Last Updated: August 2017 (EU-U.S. Privacy Shield)
Changes to This Policy
We may change this Policy at any time from time to time. If we make any changes to this Policy, we will change the “last updated” date above. All such updates and amendments are effective immediately upon notice thereof. If there are material changes to this Policy, we will notify Users directly either at the time of login or by email to the address on record or both. We encourage Users to check this Policy regularly as they use our Websites and services to understand how personal information is used.
We collect and store the name, physical and email addresses you submit to us along with any investment and transaction details you submit. We use that data to provide you with the service including your account and performance summaries. We do not sell or share your personal data. We do not collect or store any payment data: when you use a credit card to pay for Seraf, you are transacting with third party payment provider Stripe, Inc. and the use of their data will the subject to their privacy policies. This paragraph is a summary; see details in following section.
We do not want any personal information not absolutely necessary to provide Seraf services. The best protection for personal information is not to share it in the first place. For example, Account Owners’ digital locker on Seraf is not an appropriate place to store personal or other sensitive information unrelated to a User’s investment activities. We ask, and Users agree, that neither Account Owners nor, if applicable, their Enterprise Administrators will put any personal or private information on the system beyond what it necessary for us to provide and Users to consume the Seraf services.
That said, in the process of providing the Seraf services, we collect information from Users in various ways when they use our Websites and services. We may also supplement this information with information from other companies. We collect two general types of information, namely limited and specific forms of personal information and relevant investment data. As used in this Policy, the term “Personal Information” means information that specifically identifies an individual (such as a name and email address), and demographic and other information when directly linked to information that can identify an individual.
Our definition of Personal Information does not include “aggregate” data. Aggregate data is information we collect about a group or category of services or users from which individual user identities have been removed. In other words, no Personal Information is included in aggregate data. Aggregate data helps us understand trends in our Users’ needs so that we can better consider new features or otherwise tailor our services. This Policy in no way restricts or limits our collection and use of aggregate data, and we may share aggregate data about our Users with third parties for various purposes, including education, research, or to help us better understand our customer needs and improve our services and for advertising and marketing purposes.
The following are the specific types of information we collect from Users.
Information Enterprise Administrator Give Us. We collect information from Enterprise Administrators on behalf of Account Owners on our Web site when they register for and use our services. Examples include the following:
Registration and Profile Information. When an Account Owner is registered to use our services or update their profile, we may collect various kinds of information about the Account Owner including, their name (or the pseudonym they supply) and email address; their title, company and other profile information they choose to provide; demographic information they choose to provide; and information they choose to upload like photos, files, and documents.
Contact Information. We collect the email addresses from Account Owners or Enterprise Administrators on behalf of the Account Owner for contact purposes. When an Account Owner or Enterprise Administrator on behalf of the Account Owner chooses to collaborate or share company, round, or transaction information or related files with others, we also collect email addresses the Enterprise Administrator provides in order for us to email invitations to those individuals on the Account Owner’s behalf.
Payment Information. When an Account Owner chooses to use a paid Seraf account or service, our 3rd party payment processing vendor collects their credit card information and billing address (or that of their Enterprise Administrator).
Submissions and Customer Service. From time to time we may use surveys requesting personal or demographic information and customer feedback.
Automatically Collected Information. We automatically receive certain types of information when Users interact with our Web pages, services and communications. For example, it is standard for a Web browser to automatically send information to every Website it visits, including ours. That information includes IP address at which the computer is located, access times, the browser type and language, and referring Website addresses. This data typically accretes automatically in server logs and we may need to refer to it for trouble-shooting or service improvement purposes. Our systems may also collect routine server logs or information about the type of operating system a User uses, their account activity, and files and pages accessed or used by them.
Use of Personal Information
We use Personal Information to process a User’s requests or transactions, to provide a User with their Content, information or services they request, to inform them about other information, products or services we think will be of interest to them, to facilitate their use of, and our administration and operation of, the Website and services and to otherwise serve our Users. For example, Seraf (itself, not its partners) may use a User’s Personal Information:
- to request feedback and to enable us to develop, customize and improve the Website and our publications, products and services;
- to conduct marketing analysis, to send Users surveys or newsletters, to contact Users about services, products, activities, special events or offers from Seraf and for other marketing, informational, product development and promotional purposes;
- to send Users a welcoming email and to contact Users about their use of the Website and services; to respond to their emails, submissions, comments, requests or complaints; to perform after-sales services; to anticipate and resolve problems with our service; to respond to customer support inquiries, for assistance with our product and service development; and to inform Users of updates to products and services from Seraf that better meet User needs;
- to store contacts that an Enterprise Administrator or Account Owner enters or uploads into their contacts list for their private use and viewing;
- to send emails to persons a User invites to collaborate and access their files;
- to enable Users to communicate, collaborate, and share their Content with Users they designate; and
- for other purposes about which we notify Users.
EU – U.S. Privacy Shield
Under the Privacy Shield Framework we are responsible for the processing of personal data we receive and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Sharing of Personal Information
We will not share a User’s Personal Information outside of the Seraf employees who have a need to know it to maintain an Account Owner’s services.
Seraf reserves the right to share aggregated demographic information (i.e. not Personal Information) about our customers, sales, and traffic to our commercial partners and sponsors and/or with education and research partners. We will not give, sell, rent, share, or trade any of a User’s Personal Information or any data that a User stores using our services to any third party except as outlined in this Policy or with a User’s consent. We may disclose information to a third party to (a) comply with laws or respond to lawful requests and legal process, (b) to protect Seraf, agents, customers, and others including to enforce our agreements, policies and Terms of Service or (c) in the good faith belief that disclosure is needed to respond to an emergency, or protect the personal safety of any person.
Conversion of Individual Accounts to Group Accounts
If a User is a natural person and an individual Seraf Account Owner, and belongs to a group or organization (such as an investing group, network, fund, incubator, family office or angel group), and that organization later wishes to establish a Seraf Enterprise account (i.e. become an Account Owner at the entity level) and add the individual Seraf Account Owner to the entity’s account, then certain information concerning past use of the individual Seraf Account Owner’s account may become accessible by way of that entity’s account and individuals who are given access by the entity/Account Owner to such information (for example an Enterprise Administrator for the entity/Account Owner), including the individual Seraf Account Owner’s email address. Similarly, if an individual Seraf Account Owner is later set up as an Authorized Designee by an Enterprise Administrator for the Account Owner’s organization, then certain information concerning the individual Seraf Account Owner may become accessible to the Enterprise Administrator including their email address.
If a User is an individual Seraf Account Owner, and the domain of the primary email address associated with their individual Seraf account is owned by their employer, and that email address was assigned to them as an employee of that organization, and that organization later wishes to establish a Seraf corporate Enterprise account and add the individual Seraf Account Owner to the Seraf corporate Enterprise account, then certain information concerning past use of the individual Seraf Account Owner’s account may become accessible to the corporate organization’s Enterprise Administrator including the individual Seraf Account Owner’s email address. Similarly, if an individual Seraf Account Owner’s account is set up by an Enterprise Administrator, then certain information concerning the individual Seraf Account Owner may become accessible to the Enterprise Administrator including their email address.
Be advised that Seraf offers collaboration features that by their nature support sharing with others a User chooses. Such Users would be able to see the sharing User’s name, email address, and possibly their photo or other information from their account profile and any files the User might choose to share; and they may be able to post comments and email accessible to the sharing User. Collaborators a User invites as editors may also be able to edit that User’s shared files, upload documents and photos to their shared files, share those documents outside of Seraf, and give other Users rights to view the shared files.
Links to Other Sites
California Privacy Rights
Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of all such third parties. To request the above information, please contact us via email through our Contact Us page or write to us at the address indicated below.
California and Delaware Do Not Track Disclosures
Network and Information Security
Seraf takes commercially reasonable steps to protect information we collect from Users to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction. In addition, highly confidential personal information (such as a User’s password) we request from a User on our Website is protected with encryption, such as Secured Socket Layer (SSL) protocol, during transmission over the Internet. Seraf uses a third party payment processor and does NOT store any credit card information on any Users behalf.
The servers on which information is stored are kept in a controlled environment with physically limited access. While we take commercially reasonable efforts to guard personal information we knowingly collect directly from Users, Users acknowledge that no security system is completely impenetrable. In addition, we cannot guarantee that any passively-collected personal information an Account Owner or Enterprise Administrator chooses to include in documents or Content they store on our systems without our involvement are maintained at adequate levels of protection to meet specific needs or obligations an Account Owner may have relating to that information (i.e., if someone uploads Content that contains Personal Information, we will not know about it and cannot prevent it).
An Account Owners account information and access to our service is accessible only through the use of an individual User ID and password. To protect the confidentiality of Personal Information, the User must keep their password confidential and not disclose it to any other person. A User is requested to please advise us immediately if they believe their password has been misused. In addition, Users should always logout and close their browser when they finish their session. Please note that we will never ask a User to disclose their password in an unsolicited phone call or email.
Updating and Accessing Personal Information
If an Account Owner or their Enterprise Administrator’s personal information changes in any way, we invite them to correct or update their information as soon as possible. Account Owners or Enterprise Administrators on behalf of Account Owners can make updates to their profile information by logging into their account on Seraf at any time. Enterprise Administrators on behalf of Account Owners can also request changes or access to their information by emailing email@example.com.
Seraf may send Users communications or data regarding our Websites and services, including but not limited to (i) notices about their use of our Websites and services, including any notices concerning violations of use, (ii) updates, and (iii) promotional information and materials regarding our products and services. Users may opt-out of receiving promotional emails from Seraf by following the opt-out instructions provided in those emails. Users may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing firstname.lastname@example.org with their specific request. Opt-out requests will not apply to transactional service messages, such as security alerts, reminders, confirmations and notices about a User’s current account and services.
If a User has any comments or questions about this Policy, they should contact us at email@example.com.
If you correspond with us through the Website or via email, the collected information may include the content of, and metadata regarding, any correspondence you may have with us. We may share your messages with those within our organization that are most capable of addressing the issues contained in your message. We will keep a copy of your message until we have had an opportunity to address your concerns.