Other important information

California: If your Poolit account has a California mailing address, we will not share personal information we collect about you except to the extent permitted under California law. Vermont: If your Poolit account has a Vermont mailing address, we will not share personal information we collect about you with non-affiliates unless the law allows or you provide authorization.

Poolit Privacy Policy

Our Commitment to Privacy

At Poolit, we want you to understand how and why we use, store, secure and otherwise process your Personal Data. This policy also aims to explain the rights you have with respect to your Personal Data, which may vary depending on where you are located.

For example, certain privacy rights may apply to the extent that EU, UK, Hong Kong, Singapore, U.S. or other privacy or data protection legislation applies to our processing of your Personal Data, or to the extent you are located in those jurisdictions.  

As such, “Personal Data” has the meaning given to it in the relevant data protection legislation and includes any data or information relating to an identifiable individual (such as name, address, date of birth or economic information), or which may identify an individual from other information to which an organization is likely to have access.

By virtue of interacting with the Poolit platform that is made available through our mobile application and via https://www.thepoolit.com or any of its subdomains (the “Platform”), or by becoming a Poolit Fund investor, you will provide the Platform with Personal Data.  The Platform is part of your agreement with Poolit Fund Management, LLC, as well as with any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform.

‍

Types of Data Collected

In connection with Poolit’s business activities, we collect various types of Personal Data, including, among other things:

• Personal Identifiers - such as your name, postal address, tax ID, passport number, email address, account name, social security number, driver’s license number, mail address, phone number, or other similar identifiers. 

• Online Identifiers – including operating system, browser name and version, and/or personal IP addresses.

• Device Information – including type of device, device ID, Universally Unique Identifier, advertising identifiers (“IDFA” or “AdID”), operating system and version, wireless carrier, and network type.

• Commercial Information – including tax information, bank account details, credit card number, money transfers including communications on bank transfers, assets, investor profile, credit history, debts and expenses. 

• Internet & Network Activity Information – including browsing history, search history, preferences, authentication data, security questions, click-stream data, public social networking posts, login data, transaction (including, but not limited to, linking your external bank account to the Platform, depositing funds onto the Platform, or purchasing an investment), and other data collected via web beacons, pixel tags, embedded links, cookies, and other similar tracking techniques.

• Professional Information – including your employment history, employer’s name, and remuneration.

• Account & Login Credentials – those used to connect to the Platform as well as other institutions such as private banks or family offices of whom you may be a client.

‍

Methods of Collection

1. Directly from You (e.g., when you voluntarily submit information to the Platform, or send us an email or other written correspondence):

• From the forms and any associated documentation that you complete when subscribing for an interest in a Fund.
• When you undergo certain verification checks and submit identity information such as your identity card or passport.
• When you provide it to us via email or other correspondence.
• When you make transactions with respect to the Platform.
• When you purchase securities via the Platform and/or tell us where to send money.

2. Indirectly From Other Sources (e.g., from public records or from a counterparty in possession of the data):

• Publicly available and accessible data repositories.
• Professional partners such as private banks or family offices of whom you may be a client.
• Tax authorities, including those that are based outside the United States if you are subject to tax in another jurisdiction.
• Governmental and competent regulatory authorities to whom we have regulatory obligations.
• Credit agencies.
• Fraud prevention and detection and anti-money laundering agencies, organizations and service providers.

3. Automatic Collection Tools (e.g., “cookies,” javascript libraries, and app tracking permissions). Cookies are small text files that store Internet settings from the websites you visit. They are widely used to make website features work, operate more efficiently, or improve your experience on the Platform. If you want to update your preferences in this respect, you can do so by following your relevant browser’s instructions for doing so. Javascript libraries are snippets of codes we run on the page that are executed when certain actions take place. App tracking permissions are acquired though settings you select on your mobile device, and we encourage all Platform users to regularly review these settings. The table below outlines how we use data collected via these methods.

• Functional Purposes: to monitor the performance of our Platform and to enhance your platform experience.
• Marketing & Analytics: to understand user behavior in order to provide you with a more relevant platform experience or personalize the content on our Platform. For example, we collect information about which pages you visit to help us present more relevant information.
• Advertising: to personalize and measure the effectiveness of advertising on our Platform and other websites. For example, we may serve you a personalized ad based on the pages you visit on our Platform.
• Essential Purposes: Poolit uses browser cookies that are necessary for the Platform to work as intended. For example, we store your website data collection preferences so we can honor them when you return to our Platform. You can disable these cookies in your browser settings but if you do the Platform may not work as intended.

‍

Use of Personal Data – Generally

We intend to use your Personal Data for a variety of reasonable and legitimate business purposes, including, but not limited to, the following:

• Complying with legal or regulatory obligations, such as our obligations regarding know-your-client and anti-money laundering due diligence.

• Performing a contract with you or to take steps at your request before entering into a contract, including to: (i) provide you with information regarding Poolit products or services; (ii) assist you and answer your requests; (iii) evaluate whether we can offer you a product or service and under what conditions; and (iv) respond to know-your-client and anti-money laundering information requests presented by counterparties with whom we do business on your behalf or for your benefit.

• Other legitimate purposes, such as: 
 • Performing activities relating to client management, financial management and administration;Creating, improving and developing our products and services;Conducting market research, surveys, and similar inquiries to help us understand trends, client and site visitor needs;Investigating and resolving disputes and security issues;Monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities.

‍

Use of Personal Data - Direct Marketing

We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that the following classes of services, products and subjects may be marketed to you: financial, investment, and related services and products. Such services and products may be provided by or solicited by Poolit and/or third parties with whom Poolit contracts, including financial service providers, such as banks, securities contractors, and investment contractors;

If you do not want Poolit to use or provide to other persons your Personal Data for use in direct marketing as described above, you may exercise your right to opt-out, without charge, by notifying us at membercare@poolit.com. We will not use your Personal Data for any purposes inconsistent with this Privacy Policy without your permission.

We do not sell any personal data and have not sold any personal data in the past.

‍

Sharing Personal Data

We share your Personal Data with certain Poolit team members and related parties for the purpose of managing our relationship with you (including recordkeeping related to former clients) and for other purposes as set out in this Privacy Policy. Those with whom we share Personal Data for these purposes include:

• Poolit operations, legal, compliance, finance, technology, marketing and client services teams.
• Our lawyers, auditors and other professional advisors Administrators, fund managers, investment advisers and professional partners such as private banks or family offices of whom you may be a client.

• Service providers, including IT providers, security services providers and financial services administrators. 

• Tax authorities and competent regulatory, prosecuting and other governmental agencies or litigation counterparties.

• Third parties in contexts where we have obtained your specific consent to do.

‍

Protecting Personal Data

Poolit has reasonable technical, organizational and administrative measures to safeguard your personal information commensurate with the sensitivity of the data we process, and limits access to your personal information as described in this privacy policy.  However, no information security program can prevent all cybersecurity attacks or fraud, and we urge you to remain vigilant in monitoring your accounts and to let us know immediately of any suspicious activity in connection with your Poolit accounts.

‍

Retaining Personal Data

In general, we will process and store your Personal Data for at least as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations, which may differ depending on the relevant Group entity or jurisdiction.  Subject to those qualifications, our goal is to keep such data for no longer than necessary in relation to the purposes for which we collect and use the Personal Data (we refer to the purposes as set forth above). Poolit will retain your Personal Data in accordance with our record retention policy. If you have any specific questions in this respect, please feel free to contact us.

‍

Data Processing Details

In the course of using the Platform, your Personal Data may be processed by a number of third-party services for the purposes described above. Those services include but are not limited to:

• Google Analytics – a web analytics service offered by Google that tracks and reports website traffic, currently as a platform inside the Google Marketing Platform brand. For more information, please visit the following hyperlink: Analytics Help – Data Privacy & Security 

• AppsFlyer – a SaaS mobile marketing analytics and attribution platform that helps businesses optimize their marketing user experience. For more information, please visit the following hyperlink: AppsFlyer Services Privacy Policy

• Braze – a customer engagement platform that powers customer-centric interactions between consumers and brands in real-time. It also serves as an email service provider and push notification provider. For more information, please visit the following hyperlink: Braze Privacy Policy

• Amplitude – a product analytics platform that helps businesses track visitors with the help of collaborative analytics. The platform helps businesses understand users’ interactions with products and provides insights to accelerate work on a real-time basis. For more information, please visit the following hyperlink: Amplitude Privacy Policy.

‍

Accessibility

We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us using the contact Information below.

‍

Contact and Complaints

Poolit takes very seriously any complaints we receive about our use of your Personal Data. Questions, comments, requests or complaints regarding the Platform, this Privacy Policy, the User Agreement and/or our use of your Personal Data should be addressed to membercare@poolit.com.

Any Personal Data we receive from you when making a complaint will be treated in accordance with this Privacy Policy and only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us we will only use the information supplied to us to deal with the inquiry and any subsequent issues and to check on the level of service we provide.

Additional Information for Residents of the European Economic Area (the “EEA”) and the United Kingdom (the “UK”).

The below information applies to any Data Subject resident in the EEA or the UK.  For purposes of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 and the UK Data Protection Act 2018 (both referred to herein as the “GDPR”):



• GDPR Data Protection Principles

In respect of the collection, holding, storage, use, and processing of your Personal Data:

• We will process the data lawfully, fairly and in a transparent way.
• We will obtain the data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

• The data we collect will be relevant to the purposes we have told you about and limited only to those purposes.

• We will take reasonable steps to ensure that the data is accurate and kept up to date.
• Subject to applicable legal or other requirements, we will keep the data only as long as necessary.

• We will use appropriate technical and/or organizational measures to ensure appropriate security of the data.

• Transfer of Personal Data Outside of the UK/EEA

The transfer of Personal Data from the UK/EEA to the Poolit entities outside the UK/EEA is governed by data transfer agreements which are in the form of the standard contractual clauses approved by the European Commission (a copy of which can be obtained from us via the contact details below).

Where your Personal Data is processed by third parties outside the UK/EEA, we will ensure appropriate safeguards are in place to adequately protect it, as required by applicable law, including the execution of standard contractual clauses (referred to above) if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission).

• GDPR Data Subject Rights

Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them.  In particular, you may have the right to:

• Request access to any data held about you.
• Ask to have inaccurate data amended.

• Request data held about you to be deleted, provided the data is not required by Poolit to perform a contract, defend a legal claim or to comply with applicable laws or regulations.

• Prevent or restrict processing of data which is no longer required.
• Subject to applicable legal or other requirements, we will keep the data only as long as necessary.

• Request transfer of appropriate data to a third party where this is technically feasible.

Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.To exercise any of these rights, please contact us using the contact details set out under the “Contact and Complaints” heading above.

• Automated Decision Making

We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you.  In establishing and carrying out a business relationship, we generally do not use any automated decision making pursuant to the GDPR.  We may process some of your Personal Data automatically, with the goal of assessing certain personal aspects (profiling), such as to comply with legal or regulatory obligations to combat money laundering, terrorism financing, and offenses that pose a danger to assets.  We also use assessment tools in order to be able to allow communications and marketing to be tailored as needed.


• Complaints to Local Authorities

As a resident of the EEA or UK, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.

‍

Additional Information for Residents of California

The information below may apply to Data Subjects who are residents of California.

California Data Subject Rights

California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what Personal Information is disclosed to third parties for direct marketing purposes in the preceding calendar year. For more information on these disclosures, please contact us using the contact details set out under the “Contact and Complaints” heading above.

In addition, Data Subjects in California may have a right under the California Consumer Privacy Act (“CCPA”) to request erasure of their personal data or access to personal data that we have collected in the last twelve (12) months.

You may submit requests for access or erasure of your personal information by contacting us at legal@thepoolit.com.

Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.

If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.

If you are making a request for erasure, we will ask that you confirm that you would like us to delete your personal information again before your request is addressed. You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request. Agents who make requests on behalf of individuals, will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.

Under the CCPA, you cannot be discriminated against for exercising your rights to access or request erasure of their personal data.

‍

Thank you for visiting Poolit.

Please contact us at membercare@poolit.com if you have any questions about the Platform or our Privacy Policy and User Agreement.

‍