WHAT DOES POOLIT DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
• Social Security number and account balances
• Name, address, and income
• Account transactions and checking account information.
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Poolit chooses to share; and whether you can limit this sharing.
Does Poolit share?
Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Yes
No
For our marketing purposes — to offer our products and services to you
Yes
No
For joint marketing with other financial companies
Yes
No
For our affiliates’ everyday business purposes — information about your transactions and experiences
Yes
No
For our affiliates’ everyday business purposes — information about your creditworthiness
No
We don't share
For our affiliates to market to you
Yes
No
For nonaffiliates to market to you
No
We don't share
This privacy notice is provided by Poolit, Inc.
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
We collect your personal information, for example, when you:
• Open an account or provide account information
• Make deposits or withdrawals from your account
• Sync external accounts to your Poolit accountWe also collect your personal information from other companies.
Federal law gives you the right to limit only:
• Sharing for affiliates’ everyday business purposes — information about your creditworthiness
• Affiliates from using your information to market to you
• Sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing.
See below for more information on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
• Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf and direct marketing companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
• Our joint marketing partners include financial services companies.
Other important information
California: If your Poolit account has a California mailing address, we will not share personal information we collect about you except to the extent permitted under California law. Vermont: If your Poolit account has a Vermont mailing address, we will not share personal information we collect about you with non-affiliates unless the law allows or you provide authorization.
At Poolit, we want you to understand how and why we use, store, secure and otherwise process your Personal Data. This policy also aims to explain the rights you have with respect to your Personal Data, which may vary depending on where you are located.
For example, certain privacy rights may apply to the extent that EU, UK, Hong Kong, Singapore, U.S. or other privacy or data protection legislation applies to our processing of your Personal Data, or to the extent you are located in those jurisdictions.
As such, “Personal Data” has the meaning given to it in the relevant data protection legislation and includes any data or information relating to an identifiable individual (such as name, address, date of birth or economic information), or which may identify an individual from other information to which an organization is likely to have access.
By virtue of interacting with the Poolit platform that is made available through our mobile application and via https://www.thepoolit.com or any of its subdomains (the “Platform”), or by becoming a Poolit Fund investor, you will provide the Platform with Personal Data. The Platform is part of your agreement with Poolit Fund Management, LLC, as well as with any fund vehicle (each, a “Fund”) you may choose to invest in via the Platform.
In connection with Poolit’s business activities, we collect various types of Personal Data, including, among other things:
1. Directly from You (e.g., when you voluntarily submit information to the Platform, or send us an email or other written correspondence):
2. Indirectly From Other Sources (e.g., from public records or from a counterparty in possession of the data):
3. Automatic Collection Tools (e.g., “cookies,” javascript libraries, and app tracking permissions). Cookies are small text files that store Internet settings from the websites you visit. They are widely used to make website features work, operate more efficiently, or improve your experience on the Platform. If you want to update your preferences in this respect, you can do so by following your relevant browser’s instructions for doing so. Javascript libraries are snippets of codes we run on the page that are executed when certain actions take place. App tracking permissions are acquired though settings you select on your mobile device, and we encourage all Platform users to regularly review these settings. The table below outlines how we use data collected via these methods.
We intend to use your Personal Data for a variety of reasonable and legitimate business purposes, including, but not limited to, the following:
We intend to use your Personal Data in direct marketing, however we may not do so unless we have received your consent (which includes an indication of no objection) for such purposes. In this respect, please note that the following classes of services, products and subjects may be marketed to you: financial, investment, and related services and products. Such services and products may be provided by or solicited by Poolit and/or third parties with whom Poolit contracts, including financial service providers, such as banks, securities contractors, and investment contractors;
If you do not want Poolit to use or provide to other persons your Personal Data for use in direct marketing as described above, you may exercise your right to opt-out, without charge, by notifying us at membercare@poolit.com. We will not use your Personal Data for any purposes inconsistent with this Privacy Policy without your permission.
We do not sell any personal data and have not sold any personal data in the past.
We share your Personal Data with certain Poolit team members and related parties for the purpose of managing our relationship with you (including recordkeeping related to former clients) and for other purposes as set out in this Privacy Policy. Those with whom we share Personal Data for these purposes include:
Poolit has reasonable technical, organizational and administrative measures to safeguard your personal information commensurate with the sensitivity of the data we process, and limits access to your personal information as described in this privacy policy. However, no information security program can prevent all cybersecurity attacks or fraud, and we urge you to remain vigilant in monitoring your accounts and to let us know immediately of any suspicious activity in connection with your Poolit accounts.
In general, we will process and store your Personal Data for at least as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations, which may differ depending on the relevant Group entity or jurisdiction. Subject to those qualifications, our goal is to keep such data for no longer than necessary in relation to the purposes for which we collect and use the Personal Data (we refer to the purposes as set forth above). Poolit will retain your Personal Data in accordance with our record retention policy. If you have any specific questions in this respect, please feel free to contact us.
In the course of using the Platform, your Personal Data may be processed by a number of third-party services for the purposes described above. Those services include but are not limited to:
We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us using the contact Information below.
Poolit takes very seriously any complaints we receive about our use of your Personal Data. Questions, comments, requests or complaints regarding the Platform, this Privacy Policy, the User Agreement and/or our use of your Personal Data should be addressed to membercare@poolit.com.
Any Personal Data we receive from you when making a complaint will be treated in accordance with this Privacy Policy and only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us we will only use the information supplied to us to deal with the inquiry and any subsequent issues and to check on the level of service we provide.
The below information applies to any Data Subject resident in the EEA or the UK. For purposes of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 and the UK Data Protection Act 2018 (both referred to herein as the “GDPR”):
In respect of the collection, holding, storage, use, and processing of your Personal Data:
The transfer of Personal Data from the UK/EEA to the Poolit entities outside the UK/EEA is governed by data transfer agreements which are in the form of the standard contractual clauses approved by the European Commission (a copy of which can be obtained from us via the contact details below).
Where your Personal Data is processed by third parties outside the UK/EEA, we will ensure appropriate safeguards are in place to adequately protect it, as required by applicable law, including the execution of standard contractual clauses (referred to above) if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission).
Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.To exercise any of these rights, please contact us using the contact details set out under the “Contact and Complaints” heading above.
We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you. In establishing and carrying out a business relationship, we generally do not use any automated decision making pursuant to the GDPR. We may process some of your Personal Data automatically, with the goal of assessing certain personal aspects (profiling), such as to comply with legal or regulatory obligations to combat money laundering, terrorism financing, and offenses that pose a danger to assets. We also use assessment tools in order to be able to allow communications and marketing to be tailored as needed.
As a resident of the EEA or UK, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
The information below may apply to Data Subjects who are residents of California.
California Data Subject Rights
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what Personal Information is disclosed to third parties for direct marketing purposes in the preceding calendar year. For more information on these disclosures, please contact us using the contact details set out under the “Contact and Complaints” heading above.
In addition, Data Subjects in California may have a right under the California Consumer Privacy Act (“CCPA”) to request erasure of their personal data or access to personal data that we have collected in the last twelve (12) months.
You may submit requests for access or erasure of your personal information by contacting us at legal@thepoolit.com.
Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.
If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.
If you are making a request for erasure, we will ask that you confirm that you would like us to delete your personal information again before your request is addressed. You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request. Agents who make requests on behalf of individuals, will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.
Under the CCPA, you cannot be discriminated against for exercising your rights to access or request erasure of their personal data.
Please contact us at membercare@poolit.com if you have any questions about the Platform or our Privacy Policy and User Agreement.