Last Updated: May 19, 2020
Information We Collect
Information You Provide To Us
We collect Personal Information from you as you provide it to us in forms or documents. This is included but not limited to: your name, physical postal address, email address, phone number, username, password, demographic information (such as your occupation), social security number, tax ID number, bank account information, billing information (e.g., credit card numbers) or any other information you provide through the Services.
Information Provided By Others
We may get information about you from other sources, such as your employer when they issue you options or shares. We may add this to information you provide us through our Services.
Information Automatically Collected
Devices. We may collect information about the devices accessing our Services or websites. Some examples are: type of device, operating system used, application information, unique device identifiers and crash data. The type of information we collect depends on the type of device used and its settings.
Transactional and Usage. We may automatically log information about you and your computer, subject, if required, to your consent. For example, we log your computer operating system type, browser type, browser language, pages you viewed, how long you spent on a page, location (your IP address), access times and information about your use of and actions using the Services. This is information we collect from every visitor to our website, whether they have an account or not. This information may include personal information.
Information Collected from Third Parties
Capbase may receive data about organizations, industries, website visitors, marketing campaigns, and other matters or issues related to our business from affiliates, subsidiaries, partners, or others that we use to make our own information better or more useful and for marketing purposes. This data may be combined with other information we collect and might include aggregate level data. Sources of this data may include data from our partners or affiliates and/or publically/commercially available sources of information.
We may receive information related to you from people and entities with whom Capbase does not have a direct relationship. An example of the type of information that we may receive from unrelated third parties is documents that we receive on your behalf in our role as your registered agent.
Use of Personal Information
We may use personal information to:
- Provide, operate, maintain, and improve the Services. This includes use of other information to support delivery of our services under contract, assist with service requests, monitor for errors, remedy security or technical issues, and analyze website and application performances.
- Respond to comments and questions, verify permission access, and provide customer service.
- Send information including confirmations, invoices and billing, technical notices, updates, security alerts, and administrative messages.
- Communicate system updates, upcoming events, and other news about products and services offered by us. We may contact you to inform you about important services-related notices, such Privacy update notices or changes in our Terms of Service. These communications are required and you may not opt out of them.
- To link or combine user information with other personal information. An example is when we combine the information a company has provided about their shareholders with the information entered by shareholders in their personal portfolios to improve the user experience.
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
- To provide and deliver products and service at a customer’s request. For example: when an employee exercises their stock options and we may provide a tax form to the company for their IRS reporting requirements.
Sharing of personal information
We may share Personal Information to:
- Fulfill our customers’ instructions;
- Comply with any applicable law;
- Achieve legal, protection, information security, and safety purposes, including but not limited to enforcing contracts or policies, reporting on security breaches, or assisting with investigating and preventing fraud or security issues;
- Permit authorized user access on the customer’s account. Equity administrators for the User, authorized users and other designated representatives may be able to add, modify or restrict access; Comply with laws and regulatory requests:
- Protect the rights and property of Capbase, our agents, customers, and others; Allow those who need it to do work for us, including but not limited to granting a Capbase employee the necessary access in order to perform their duties;
- We may share aggregated or anonymized data. We may disclose or use aggregated or anonymized data for any purposes, including but not limited to marketing, analytics or research purposes; We will not share personal information with investors of Capbase beyond any personal information that such investors are entitled to for customary legitimate business purposes;
- If we engage in or negotiate a merger, acquisition, or bankruptcy transaction or proceeding of some or all of Capbase’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all personal information may be shared or transferred subject to reasonable confidentiality restrictions with respect to personal information;
- We may share other information with consent with third parties when we have consent to do so. We may engage third party companies or individuals as service providers to process information and support our services. An example would be cloud services for data center colocation and storage services; and
- When Customers authorize access to customer data to third parties. An example is when a company grants their financial auditors access for annual audits.
“Know Your Customer” Legal Requirements
To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
Information choices and changes
Our marketing emails tell you how to “opt-out.” If you opt-out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to our customers.
You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information. You can typically remove and reject cookies from our website with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it may affect how our website works for you.
We strive to provide you the tools to update your personal information. If you are unable to correct inaccurate information on your own, you may request our assistance to update such information by contacting info@Capbase.com.
Scope. This section applies to your Personal Information that we handle as a“business” (as defined under the California Consumer Privacy Act of 2018 (“CCPA”)) if you are a California resident. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. In addition, this section does not apply to Personal Information reflecting communications or transactions with you in your capacity as an employee, controlling owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency, where your communications or transactions with us occur solely within the context of our provision of services to, or receipt of services from, such an entity.
Capbase does not sell (as such term is defined in the CCPA) the Personal Information we collect (and will not sell it without providing a right to opt out).
Your California privacy rights. You have the following rights under the CCPA:
Information. To request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information disclosed to each category of third party recipient.
Access. To request a copy of the Personal Information that we have collected about you during the past 12 months.
Deletion. To request that we delete the Personal Information that we have collected from you.
Nondiscrimination. To exercise the rights described above free from discrimination as provided in the CCPA.
How to exercise your rights. You may submit a request to exercise your information, access or deletion rights by emailing firstname.lastname@example.org. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide a valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.
Notice for Residents of the European and Swiss Economic Areas, Privacy Shield Frameworks and Contractual Terms
Capbase complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.
The following Capbase subsidiaries also adhere to the Privacy Shield Principles: Capbase Agent and Document Services LLC.
Capbase is responsible for the processing of personal data we receive, and subsequently transfers to a third party acting as an agent on our behalf. Capbase abides by the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including, unless we prove that we are not responsible for the event giving rise to the damage, the onward transfer of liability provisions.
Capbase commits to cooperate with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Capbase is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Capbase may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance.
Under certain circumstances an arbitration option is available to you to determine, for residual claims, whether Capbase has violated its obligations to you under the Privacy Shield Principles, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes. Please be advised that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
Capbase may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Capbase transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law.
These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.