WHAT DOES POOLIT DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
• Social Security number and account balances
• Name, address, and income
• Account transactions and checking account information.
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Poolit chooses to share; and whether you can limit this sharing.
Does Poolit share?
Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
For our marketing purposes — to offer our products and services to you
For joint marketing with other financial companies
For our affiliates’ everyday business purposes — information about your transactions and experiences
For our affiliates’ everyday business purposes — information about your creditworthiness
We don't share
For our affiliates to market to you
For nonaffiliates to market to you
We don't share
This privacy notice is provided by Poolit, Inc.
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
We collect your personal information, for example, when you:
• Open an account or provide account information
• Make deposits or withdrawals from your account
• Sync external accounts to your Poolit accountWe also collect your personal information from other companies.
Federal law gives you the right to limit only:
• Sharing for affiliates’ everyday business purposes — information about your creditworthiness
• Affiliates from using your information to market to you
• Sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing. See below for more information on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
• Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf and direct marketing companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
• Our joint marketing partners include financial services companies.
Other important information
California: If your Poolit account has a California mailing address, we will not share personal information we collect about you except to the extent permitted under California law. Vermont: If your Poolit account has a Vermont mailing address, we will not share personal information we collect about you with non-affiliates unless the law allows or you provide authorization.
At Poolit, we want you to understand how and why we use, store, secure and otherwise process your Personal Data. This policy also aims to explain the rights you have with respect to your Personal Data, which may vary depending on where you are located.
For example, certain privacy rights may apply to the extent that EU, UK, Hong Kong, Singapore, U.S. or other privacy or data protection legislation applies to our processing of your Personal Data, or to the extent you are located in those jurisdictions.
As such, “Personal Data” has the meaning given to it in the relevant data protection legislation and includes any data or information relating to an identifiable individual (such as name, address, date of birth or economic information), or which may identify an individual from other information to which an organization is likely to have access.
By virtue of interacting with the Poolit platform that is made available through our mobile application and via https://www.thepoolit.com or any of its subdomains (the “Platform”), or by becoming a Poolit Fund investor, you will provide the Platform with Personal Data. The Platform is part of your agreement with Poolit Fund Management, LLC, as well as with any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform.
In connection with Poolit’s business activities, we collect various types of Personal Data, including, among other things:
1. Directly from You (e.g., when you voluntarily submit information to the Platform, or send us an email or other written correspondence):
2. Indirectly From Other Sources (e.g., from public records or from a counterparty in possession of the data):
We intend to use your Personal Data for a variety of reasonable and legitimate business purposes, including, but not limited to, the following:
We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that the following classes of services, products and subjects may be marketed to you: financial, investment, and related services and products. Such services and products may be provided by or solicited by Poolit and/or third parties with whom Poolit contracts, including financial service providers, such as banks, securities contractors, and investment contractors;
We do not sell any personal data and have not sold any personal data in the past.
In general, we will process and store your Personal Data for at least as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations, which may differ depending on the relevant Group entity or jurisdiction. Subject to those qualifications, our goal is to keep such data for no longer than necessary in relation to the purposes for which we collect and use the Personal Data (we refer to the purposes as set forth above). Poolit will retain your Personal Data in accordance with our record retention policy. If you have any specific questions in this respect, please feel free to contact us.
In the course of using the Platform, your Personal Data may be processed by a number of third-party services for the purposes described above. Those services include but are not limited to:
We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us using the contact Information below.
The below information applies to any Data Subject resident in the EEA or the UK. For purposes of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 and the UK Data Protection Act 2018 (both referred to herein as the “GDPR”):
In respect of the collection, holding, storage, use, and processing of your Personal Data:
The transfer of Personal Data from the UK/EEA to the Poolit entities outside the UK/EEA is governed by data transfer agreements which are in the form of the standard contractual clauses approved by the European Commission (a copy of which can be obtained from us via the contact details below).
Where your Personal Data is processed by third parties outside the UK/EEA, we will ensure appropriate safeguards are in place to adequately protect it, as required by applicable law, including the execution of standard contractual clauses (referred to above) if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission).
Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.To exercise any of these rights, please contact us using the contact details set out under the “Contact and Complaints” heading above.
We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you. In establishing and carrying out a business relationship, we generally do not use any automated decision making pursuant to the GDPR. We may process some of your Personal Data automatically, with the goal of assessing certain personal aspects (profiling), such as to comply with legal or regulatory obligations to combat money laundering, terrorism financing, and offenses that pose a danger to assets. We also use assessment tools in order to be able to allow communications and marketing to be tailored as needed.
As a resident of the EEA or UK, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
The information below may apply to Data Subjects who are residents of California.
California Data Subject Rights
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what Personal Information is disclosed to third parties for direct marketing purposes in the preceding calendar year. For more information on these disclosures, please contact us using the contact details set out under the “Contact and Complaints” heading above.
In addition, Data Subjects in California may have a right under the California Consumer Privacy Act (“CCPA”) to request erasure of their personal data or access to personal data that we have collected in the last twelve (12) months.
You may submit requests for access or erasure of your personal information by contacting us at firstname.lastname@example.org.
Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.
If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.
If you are making a request for erasure, we will ask that you confirm that you would like us to delete your personal information again before your request is addressed. You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request. Agents who make requests on behalf of individuals, will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.
Under the CCPA, you cannot be discriminated against for exercising your rights to access or request erasure of their personal data.