Introduction Jon V, Inc. d/b/a AgentRisk (“we”, “us” and/or “our”) is a SEC registered investment advisor. AgentRisk operates an automated investment service (“Service”). Our Service is made available through our website and via application(s) that reside on mobile devices. This Privacy Policy describes how AgentRisk treats your Personal Data when you use or evaluate our service.

For the purpose of this agreement a User is an individual who uses our website to evaluate our service, or for educational purposes and a Client is an individual who signs our Client Agreement that entitles the Client to have her or his investment portfolio managed by AgentRisk. Our Privacy Policy, Terms of Use and where applicable Client Agreement collectively govern your use or evaluation of our service.

Information Collection In General AgentRisk’s servers automatically record certain information (“Non- Identifiable” or “Aggregated Data”) about your use or evaluation of our Service. Similar to other technology platforms and services, AgentRisk records information such as browsing activity, data displayed or clicked on (such as UI elements, ads, and links), and other information (such as browser type, date and time of access, cookie ID, and referrer URL). Along with cookies, AgentRisk may also use third -party tracking technology, such as Google Analytics, to record similar information regarding you and your activity on the Site.

Types of Data collected The types of information we collect depend on whether you are a User or Client. We collect Personal Data from you when you voluntarily provide information to us, or, in case of Usage Data, we collect data automatically when you use AgentRisk. Additionally, we may collect data from you when you use our broker/custodian Interactive Brokers.

Examples of instances when we collect Personal Data include when you answer questions on our website to determine what kind of portfolio we might recommend if you were to become a Client, when you register to open an account, when you contact our client service organization with questions or when you become a Client. Wherever AgentRisk collects Personal Data, we make an effort to link to this Privacy Policy and other relevant terms, such as our Terms of Use.

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies, Usage Data, various types of Data, email address, first name, last name, middle name, gender, date of birth, username, password, company name, profession, country, state, province, ZIP/Postal code, Social Security number (SSN), city, workplace, field of activity, id or passport picture. Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy.

Information Collection from Users We collect personal information such as name, address, telephone number and other optional information you may provide, such as your age, investable assets, and risk tolerance, which may include your financial goals and objectives, income information and other financial planning information about your household.

We may collect your email address and/or telephone number should you opt to engage via our website, email or dedicated telephone number with our client service team.

We also collect account numbers and login credentials for the accounts (bank or brokerage) you choose to link to our Service, any challenge and/or security questions associated with those accounts and any information contained in those accounts.

We may also collect personal information from you offline, such as when you attend one of our events, or when you contact customer support. We may use this information in combination with other information we collect about you as set forth in this Policy.

Information Collection from Clients If you choose to become a Client, in addition to the information we collect from you as a User, as described above, we will ask you for certain information, including, but not limited to, your full legal name, contact information, birth date, ID, citizenship, investment objectives, approximate net worth, and other regulatory disclosures that may be necessary and required under European law (see our Client Agreement).

In the event you already have an account with Interactive Brokers , which you want us to manage, we will receive the above information from Interactive Brokers.

Personal Data collected for the following purposes and using the following services: Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.

Hotjar Form Analysis & Conversion Funnels (Hotjar Ltd.)
Hotjar is an analytics service provided by Hotjar Ltd.
Hotjar honors generic Do Not Track headers. This means your browser can tell its script not to collect any of your data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.
Personal Data collected: Cookies and Usage Data.
Place of processing: Malta – Privacy Policy – Opt Out.

Hosting and backend infrastructure This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

Google Cloud services (Google, Inc.)
Google cloud is a hosting and backend service provided by Google Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy. Privacy Shield participant.

Managing contacts and sending messages This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

Klaviyo (Klaviyo Inc.)
Klaviyo is an email address management and message sending service provided by Klaviyo Inc.
Personal Data collected: email address, email address, first name, last name, middle name
Place of processing: United States – Privacy Policy.

HubSpot (HubSpot Inc.)
HubSpot is a CRM and email service.
Personal Data collected: email address, first name, last name, middle name, customers’ personal and financial info that have been collected at the onboarding process.
Place of processing: United States – Privacy Policy.

Olark (Habla, Inc)
Olark is a customer communication and support tool
Personal Data collected: email address, first name, last name, middle name.
Place of processing: United States – Privacy Policy.

Registration and authentication By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.

Direct registration (AgentRisk)
The User registers by filling out the registration form and providing the Personal Data directly to AgentRisk
Personal Data collected: city, company name, country, date of birth, email address, field of activity, first name, last name, middle name, gender, password, profession, province, Social Security number (SSN), state, username, workplace and ZIP/Postal code, marital status, financial status.
Place of processing: United States.

Use of Information AgentRisk’s number one priority is your trust. Protecting your privacy is essential to earning and keeping that trust. This tenet drives all of the decisions we make, as well as how we gather, use and store any information we acquire from you.

In general, we use personal information to create and improve our Services, our content, to provide client support and for loss prevention and anti-fraud purposes. We may use this information for the purposes below (which also form our legal bases) as described:

To provide customer service - We process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems.

To provide Service communications - We send administrative or account-related information to you to keep you updated, inform you of relevant tax issues, security issues or updates, or provide other transaction-related information.

To enhance your website experience - We process your personal information to provide you with a personalised experience

To engage in marketing activities - Based on your communication preferences, we may use your Personal Data to send you targeted marketing communications regarding our Service or to tell you about blog posts or services that we believe will be of interest to you. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the “unsubscribe” instructions provided in the communications. Please note that you cannot opt out of administrative communications such as regulatory, billing or service notifications

To maintain legal and regulatory compliance - Our Services are subject to laws and regulations requiring us to collect and use your personal identification information, formal identification information, financial information, employment information, online identifiers, and/or usage data. For example, we must identify and verify customers using our Services in order to comply with anti-money laundering and terrorist financing laws across jurisdictions. In addition, we may use third parties to verify your identity by comparing the personal information you provided against third-party databases and public records.
You may choose not to provide such information to us, but if you choose not to provide such information, you will not be able to become a Client.

Information Sharing and Onward Transfer We will never sell, rent, or trade your Personal Data with any third parties except as required by law, such as when we reasonably believe it is necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, front running or scalping, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use.

There are certain circumstances, outlined below, in which we may share your Personal Data without further disclosure to you. You may request a detailed analysis of which data we may share with third parties by sending us an email at gdpr@agentrisk.com.

We may share the information required to become a Client with Interactive Brokers, our brokerage partner solely for the purpose of allowing our brokerage partner to provide services to you. You can review their Privacy Policy here.

We may share your information with service providers under contract who help with parts of our business operations such as marketing, and technology services. In the case we hire another company to perform a function of this kind, we only provide them with the minimum information they need to perform their specific function.

We may your information with third party identity verification services in order to prevent fraud. This allows us to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with provision of identity verification and fraud prevention services.

Except as required by law or requested by regulatory authorities, AgentRisk agrees to maintain your non public Personal Data in strict confidence.

LEGAL BASES FOR PROCESSING PERSONAL INFORMATION Our legal bases for processing under EEA Data Protection Law are described above in the sections entitled “Use of Information”. We may process your personal information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of AgentRisk Limited, our customers or others.

YOUR RIGHTS, CHOICES AND OBLIGATIONS EEA Residents have the following rights:

Right to withdraw consent - You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of OUR processing based on consent before your withdrawal.

Right of access to and rectification of your personal information - You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by AgentRisk Limited that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

Access may be denied when:
- Denial of access is required or authorized by law;
- Granting access would have a negative impact on other's privacy;
- To protect our rights and properties; and
- Where the request is frivolous or vexatious.

Right to erasure - You have the right to request erasure of your personal information that:
(a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(b) was collected in relation to processing that you previously consented, but later withdraw such consent; or
(c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws

Right to data portability - If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal information.

Right to restriction of or processing - You have the right to restrict or object to us processing your personal information where one of the following applies:
You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.
We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.
You have objected to processing, pending the verification whether the legitimate grounds of AgentRisk Limited’s processing override your rights.

Notification of erasure, rectification and restriction - We will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request this information.

Right to object to processing - Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law..

Right to object to automated individual decision-making, including profiling - Unless it is necessary for entering into, or the performance of, the contract between you and us (needed for us to be able to offer you our services), you have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws.

Right to lodge a complaint - If you believe that we have infringed your rights, we encourage you to contact us first at complaints@agentrisk.com so that we can try to resolve the issue informally. You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place.

Right to contact our Data Protection Officer - You may reach our Data Protection Officer at jon@agentrisk.co

You may request to exercise any of those rights by emailing gdpr@agentrisk.co after providing us enough information to identify your account and prove that you are the owner of the identified account. We will endeavor to make any request effective as soon as reasonably practicable, however kindly note that your rights to personal information are not absolute

You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.

If you close your Account, we will mark your account in our database as "Closed," but will keep your account information in our database for a period of 5 years. This is necessary in order to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account. However, if you close your account, your personal information will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.

Other Important Information Security AgentRisk takes reasonable steps to protect your Personal Data from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. No Internet, email, or electronic operating system that enables the transmission of data is ever fully secure or error free so, please take special care in deciding what information you send to us in this manner. You play a vital role in protecting your own personal information. When registering with our Services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third-parties, and to immediately notify us if you become aware of any unauthorised access to or use of your account.

Data Storage AgentRisk Limited will try to limit the storage of your personal information to the extent that storage is necessary to serve the purpose(s) for which the personal information was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.We may store and process all or part of your personal and transactional information in the United States and elsewhere in the world where our facilities or our service providers are located.

Data Processing We process data using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to us, in some cases it might be necessary that, the Data is accessible to certain types of persons in charge, involved with the operation AgentRisk (administration, legal, system administration). You may request the updated list of these parties at any time.

Retention time Personal Data shall be processed and stored for a period of 5 years retention due to legal purposes. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Place The Data is processed at our cloud services and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

Advertising We do not allow third party advertising on our Website or Mobile applications.

Social Media and Links to Other Web Sites and Apps: “Third Parties” This Privacy Policy and these terms apply only to AgentRisk operated services and applications. The policies described herein do not apply to Third Party websites or applications.

Minors AgentRisk is not to be used by anyone under the age of 18 and as such does not knowingly collect Personal Data from anyone under the age of 18. If you are under the age of 18, please do not submit any Personal Data to AgentRisk. If a parent or guardian becomes aware that his or her child under the age of 18 has provided us with personally identifiable information without his or her consent, he or she should contact us at support@agentrisk.com.

Changes We reserve the right to modify this Privacy Policy at any time, and when required by law, we will notify you of changes to this Privacy Policy. Each version of this Privacy Policy will be identified at the top of the page by its effective date.

This document constitutes the complete Privacy Policy for AgentRisk and the Services.