), terms of employment or engagement, employment or contractor agreement, work history (current, past, or prospective), timekeeping information, personnel and disciplinary records, training and learning program participation, termination date(s) and reason, length of service, retirement eligibility, reporting manager(s) information, information necessary to complete background checks, drug and/or alcohol tests, and other screens permitted by law, and other information reasonably necessary to administer the employment or engagement relationship with you.
Performance Data Performance evaluations and feedback and promotion history.
Systems Data Your Fundwell email address, usernames, passwords, and keycard number; information about your use of, as well as content and communications you send and receive through, devices, communications, IT systems and applications (e.g., time of use, files accessed, search history, web pages viewed, IP address, device ID, device location); and information about your access to offices and facilities (e.g., keycard scans and security camera footage).

Please note that if you access our IT systems, networks, and applications using your personal device, this may mean that we collect certain information relating to your use of our IT systems, networks and applications using that device.
Compliance Data Details of any shareholding of common shares or directorships.
Health Data Information related to your health, such as any medical condition or sickness records which you provide to us, including:
  • your participation in Fundwell’s wellness programs, executive physicals and health insurance programs;
  • where you leave employment or your engagement ends, and the reason for leaving is determined to be ill health, injury or disability, the records relating to that decision (including in respect of administration of any share or equity incentive plan(s) operated by Fundwell);
  • details of any absences (other than holidays) from work including time on statutory parental leave and sick leave;
  • any health information in relation to a claim made under our private medical insurance scheme(s); and
  • where you leave employment or your engagement ends and the reason for leaving is related to your health, information about that condition needed for pensions and/or private medical insurance purposes.
Other Data This might include data not listed above that you provide to us, such as your feedback and survey responses where you choose to identify yourself.

Personal Data from Third-Party Sources

In addition to the Personal Data that we collect from you directly, in certain circumstances, we may also collect Personal Data from third-party sources. Please see below for a list of the types of third-party sources from which we may collect your Personal Data (including whether the source of that Personal Data is publicly available):

  • Employment agencies or recruiters.
  • Job board websites you may use to apply for a position with us.
  • Providers of services that we make available to our Team Members as part of our benefits program.
  • Prior employers or clients, when they provide us with references.
  • Professional references that you identify on your CV or authorise us to contact.
  • Providers of background check, credit check, or other screening services (where required and permitted by law).
  • Your social media profiles or other publicly-available sources (information gathered from these sources is publicly-available).
  • Your dependents and related persons who communicate with us directly.

We may also collect additional Personal Data in the course of your employment or engagement related activities throughout the period of your employment or engagement and otherwise in relation to your employment or engagement at Fundwell.

How We Use Your Personal Data and Why

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:

  • Where we need to perform an agreement or contract we are about to enter into with you or have entered into with you (“Contractual Necessity”) – e.g., this applies where the use of your Personal Data is necessary for us to perform your employment or contractor agreement, any share option agreement etc.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.

The table below shows at a very high-level how we may use your Personal Data and the relevant legal bases we rely upon for that use.

For more information – see the Appendix to this Notice. In that Appendix, we have set out in detail the purposes for which we may use your Personal Data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of Personal Data typically used for the relevant purpose.

Purpose Legal basis
Contractual performance. We may process your Personal Data (including sharing it with third parties, where appropriate) to perform, administer and manage any agreements we may have with you (e.g., your employment or contractor agreement or share option agreement (if applicable) we have with you. Contractual Necessity.
Talent management. We may process your Personal Data (including sharing it with third parties, where appropriate) for talent management purposes. Legitimate Interests.
Business operation and improvement. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our products and services and our business more generally. Legitimate Interests.
Systems and premises management. We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our IT systems, premises and facilities. Legitimate Interests.
Protection of health and vital interests. We may process your Personal Data to protect your vital interests or those of a third party. Vital Interests.
Compliance and protection. We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes (including the establishment, exercise or defence of legal claims). Depending on the circumstances: Compliance with Law or Legitimate Interest.
Data sharing in the context of corporate transactions. We may Process and disclose Personal Data in the context of actual or prospective corporate transactions. Legitimate Interest.
Privacy Protective Steps. We may create aggregated, de-identified and/or anonymised data from your Personal Data. Legitimate Interest.
Further uses. In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to such use of your Personal Data for those further purposes in so far as they are not compatible with the initial purpose for which information was collected. Consent or the original legal basis where the relevant further use is compatible with the initial purpose.

In addition to establishing a legal basis, where we use any ‘special categories’ of Personal Data (e.g., your Health Data), we also have to satisfy an additional condition to process such Personal Data, because it is considered to be more sensitive in nature. The condition that may apply will depend on the circumstances and the purposes of the relevant processing. However, as examples of the conditions that we may rely upon:

  • We may need to Process that data to carry out our legal obligations or exercise rights in connection with employment or engagement and our role as an employer or engager (e.g., dealing with your sickness, sick-pay, accidents at work etc).
  • We may need to Process that data because it is necessary for reasons of substantial public interest (e.g., for equal opportunities monitoring, preventing or detecting unlawful acts etc).
  • We may need to Process that data because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

Who We Share Your Personal Data With

As part of our business and in relation to your employment or engagement, we may share your Personal Data with certain third parties – please see the list below for information about the categories of such third-party recipients:

Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent. For example, this may occur:

  • to enable our group to operate shared infrastructure, systems and technology,
  • as part of our reporting activities on performance of the group and its members,
  • in the context of a business reorganisation or restructuring exercise,
  • to enable participation in any share plans, pension arrangements or benefits operated or procured by particular group members for the benefit of our Team Members, so as to enable to administer those the plans, schemes and benefits.

Service Providers. Providers of services to Fundwell or our group. For example, this may involve sharing of Personal Data with such providers  for the purposes of:

  • payroll administration, benefits and wellness,
  • human resources, occupational health, performance management, training,
  • expense management, travel, transportation and accommodation,
  • IT systems and support, information and physical security,
  • background checks and other screenings,
  • equity award administration,
  • corporate banking and credit cards,
  • insurance brokers, claims handlers and loss adjusters, and any necessary third party administrators, nominees, registrars or trustees appointed in connection with benefits plans or programs.

Benefits Providers. Providers of services to eligible Team Members as part of our Team Member benefits program, who need your information to verify your eligibility and provide you with services. For example, this may include: financial advisors and institutions, pensions providers, insurance providers and intermediaries (such as health insurance providers), and providers of health, fitness, wellness, childcare and concierge services.

Professional advisers. Accountants, auditors, lawyers, insurers, bankers, and other professional advisors.

Our Marketing Audience, Current and prospective customers and other business contacts with whom we share your Fundwell bio, which may be shared on our website or in other publicly available marketing materials and communications as part of our marketing activities.

Customers and Business Partners. Customers, other companies and individuals with whom Fundwell does business or is exploring a business relationship.

Parties involved in corporate transactions. We may disclose Personal Data in the context of actual or prospective business transactions (e.g., investments in Fundwell, financing of Fundwell, public share/stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain Personal Data with prospective counterparties and their advisers. We may also disclose your Personal Data to an acquirer, successor, or assignee of Fundwell as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which Personal Data is transferred to one or more third parties as one of our business assets. Please note, we would always look to take steps to minimise the amount and sensitivity of any Personal Data shared in these contexts where possible and appropriate.

Compliance and protection related sharing. We may need to or may have a legitimate interest in, sharing your Personal Data with entities that regulate or have jurisdiction over us (such as regulatory authorities, public bodies and judicial bodies). We may also share your Personal Data in the context of protecting our, your or others' rights, privacy, safety or property (including by establishing, making and defending legal claims).

Future Employers or Engagers and their Vendors. Future employers or engagers and their vendors where you ask that we provide references or where we are otherwise required to provide such references by law.

Other third parties where requested. For example providing services to you (e.g. your mortgage provider) where you ask us to do so.

Data Transfers

We may share your Personal Data with third parties who are based outside the UK and EU (including with certain of our Affiliates) in connection with the Processing of Personal Data described in this Privacy Notice.

In such circumstances, their processing of your Personal Data will involve a transfer of your Personal Data to countries based outside the UK and EU. Whenever we transfer your Personal Data outside the UK and EU, we try to ensure a similar degree of protection is afforded to it by making sure that at least one of the following mechanisms is implemented:

  • Transfers to territories with an adequacy decision. We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK Government and the European Commission from time to time.
  • Transfers to territories without an adequacy decision. We may transfer your Personal Data to countries that have not been deemed to provide an adequate level of protection for Personal Data by the UK Government and the European Commission – provided that, in these cases:
    • we may use specific appropriate safeguards, which are designed to give Personal Data effectively the same protection it has in the UK and EU (e.g., the UK’s International Data Transfer Agreement or International Data Transfer Addendum to the European Commission’s ‘Standard Contractual Clauses’ or the European Commission’s ‘Standard Contractual Clauses’); or
    • in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your Personal Data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – e.g., reliance on your explicit consent to that transfer or because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

You can contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK and EU. You may have the right to receive a copy of the appropriate safeguards under which your Personal Data is transferred – you can make a request by contacting us using the contact details shown in the “Who We Are and How to Contact Us” section above.

How We keep Your Personal Data Secure

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.

How Long We Store Your Personal Data

Fundwell’s retention periods for Personal Data are based on business needs and legal requirements.  We retain Personal Data for as long as is necessary for the processing purpose(s) for which it was collected, as set out in this Privacy Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed.

When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the Personal Data.

No Automated Decisions

Fundwell’s does not envisage that you will be subject to decisions or profiling that will have a significant impact on you based solely on automated decision-making.

Appendix – Detailed Processing Information

In the table below, we have set out in detail the purposes for which we may use your Personal Data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of Personal Data typically used for the relevant purpose.

Processing activities Personal Data Legal basis

Contractual performance

We may process your Personal Data (including sharing it with third parties, where appropriate) to perform, administer and manage any agreements we may have with you (e.g., your employment or contractor agreement or share option agreement (if applicable)), including:

  • administering payroll, wages and other compensation;
  • granting and administering equity awards, bonuses, commissions and other incentive awards;
  • administering and evaluating Team Member benefits, including healthcare and pensions;
  • maintaining contact details of your designated dependents and beneficiaries and communicating with them as necessary in the administration of your Team Member benefits and awards;
  • administering and evaluating vacation, paid time off, sick leave, and other leaves of absence;
  • assisting with obtaining an immigration visa or work permit; and
  • otherwise administering our employment or contractor relationship with you or performing our agreements with you.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Immigration Data
  • Related Persons Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
  • Health Data
 Contractual Necessity

Talent management

We may process your Personal Data (including sharing it with third parties, where appropriate) for talent management purposes, including:

  • improving our application and/or recruitment process, including improving diversity;
  • providing training and career development opportunities;
  • in connection with performance and compensation evaluation and promotions;
  • administering business expense tracking, reimbursements and travel;
  • informing you of, or inviting you to participate in, any benefits programmes, share plans or similar operated or procured by us or any other member of the group;
  • administering Team Member transfers, reassignments and secondments;
  • conducting employee surveys and soliciting employee feedback;
  • performing background, reference, or credit checks, where these are not required by law;
  • managing disciplinary matters, grievances and terminations; and
  • communicating with you.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Related Persons Data
  • Compensation Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
 Legitimate Interests. We have a legitimate interest in assessing, managing, incentivising and rewarding our Team Members.

Business operation and improvement

We may process your Personal Data (including sharing it with third parties, where appropriate) to operate and improve our products and services and our business. For example, this may include:

  • developing, improving and innovating in respect of present and future products and services, business plans and strategies and associated operations;
  • managing and allocating assets and personnel, maintaining internal personnel directories, strategic planning and project management, budgeting, financial management and reporting, recordkeeping and archiving, and for business continuity;
  • operating our products and/or services;
  • promoting our business; and
  • communicating with our vendors and clients.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
 Legitimate Interests. We have a legitimate interest in operating, developing and improving our business and our products and services.

Systems and premises management

We may process your Personal Data (including sharing it with third parties, where appropriate) to operate, manage and secure our IT systems, premises and facilities, including:

  • providing information technology resources and support;
  • operating, maintaining and protecting the security of our network systems and devices;
  • monitoring offices and facilities, IT and communications systems, devices, equipment and applications through manual review and automated tools such as security software, website and spam filtering software, and mobile device management software (including for the purposes of monitoring compliance with our policies, procedures and applicable laws (such as the GDPR and other applicable privacy laws));
  • ensuring physical security, including by controlling access to and monitoring our physical premises (including using security cameras and keycard scans) to help protect the rights, safety and property of Fundwell and our group, our staff and representatives, you and others;
  • investigating and responding to security and other incidents; and
  • for business continuity and disaster recovery.
  • Identity Data
  • Contact Data
  • Biographical Data
  • Immigration Data
  • Related Persons Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Engagement Data
  • Performance Data
  • Systems Data
  • Health Data
 Legitimate Interests. We have a legitimate interest in managing and securing our IT systems, premises and facilities, including conducting monitoring and investigations for these purposes.

Protection of health and vital interests

We may process your Personal Data (including sharing it with third parties, where appropriate) to protect your vital interests or those of a third party. This may include:

  • the processing and disclosure of your data to relevant health authorities and/or health care providers in the event of a medical emergency.
 Any and all data types relevant in the circumstances. Vital Interests. We may need to process and share your Personal Data where necessary to protect your (or someone else's) vital interests – this typically means matters of life and death.

Compliance and protection

We may process your Personal Data (including sharing it with third parties, where appropriate) for compliance and protection purposes, including to:

  • comply with applicable laws (including in relation to tax), lawful requests, and legal process, such as to respond to warrants, subpoenas, investigations or requests from government authorities;
  • protect our proprietary and confidential information and intellectual property;
  • protect our, your or others’ rights, privacy, safety or property (including by establishing, making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • look to protect the health and safety, including the personal safety and security of Team Members, contractors, vendors, clients and other visitors;
  • verify identity and eligibility to work;
  • conduct criminal background checks where required or appropriate to do so as a result of your role;
  • comply with equal opportunities monitoring requirements. Without limitation to the foregoing, we may use your diversity-related Personal Data (such as race or ethnicity) in order to comply with legal obligations relating to diversity and anti-discrimination.
 Any and all data types relevant in the circumstances.

Compliance with Law.

Legitimate Interests. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We and any relevant third parties may also have a legitimate interest of ensuring the protection, maintenance, and enforcement of our and their rights, property, and/or safety.

Data sharing in the context of corporate transactions

We may Process and disclose Personal Data in the context of actual or prospective corporate transactions (for more information – see the details in “Who we share your Personal Data with” in the main body of the Privacy Notice).

 Any and all data types relevant in the circumstances. Legitimate Interests. We and any relevant third parties have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate transaction (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations).

Privacy Protective Steps

We may create aggregated, de-identified and/or anonymised data from your Personal Data and other individuals whose Personal Data we collect. We make Personal Data into de-identified and/or anonymised data by removing information that makes the data identifiable to you.

 Any and all data types relevant in the circumstances. Legitimate Interests. Where Compliance with Law is not applicable, we have a legitimate interest, and believe it is also in your interests, that we are able to take these privacy protective steps.

Further uses

In some cases, we may use your Personal Data for further uses, in which case we will ask for your consent to use of your Personal Data for those further purposes if they are not compatible with the initial purpose for which information was collected.

 Any and all data types relevant in the circumstances.

Consent, if the relevant further use is not compatible with the initial purpose for which the Personal Data was collected.

The original legal basis relied upon (which will be as set out in this Privacy Notice) if the relevant further use is compatible with the initial purpose for which the Personal Data was collected.

Opt Out of Data Sharing

Please Provide the following information for identity verification

Success!

Thank you! We have received your submission.

Ready to fund your company's future?

Join the thousands of businesses who rely on Fundwell for fast, transparent financing.

Get Started

Need help applying? 1-800-613-0257

Solutions
Business Line of CreditSmall Business LoansRevenue Based FinancingSBA LoansNon-Dilutive Capital
Company
About UsCareersPartnersContact Us
Resources
Customer StoriesBlogNewsFAQs

© 2025 All Rights Reserved

Terms and Agreements