Privacy Policy

Introduction

At INVESTROCK.IS LTD, we prioritize the protection and proper handling of personal information (“PI”), including sensitive personal information (“SPI”), in full compliance with applicable privacy and data protection laws. As a global entity, we adhere to strict regulations governing the collection, use, and storage of personal data.

The terms “Investrock,” “we,” “us,” or “our” refer to INVESTROCK.IS LTD, its subsidiaries, and affiliates (collectively referred to as the “Investrock Group”). The Investrock Group and the specific entity you interact with act as controllers of your personal information, ensuring transparency and accountability in all data-related processes.

References to “you” or “your” include individuals whose personal information is processed by INVESTROCK.IS LTD. This includes:

  • Individual investors.
  • Employees, officers, or agents (“Representatives”) of clients with direct or indirect relationships with Investrock (e.g., those investing through intermediaries).

Beneficial owners of organizations or entities in connection with:

  • Providing services to potential and existing clients.
  • Facilitating transactions on behalf of our clients.
  • Managing services provided to us by third-party vendors.

If your agreement is with INVESTROCK.IS LTD, the specific entity you engage with acts as the controller of your personal information. If you are an investor utilizing Investrock’s services, any associated management teams or platforms may also act as separate controllers, depending on the legal structure of the engagement.

This Privacy Policy applies to your interactions with INVESTROCK.IS LTD and outlines:

  • Why and how we collect, use, and disclose your personal information (“Processing”).
  • The measures we take to protect your personal information.
  • Your rights regarding the handling of your personal information.

Additional terms and conditions related to the collection, use, and sharing of your personal information may apply depending on the context of your relationship with Investrock. These should be read in conjunction with this Privacy Policy to fully understand our practices and your rights.

For further information about our data privacy practices or to exercise your rights, please contact INVESTROCK.IS LTD directly.

 

PI We Collect About You

1. Identification Data
  • Full name, title, gender, marital status, date of birth.
  • Passport number, national ID number, signature.
2. Contact Data
  • Personal address, telephone number, email address.
3. Electronic Monitoring Data

Where permitted by law, we may record and monitor communications, including:

  • Phone calls.
  • Emails.
  • Instant messages.
4. Financial Data
  • Bank account details, client reference numbers.
  • Account statements, investment history.
5. Marketing, Behavioral, and Communication Data
  • Preferences and website usage.
  • Interactions with our portals and platforms (as outlined in our Cookie Policy).
6. Professional Information Data
  • Job title, business address, professional contact details.
7. Profile Data
  • Username, password, investment history.
  • Services requested, survey responses.
8. Services Data
  • Payment information.
  • Details of services provided or received.
9. Technical Data
  • IP address, browser type and version, operating system.
  • Interactions with our online services, such as log-in data or session information.
10. Sensitive Personal Information (SPI)

In limited circumstances, we may collect SPI, including:

  • Criminal conviction records (if legally required).
  • Dietary requirements (e.g., for events).
  • Disability information (to provide reasonable accommodations).

 

How We Collect Your PI

We may collect your PI through various channels to provide and enhance our services. Below are the primary ways INVESTROCK.IS LTD may gather your information:

1. Directly from You
  • When you provide your information to us, such as by completing an investment application form or communicating with us directly regarding our services.
2. From Your Organization or Entity
  • If you represent an organization or entity that is a client or vendor, your PI may be provided to us by your organization or entity as part of our business relationship.
3. Throughout Our Relationship
  • During the course of our relationship, such as when you update your details, provide additional information, or request changes to the services we offer.
4. From Public Sources
  • Through publicly available sources, such as your interactions with us on social media or public profiles, especially for purposes like talent acquisition or client relationship management.
5. From Third Parties

From authorized third-party sources, including:

  • Credit reference agencies.
  • Verification services or other authorized providers.
6. From Online Interactions
  • Through your interactions on our website or when you log into our online platforms and services.
7. Derived or Created PI
  • We may also generate or derive information based on your interactions with us, as allowed by applicable laws.

 

Importance of Providing Your PI

Unless explicitly stated otherwise, the PI we request is essential for delivering the services you or your organization require. If you choose not to provide the requested PI, we may be unable to offer certain services or fulfill specific requests related to your account or relationship with INVESTROCK.IS LTD.

 

Processing Purposes, Categories of PI, and Legal Basis

We process your PI for various purposes in line with our legal obligations, contractual requirements, and legitimate business interests. Below is an overview of the key purposes, the categories of PI involved, and the legal basis for processing.

1. To Open Accounts or Establish Relationships at Your Request

Category of PI:
  • Identification Data, Contact Data, Electronic Monitoring Data, Financial Data, Professional Information Data, Services Data, SPI.
Legal Basis:
  • Performance of a contract.
  • Compliance with legal or regulatory obligations.
  • Legitimate interests: Preventing criminal activity, fraud, and ensuring compliance with anti-money laundering and anti-terrorism regulations.

2. To Deliver Requested Services and Facilitate Transactions

Category of PI:
  • Identification Data, Contact Data, Electronic Monitoring Data, Financial Data, Profile Data, Services Data, Technical Data, Marketing and Communications Data, Professional Information Data.
Legal Basis:
  • Performance of a contract.
  • Compliance with legal or regulatory obligations.
  • Legitimate interests: Providing seamless client services and securing timely payment of fees and charges.

3. To Manage Payments, Fees, and Collections

Category of PI:
  • Identification Data, Contact Data, Financial Data, Professional Information Data, Services Data.
Legal Basis:
  • Performance of a contract.
  • Legitimate interests: Ensuring efficient payment management and recovering outstanding amounts owed to us.

4. To Communicate Updates About Services and Terms

Category of PI:
  • Identification Data, Contact Data, Profile Data, Marketing and Communications Data, Professional Information Data.
Legal Basis:
  • Performance of a contract.
  • Compliance with legal or regulatory obligations.
  • Legitimate interests: Keeping you informed about updates to our terms, policies, or services.

5. To Interact with Governmental or Regulatory Bodies

Category of PI:
  • Identification Data, Contact Data, Electronic Monitoring Data, Financial Data, Services Data, Professional Information Data.
Legal Basis:
  • Compliance with legal or regulatory obligations.
  • Public interest.

6. To Prevent Fraud and Protect Our Assets

Category of PI:
  • Identification Data, Contact Data, Electronic Monitoring Data, Financial Data, Profile Data, Technical Data, Professional Information Data, Services Data.
Legal Basis:
  • Compliance with legal or regulatory obligations.
  • Public interest.
  • Legitimate interests: Ensuring the security of Investrock’s employees, clients, and assets.

7. To Manage and Protect Our Business Operations

Category of PI:
  • Identification Data, Contact Data, Electronic Monitoring Data, Profile Data, Technical Data, Marketing and Communications Data, Professional Information Data.
Legal Basis:
  • Compliance with legal or regulatory obligations.
  • Legitimate interests: Enhancing data security, troubleshooting systems, and maintaining efficient business operations.

8. To Invite You to Participate in Events or Provide Feedback

Category of PI:
  • Identification Data, Contact Data, Profile Data, Technical Data, Marketing and Communications Data, Professional Information Data.
Legal Basis:
  • Consent.
  • Legitimate interests: Engaging clients, gathering feedback, and promoting services.

9. To Send Marketing Communications and Improve User Experience

Category of PI:
  • Identification Data, Contact Data, Profile Data, Technical Data, Marketing and Communications Data, Professional Information Data.
Legal Basis:
  • Consent.
  • Legitimate interests: Understanding how clients interact with our services and improving offerings.

 

For Vendors and Suppliers

INVESTROCK.IS LTD processes your PI for additional purposes when interacting with vendors, suppliers, and ensuring the security of our business systems. Below are the specific purposes, categories of PI involved, and legal bases for these activities.

1. To Engage with Vendors or Suppliers

Category of PI:
  • Identification Data, Contact Data, Electronic Communications Data, Financial Data, Services Data, Professional Information Data.
Legal Basis:
  • Performance of a contract.
  • Compliance with legal or regulatory obligations.
  • Legitimate interests: Preventing engagement with fraudulent or unlawful entities.
  • Public interest.

2. To Manage Payments and Fees for Vendors

Category of PI:
  • Identification Data, Contact Data, Financial Data, Professional Information Data, Services Data.
Legal Basis:
  • Performance of a contract.
  • Legitimate interests: Ensuring efficient payment processes and recovering outstanding amounts owed to us.

3. To Protect Our Business Systems and Data

Category of PI:
  • Identification Data, Contact Data, Profile Data, Technical Data.
Legal Basis:
  • Compliance with legal or regulatory obligations.
  • Legitimate interests: Maintaining secure IT systems, preventing unauthorized access, and safeguarding data.

INVESTROCK.IS LTD is committed to managing vendor and business relationships while protecting the integrity and security of our systems and operations. For further details about how we process your PI, please refer to our Privacy Policy or contact our team.

 

To Whom We Disclose Your PI

In alignment with the purposes outlined in the section "Purpose and Legal Basis for Processing Your PI," INVESTROCK.IS LTD may disclose Personal Information ("PI") in any applicable jurisdiction to the following parties:

1. Other Members of the Investrock Group

We may share PI with affiliated entities and subsidiaries of INVESTROCK.IS LTD for operational, administrative, and compliance purposes.

2. Professional Advisors, Agents, or Independent Contractors

Includes third-party service providers such as:

  • IT platform providers.
  • Legal and financial advisors.
  • Consultants, brokers, and other contractors supporting our operations.

3. Service Providers and Business Partners

  • Marketing service providers, intermediaries, brokers, and other partners who collaborate with us to deliver our products and services.

4. Regulatory and Competent Authorities

  • National or international regulatory bodies, enforcement agencies, courts, tax authorities, or other authorized entities, as required or permitted by applicable laws and regulations.

5. Potential Business Partners

In the event of a merger, acquisition, sale, or restructuring of INVESTROCK.IS LTD, PI may be disclosed to potential buyers, sellers, or merger partners and their advisors.

6. Fraud Prevention and Due Diligence Organizations

Includes credit reference agencies or similar organizations that support anti-money laundering checks, anti-terrorism screening, and fraud detection.

7. Legal Compliance

PI may be disclosed to any person or entity authorized or required by local or international laws, regulations, or legal instruments.

 

Our Commitment to Responsible Disclosure

INVESTROCK.IS LTD ensures that the sharing of PI is conducted responsibly and in strict compliance with relevant privacy and data protection laws. We only disclose PI to trusted parties and for purposes consistent with this privacy policy, taking measures to safeguard your information throughout the process.

For more details about how we handle your PI, please contact us or refer to our privacy policy. or contact us [email protected]

 

International Transfers and Transfers to Service Providers

To provide global services and operate efficiently, INVESTROCK.IS LTD may transfer Personal Information ("PI") to locations outside the country where you reside or where services are delivered to you or your organization. These transfers may include processing activities conducted in Investrock’s operational hubs or by trusted third-party service providers in various countries.

While the destination country may not have privacy and data protection laws equivalent to those in your jurisdiction, INVESTROCK.IS LTD takes comprehensive measures to ensure the protection of PI, including:

  • Implementing robust security measures and organizational controls to safeguard your PI, regardless of where it is processed.
  • Requiring all third-party service providers processing PI on our behalf to adhere to Investrock’s strict data protection and processing standards through binding contractual agreements.

 

Transfers Outside the European Economic Area (EEA)

If we transfer PI out of the EEA, we ensure a similar level of data protection by:

1.Adequacy Decisions:

  • Transferring PI to countries recognized by the EU Commission as providing an adequate level of data protection.

2.Standard Contractual Clauses (SCCs):

  • Establishing contractual clauses approved by the EU Commission to ensure the same level of data security and privacy protections required within the EEA.

 

Our Commitment to International Data Protection

INVESTROCK.IS LTD is committed to maintaining the highest standards of security and compliance for all international data transfers. We work diligently to ensure that your PI remains secure and protected, regardless of its location.

For further details about how we handle international data transfers, please refer to our privacy policy or contact us directly. [email protected]

 

Marketing and Exercising Your Right to Opt-Out of Marketing Communications

In certain jurisdictions, you may need to explicitly consent to receive marketing communications from Investrock. If you are a registered user of our websites or platforms, we may also provide a personalized experience based on your interactions and behavior.

In all jurisdictions, you have the right to opt-out of receiving marketing communications at any time. You can do this by:

  • Clicking on the "unsubscribe" or marketing opt-out link included in any marketing email we send.
  • Contacting us directly using the details provided in the “Contact Us” section of this Privacy Policy.
  • Adjusting your cookie preferences as outlined in our Cookie Policy, especially for certain third-party advertisements.

 

Third-Party Marketing and Sale of PI

Investrock does not share or sell your Personal Information (PI) to third parties for their own marketing or other purposes.

PI Retention

We retain your PI only for as long as necessary to fulfill the purposes for which it was collected. This includes compliance with legal, regulatory, accounting, and reporting requirements, as well as internal policies or the establishment and defense of legal claims.

PI Security

At Investrock, we prioritize the security of your PI and take a range of physical, electronic, and managerial measures to ensure it is protected against unauthorized access, loss, or misuse. Our security practices include:

Staff Education and Training:

Ensuring all employees understand their obligations regarding privacy, as well as training on social engineering, phishing, and password risks.

System Integrity and Resilience:

Maintaining the confidentiality, integrity, and availability of PI processing systems and services, with the ability to restore access to PI in the event of a physical or technical issue.

Access Controls:

Using administrative and technical controls to restrict access to PI based on role and necessity.

Technological Security Measures:

Employing industry-standard encryption (SSL with 128-bit key lengths), firewalls, and anti-virus software.

Physical Security:

Enforcing building access controls and physical measures to protect PI.

Audits and Assessments:

Conducting external security audits, technical assessments, and vendor due diligence.

Layered Cybersecurity Defenses:

Implementing comprehensive cybersecurity systems, including network segregation, application security, endpoint protection, and real-time monitoring for data leaks.

Incident Reporting and Management:

Establishing processes for the prompt reporting and resolution of any security incidents.

 

While we take extensive precautions to protect your PI, it’s important to note that data transmitted over the internet (including email) carries inherent risks of access or interception. We strongly advise against transmitting sensitive information via open or unsecured internet channels. Although we strive to protect your PI, we cannot guarantee the security of data transmitted to or from us.

 

Your Rights

Depending on your jurisdiction and applicable laws, you may have the following rights regarding the processing of your Personal Information ("PI"):

1. Access

You have the right to:

  • Request a copy of the PI we process about you.
  • Be informed about how your PI is used and shared.

2. Object

You can object to the processing of your PI if:

  • We are processing your PI based on legitimate interests or for tasks carried out in the public interest (including profiling).
  • We are processing your PI for direct marketing purposes.

3. Correction

You can request that we update or correct any inaccurate or incomplete PI about you.

4. Erasure

You have the right to request that we delete PI we process about you if:

  • We no longer have a legal, regulatory, or other valid reason to retain it.

5. Restriction

You can request that we limit the processing of your PI, such as if:

  • You contest the accuracy of the information.
  • You have raised an objection under consideration.

6. Portability

You have the right to request a copy of the PI you have provided to us in a commonly used electronic format, such as the information submitted through an application form.

7. Automated Decision Making

If you are subject to automated decisions that have a legal or similarly significant impact, you can request:

  • Manual intervention to review the decision.

 

How to Exercise Your Rights

You may exercise your rights regarding the processing of your Personal Information ("PI") at any time by:

To the extent permitted by applicable laws or regulations, we reserve the right to charge a reasonable fee for certain requests related to the exercise of your rights.

 

Verification Process

To protect your information and ensure it is not disclosed to unauthorized individuals, we may:

  • Request specific information to verify your identity.
  • Ask for additional details to locate the relevant PI, such as the nature and location of your relationship with us.

This verification process helps us confirm your authority to access the requested PI or exercise any of your other rights.

 

Response Timeframes

We are committed to responding to all legitimate requests within the timeframes specified by applicable laws.

 

Fair and Transparent Handling

Exercising your rights will not result in any disadvantage or discrimination against you. We are dedicated to handling all requests transparently, efficiently, and in compliance with applicable laws and regulations.

 

Contact Us

The Privacy and Data Protection Office

If you wish to exercise your rights regarding your Personal Information (PI) or have questions about our privacy policy, you can contact us at:

 

Complaints

If you have concerns or complaints about how your PI is processed, we encourage you to reach out to our Privacy and Data Protection Office at:

You also have the right to file a complaint with the relevant data protection authority in:

  • Your country of residence.
  • Your place of work.
  • The country where you believe your PI has been mismanaged.

 

Cookie Policy

For detailed information about how we use cookies and other tracking technologies, please refer to our separate Cookie Policy available on our website.

 

Linked Websites

Our privacy policy does not apply to third-party websites that INVESTROCK.IS LTD does not own or control, nor to any third-party websites where Investrock advertisements are displayed. We recommend reviewing the privacy policies of those websites directly.

 

Changes to This Privacy Policy

We may periodically update or amend this privacy policy to reflect changes in regulations or our practices. You are encouraged to visit our website regularly to stay informed about any updates.

For significant changes, we will notify you through an appropriate channel, depending on how we typically interact with you (e.g., email or platform notifications).

For further assistance, contact us at [email protected].

 

© 2025 INVESTROCK.IS LTD. All rights reserved.

INVESTROCK and related marks are trademarks or registered trademarks of INVESTROCK.IS LTD or its subsidiaries in the United Kingdom and other jurisdictions. All other trademarks mentioned on this website are the property of their respective owners. Unauthorized use, reproduction, or distribution of any materials without prior written permission is strictly prohibited. To learn more, please visit our Terms of Service page.

INVESTROCK.IS LTD is a company registered in the United Kingdom under Company Number: 16146040. The company operates in accordance with the laws of England and Wales, providing legal and compliant services to its clients.

 

Always With ❤️ - The Investrock Team