Privacy Policy



 

Effective Date: 07, 27, 2020

 

Bulltick Financial Services, LLC (hereinafter, “Bulltick”, “we” or “us”) have adopted this policy with recognition that protecting the privacy and security of the personal information we obtain from and about our users is an important responsibility. This policy outlines the types of information we collect when you use our website, www.bulltick360.com, and the online services, platform or other websites operated or offered by Bulltick, including without limitation, BT360 (collectively, the “Platform”). In addition to this Privacy Policy, you should read the Terms and Conditions of the Platform. By using the Platform, you consent to the data practices described in this policy. This policy may change from time to time. Your continued use of this Platform after we make changes is deemed to be acceptance of those changes, so please check this policy periodically for updates.


PERSONAL INFORMATION

 The types of personal information we collect, and share depend on the product or service you have with us. This information can include information such as assets, investment experience, account balance and transaction history. We may use this information for everyday purposes as a financial company, such as to process your transactions, maintain your account(s), display your accounts as part of our account access software, respond to court orders and legal investigations, or report to credit bureaus.

In addition, when you use the Platform, our servers automatically record certain information about your use. Similar to other web services, we record information such as account activity, data displayed or clicked on (such as UI elements, ads, and links), and other information (such as browser type, IP address, date and time of access, cookie ID, and referrer URL). Along with cookies, we may also use third-party tracking technology to record similar information regarding you and your activity on the Platform. To use services offered on the Platform, you must create an account. In creating this account, Bulltick may ask for some personal information, including an email address and a password, pin and security questions, which is used to protect your account from unauthorized access and we may require you to change such password, pin or security questions from time to time. Your personal and login information is considered non-public information. Except as required by law or requested by regulatory authorities, Bulltick agrees to maintain your non-public information in strict confidence. However, we may access information about you from third-party sources and platforms (such as social networking sites, databases, online marketing firms, and ad targeting firms.

We have a team of dedicated Bulltick support team (the “Bulltick Personnel”) whose goal is to support you in the use of the Platform. You may authorize Bulltick Personnel to access and edit your account by providing written permission (including by email or through the Platform) to Bulltick Personnel or other member of the Bulltick team. You may revoke such authorization at any time. If you grant such access, Bulltick Personnel will be able to access your account and personal information.

Also, if you grant access to your accounts to third parties, such third parties will also be able to access your account and personal information.

Bulltick restricts access to non-public personal information about users to certain Bulltick employees who require that information in order to maintain and operate the Platform. Bulltick may ask you for additional personal information, such as your name or picture, in order to provide personalized services to you. Bulltick may store, process, and maintain data related to your account. Bulltick’s uses for this data are described below.

Bulltick is not directed to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without his or her consent, he or she should contact us at bt360@bulltick.com If we become aware that a child under the age of 13 has provided us with personally identifiable information, we will delete such information from our files


USE OF INFORMATION 

Bulltick maintains and processes your Bulltick account and its contents to provide content, material and information on the Platform. Bulltick's servers process the information you provide to Bulltick for various purposes, including formatting and displaying your information, delivering related content, sharing investment-related information, and other purposes relating to the Platform.

Bulltick may send you information related to your Bulltick account or other Bulltick services. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the "unsubscribe" instructions provided in the communications.


INFORMATION SHARING AND ONWARD TRANSFER

We do not sell, rent, or otherwise share your personal information with any third parties except to persons assessing our compliance with industry standards; our attorneys, accountants, and auditors; and as permitted or required by law (such as when we reasonably believe it is necessary or appropriate to investigate, prevent, or take action regarding illegal activities or violations of our Terms and Conditions).

We are permitted by law to disclose the non-public personal information about you to governmental or regulatory agencies, a court of law when compelled and other third parties in certain circumstances (such as third parties that perform administrative, technical or marketing services on our behalf or for joint marketing program) These third parties are prohibited from using or sharing the information for any other purpose. Bulltick encourages users of the Platform to collaborate with and engage with others by discussing financial and investment opinions, information and experience. You understand and agree that any such information that you provide through the Platform or otherwise, including, for instance, as part of your profile or while interacting with other users, will be publicly available, and that other users may use and reproduce such information. We have no control over the use by other users of the information that you voluntarily disclose to the public.


SHARING WITHIN THE CORPORATE FAMILY

We share personal information with other members of the Bulltick corporate family to allow our corporate affiliates to contact you with offers, services or products that may be of interest to you and to provide you with their products and services. Any such corporate affiliate may use your information only according to the terms of this Privacy Policy. If you are located in a jurisdiction where such sharing requires your permission, we will only do so with your consent.


CORPORATE REORGANIZATIONS

If we are involved in a merger, acquisition, a sale of all or a substantial portion of our assets, or other similar sale transaction, your information will be transferred as part of that transaction. We will notify you by email and/or a prominent notice on our Platform of any such transfer and any choices you may have regarding your information.


AUTHORIZED USERS

All users authorized by you to have access to your account can view personal information stored in the account. A primary account holder can view personal information saved in subaccounts to which they have authorized access. We share information about authorized users only for legitimate purposes consistent with this Privacy Policy, including servicing your account and marketing products and services to you.


SECURITY 

The transmission of information via the internet, email or text message is not completely secure. Although we will use commercially reasonable technical and organizational measures to protect your personal information, we cannot guarantee the security of your information transmitted through the Platform or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and

organizational measures to safeguard your personal information against loss, theft and unauthorized use, access or modification, as further described in Bulltick’s Information Security Policy attached as Exhibit A.


LINKS TO OTHER SITES

In some areas of the Platform, we may provide a link to another website. Other websites, including social media sites, have their own policies regarding privacy and security, and these may vary from ours.


DATA TRANSFER TO THIRD PARTIES

Our computer systems are currently based in the United States, so your personal data will be processed by us in the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. If you create an account with the Platform as a visitor from outside the United States, by using the Platform, you agree to this Privacy Policy and you consent to the transfer of all such information to the United States, which may not offer a level of protection equivalent to that required in certain other countries, and to the processing of that information as described in this Privacy Policy.


CHOICES AND PREFERENCES 

You may change your preferences with respect to notices and marketing or delete your Bulltick account through the Platform Residual information related to your account may remain for some time on our servers.

You may decline to provide personal information to Bulltick, except where such information is necessary to enable a feature of the Platform. In cases where such personal information is necessary, you may not use that feature if you decline to provide the necessary personal information.


EU AND EEA USERS AND CUSTOMERS YOUR RIGHTS

Where the European Union’s General Data Protection Regulation 2016/679, or GDPR, applies, in certain circumstances and subject to data processing agreements, you have rights in relation to the personal information we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please contact us at bt360@bulltick.com Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.


ACCESS 

You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.


CORRECTION 

You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information, we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.


ERASURE 

You may request that we erase the personal information we hold about you in the following circumstances:

Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.


RESTRICTION OF PROCESSING TO STORAGE ONLY 

You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:


OBJECTION 

You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.


WITHDRAWAL OF CONSENT 

Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by contacting us at bt360@bulltick.com.


COMPLAINTS 

In the event that you wish to make a complaint about how we process your personal information, please contact our Data Protection and Privacy Officer at bt360@bulltick.com  and we will try to address with your request.


CHANGES TO THIS PRIVACY POLICY 

Bulltick’s Privacy Policy about obtaining and disclosing information may change from time-to-time. In all such instances, we will provide you with notice of any material change to this policy before implementing the change.


MORE INFORMATION

This document constitutes Bulltick’s complete Privacy Policy. If you have questions or comments about this Policy, please email us at bt360@bulltick.com.


CALIFORNIA RESIDENTS

This section applies only to California residents and only if Bulltick is subject to the CCPA (as defined below). It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“ CCPA”) but does not include information exempted from the scope of the CCPA.


Your California privacy rights.

You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

o The categories of Personal Information that we have collected.

o The categories of sources from which we collected Personal Information.

o The business or commercial purpose for collecting and/or selling Personal Information.

o The categories of third parties with whom we share Personal Information.

o Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third- party recipient.

o Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.

 How to exercise your information, access and deletion rights. 

You may submit a request to exercise your information, access or deletion rights by emailing bt360@bulltick.com We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.


EXHIBIT A - INFORMATION SECURITY POLICY


Introduction

Bulltick considers protection of customer data a top priority. As further described in this Bulltick Information Security Policy, Bulltick uses commercially reasonable organizational and technical measures designed to prevent unauthorized access, use, alteration or disclosure of customer data stored on systems under Bulltick’s control.

1.  Customer Data and Management . Bulltick limits its personnel’s access to customer data as follows:

1.1. Requires unique user access authorization through secure logins and passwords, including multi-factor authentication for Cloud Hosting administrator access and individually assigned Secure Socket Shell (SSH) keys for external engineer access;

1.2. Limits the customer data available to Bulltick personnel on a “need to know” basis;

1.3. Restricts access to Bulltick’s production environment by Bulltick personnel on the basis of business need;

1.4. Encrypts user security credentials for production access; and

1.5. Prohibits Bulltick personnel from storing customer data on electronic portable storage devices such as computer laptops, portable drives and other similar devices.

1.6. Bulltick logically separates each of its customers’ data and maintains measures designed to prevent customer data from being exposed to or accessed by other customers.


2.  Data Encryption . Bulltick provides industry-standard encryption for customer data as follows:

2.1. Implements encryption in transport and at rest;

2.2. Uses strong encryption methodologies to protect customer data, including AES 256-bit encryption for customer data stored in Bulltick’s production environment; and

2.3. Encrypts all customer data located in cloud storage while at rest.


3. Network Security, Physical Security and Environmental Controls

3.1. Bulltick uses firewalls, network access controls and other techniques designed to prevent unauthorized access to systems processing customer data.

3.2. Bulltick maintains measures designed to assess, test and apply security patches to all relevant systems and applications used to provide services through the Platform.

3.3. Bulltick monitors privileged access to applications that process customer data, including cloud services.

3.4. The Services operate on Amazon Web Services (“AWS”) and Microsoft Azzure (“Microsoft”) and are protected by the security and environmental controls of Amazon and Microsoft, respectively.

3.5. Customer data stored within AWS or Microsoft is encrypted at all times. AWS and Microsoft do not have access to unencrypted customer data. However, we are not responsible for damages resulting from a data breach by AWS or Microsoft.


4. Incident Response.

 If Bulltick becomes aware of unauthorized access or disclosure of customer data under its control (a “Breach”), Bulltick will:

4.1. Take reasonable measures to mitigate the harmful effects of the Breach and prevent further unauthorized access or disclosure.

4.2. Upon confirmation of the Breach, notify Customer in writing of the Breach without undue delay. Notwithstanding the foregoing, Bulltick is not required to make such notice to the extent prohibited by applicable laws, and Bulltick may delay such notice as requested by law enforcement and/or in light of Bulltick’s legitimate needs to investigate or remediate the matter before providing notice.

4.3. Each notice of a Breach will include:

4.3.1. The extent to which customer data has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the Breach;

4.3.2. A description of what happened, including the date of the Breach and the date of discovery of the Breach, if known;

4.3.3. The scope of the Breach, to the extent known; and

4.3.4. A description of Bulltick’s response to the Breach, including steps Bulltick has taken to mitigate the harm caused by the Breach.


5. Business Continuity Management

5.1. Bulltick maintains an appropriate business continuity and disaster recovery plan.

5.2. Bulltick maintains processes to ensure failover redundancy with its systems, networks and data storage.


6. Personnel Management

6.1. Bulltick performs employment verification, including proof of identity validation and criminal background checks for all new hires, including contract employees, in accordance with applicable law.

6.2. Bulltick provides training for its personnel who are involved in the processing of the customer data to ensure they do not collect, process or use customer data without authorization and that they keep customer data confidential, including following the termination of any role involving the customer data.

6.3. Upon employee termination, whether voluntary or involuntary, Bulltick immediately disables all access to Bulltick systems, including Bulltick’s physical facilities.