We provide accreditation verifications for alternative investments in compliance with the United State’s Security and Exchange Commission. Organizations, public and private, of all sizes, use our services to verify their users’ accreditation status. Accredd places a high level of importance on the security and privacy of the personal data that is entrusted to us.
“Personal Data” is any information related to an identified or identifiable individual or identifiable entity, and can also include information about how you, and/or your entity engage with our Services. Personal Data may also include information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
“Services” means the services and products that Accredd indicates are covered by this Policy, which may include Accredd-related applications. Accredd’s “Business Services” are Services delivered by Accredd to entities (“Business Users“) who directly or indirectly provide us with “End Customer’s” Personal Data in connection with the Business Users’ own businesses and related activities. Our “End User Services” are those Services which Accredd directs to individuals (rather than entities) so that those End Users can work directly with Accredd, without the involvement of Business Users.
“Sites“, “website“, “application“, or “app” means Accredd.com, verify.Accredd.com, knowledge.Accredd.com, and other websites that Accredd indicates are covered by this Policy. Jointly, we refer to Sites, Business Services, and End User Services as “Services“.
“You” may mean End User, End Customer, or Representative in various context:
- End User is used when you directly use an End User Service, such as getting yourself verified independently, for your personal use. Questions about our service can be directed to us as there are no other parties involved.
- Representative is used when you are acting on behalf of a potential or existing Business User (normally a founder, business owner, controlling member, manager, or partner for a business who is a Business User).
Your privacy is important to us. It is our policy to respect your privacy and comply with any applicable law and regulation regarding any Personal Data we may collect about you.
Personal data we collect and how we use and share it
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions. “Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.
Internet Browser Data
Applies to: End User, End Customer, and Representative
When you visit our website, our site may automatically collect the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, device information, the pages you visit, the time and date of your visit, the time spent on each page, the interactions on each page, and other details about your visit or website session.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
- Legal Name of yourself and/or entities you own and control
- Date of birth or date of entity formation
- Home/mailing address
- Source of income via various tax statements
- Source of net worth via various financial statements
- Source of liabilities via various credit reports
- Formation documents of entities you own and control
- Deeds of real property owned by you or entities you own and control
- Letters from a professional accountant or attorney that you work with
- Name of yourself and/or your business
- Business billing and mailing address
- Credit card or banking information
- Business phone number
We only collect and use your personal data when we have a legitimate reason for doing so. In which instance, we only collect personal data that is reasonably necessary to provide our services to you.
Collection and use of information
We may collect personal data from you when you do any of the following on our website:
- Register for an account
- Use a mobile device or web browser to access our content
- Submit an accreditation verification request
- Contact us via email, messaging, or on any similar technologies
We may collect, hold, use, and disclose information for the following purposes, and personal data will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform’s core features and services including but not limited to accreditation verification and notifications of such activities
- for analytics, market research, and business development, including to operate and improve our website, and associated applications
- to enable you to access and use our website, and associated applications
- for internal record keeping and administrative purposes
- to comply with our legal obligations and resolve any disputes that we may have
- to prove compliance on behalf of our Business Users and the Security and Exchange Commission or other regulatory offices
- for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms
We may combine voluntarily provided and automatically collected personal data with general information or research data we receive from other trusted sources. For example, Our marketing and market research activities may uncover data and insights, which we may combine with information about how visitors use our site to improve our site and your experience on it.
Business Users’ use of your personal data
Business Users who choose to collect your personal data themselves before forward that data to us via our API must only send appropriate files and data as it relates to activities within the Business Services.
Security and retention of your personal data
We make reasonable efforts to provide a level of security to mitigate the risks related to the processing of your Personal Data. Accredd uses organizational, technical, and operational practices designed to safeguard Personal Data detailed by this Policy. We make a reasonable effort to Personal Data against loss and theft, as well as unauthorized access, disclosure, destruction, duplication, use, or modification.
Although we will do our best to protect the Personal Data you provide to us, unfortunately no method of electronic data transmission or data storage is 100% secure.
You are encouraged to use one of the main identity providers, such as Google, Facebook, Amazon, or Microsoft, when creating and using an account with us. Otherwise, you are responsible for choosing a password that has a high security strength, ensuring the security of your own data within the bounds of our services. You should also avoid sharing this password with other persons or sites.
Read more about our Security at https://accredd.com/legal/security
We retain your Personal Data for as long as we are providing Services to you or our Business Users, or for a duration which we feel is reasonable to provide the Services. This retention period depends on what we are using your data for, in accordance with this Policy. It is possible that we will continue to retain your data after Services have ceased to you or a Business User so we can stay compliant with regulatory obligations. We may also retain data to comply with prevention activities, tax related issues, and financial reporting needs.
As of 2022, we retain your personal data related to accreditation verification for a period of 5 years in accordance with the United State’s Security and Exchange Commission’s 5-year guidelines, published in 2021. This initial 5-year period is referred to as our standard retention policy, and this helps our Business Users stay compliant with regulations. After the standard retention period, your Personal Data is automatically set for deletion after 1 additional year, unless otherwise directed or requested by you and/or a Business User.
International data transfers
Personal Data may be collected, stored, and processed in various countries throughout the world where we do business, where our service providers do business, or where Business Users do business. The personal data we collect is stored and processed in United States, or where we or our partners, affiliates, and Business Users maintain facilities and we may transfer your Personal Data to countries other than your own. We take steps to comply with data protection laws local to the country we transfer data to and may be required to disclose Personal Data in response to lawful requests. We will protect the transferred Personal Data in accordance with this Policy.
You understand we will collect, hold, use, and disclose your Personal Data in accordance with this Policy. You have a choice and do not have to provide personal data to us, however, if you do not, it may affect your use of our website or the products and services offered by Business Users (e.g. you are unable to invest in a Business User’s investment as the Business User would be out of federal compliance for accepting your capital without first verifying your accreditation).
If we receive your Personal Data from a Business User, we will protect it as set out in this Policy. However, that Personal Data is also subject to the Business User’s policies which we cannot control, especially if the Personal Data was collected by the Business User.
Business Users providing personal data about an End Customer need to represent and warrant that they have such person’s consent to provide the Personal Data to us.
Your location has its applicable law and you may have the following rights detailed below with regard to Personal Data we collect and control about you:
- Rights to request confirmation that Accredd processes your Personal Data, and request a copy of that Personal Data
- Rights to request that we update your Personal Data if it is inaccurate, outdated, or incomplete
- Rights to request that Accredd delete your Personal Data in situations detailed by law
- Rights to request that we restrict the use of your Personal Data
- Rights to request that Accredd export your Personal Data in other entities, so long as it is feasible
- You can wirthdraw your consent to process your Personal Data if you previously gave consent
- We will notify you, in compliance with the law, of data breaches
Applies to: End User, End Customer, and Representative
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal data, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal data according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Additional disclosures for jurisdiction-specific provisions
Australian Privacy Act Compliance (AU) – International Transfers of Personal Data
Where the disclosure of your personal data is solely subject to Australian privacy laws, you acknowledge that some Business Users may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such Business Users engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
General Data Protection Regulation (GDPR) Compliance (EU)
The GDPR distinguishes between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). We are both data controllers and data processors.
United States – California Compliance (US)
If you are a user and live in California, or your services with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes. This is accordance with California Consumer Privacy Act (“CCPA”). You may contact us via the methods outlined in Contact Us section.
In the past 12 months, we have collected the following categories of personal data enumerated in the California Consumer Privacy Act:
- Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.
- Customer records, such as billing and shipping address, and credit or debit card data.
- Demographics, such as your age or gender. This category includes data that may qualify as protected classifications under other California or federal laws.
- Geolocation data.
- Employment and educational history, such as information provided when applying through the careers page.
For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal data for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.
You have rights to delete your personal data we collected as a California resident, and you also have rights to know certain information about our data practices in the preceding 12 months. You have the right to request the following from us:
- The catalogue of personal data we have collected about you
- The catalogue of sources from which the personal data was collected
- The catalogue of personal data about you we disclosed for a business purpose or sold
- The catalogue of third parties to whom the personal data was disclosed for a business purpose or sold
- The business or commercial purpose for collecting or selling the personal data
- The specific components of personal data we have collected about you
To exercise any of these rights, please contact us using the details provided in this Policy.
As related to General Data Protection Regulation, we use a the following legal bases to process your Personal Data.
1. Contractual-related Business Partnerships: We process Personal Data for reasons related to a business partnership with prospective Business Users and End Users. We process Personal Data to carry out contractual obligations with these Users and activities are as follows:
- End Users and End Customers: Creation and maintenance of Accredd accounts
- Business Users: Creation and maintenance of Accredd “Sponsor” or “Admin” accounts
- Billing, accounting, and auditing
- Verification of accreditation status as defined by the IRS and SEC
2. Regulatory compliance: We process Personal Data with a purpose to verify whether an End Customer or End User is an accredited investor as defined by the United States’ Internal Revenue Service and the Security and Exchange Commission. This requirement and process are imposed on us by the operation of law and we may be required to report our compliance process, and related documents, to third parties for review or audit. We are not responsible for identity verification such as “Anti-Money Laundering (“AML”) or Know-Your-Customer (“KYC”) obligations.
3. Legitimate business interest: We rely on our legitimate business interests to process your Personal Data:
- Mitigate liabilities or other compliance harm to End Customers, Business Users, End Users, and Accredd
- Forecast and offer new Accredd product and services
- Reply to questions, concerns, comments, and customer support
- Evaluate, change, and enhance our Services, products, reliability, operations, and tools
- Improve the performance of our Services and Sites by reviewing their efficiency and effectiveness
- Advertise and analyze our Services and offerings
- Aggregate Personal Data to deliver Services to Business Users
- Conduct research and analysis to build business intelligence, products, and new services that enables us to operate, protect, report, and make decisions for our business
- Share Personal Data with third party service providers or business partners
- Deliver information security throughout Accredd and our Services
- Share Personal Data among our affiliates
4. Consent: We may rely on consent to collect and process Personal Data as it relates to our communication with you. You may withdraw your consent at any time when we process data based on your consent.
How to Control Your Personal Data
1. Confirmation: You can request that we confirm whether Accress processes Personal Data related to you, and request a copy of that Personal Data if so
2. Restriction: You can request that we restrict the processing of your personal data if (a) you are concerned about the accuracy of your personal data; (b) you believe your personal data has been unlawfully processed or collected; (c) you need us to maintain the personal data solely for the purpose of a legal claim; or (d) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
3. Exportation: You can request that we export your Personal Data to another company, if it is technically feasible.
4. Deletion: You can request that we delete the personal data we hold about you at any time, and we will take reasonable steps to delete your personal data from our current records and database. If you ask us to delete your personal data, we will let you know how the deletion affects your use of our website or products and services. For example, your accreditation status with your issuer may likely be impacted since the deletion of your personal data means we can no longer prove to the Security and Exchange Commission the steps and documents we reviewed to grant your accreditation. There may be exceptions for legal reasons which, if appropriate, will be explained in a written response to a written request. If you terminate and/or delete your account, either with Accredd or a third party enlisting our service, we will delete your personal data within 30 days of the deletion of your account. Please be aware that websites like Bing or Google and similar third parties may still retain copies of your personal data that has been made public even if you have deleted the data from us.
Changes to this Policy
When the changes are significant, or if required by applicable law, we will contact you and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal data.
For any questions or concerns regarding this Policy, you may contact us using the following details: firstname.lastname@example.org