Privacy Policy
How Clearwave Prism collects, uses, and protects your personal information in accordance with Irish and EU data protection laws
Information We Collect
When you use our investment applications and services, we collect several types of information to provide you with personalized financial guidance and secure account management.
Personal identification information includes your full name, email address, phone number, and postal address. For investment services, we also require date of birth, PPS number (Irish tax identification), and employment details to comply with financial regulations.
Financial information encompasses your investment preferences, risk tolerance assessments, portfolio holdings, transaction history, and banking details for fund transfers. We collect this data through account registration forms, investment questionnaires, and ongoing platform usage.
Technical data includes IP addresses, browser types, device information, login timestamps, and application usage patterns. This helps us maintain platform security and improve user experience across our investment tools.
How We Use Your Information
Your personal data serves specific purposes related to investment management and regulatory compliance. We use this information to create personalized investment recommendations based on your financial goals and risk profile.
Account administration requires processing your data for identity verification, transaction processing, portfolio reporting, and customer support responses. We also use your information to send important account notifications, market updates, and regulatory communications.
Fraud prevention and security monitoring involve analyzing login patterns, transaction behaviors, and device usage to protect your investment accounts from unauthorized access.
We may use aggregated, anonymized data for market research and platform improvements, but this never includes personally identifiable information.
Legal Basis for Processing
Under the General Data Protection Regulation (GDPR) and Irish Data Protection Act 2018, we process your personal data based on several legal foundations.
Contract performance covers data processing necessary to provide investment services, execute transactions, and maintain your accounts. This includes identity verification, portfolio management, and customer support.
Legal obligations require us to process certain data for anti-money laundering checks, tax reporting, and financial regulatory compliance mandated by the Central Bank of Ireland.
Legitimate interests justify processing for fraud prevention, platform security improvements, and business analytics, provided these interests don't override your fundamental rights and freedoms.
Consent applies to marketing communications, optional data collection for enhanced services, and non-essential cookies on our website.
Data Sharing and Third Parties
We share your information only when necessary for service delivery, legal compliance, or with your explicit consent. Our approach prioritizes data minimization and strict confidentiality agreements.
Financial service providers receive limited data for transaction processing, including banks for fund transfers and investment platforms for portfolio execution. These partners operate under strict data protection agreements.
Regulatory authorities may receive your data as required by Irish and EU financial laws, including the Central Bank of Ireland, Revenue Commissioners, and European Securities and Markets Authority.
Technology service providers who support our platform infrastructure access minimal data necessary for system maintenance, security monitoring, and customer support, all under comprehensive data processing agreements.
We never sell your personal data to third parties for marketing purposes or share it with unauthorized entities.
Your Rights Under GDPR
As an individual in Ireland and the European Union, you have comprehensive rights regarding your personal data. These rights are designed to give you control over how we process your information.
Access Right
Request a copy of all personal data we hold about you, including processing purposes and data recipients.
Rectification Right
Correct inaccurate personal data or complete incomplete information in your account profile.
Erasure Right
Request deletion of your personal data when it's no longer necessary or you withdraw consent.
Portability Right
Receive your data in a structured format or transfer it directly to another service provider.
Restriction Right
Limit how we process your data while disputes are resolved or accuracy is verified.
Objection Right
Object to processing based on legitimate interests, including direct marketing communications.
To exercise these rights, contact our Data Protection Officer using the details provided below. We'll respond within one month and may require identity verification to protect your privacy.
Data Security Measures
We implement comprehensive technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.
Technical safeguards include end-to-end encryption for data transmission, AES-256 encryption for data storage, multi-factor authentication for account access, and regular security vulnerability assessments.
Access controls ensure that only authorized personnel can access your data on a need-to-know basis. All staff undergo data protection training and sign confidentiality agreements.
We maintain incident response procedures to quickly identify, contain, and remedy any potential data breaches. In case of a high-risk breach, we'll notify relevant authorities within 72 hours and inform affected individuals promptly.
Regular security audits and penetration testing help us maintain and improve our protective measures against evolving cyber threats.
Data Retention Periods
We retain your personal data only as long as necessary for the purposes outlined in this policy and to meet our legal obligations.
- Account information: Retained for 7 years after account closure as required by Irish financial regulations
- Transaction records: Maintained for 6 years following the transaction date for tax and audit purposes
- Marketing preferences: Kept until you withdraw consent or we determine the data is no longer relevant
- Support communications: Stored for 3 years to maintain service quality and resolve future inquiries
- Website usage data: Automatically deleted after 24 months unless required for ongoing fraud investigations
When retention periods expire, we securely delete or anonymize your data unless legal obligations require longer storage. You can request earlier deletion in certain circumstances under your right to erasure.
International Data Transfers
While we primarily process your data within Ireland and the European Economic Area, some processing may occur outside these regions to provide comprehensive investment services.
When transferring data internationally, we ensure adequate protection through European Commission adequacy decisions, Standard Contractual Clauses, or other approved transfer mechanisms.
Our cloud infrastructure providers maintain certifications and contractual commitments that meet European data protection standards, even when servers are located outside the EU.
You have the right to obtain information about specific international transfers affecting your data and the safeguards we've implemented to protect your privacy rights.
Cookies and Tracking Technologies
Our website and investment applications use cookies and similar technologies to enhance functionality, analyze usage patterns, and personalize your experience.
Essential cookies enable core platform features like secure login, session management, and transaction processing. These cannot be disabled without affecting service functionality.
Analytics cookies help us understand how you interact with our platform, which features are most valuable, and where we can improve user experience. This data is aggregated and anonymized.
Marketing cookies enable personalized content and measure advertising effectiveness. You can control these preferences through your account settings or browser configuration.
You can manage cookie preferences at any time, though disabling certain cookies may limit platform functionality or require repeated login attempts.
Children's Privacy
Our investment services are designed for adults aged 18 and over. We do not knowingly collect personal information from children under 16 without appropriate parental consent as required by GDPR.
If we discover that we've inadvertently collected data from a child under 16, we'll delete this information promptly and terminate any associated accounts.
Parents or guardians who believe their child has provided personal information to us should contact our privacy team immediately for data removal.
Changes to This Policy
We may update this privacy policy periodically to reflect changes in our practices, services, or legal requirements. Material changes will be communicated through multiple channels to ensure you're informed.
We'll notify you of significant policy changes via email, account notifications, and prominent website announcements at least 30 days before implementation.
Minor updates, such as contact information changes or clarifications that don't affect your rights, may be implemented immediately with website publication.
Continued use of our services after policy changes constitutes acceptance of the updated terms, though you always retain the right to withdraw consent or close your account if you disagree with modifications.
Privacy Contact Information
Supervisory Authority
If you believe we've mishandled your personal data or violated your privacy rights, you have the right to lodge a complaint with the Irish Data Protection Commission.
Data Protection Commission contact details: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. Phone: +353 (0)761 104 800. Website: dataprotection.ie
We encourage contacting us directly first, as we're committed to resolving privacy concerns promptly and maintaining your trust in our data handling practices.