Policy Effective Date: May 25th, 2018
AgentRisk’s servers automatically record certain information (“Non- Identifiable” or “Aggregated Data”) about your use or evaluation of our Service. Similar to other technology platforms and services, AgentRisk records information such as browsing activity, data displayed or clicked on (such as UI elements, ads, and links), and other information (such as browser type, date and time of access, cookie ID, and referrer URL). Along with cookies, AgentRisk may also use third -party tracking technology, such as Google Analytics, to record similar information regarding you and your activity on the Site.
The types of information we collect depend on whether you are a User or Client. We collect Personal Data from you when you voluntarily provide information to us, or, in case of Usage Data, we collect data automatically when you use AgentRisk. Additionally, we may collect data from you when you use our broker/custodian Interactive Brokers.
We collect personal information such as name, address, telephone number and other optional information you may provide, such as your age, investable assets, and risk tolerance, which may include your financial goals and objectives, income information and other financial planning information about your household.
We may collect your email address and/or telephone number should you opt to engage via our website, email or dedicated telephone number with our client service team.
We also collect account numbers and login credentials for the accounts (bank or brokerage) you choose to link to our Service, any challenge and/or security questions associated with those accounts and any information contained in those accounts.
We may also collect personal information from you offline, such as when you attend one of our events, or when you contact customer support. We may use this information in combination with other information we collect about you as set forth in this Policy.
If you choose to become a Client, in addition to the information we collect from you as a User, as described above, we will ask you for certain information, including, but not limited to, your full legal name, contact information, birth date, ID, citizenship, investment objectives, approximate net worth, and other regulatory disclosures that may be necessary and required under European law (see our Client Agreement).
In the event you already have an account with Interactive Brokers , which you want us to manage, we will receive the above information from Interactive Brokers.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)
Hotjar is an analytics service provided by Hotjar Ltd.
Hotjar honors generic Do Not Track headers. This means your browser can tell its script not to collect any of your data. This is a setting that is available in all major browsers.
Personal Data collected: Cookies and Usage Data.
This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Google Cloud services (Google, Inc.)
Google cloud is a hosting and backend service provided by Google Inc.
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
Klaviyo (Klaviyo Inc.)
Klaviyo is an email address management and message sending service provided by Klaviyo Inc.
Personal Data collected: email address, email address, first name, last name, middle name
HubSpot (HubSpot Inc.)
HubSpot is a CRM and email service.
Personal Data collected: email address, first name, last name, middle name, customers’ personal and financial info that have been collected at the onboarding process.
Olark (Habla, Inc)
Olark is a customer communication and support tool
Personal Data collected: email address, first name, last name, middle name.
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Direct registration (AgentRisk)
The User registers by filling out the registration form and providing the Personal Data directly to AgentRisk.
Personal Data collected: city, company name, country, date of birth, email address, field of activity, first name, last name, middle name, gender, password, profession, province, Social Security number (SSN), state, username, workplace and ZIP/Postal code, marital status, financial status.
Place of processing: United States.
AgentRisk’s number one priority is your trust. Protecting your privacy is essential to earning and keeping that trust. This tenet drives all of the decisions we make, as well as how we gather, use and store any information we acquire from you.
In general, we use personal information to create and improve our Services, our content, to provide client support and for loss prevention and anti-fraud purposes. We may use this information for the purposes below (which also form our legal bases) as described:
To provide customer service - We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems.
To provide Service communications - We send administrative or account-related information to you to keep you updated, inform you of relevant tax issues, security issues or updates, or provide other transaction-related information.
To enhance your website experience - We process your personal information to provide you with a personalised experience
To engage in marketing activities - Based on your communication preferences, we may use your Personal Data to send you targeted marketing communications regarding our Service or to tell you about blog posts or services that we believe will be of interest to you. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the “unsubscribe” instructions provided in the communications. Please note that you cannot opt out of administrative communications such as regulatory, billing or service notifications
To maintain legal and regulatory compliance - Our Services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, employment information, online identifiers, and/or usage data. For example, we must identify and verify customers using our Services in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we may use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records.
You may choose not to provide such information to us, but if you choose not to provide such information, you will not be able to become a Client.
There are certain circumstances, outlined below, in which we may share your Personal Data without further disclosure to you. You may request a detailed analysis of which data we may share with third parties by sending us an email at email@example.com.
We may share your information with service providers under contract who help with parts of our business operations such as marketing, and technology services. In the case we hire another company to perform a function of this kind, we only provide them with the minimum information they need to perform their specific function.
We may your information with third party identity verification services in order to prevent fraud. This allows us to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with provision of identity verification and fraud prevention services.
Except as required by law or requested by regulatory authorities, AgentRisk agrees to maintain your non public Personal Data in strict confidence.
Our legal bases for processing under EEA Data Protection Law are described above in the sections entitled “Use of Information”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of AgentRisk Limited, our customers or others.
EEA Residents have the following rights:
Right to withdraw consent - You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of OUR processing based on consent before your withdrawal.
Right of access to and rectification of your personal information - You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by AgentRisk Limited that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
Access may be denied when:
- Denial of access is required or authorized by law;
- Granting access would have a negative impact on other's privacy;
- To protect our rights and properties; and
- Where the request is frivolous or vexatious.
Right to erasure - You have the right to request erasure of your personal information that:
(a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(b) was collected in relation to processing that you previously consented, but later withdraw such consent; or
(c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws
Right to data portability - If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal information.
Right to restriction of or processing - You have the right to restrict or object to us processing your personal information where one of the following applies: You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information. The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead. We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims. You have objected to processing, pending the verification whether the legitimate grounds of AgentRisk Limited’s processing override your rights.
Notification of erasure, rectification and restriction - We will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.
Right to object to processing - Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law..
Right to object to automated individual decision-making, including profiling - Unless it is necessary for entering into, or the performance of, the contract between you and us (needed for us to be able to offer you our services), you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.
Right to lodge a complaint - If you believe that we have infringed your rights, we encourage you to contact us first at firstname.lastname@example.org so that we can try to resolve the issue informally. You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place.
Right to contact our Data Protection Officer - You may reach our Data Protection Officer at email@example.com
You may request to exercise any of those rights by emailing firstname.lastname@example.org after providing us enough information to identify your account and prove that you are the owner of the identified account. We will endeavor to make any request effective as soon as reasonably practicable, however kindly note that your rights to personal information are not absolute
You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.
AgentRisk takes reasonable steps to protect your Personal Data from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. No Internet, email, or electronic operating system that enables the transmission of data is ever fully secure or error free so, please take special care in deciding what information you send to us in this manner. You play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorised access to or use of your account.
AgentRisk Limited will try to limit the storage of your personal information to the extent that storage is necessary to serve the purpose(s) for which the personal information was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.We may store and process all or part of your personal and transactional information in the United States and elsewhere in the world where our facilities or our service providers are located.
We process data using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to us, in some cases it might be necessary that, the Data is accessible to certain types of persons in charge, involved with the operation AgentRisk (administration, legal, system administration). You may request the updated list of these parties at any time.
Personal Data shall be processed and stored for a period of 5 years retention due to legal purposes. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The Data is processed at our cloud services and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
We do not allow third party advertising on our Website or Mobile applications.
AgentRisk is not to be used by anyone under the age of 18 and as such does not knowingly collect Personal Data from anyone under the age of 18. If you are under the age of 18, please do not submit any Personal Data to AgentRisk. If a parent or guardian becomes aware that his or her child under the age of 18 has provided us with personally identifiable information without his or her consent, he or she should contact us at email@example.com