Privacy Policy

Legal

Privacy Policy

Last Updated: September 30, 2022

This Privacy Policy contains important details about your personal data and we encourage you to read it thoroughly. 

 

Introduction

We provide accreditation verifications for alternative investments in compliance with the United State’s Security and Exchange Commission. Organizations, public and private, of all sizes, use our services to verify their users’ accreditation status. Accredd places a high level of importance on the security and privacy of the personal data that is entrusted to us.

This Privacy Policy text (“Policy“) details the “Personal Data” that we collect and interpret about you, how we use it, how we share it, your rights and options, and how you can reach out to us about our practices.

Accredd“, “us“, “our“, or “we” means the Accredd entity that’s responsible for collecting and using of personal data governed by this Privacy Policy. It may differ depending on your country.

Personal Data” is any information related to an identified or identifiable individual or identifiable entity, and can also include information about how you, and/or your entity engage with our Services. Personal Data may also include information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.

Services” means the services and products that Accredd indicates are covered by this Policy, which may include Accredd-related applications. Accredd’s “Business Services” are Services delivered by Accredd to entities (“Business Users“) who directly or indirectly provide us with “End Customer’s” Personal Data in connection with the Business Users’ own businesses and related activities. Our “End User Services” are those Services which Accredd directs to individuals (rather than entities) so that those End Users can work directly with Accredd, without the involvement of Business Users.

Sites“, “website“, “application“, or “app” means Accredd.com, verify.Accredd.com, knowledge.Accredd.com, and other websites that Accredd indicates are covered by this Policy. Jointly, we refer to Sites, Business Services, and End User Services as “Services“.

You” may mean End User, End Customer, or Representative in various context:

  • End User is used when you directly use an End User Service, such as getting yourself verified independently, for your personal use. Questions about our service can be directed to us as there are no other parties involved.
  • End Customer is used when you do business with a Business User (normally an issuer, fund manager, or sponsor using Accredd’s verification product, e.g. when you verify your accreditation within a client portal that has a partnership with us). When we are acting as a service provider for a Business User, we are typically referred to as the third-party verifier, vendor, service provider, or data processor, we will process Personal Data in accordance with the terms of our agreement with the Business User and the Business User’s lawful instructions. Business Users are responsible for making sure their End Customer’s privacy rights are respected, and disclose information about data collection and usage. End Customers should refer to the privacy policy for the Business User to get details related to the Business User’s terms of service or privacy policy.
  • Representative is used when you are acting on behalf of a potential or existing Business User (normally a founder, business owner, controlling member, manager, or partner for a business who is a Business User).
 

Your privacy is important to us. It is our policy to respect your privacy and comply with any applicable law and regulation regarding any Personal Data we may collect about you.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use Personal Data. This Privacy Policy does not apply to any of your activities after you leave our site.

 

Personal data we collect and how we use and share it

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions. “Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.

Internet Browser Data

Applies to: End User, End Customer, and Representative

When you visit our website, our site may automatically collect the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, device information, the pages you visit, the time and date of your visit, the time spent on each page, the interactions on each page, and other details about your visit or website session.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Personal Data
End User and End Customer: We may ask for personal data — for example, when you register an account, when you contact us, or when you submit a verification request as a End User or a End Customer — which may include one or more of the following:
  • Legal Name of yourself and/or entities you own and control
  • Email
  • Date of birth or date of entity formation
  • Home/mailing address
  • Source of income via various tax statements
  • Source of net worth via various financial statements
  • Source of liabilities via various credit reports
  • Formation documents of entities you own and control
  • Deeds of real property owned by you or entities you own and control
  • Letters from a professional accountant or attorney that you work with
 
Representatives: We may ask for personal data — for example, when you sign an agreement, when you contact us, or when you pay for services — which may include one or more of the following:
  • Name of yourself and/or your business
  • Email
  • Business billing and mailing address
  • Credit card or banking information
  • Business phone number
 

We only collect and use your personal data when we have a legitimate reason for doing so. In which instance, we only collect personal data that is reasonably necessary to provide our services to you.

 

Collection and use of information
Applies to: End User, End Customer, and Representative

We may collect personal data from you when you do any of the following on our website:

  • Register for an account
  • Use a mobile device or web browser to access our content
  • Submit an accreditation verification request
  • Contact us via email, messaging, or on any similar technologies 

 

We may collect, hold, use, and disclose information for the following purposes, and personal data will not be further processed in a manner that is incompatible with these purposes:

  • to provide you with our platform’s core features and services including but not limited to accreditation verification and notifications of such activities
  • for analytics, market research, and business development, including to operate and improve our website, and associated applications
  • to enable you to access and use our website, and associated applications
  • for internal record keeping and administrative purposes
  • to comply with our legal obligations and resolve any disputes that we may have
  • to prove compliance on behalf of our Business Users and the Security and Exchange Commission or other regulatory offices
  • for security and fraud prevention, and to ensure that our sites are safe, secure, and used in line with our terms of use
  • for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms

 

We may combine voluntarily provided and automatically collected personal data with general information or research data we receive from other trusted sources. For example, Our marketing and market research activities may uncover data and insights, which we may combine with information about how visitors use our site to improve our site and your experience on it.

 

Business Users’ use of your personal data

Applies to: End User, End Customer, and Representative

A Business User may collect your Personal Data in order to enlist our Business Services. This is typically accomplished through the use of an application programming interface (“API“) whereby the Business User uses our services programmatically to verify your accreditation status, or perform other functions, and may prompt you to upload personal data through their website, or through a version of our website. Accredd will have contracts in place with all Business Users that use our API, however, we do not have oversight and control on their security systems or their privacy policy.

Personal Data directly collected by Accredd via API are treated in the same manner as Personal Data detailed in this privacy policy. We do not share any documents, or its contents, uploaded directly to our application with the Business User, unless the Business User previously collected your data directly. The Business User may submit verification requests on your behalf, request a status update from Accredd, and request an accreditation letter which has your accreditation status, however they cannot access personal data you share with us, unless you previously shared that data with them.

Business Users who choose to collect your personal data themselves before forward that data to us via our API must only send appropriate files and data as it relates to activities within the Business Services. 

Primarily, the data shared between the Business User and Accredd is related to verifying the End Customer’s accreditation status. End Customers are highly encouraged to read the Business User’s privacy policy and terms of service as Accredd cannot control the Personal Data that’s collected by the Business User and how that data is used, stored, and deleted. Only Personal Data collected by Accredd directly, either by API or any other direct means, can be guaranteed to be treated in accordance with our Policy. 

 

Security and retention of your personal data

Applies to: End User, End Customer, and Representative

We make every reasonable effort to provide a level of security to mitigate the risks related to the processing of your Personal Data. Accredd uses organizational, technical, and operational practices designed to safeguard Personal Data detailed by this Policy. We make every reasonable effort to protect Personal Data against loss and theft, as well as unauthorized access, disclosure, destruction, duplication, use, or modification.

Although we will do our best to protect the Personal Data you provide to us, unfortunately no method of electronic data transmission or data storage is 100% secure.

You are encouraged to use one of the main identity providers, such as Google, Facebook, Amazon, or Microsoft, when creating and using an account with us. Otherwise, you are responsible for choosing a password that has a high security strength, ensuring the security of your own data within the bounds of our services. You should also avoid sharing this password with other persons or sites.

Read more about our Security at https://accredd.com/legal/security

We retain your Personal Data for as long as we are providing Services to you or our Business Users, or for a duration which we feel is reasonable to provide the Services. This retention period depends on what we are using your data for, in accordance with this Policy. It is possible that we will continue to retain your data after Services have ceased to you or a Business User so we can stay compliant with regulatory obligations. We may also retain data to comply with prevention activities, tax related issues, and financial reporting needs.

As of 2022, we retain your personal data related to accreditation verification for a period of 5 years in accordance with the United State’s Security and Exchange Commission’s 5-year guidelines, published in 2021. This initial 5-year period is referred to as our standard retention policy, and this helps our Business Users stay compliant with regulations. After the standard retention period, your Personal Data is automatically set for deletion after 1 additional year, unless otherwise directed or requested by you and/or a Business User.

 

International data transfers

Applies to: End User, End Customer, and Representative

Personal Data may be collected, stored, and processed in various countries throughout the world where we do business, where our service providers do business, or where Business Users do business. The personal data we collect is stored and processed in United States, or where we or our partners, affiliates, and Business Users maintain facilities and we may transfer your Personal Data to countries other than your own. We take steps to comply with data protection laws local to the country we transfer data to and may be required to disclose Personal Data in response to lawful requests. We will protect the transferred Personal Data in accordance with this Policy.

 

Your rights

Applies to: End User, End Customer, and Representative

You understand we will collect, hold, use, and disclose your Personal Data in accordance with this Policy. You have a choice and do not have to provide personal data to us, however, if you do not, it may affect your use of our website or the products and services offered by Business Users (e.g. you are unable to invest in a Business User’s investment as the Business User would be out of federal compliance for accepting your capital without first verifying your accreditation).

If we receive your Personal Data from a Business User, we will protect it as set out in this Policy. However, that Personal Data is also subject to the Business User’s policies which we cannot control, especially if the Personal Data was collected by the Business User. 

Business Users providing personal data about an End Customer need to represent and warrant that they have such person’s consent to provide the Personal Data to us.

Your location has its applicable law and you may have the following rights detailed below with regard to Personal Data we collect and control about you:

  • Rights to request confirmation that Accredd processes  your Personal Data, and request a copy of that Personal Data
  • Rights to request that we update your Personal Data if it is inaccurate, outdated, or incomplete
  • Rights to request that Accredd delete your Personal Data in situations detailed by law
  • Rights to request that we restrict the use of your Personal Data
  • Rights to request that Accredd export your Personal Data in other entities, so long as it is feasible
  • You can wirthdraw your consent to process your Personal Data if you previously gave consent
  • We will notify you, in compliance with the law, of data breaches

 

Use of cookies

Applies to: End User, End Customer, and Representative

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.

Read more about our Cookie Policy at https://accredd.com/legal/cookie-policy.

 

Business transfers

Applies to: End User, End Customer, and Representative

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal data, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal data according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

 

Additional disclosures for jurisdiction-specific provisions 

Australian Privacy Act Compliance (AU) – International Transfers of Personal Data

Where the disclosure of your personal data is solely subject to Australian privacy laws, you acknowledge that some Business Users may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such Business Users engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

General Data Protection Regulation (GDPR) Compliance (EU)

The GDPR distinguishes between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). We are both data controllers and data processors.

United States – California Compliance (US)

If you are a user and live in California, or your services with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes. This is accordance with California Consumer Privacy Act (“CCPA”). You may contact us via the methods outlined in Contact Us section.

In the past 12 months, we have collected the following categories of personal data enumerated in the California Consumer Privacy Act:

  • Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.
  • Customer records, such as billing and shipping address, and credit or debit card data.
  • Demographics, such as your age or gender. This category includes data that may qualify as protected classifications under other California or federal laws.
  • Geolocation data.
  • Employment and educational history, such as information provided when applying through the careers page.
 

For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal data for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.

You have rights to delete your personal data we collected as a California resident, and you also have rights to know certain information about our data practices in the preceding 12 months. You have the right to request the following from us:

  • The catalogue of personal data we have collected about you
  • The catalogue of sources from which the personal data was collected
  • The catalogue of personal data about you we disclosed for a business purpose or sold
  • The catalogue of third parties to whom the personal data was disclosed for a business purpose or sold
  • The business or commercial purpose for collecting or selling the personal data
  • The specific components of personal data we have collected about you
 

To exercise any of these rights, please contact us using the details provided in this Policy.

 

Legal bases

As related to General Data Protection Regulation, we use a the following legal bases to process your Personal Data.

1. Contractual-related Business Partnerships: We process Personal Data for reasons related to a business partnership with prospective Business Users and End Users. We process Personal Data to carry out contractual obligations with these Users and activities are as follows:

  • End Users and End Customers: Creation and maintenance of Accredd accounts
  • Business Users: Creation and maintenance of Accredd “Sponsor” or “Admin” accounts
  • Billing, accounting, and auditing
  • Verification of accreditation status as defined by the IRS and SEC
 

2. Regulatory compliance: We process Personal Data with a purpose to verify whether an End Customer or End User is an accredited investor as defined by the United States’ Internal Revenue Service and the Security and Exchange Commission. This requirement and process are imposed on us by the operation of law and we may be required to report our compliance process, and related documents, to third parties for review or audit. We are not responsible for identity verification such as “Anti-Money Laundering (“AML”) or Know-Your-Customer (“KYC”) obligations.  

3. Legitimate business interest: We rely on our legitimate business interests to process your Personal Data:

  • Mitigate liabilities or other compliance harm to End Customers, Business Users, End Users, and Accredd
  • Forecast and offer new Accredd product and services
  • Reply to questions, concerns, comments, and customer support
  • Evaluate, change, and enhance our Services, products, reliability, operations, and tools
  • Improve the performance of our Services and Sites by reviewing their efficiency and effectiveness
  • Advertise and analyze our Services and offerings
  • Aggregate Personal Data to deliver Services to Business Users
  • Conduct research and analysis to build business intelligence, products, and new services that enables us to operate, protect, report, and make decisions for our business
  • Share Personal Data with third party service providers or business partners
  • Deliver information security throughout Accredd and our Services
  • Share Personal Data among our affiliates 

 

4. Consent: We may rely on consent to collect and process Personal Data as it relates to our communication with you. You may withdraw your consent at any time when we process data based on your consent.

 

How to Control Your Personal Data

1. Confirmation: You can request that we confirm whether Accress processes Personal Data related to you, and request a copy of that Personal Data if so

2. Restriction: You can request that we restrict the processing of your personal data if (a) you are concerned about the accuracy of your personal data; (b) you believe your personal data has been unlawfully processed or collected; (c) you need us to maintain the personal data solely for the purpose of a legal claim; or (d) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

3. Exportation: You can request that we export your Personal Data to another company, if it is technically feasible.

4. Deletion: You can request that we delete the personal data we hold about you at any time, and we will take reasonable steps to delete your personal data from our current records and database. If you ask us to delete your personal data, we will let you know how the deletion affects your use of our website or products and services. For example, your accreditation status with your issuer may likely be impacted since the deletion of your personal data means we can no longer prove to the Security and Exchange Commission the steps and documents we reviewed to grant your accreditation. There may be exceptions for legal reasons which, if appropriate, will be explained in a written response to a written request. If you terminate and/or delete your account, either with Accredd or a third party enlisting our service, we will delete your personal data within 30 days of the deletion of your account. Please be aware that websites like Bing or Google and similar third parties may still retain copies of your personal data that has been made public even if you have deleted the data from us.

 

Changes to this Policy

We may change our Policy, at our discretion, to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. We will post changes here, or on our website, if we decide to change this privacy policy.

When the changes are significant, or if required by applicable law, we will contact you and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal data.

Contact Us

For any questions or concerns regarding this Policy, you may contact us using the following details: legal@accredd.com

An End Customer (someone who is using the services with a Business User) should refer to the privacy policy from the Business User to get details on the Business User’s privacy policy. You are encouraged to contact the Business User directly with concerns or questions.