When we need to collect information from you to complete a requested transaction or provide you with a particular service, we will generally ask you to voluntarily supply us with the information we need. This information may include (a) personal data used to verify your identity, allow you to log onto the Site, verify your age, run background checks and otherwise conduct the verification and due diligence services we provide, guard against potential fraud, and otherwise operate the Site and provide the Services consistent with legal and regulatory requirements, (b) personal and financial data used to verify your status as an accredited investor, and (c) other personal and financial information used for a variety of purposes, including providing the Services as described on the Site. We may also collect information about you from other sources, including but not limited to: (i) our communications with you, including information obtained when you make an investment with a Member through the Site or otherwise volunteer information; (ii) your interactions with the Site, including information such as how you accessed the site, what specific information you accessed on the site, and for how long, and other information about your preferences and interests based on how you interacted with the Site, (iii) your transactions with us, our affiliates, or other Users, including when you, as an investor, make an investment with another User who is an investment manager or Member listed in our Investment Manager directory or who uses the Services to subscribe investors and manage their on-going relationships with those investors; (iv) information about you provided to us by other parties, including Users who use the Services to subscribe investors and manage their on-going relationships with those investors; (v) outside companies, such as credit reporting agencies, to evaluate your creditworthiness and credit history; and, (vi) public sources, such as court and bankruptcy records, regulatory agency records, and real estate records.
We divide information about you into two groups: (i) General Customer Information; and, (ii) Restricted Customer Information. “General Customer Information” is information about you and your business and investment activities, your use of the Site and the Services, including names, addresses, telephone numbers and email addresses, and similar information, including information that may have been gleaned from “Restricted Customer Information.” “Restricted Customer Information” refers to particularly sensitive information, such as social security or tax identification numbers, dates of birth, tax returns, financial statements, employment status and salary information, business plans, reports obtained from credit reporting agencies, bank account numbers, including routing numbers, and credit card numbers.
How Verivest Uses and Discloses the Information we Collect
We may use and disclose information provided by you consistent with the Services as described on the Site, including by posting relevant information publicly in the investment manager directory to the extent consistent with the nature of that directory and of the Services. We may also use and disclose General Customer Information and Restricted Customer Information to companies related to us by common control or ownership (“affiliates”), as well as any third parties, contractors, consultants, and advisers we may engage to assist us in carrying out any transaction that you have requested of us or authorized, or for other business purposes as may be necessary to complete our contractual obligations with you or otherwise provide the Services. We may also use and disclose to affiliates, service providers, and third parties both types of information for technical support, document and data storage, auditing, research, and analysis to operate and improve Verivest’s Services.
Among other things, we will disclose General Customer Information and Restricted Customer Information to other Users who are issuers or managers who use the Services to subscribe investors and manage their on-going relationships with those investors. We only do this, however, to the extent you voluntarily elect to share information with that other User. Verivest’s terms of service with all investment managers, members, service providers, and other vendors are incorporated into our agreements with those third-parties and include restrictions on the retention, use, disclosure, or sale of such personal information for any purpose other than performing the services specified in that service provider’s contract with Verivest.
We and our affiliates may also use General Customer information in other ways, including, without limitation, to send you educational or promotional materials that we think may be of interest to you; provided, however, that we and our affiliates will not use your General Customer information obtained exclusively through the Site or the Services to engage in direct email or telephone marketing to you concerning investment opportunities offered or managed by us or our affiliates. If you no longer wish to receive promotional e-mails from us, please use the unsubscribe feature found in our commercial e-mails. Please note that you will, however, continue to receive service-related e-mail messages that concern products and services you obtain from or through us.
We may also share and allow others to share Aggregated Information that does not disclose your identity and cannot be connected to your identity with outside companies, or to the public generally, including through general information about the real estate investment market and the historical or ongoing performance of real estate investment opportunities. “Aggregated Information” refers to information Verivest gathers by aggregating non-identifiable information to provide summaries of our Users, their use of the Site, their investment patterns, and their interactions with the investment managers and information about them listed on the Site. Aggregated Information is used to show usage patterns and to do such things as negotiate with providers of products and services that we may want to offer our customers. Aggregated Information may also include information about the performance of certain investments, market trends and related data, all without disclosing information that can easily be connected to any specific User.
Except as set forth above or as otherwise required or permitted by law, Verivest will not share Restricted Customer Information with third parties without your prior authorization, which may be expressed or implied from the nature of your activities on the Site, including, for example, from your expression of interest in investing in real estate opportunities made available by a specific investment manager or Member listed on the Site. We will not share your personal information with any service providers or third-parties who do not have agreements or policies in place prohibiting the retention, use, disclosure, or sale of such personal information for any purpose other than performing the services specified in that service provider’s contract with Verivest.
Regardless of whether you have opted out of sharing your General Customer Information or provided us authorization to share your Restricted Customer Information, we reserve the right to use and disclose Aggregated Information, General Customer Information and Restricted Customer Information, as required, to comply with the law, applicable regulations, governmental and quasi-governmental requests, judicial proceedings, court orders or subpoenas, to perform and enforce agreements between you and us, our affiliates, or partners, and to protect our and our affiliates’ rights, property or safety or to protect the rights, property or safety of others (e.g., to a credit reporting agency for fraud protection, or to prevent or limit fraud).
Storage of Information
The security of the information you provide is important to us. We maintain physical safeguards, such as secure areas in buildings, and electronic and procedural safeguards, such as passwords and access limitations. Access to Restricted Customer Information about you is restricted to authorized employees obtaining the information for business purposes. We do not sell your personal information.
After information reaches Verivest, it is stored in one of two places: (1) on a secure server designed to block unauthorized access from outside of Verivest, and (2) on servers hosted by one or more third-party data storage companies. Any third-party data storage provider will be a large provider with a national presence that is bound by its agreements with Verivest to only use and share your information as needed to perform the services it has contracted with Verivest to provide. Remember, no method of transmission over the Internet, or method of electronic storage, is 100% secure (for example, any information you provide us by email is not encrypted and third-party data storage providers are subject to external attacks). Therefore, while we will use commercially reasonable efforts to protect the information you provide us, we cannot guarantee its absolute security.
We may retain General Customer Information and Aggregated Information indefinitely. Restricted Customer Information will be retained for as long as you are using Verivest’s Services, and thereafter to the extent required by applicable record retention policies or regulatory requirements.
You may request the deletion of data that is stored on the Verivest platform and databases, so long as the request is compliant with legal requirements and is not required for us to complete previously agreed services you have contracted us to perform.
Process for Submitting “Right to Know” or “Right to Delete” Request
Users have the right to make two requests to know or delete data in a twelve-month period by following the processes described below.
You may submit a request to know or delete information, subject to the conditions below, to firstname.lastname@example.org. We will produce or delete information in response to up to two verifiable requests per User per year.
We will confirm receipt of a request from a User to know or delete information within 10 days, and will provide information about processing the requests at that time.
We verify the identity of Users who make requests to know or delete information by taking the following steps:
- We identify the User and associate the information provided by the User in the verifiable request to any personal information we have previously collected by about the User.
- We identify by category or categories the personal information collected about the User for a time period not to exceed the 12 months preceding the request that most closely describes the personal information collected; the categories of sources from which the User’s personal information was collected; the business or commercial purpose for collecting or sharing the User’s personal information; and the categories of third parties to whom we disclose the User’s personal information.
- We provide the specific pieces of personal information obtained from a User in a format that is easily understandable to the average User, and to the extent technically feasible, in a structured, commonly used, machine-readable format that may also be transmitted to another entity at the User’s request without hindrance. “Specific pieces of information” do not include data generated to help ensure security and integrity or as prescribed by regulation.
If we are unable to verify the requesting User’s identity, the requestor will be notified that their identity could not be verified and the request will be denied.
If we are able to verify the identity of the User making the request to know or delete, we will respond within 45 calendar days electronically or by mail (unless a 45-day extension is required, as allowed by law). A designated Verivest employee will be responsible for preserving copies of specific personal information collected about each User. Upon receiving a request, this employee will locate and produce any of the following categories of requested information in response to any request by a verified User:
- The categories of personal information we collected about the User,
- The categories of sources from which personal information is collected,
- The business or commercial purpose for collecting or selling personal information,
- The categories of third parties with whom we share personal information,
- The specific pieces of personal information we have collected about the User, and
- The categories of the User’s personal information that were disclosed for business purposes in the 12 months preceding the User’s verifiable request.
We will not delete customer information if the information is necessary to accomplish any of the following:
- Complete a transaction for which the personal information was collected, provide goods and services to the consumer, or otherwise perform a contract with the User;
- Detect security incidents, fraud, or illegal activity;
- Exercise free speech, or ensure the right of another User to exercise his or her right of free speech;
- Enable internal uses that are reasonably aligned with the expectations of the User based on the User’s relationship with the business;
- Comply with a legal obligation; or
- Otherwise utilize the User’s personal information internally and in a lawful manner that is compatible with the context in which the User provided the information.
Personal Information Security Breach Response Process
In the unlikely event that your nonencrypted and nonredacted personal information, or email address in combination with a password or security question that would permit access to your account, is subject to an unauthorized access and exfiltration, theft, or disclosure, such an event will be addressed through the following process:
- Determine scope of breach and take steps to prevent any further disclosure of information,
- Determine if any state privacy laws apply and follow any jurisdiction specific notification requirements applicable,
- Notify Users impacted by the breach,
- Report to and cooperate with law enforcement as needed,
- Offer to provide affected Users with credit monitoring services.
Browsing the Site
The Site does not collect personally identifiable information from your computer when you browse the Site and request pages from our servers. This means that, unless you voluntarily and knowingly provide us with personally identifiable information, we will not know your name, your email address, or any other personally identifiable information. If you do provide us this information, it will only be associated with the General Information we collect concerning your use of the Site if you have consented to that. Verivest’s servers do automatically record non-personally identifiable information when you visit the Site or use some of our products. Among other things, when you request a page from the Site, our servers log the information provided in the HTTP request header including the IP number, the date and time of the request, the URL of your request, the language used, the browser type and any other information that is provided in the HTTP header. We collect the HTTP request header information in order to make the Site function correctly and provide you the functionality that you see on the Site. We also use this information to better understand how Users use the Site and how we can better tune it, its contents and functionality to meet your needs.
As is true of most websites, if you visit the Site, we will gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and click stream data.
We use this information to analyze trends, to administer the site, to track Users’ movements around the site and to gather demographic information about our User base as a whole. We only link this automatically-collected data to your General Customer Information and your Restricted Customer Information after you have provided your consent for us to do so.
Links to Other Sites
The Site may contain links to other sites such as Investment Managers and other Users, service providers, and other third parties which are not owned or controlled by us. Please be aware that this Policy only addresses Verivest’s use and disclosure of information collected on the Site. We are not responsible for the privacy practices of such other sites accessed through links on the Verivest site. We encourage you to be aware when you leave the Site and to read the applicable privacy policies and terms of conditions of each and every website that collects personally identifiable information.
Enhancement of Information
We may purchase marketing data from third parties and add it to our existing user database, to better target our advertising and to provide pertinent offers in which we think you would be interested. To enrich our database of individual Users, we tie this information to the information you have provided to us.
In the event that Verivest goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your General Customer Information and Restricted Customer Information as well as Aggregated Information will likely be among the assets transferred. By using the Site, you consent to any such transfer of your information to Verivest’s acquirers, successors, and assigns.
Services not intended for use of Children
Our Services are not directed to children under the age of 18. We do not knowingly collect information, including personal information, from children. If you believe that data has been collected from children, please contact email@example.com.
We reserve the right to modify this Policy at any time without notice to you other than posting the revisions on the Site. The provisions contained in this Policy supersede all previous notices or policies regarding our privacy practices with respect to the Site or our products and services. Any and all changes made to this Policy will be posted on our Site and become effective immediately upon posting. The date of the current version of this Policy is noted above.
We encourage you to check the Site frequently to see the current Policy. Upon any material changes to the Policy, we will post those changes to this Policy, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.