Effective date: 5th August 2021
At Stonks, we recognize that you need to trust us if you invest with us, and so we take your privacy seriously. Trust is gained in drops but lost in buckets, so we will never stop striving to earn your trust.
In this Policy, we want to transparently lay out how (and why) we collect, use, and disclose your information when you use Stonks (the "Services"), and inform you of your privacy rights and how the law protects you. You can read the full policy below the fold, but here are the high-level points:
This Privacy & Cookies Policy is intended to meet our duties of transparency under relevant laws, including the General Data Protection Regulation ("GDPR") and the California Consumer Protection Act ("CCPA").
We are Stonks, a platform to better connect Founders, Investors, and Viewers, and other users through the magic of livestreaming. This Policy may refer to "Stonks", "we", "us" or "our:” all of that is shorthand for Stonks, Inc.
For purposes of GDPR, we are the Controller of your Personal Data (referred to as either in this Policy). If you have any questions about this Policy, please contact us at firstname.lastname@example.org.
Our EU Representative. As we do not have an establishment in the European Union ("EU"), we have appointed a representative based in the European Union, who you may address if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data. Our EU representative is:
First off: while Stonks does collect some personal data, we do not collect any "Special Categories of Personal Data" about you, such as details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, or genetic/biometric data.
That being said, in order to provide the Services, we do collect a few different types of Personal Data, spelled out in greater detail below.
In order to use the services, you may be asked to provide us with information that may enable us to identify you personally ("Personal Data"). These categories are outlined below.
Examples: your name, username, marital status, title, date of birth, gender, photo, signature, social security number and/or tax identification number, password, copies of identification documents.
Examples: mailing addresses, email addresses, and telephone numbers.
Examples: educational and professional history, interests, and accomplishments.
Examples: links to your public account pages on social media websites, links to personal websites, and other online materials related to you.
Examples: your bank account and/or payment card details and statements about your financial situation.
Examples: details about payments or investments to and from you and other details of subscriptions and services you have purchased from us.
Examples: information about your investment objectives, investment experience, investment amounts, and information from subscription documents for deals closed via Stonks. This also includes information about your investment entities and their beneficial owners, and tax related information regarding your investments through Stonks.
Examples: your preferences in receiving marketing and other communications from us and our third parties. If you correspond with us by email or messaging through the Services, we may retain those communications.
Examples: inferred or assumed information relating to your behavior and interests, based on your online activity. This is most often collated and grouped into "segments."
Examples: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services.
Examples: any content you post to the Services (such as profiles, comments, participation in live events. etc.), as well as metadata about them (such as when you posted them) ( "Content").
In addition to the Personal Data that we collect directly from you, we may also collect some Personal Data from third party sources, some of which may not be publicly available.
Categories of Personal Data: Identity Data, Contact Data, Financial Data, Transaction Data
Example: running a credit report to verify your net worth for accreditation purposes.
Categories of Personal Data: Identity Data, Contact Data, Online Presence Data
Example: reviewing your public LinkedIn profile to determine your professional background in the world of startups.
Categories of Personal Data: Identity Data, Contact Data, Marketing and Communications Data, Behavioral Data,Investment Data, Transaction Data, Financial Data, Content Data
Example: obtaining reports of your investments from our banking or SPV administration partners.
Categories of Personal Data: Behavioral Data, Technical Data
Example: learning what device you use to access Stonks so we can improve the Services.
We may also collect, use, and share "Aggregated Data'' (such as statistical or demographic data) for any purpose. Aggregated Data does not constitute Personal Data for the purposes of data protection laws as it can not be used to identify you. If we connect Aggregated Data with your Personal Data so that it can identify you, we treat that as Personal Data in accordance with this Policy.
Now that you know what we are collecting, you probably want to know what we do with it. Well, you have come to the right place! We generally use your Personal Data for the following reasons:
For each of the reasons for which we use your Personal Data, data protection laws in some jurisdictions require us to have a legal basis for that use. The legal bases depend on the Services you use and how you use them. This means we collect and use your Personal Data only where:
While you are under no obligation to share any data with Stonks, if we need to process your Personal Data and you fail to provide that data when requested, we may not be able to perform the contract we have with you. In this case, we may have to stop you from using our Services. For example, if you are trying to invest on the platform but do not provide the information needed for us to perform Know Your Customer (“KYC”) due diligence as required by law or by our partners, we will be unable to accept your investment.
In general, your data is your data, and we want you to have control over it. There are some cases, however, where we may need to share your Personal Data in order to provide the Services to you. We may share your Personal with third parties in the following ways:
Our affiliates may access your Personal Data to help us develop, maintain, and provide our Services and help manage our customer relationships.
Our service providers may have to access Personal Data about you in order to provide us support for our Services, including website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, identity verification, background and compliance reviews, fund administration, and banking services.
Stonks may disclose your Personal Data with legal authorities, regulators and participants in judicial proceedings if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization, or audit; to protect the safety of any person; to address fraud, security or technical issues; or to protect our own or another’s legal rights or interests.
If you add Personal Data to your profile, that information may be available for public viewing on the Site. You may request that we limit disclosure of this information to certain Users, but we can not guarantee that no one else will be able to view the Personal Data included in your profile. Remember that even if you do not specifically include certain information on your profile, Users may be able to infer certain facts about you: for example, if you are an Investor on the platform, Users may be able to infer that you have a certain income or net worth.
In the event of any corporate sale, merger, reorganization, dissolution, or similar event, we may also transfer your Personal Data as part of the transferred assets without your consent or notice to you.
We may also share non-Personal Data with interested third parties.
If you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data, we will also forward that request to any third party with whom we have shared your data, but we are not responsible for recovering your Personal Data from any third party who previously received your information from us in accordance with this Policy.
In general, we will retain your Personal Data for as long as your Stonks account is active or we need it for the purposes set out in this Policy. If you request that we remove your Personal Data, we will remove it unless we need it for a continuing purpose as described in this Policy. We will only retain your Personal Data for so long as we reasonably need it, unless a longer retention period is required by law. We may keep some of your Personal Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes, and enforce agreements. For example, if you have active investments with Stonks, we will retain the information required to service the life of your investments.
As the Services are based and maintained in the United States, your Personal Data may be transferred to and maintained on servers or databases located outside your home jurisdiction. The privacy laws in the United States may not be the same as those in yours. If you are located outside of the United States, please be advised that we transfer all information to the United States for storage and processing, and your consent to this Policy represents your consent to this transfer, storage, and processing.
Stonks uses industry-standard safeguards to protect your Personal Data. Only people who need to access your data to perform job-specific duties will have access to your Personal Data. We will periodically review our policies and procedures to make sure they stay effective and up to date. In spite of our best efforts, however, we cannot 100% guarantee the security of any information you transmit to Stonks.
We have procedures in place to respond to any actual or suspected Personal Data breach, and will promptly notify you of any compromise of your Personal Data. You may have a legal right to receive this notice in writing.
If you share your login and password with any third party, Stonks cannot protect your Personal Data. Keep your credentials secure, and enable two-factor authentication.
This Policy (and laws in certain jurisdictions) grants you the following rights:
In certain jurisdictions, you can request a copy of any Personal Data we hold about you, and to check that we are lawfully processing it.
You can ask us to correct any incomplete or inaccurate information we hold about you.
You can ask us to delete any Personal Data that we hold about you, provided there is no legitimate reason for us to continue processing it (e.g., if you have active investments on the platform, we need to keep some data in order to fulfill our obligations to you). In certain jurisdictions, you can ask us to delete your Personal Data where you have exercised your right to object to processing (see below).
If we are relying on a legitimate interest as the legal basis for our processing, but there is something about your particular situation which makes you want to object to the processing of your Personal Data on this basis, you can object to this processing. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
You can also ask us to suspend the processing of your Personal Data in certain scenarios (e.g., if you want us to establish accuracy of your Personal Data or our reason for processing it).
In certain jurisdictions, you can ask us to provide you with your Personal Data in a structured, commonly used, machine-readable format. This right only applies to information which you initially provided consent for us to use, or where we used the information to perform a service for you.
Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent. If you do, we may not be able to provide you with access to certain specific functionalities of the Services: we will advise you if this is the case at the time you withdraw your consent.
If you want to exercise any of the rights described here, please contact us (see Introduction above).
Typically, you will not have to pay to exercise these rights; however, if your request is clearly unfounded or excessive, we may charge a reasonable fee or refuse to comply with your request.
We may need to request some specific information from you to confirm your identity and ensure you can exercise these rights: this is a security measure to ensure that your Personal Data is not disclosed to anyone but you (or your designated third party).
We try to respond to all legitimate requests within one month, although it may take us longer if your request is particularly complex or you have made a number of requests. In any case, we will notify you and keep you updated.
If you feel that your complaint has not been adequately resolved, in the EU the GDPR gives you the right to contact your local data protection authority. You can find information on your country’s data protection authority here.
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of emails relating to investments using the Services or consent to direct marketing communications.
Stonks may collect non-personally identifiable information regarding your usage of the Services. Like most online services, we employ technologies such as cookies, log files, clear GIFs, tracking pixels, web beacons, and other technologies that may collect Personal Data.
Most browsers allow you to refuse or delete cookies; you can learn more here:
Our Site uses the following types of cookies for the purposes set out below:
These cookies are necessary to provide you with the Services, and are only used to provide you with the Services. Without them, you may not be able to use some aspects of the Services.
These cookies allow our Site to remember choices you make when you use the Services (for example, remembering your login details). Without them, you can still use the Services, but functionality may be somewhat limited.
These cookies are used to monitor the performance of our Site and collect anonymous data on usage of our Site in order to help improve how our Site works.
We use this information to help operate our Site more efficiently, to gather demographic information, and to monitor the level of activity on our Site. We may use a number of different tools for this purpose.
These cookies are used to make advertising messages more relevant to you, such as by preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interest.
These cookies are used to enable you to share (non-confidential) pages and content from our website through third party social networking and other websites. The other sites will record this. These cookies may also be used for advertising purposes.
Log file information is automatically reported by your browser each time you access a web page. When you use the Services, our servers automatically record certain information your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information.
When you use the Services, we may employ web beacons (aka clear GIFs or tracking pixels) to anonymously track online usage patterns. No Personally Identifiable Information from your Stonks account is collected using these clear GIFs. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by recipients. The information collected is used to enable more accurate reporting and make Stonks better for our users.
Stonks may use third-party services to help understand use of the Services. These services collect the information sent by your browser as part of a web page request, including cookies and your IP address. They receive this information and their use of it is governed by their respective privacy policies.
If you choose to connect a Google profile to your account, we will access certain information obtained from Google regarding your account. In particular we may store your name and email address as well as information on the particular profile you connect, including your contacts. This data will only be used by us to provide you with the service you expect and will not be shared with any third parties.
We do not currently respond to web browsers' "do not track" signals that provide a method to opt out of the collection of information about users' activities on the Services and on other websites. If we do so in the future, we will provide relevant information in this Privacy & Cookies Policy.
The Stonks Services are not intended for children below the age of 18: we do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register with the Services. If you are under the age of 18, please do not submit any personal information through the Site. If we become aware that we have collected personal information from a child under age 18, we will take steps to remove that information.
This Policy applies only to our Services: any links to other websites not controlled by Stonks are responsible for their own content, and they may have their own privacy policies which differ from this one.
If you choose to use third-party apps, websites, or other services that use, or are integrated with, our Services, those third parties may be able to receive information about your activity within those apps, as well as information on your public profile on our Site. If you decide to use third-party apps linked through the Services, your use of these third-party apps is governed solely by their ToS and privacy policies.You should read the privacy policies of all third-party apps you decide to use. In some cases, you may have to register for or log into such third-party apps on their respective websites. By enabling the use and integration of your selected third-party apps, you expressly permit Stonks to disclose your login as well as your data to such third-party apps as necessary to facilitate your use of such apps in connection with the Services.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes.