Seraf Privacy Policy

Last Updated: August 2017 (EU-U.S. Privacy Shield)

The privacy of Users is important to Seraf Private Investor Office LLC (“Seraf”). This privacy policy (“Policy”) applies to the Seraf Website and services and tells users of the website, https://seraf-investor.com, how personal information and investment information is collected, used, disclosed, and protected by Seraf. This statement includes Seraf’s EU-U.S. Privacy Shield Framework Privacy Statements and the Website Privacy Statements. This Privacy Policy governs your access to and use of Seraf at seraf-investor.com (the “Seraf Website" or “Website”), as well as the information and materials on the Seraf Website (the "Content"). Capitalized terms not defined in this Policy shall have the definitions set forth in the Seraf Terms of Service.

Please read this Privacy Policy carefully when using our Website or services or transacting business with us. By using the Website, you are accepting the practices described in this Privacy Policy and the Terms of Use. If we make any material changes to our privacy practices, we will post a revised Privacy Policy on this page.

Changes to This Policy

We may change this Policy at any time from time to time. If we make any changes to this Policy, we will change the “last updated” date above. All such updates and amendments are effective immediately upon notice thereof. If there are material changes to this Policy, we will notify Users directly either at the time of login or by email to the address on record or both. We encourage Users to check this Policy regularly as they use our Websites and services to understand how personal information is used.

Information Collected

Summary:

We collect and store the name, physical and email addresses you submit to us along with any investment and transaction details you submit. We use that data to provide you with the service including your account and performance summaries. We do not sell or share your personal data.  We do not collect or store any payment data: when you use a credit card to pay for Seraf, you are transacting with third party payment provider Stripe, Inc. and the use of their data will the subject to their privacy policies.  This paragraph is a summary; see details in following section.

Detail:

We do not want any personal information not absolutely necessary to provide Seraf services. The best protection for personal information is not to share it in the first place. For example, Account Owners’ digital locker on Seraf is not an appropriate place to store personal or other sensitive information unrelated to a User’s investment activities. We ask, and Users agree, that neither Account Owners nor, if applicable, their Enterprise Administrators will put any personal or private information on the system beyond what it necessary for us to provide and Users to consume the Seraf services.

That said, in the process of providing the Seraf services, we collect information from Users in various ways when they use our Websites and services. We may also supplement this information with information from other companies. We collect two general types of information, namely limited and specific forms of personal information and relevant investment data. As used in this Policy, the term “Personal Information” means information that specifically identifies an individual (such as a name and email address), and demographic and other information when directly linked to information that can identify an individual.

Our definition of Personal Information does not include “aggregate” data. Aggregate data is information we collect about a group or category of services or users from which individual user identities have been removed. In other words, no Personal Information is included in aggregate data. Aggregate data helps us understand trends in our Users’ needs so that we can better consider new features or otherwise tailor our services. This Policy in no way restricts or limits our collection and use of aggregate data, and we may share aggregate data about our Users with third parties for various purposes, including education, research, or to help us better understand our customer needs and improve our services and for advertising and marketing purposes.

The following are the specific types of information we collect from Users.

Information Enterprise Administrator Give Us. We collect information from Enterprise Administrators on behalf of Account Owners on our Web site when they register for and use our services. Examples include the following:

Registration and Profile Information. When an Account Owner is registered to use our services or update their profile, we may collect various kinds of information about the Account Owner including, their name (or the pseudonym they supply) and email address; their title, company and other profile information they choose to provide; demographic information they choose to provide; and information they choose to upload like photos, files, and documents.

Contact Information. We collect the email addresses from Account Owners or Enterprise Administrators on behalf of the Account Owner for contact purposes. When an Account Owner or Enterprise Administrator on behalf of the Account Owner chooses to collaborate or share company, round, or transaction information or related files with others, we also collect email addresses the Enterprise Administrator provides in order for us to email invitations to those individuals on the Account Owner’s behalf.

Payment Information. When an Account Owner chooses to use a paid Seraf account or service, our 3rd party payment processing vendor collects their credit card information and billing address (or that of their Enterprise Administrator).

Submissions and Customer Service. From time to time we may use surveys requesting personal or demographic information and customer feedback.

Automatically Collected Information. We automatically receive certain types of information when Users interact with our Web pages, services and communications. For example, it is standard for a Web browser to automatically send information to every Website it visits, including ours. That information includes IP address at which the computer is located, access times, the browser type and language, and referring Website addresses. This data typically accretes automatically in server logs and we may need to refer to it for trouble-shooting or service improvement purposes. Our systems may also collect routine server logs or information about the type of operating system a User uses, their account activity, and files and pages accessed or used by them.

Cookies and Web Beacons. We may also use certain kinds of technology such as cookies and Web beacons to collect information. Among other things, the use of cookies and Web beacons enables us to improve our Websites and emails by seeing which areas and features are most popular, to count the number of computers accessing our Website, to personalize and improve a User’s experience, to record a User’s preferences, to remarket our advertising messages to people who have visited our site via advertising networks across participating websites, and to allow a User to visit our Website without re-entering their member ID and/or password. A cookie is a small amount of data which is sent to a User’s browser from a Website’s computers and stored on the User’s computer’s hard drive. Most browsers automatically accept cookies as the default setting. Users can modify their browser setting to reject our cookies or to prompt them before accepting a cookie by editing their browser options. However, if a browser is set not to accept cookies or if a User rejects a cookie, some portions of the Website and services may not function properly or conveniently. For example, a User may not be able to sign in, authenticate, and access certain Web page features or services. A Web beacon is an electronic image, also called a "gif," that may be used on our Web pages to deliver cookies, count visits and compile statistics on usage and campaign effectiveness or in our emails to tell if an email has been opened and acted upon.

Use of Personal Information

We use Personal Information to process a User’s requests or transactions, to provide a User with their Content, information or services they request, to inform them about other information, products or services we think will be of interest to them, to facilitate their use of, and our administration and operation of, the Website and services and to otherwise serve our Users. For example, Seraf (itself, not its partners) may use a User’s Personal Information:

  • to request feedback and to enable us to develop, customize and improve the Website and our publications, products and services;
  • to conduct marketing analysis, to send Users surveys or newsletters, to contact Users about services, products, activities, special events or offers from Seraf and for other marketing, informational, product development and promotional purposes;
  • to send Users a welcoming email and to contact Users about their use of the Website and services; to respond to their emails, submissions, comments, requests or complaints; to perform after-sales services; to anticipate and resolve problems with our service; to respond to customer support inquiries, for assistance with our product and service development; and to inform Users of updates to products and services from Seraf that better meet User needs;
  • to store contacts that an Enterprise Administrator or Account Owner enters or uploads into their contacts list for their private use and viewing;
  • to send emails to persons a User invites to collaborate and access their files;
  • to enable Users to communicate, collaborate, and share their Content with Users they designate; and
  • for other purposes about which we notify Users.

EU – U.S. Privacy Shield

Seraf complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union the United States. Seraf has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework or our status as an active listed participant, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.

Under the Privacy Shield Framework we are responsible for the processing of personal data we receive and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

This Privacy Policy applies only to your relationship with us. It does not apply to the interactions that you have with any other individual, entity, investor or other group through the Seraf Website. For example, the Enterprise Administrator of an organization has the ability to disclose or share with other members of the organization any information that you submit to us. We have no control over this disclosure or sharing, and are not responsible for it. The protection of your personal data when you interact with an organization through the Seraf Website is governed solely by any agreements that you may enter into with the Organization and is beyond the scope of this Privacy Policy.

Sharing of Personal Information

We will not share a User’s Personal Information outside of the Seraf employees who have a need to know it to maintain an Account Owner’s services.

Seraf reserves the right to share aggregated demographic information (i.e. not Personal Information) about our customers, sales, and traffic to our commercial partners and sponsors and/or with education and research partners. We will not give, sell, rent, share, or trade any of a User’s Personal Information or any data that a User stores using our services to any third party except as outlined in this Policy or with a User’s consent. We may disclose information to a third party to (a) comply with laws or respond to lawful requests and legal process, (b) to protect Seraf, agents, customers, and others including to enforce our agreements, policies and Terms of Service or (c) in the good faith belief that disclosure is needed to respond to an emergency, or protect the personal safety of any person.

Conversion of Individual Accounts to Group Accounts

If a User is a natural person and an individual Seraf Account Owner, and belongs to a group or organization (such as an investing group, network, fund, incubator, family office or angel group), and that organization later wishes to establish a Seraf Enterprise account (i.e. become an Account Owner at the entity level) and add the individual Seraf Account Owner to the entity’s account, then certain information concerning past use of the individual Seraf Account Owner’s account may become accessible by way of that entity’s account and individuals who are given access by the entity/Account Owner to such information (for example an Enterprise Administrator for the entity/Account Owner), including the individual Seraf Account Owner’s email address. Similarly, if an individual Seraf Account Owner is later set up as an Authorized Designee by an Enterprise Administrator for the Account Owner’s organization, then certain information concerning the individual Seraf Account Owner may become accessible to the Enterprise Administrator including their email address.

If a User is an individual Seraf Account Owner, and the domain of the primary email address associated with their individual Seraf account is owned by their employer, and that email address was assigned to them as an employee of that organization, and that organization later wishes to establish a Seraf corporate Enterprise account and add the individual Seraf Account Owner to the Seraf corporate Enterprise account, then certain information concerning past use of the individual Seraf Account Owner’s account may become accessible to the corporate organization’s Enterprise Administrator including the individual Seraf Account Owner’s email address. Similarly, if an individual Seraf Account Owner’s account is set up by an Enterprise Administrator, then certain information concerning the individual Seraf Account Owner may become accessible to the Enterprise Administrator including their email address.

Be advised that Seraf offers collaboration features that by their nature support sharing with others a User chooses. Such Users would be able to see the sharing User’s name, email address, and possibly their photo or other information from their account profile and any files the User might choose to share; and they may be able to post comments and email accessible to the sharing User. Collaborators a User invites as editors may also be able to edit that User’s shared files, upload documents and photos to their shared files, share those documents outside of Seraf, and give other Users rights to view the shared files.

Seraf may provide a User with opportunities to connect with third party applications or services, such as estate planning advisors or valuation experts. If a User chooses to use any such third party applications or services, at the User’s instruction, we may facilitate sharing of the User’s information including their Seraf username and documents they choose to use with those applications and services and such third parties may contact the User directly as necessary. A User’s use of such applications and services is not governed by Seraf’s Terms of Service or Privacy Policy. Seraf does not control the applications or services of those third parties or how they use a User’s information and documents. Be sure to review the terms and the privacy policies of those third parties before using their applications or services.

Links to Other Sites

For your convenience, we may provide links to other websites and web pages that we do not control (collectively, “Linked Sites”). We cannot be responsible for the privacy practices of any websites or pages not under our control and we do not endorse any of these websites or pages, the services or products described or offered on such sites or pages, or any of the content contained on those sites or pages. We make no representations or warranties regarding the correctness, accuracy, performance, or quality of any content, software, service, or application found at any Linked Site. We are not responsible for the availability of the Linked Sites or the content or activities of such sites. If you decide to access any Linked Site, you do so at your own risk. In addition, should you initiate a transaction on a website that our Website links to, even if you reached that site through the Website, the information that you submit to complete that transaction becomes subject to the privacy practices of the operator of that linked website. Your use of any Linked Site is subject to the policies, terms of use, and privacy policies of such Linked Site, if any. We encourage you to seek out and read the privacy policy of each website that you visit.

California Privacy Rights

Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of all such third parties. To request the above information, please contact us via email through our Contact Us page or write to us at the address indicated below.

California and Delaware Do Not Track Disclosures

California and Delaware law require us to indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is currently under development. As it is not yet finalized, Seraf adheres to the standards set out in this Privacy Policy and does not monitor or follow any Do Not Track browser requests.

If necessary we may share Personal Information in connection with an acquisition, merger, or sale of all or a substantial portion of our business, with or to another company. In any such event, Account Owners or Enterprise Administrators on behalf of Account Owners will receive notice, in advance if possible, if their data is transferred and becomes subject to a substantially different privacy policy.

Network and Information Security

Seraf takes commercially reasonable steps to protect information we collect from Users to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction. In addition, highly confidential personal information (such as a User’s password) we request from a User on our Website is protected with encryption, such as Secured Socket Layer (SSL) protocol, during transmission over the Internet. Seraf uses a third party payment processor and does NOT store any credit card information on any Users behalf.

The servers on which information is stored are kept in a controlled environment with physically limited access. While we take commercially reasonable efforts to guard personal information we knowingly collect directly from Users, Users acknowledge that no security system is completely impenetrable. In addition, we cannot guarantee that any passively-collected personal information an Account Owner or Enterprise Administrator chooses to include in documents or Content they store on our systems without our involvement are maintained at adequate levels of protection to meet specific needs or obligations an Account Owner may have relating to that information (i.e., if someone uploads Content that contains Personal Information, we will not know about it and cannot prevent it).

An Account Owners account information and access to our service is accessible only through the use of an individual User ID and password. To protect the confidentiality of Personal Information, the User must keep their password confidential and not disclose it to any other person. A User is requested to please advise us immediately if they believe their password has been misused. In addition, Users should always logout and close their browser when they finish their session. Please note that we will never ask a User to disclose their password in an unsolicited phone call or email.

Updating and Accessing Personal Information

If an Account Owner or their Enterprise Administrator’s personal information changes in any way, we invite them to correct or update their information as soon as possible. Account Owners or Enterprise Administrators on behalf of Account Owners can make updates to their profile information by logging into their account on Seraf at any time. Enterprise Administrators on behalf of Account Owners can also request changes or access to their information by emailing support@seraf-investor.com.

Choice/Opt-Out

Seraf may send Users communications or data regarding our Websites and services, including but not limited to (i) notices about their use of our Websites and services, including any notices concerning violations of use, (ii) updates, and (iii) promotional information and materials regarding our products and services. Users may opt-out of receiving promotional emails from Seraf by following the opt-out instructions provided in those emails. Users may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing support@seraf-investor.com with their specific request. Opt-out requests will not apply to transactional service messages, such as security alerts, reminders, confirmations and notices about a User’s current account and services.

Contacting Us

If a User has any comments or questions about this Policy, they should contact us at support@seraf-investor.com.

If you correspond with us through the Website or via email, the collected information may include the content of, and metadata regarding, any correspondence you may have with us. We may share your messages with those within our organization that are most capable of addressing the issues contained in your message. We will keep a copy of your message until we have had an opportunity to address your concerns.

Acknowledgement

BY ACCESSING OR USING THE WEBSITE, OR ANY PORTION THEREOF, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND CONSENT TO THE TERMS OF SERVICE AND PRIVACY POLICY, AND TO THE USES AND DISCLOSURES OF COLLECTED INFORMATION ABOUT YOU, THAT ARE DESCRIBED IN THIS PRIVACY POLICY AND YOU AGREE TO BE BOUND BY THE TERMS REFERENCED ABOVE. THE COMPANY DOES NOT ACCEPT LIABILITY FOR ANY DAMAGE OR LOSS YOU MAY SUFFER IN CONNECTION WITH USING THIS WEBSITE, INCLUDING AS A RESULT OF NOT FOLLOWING THE GUIDELINES PROVIDED IN THIS PRIVACY POLICY AND/OR THE TERMS OF SERVICE.