Brassica Technologies Inc. (together with its affiliates and subsidiaries, " Brassica" or " we", " us" or " our") respects your privacy rights and the importance of protecting your information. This Privacy Notice (" Notice") describes how we collect, use, protect and disclose information, including Personal Information (as defined below), and the choices you have with regard to your Personal Information. This Notice applies to informationcollected, used or shared by Brassica when you use you use or access our websites, including without limitation, www.brassicafin.com, www.brassicatrust.com, www.brassicaservices.com, along with the features, functionalities, applications, browser extensions and other services made available through our websites (collectively, our " Website") or our products and services (collectively, our " Services"), including when you attend a Brassica event or otherwise interact with us. We refer to our Website and Services collectively as our " Platform."
By accessing and using our Platform, you accept the terms of this Notice. Where we require your consent to process your Personal Information, we will ask for your consent to the collection, use, and disclosure of your personal information as described further below. We may provide additional "just-in-time" disclosures or information about the data processing practices of specific Services. These notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your data.
Residents of the European Economic Area (" EEA") or the United Kingdom (" UK") may have additional rights regarding their Personal Information as discussed in the NOTICE FOR EUROPEAN USERS section below.
If you do not agree with or you are not comfortable with any aspect of this Notice, you should immediately discontinue access or use of our Platform.
If you use the Platform as part of a business, an entity, or a non-profit (collectively, " Organization") that has an agreement with Brassica, then the terms of that agreement between the Organization and Brassica will supersede the Privacy Notice where the terms overlap.
CHANGES TO THIS NOTICE
We may change this Notice from time to time. If we make any changes, we will revise the date at the top of this Notice. If there are material changes to this Notice, we may notify you or your Organization more directly by email or post a notice on our Website prior to the changes becoming effective. We encourage you to periodically review our Notice to stay informed about our data protection practices and the ways you can help protect your privacy.
COLLECTION OF INFORMATION
Brassica collects information in the following ways:
1. Information You Provide.
We collect the information you directly provide to Brassica when you visit our Website or register for and/or use the Platform.
Website Use – We collect some or all of the following information about you when you use our Website to contact us:
- email address
- Company information (state, institution type)
- other information you choose to provide to us when you contact us with your inquiries.
Onboarding Process – We collect some or all of the following personal information of applicants or their representatives (including control persons, beneficial owners, and authorized users) during the onboarding process:
- Email address
- Country and region
- Mailing address
- Date of Birth
- Entities you may be affiliated with
- Tax ID number or equivalent
- Social Security Number
- Phone number
- Government Identification
- Photographic and video footage
- Geolocation data
- Voice recordings
- Additional information collected from your device (see below)
Institutional information – We also collect information about our institutional clients, for onboarding and compliance purposes. Types of information may include:
- Location of headquarters
- Federal Employer Identification Number (FEIN)
- Names of affiliated entities
- Certificate of Good Standing
- Certificate of Incorporation
- Articles of Association
- Organizational Ownership Chart
- Information on your Know Your Customer/Anti-Money Laundering ("KYC/AML") program
- Copies of certain policies
- Financial history and details (investment activity, bank statements, balance sheets, etc.)
Financial Information – Types of financial information we may collect include:
- Bank account information (account number, SWIFT code, ABA Number, CVC2, etc.)
- Account balances
- Credit card information
- Deposit proof information
- Cryptocurrency address (on-chain address)
- Wallet address
Risk Management Information – Types of additional information we may collect about you for onboarding and compliance purposes include:
Source of wealth
Personal credit information
Judicial and litigation-related information
Service Information – If we verify your identity, then we may also collect additional information to further provide our Platform. This information may include:
- Names and related information about participants in an offering, including issuers and investors
Communication Information – If you communicate with us, we may collect information contained in your voicemails, chats, emails and other similar communications with us.
Marketing Activities – If you attend our events, business meetings, visit our booth at industry conference or interact with our online or targeted marketing materials, in addition to the personal information described under "Website Use," we may collect one or more of the following business contact information about you:
- Job title/role
- Other information that may be contained on your business card, if you choose to provide one
- Phone number
- Other information as described below in "Information We Collect Automatically"
2. Information We Collect from Other Sources
We collect information from third parties where you have provided us with access to information from those third parties. For example, we may receive information about you from service providers and public records that assist us in gathering the required onboarding information for the KYC/AML program.
We may combine information from third parties with information we have collected from you and your use of the Platform.
3. Information We Collect Automatically
We collect information related to your use of the Platform and the devices you use to access those Platform.
Cookies and Similar Technologies
We use "cookies" and similar tools to track your use of this Website when you use our Platform. We collect information such as the types of service used, and number of users we receive daily. Our web servers automatically log information about your computer, but we do not use this information to identify you personally.
A web beacon embeds a small transparent gif image in a web page or email used to track when the page or email has been viewed. A similar device may be used where a product, service or functionality sends data to a server when a set of user-initiated events occur such as clicking a button on the Website or in an email. This is similar to a cookie – it tracks your visit and the data is only read by the server that receives the data. However, it differs because it is not browser-based, may not function as an ID card and does not store any data on your computer.
USE OF INFORMATION
Brassica uses information collected for the purpose of providing the Services. We will process and transfer information within and to the US and other countries from which Brassica or its authorized third parties may operate, which may have different privacy laws from your country of residence.
We may use your personal information as follow:
- Providing Our Services – We use your information to manage your account and provide our Platform. For example, we may also use your information to diagnose and resolve issues with our Platform, provide customer support, ensure the safety, quality, and availability of the Platform, including verifying your identity and detecting and preventing security incidents or fraudulent, or illegal activity.
- Communicating with You – We use your information to respond to your requests and send important notices. For example, we may respond to your comments / requests or send you communications about our Service, Service confirmations, newsletters or surveys.
- Marketing Our Services – We use your information to market our Platform. For example, we may send you emails about services, offerings, or events.
- Improving Our Services – We use you information to improve our Platform. For example, we may use your data to identify usage trends, develop data analysis, quality control, or personalize your experience.
- Complying with The Law – We use your information to comply with applicable laws, regulations, and contractual obligations. For example, we will conduct compliance and/or security checks, audits, or assessments, and comply with our applicable law enforcement obligations.
- Other Purposes You Consent To – We use your information for other purposes if you consent to those uses at the time you provide your Personal Information.
- De-identified or Aggregate Information – We may use the information we have about you to create de-identified or aggregate information, such as de-identified demographic or location information, information about devices used to access our Platform, or other relevant analyses. Such data cannot be associated with a specific individual. We may perform our analytics on such data or share it with any third parties.
SHARING AND DISCLOSURE OF INFORMATION
We will not share persona information about you with any third parties, unless you allow it, as described in this Notice, or in connection with providing you the Platform.
We may share information about you as follow:
- Across Affiliates – We share information across Brassica's family of companies to provide you with our Platform, prevent fraud, conduct identity verification, comply, with law or in the event of a sale, merger, acquisition, or other liquidity event.
- Consultants and Service Providers – With our consultants or suppliers when it is reasonably necessary or desirable, such as helping to provide our Platform to you, to analyze and improve the Platform, order fulfillment, marketing, data hosting, fraud protection and prevention.
- Third Party Applications – Brassica provides you with opportunities to connect with third-party applications or services, such as through our integration partners. If you choose to use any third-party applications or services, we share information about you and any information you choose to use in connection with those applications or services, and such third parties may contact you directly.
Note, this Notice does not apply to your use of such third-party applications or services, and we are not responsible for how those third parties collect, use, and disclosure your information. We encourage you to review the privacy notices of those third parties before connecting to or using their applications or services to learn more about their information and privacy practices.
- Compliance with Laws – We may share your Personal Information with government and law enforcement officials or private parties where necessary to enforce and comply with the law. To the extent permitted under applicable law, we may disclose any Personal Information and other information to government or law enforcement officials or private parties as we believe is necessary or appropriate to investigate, respond to, and defend against legal claims, for legal process (including subpoenas), to protect our property and rights of those of a third party, to protect us against liability, for the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive or legally actionable activity, to protect the security and integrity of our Platform and any equipment used to make our Platform available or to comply with applicable laws.
- Business Transfers – In the event we sell or transfer all or a portion of our business assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction), including negotiations of such transactions.
- Aggregated or Anonymized Data – In an aggregated or anonymized manner that does not directly identify you with third parties.
We require third party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Notice, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of personal information we receive from or transfer to them.
As Brassica operates globally, we may need to transfer your personal information internationally. Your personal information may be transferred to and processed within our affiliates, third-party partners, and service providers based throughout the world. This means that your personal information may be collected, stored, or otherwise processed in a jurisdiction outside of where you reside, including, without limitation, in the United States. Please note, the United States has not been assessed as having adequate privacy laws by some countries and economic regions.
Users in Europe should read the important information provided below about transfer of personal information outside of Europe.
RETENTION OF PERSONAL INFORMATION
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Notice and in order to provide you the Platform, and for so long as it is needed to provide you Platform. We will also retain your information to comply with our legal obligations, resolve disputes, and enforce our agreements.
PROTECTION OF PERSONAL INFORMATION
Brassica is committed to securing your Personal Information. We take appropriate technological and organizational measures to help protect your Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Brassica complies with applicable data protection, privacy, and security breach notification laws. We regularly review our established policies and procedures to ensure that they are appropriate and effective at meeting our commitment to our community, our customers, and ourselves. We also require third party service providers acting on our behalf or with whom we share your information to maintain security measures consistent with industry standards.
Additionally, to help protect your privacy and maintain security, we verify your identity before granting you access to your information or your account.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your information will not occur.
Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection, including email, phone, SMS, or instant messaging services since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your information is no longer secure, please contact us using the contact information provided in the "Contacting Us" section below.
OUR POLICY TOWARDS CHILDREN
Our Platform is not directed to individuals below the age of 18 year, and we do not knowingly or intentionally collect and process any child's data.
We are unable to identify whether a child has provided us personal information without the KYC/AML process. If we become aware that a child has provided us with personal information, we will take steps to delete such information as soon as possible.
Please contact us at firstname.lastname@example.org; 3040 Post Oak Blvd, Ste. 1800-165 Houston TX 77056, if you:
- Have questions about this Notice;
- Wish to make a complaint or have a concern about our handling of your personal information; or
- Want to report a possible breach of privacy laws.
Brassica will respond to your inquiry within 30 days.
NOTICE FOR EUROPEAN USERS
1. Applicability. The information provided in this section applies only to individuals in the EEK, UK and Switzerland (collectively, " Europe") and explains our practices regarding personal information that we collect from you or which we have obtained about you from a third party and the legal basis for processing for your personal information. It also sets out your rights in respect of our processing of your personal information.
- Personal Information. References to " personal information" in this Notice to European Users are equivalent to " personal data" governed by the General Data Protection Regulation (" GDPR").
- Controller or Processor. Brassica may be either the controller or processor of your personal information covered by this Notice, as stated under the heading " Information We Collect from Other Sources".
- EU representative. Our EU representative's details can be obtained by emailing email@example.com.
- Data protection officer. Our data protection officer can be contacted at: Data Protection Officer, firstname.lastname@example.org.
2. Legal Basis for Processing.
If you are located in Europe, we only process your personal information for specific reasons and when we have a valid legal basis for processing under applicable data protection laws.
The legal bases on which we rely on to process your personal information, as appropriate, are set out below:
Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;
Necessary for compliance with legal or regulatory obligations;
Necessary for us to realize a justified and legitimate interest considering your privacy and other fundamental rights and interests. This may include:
- running an effective operation of Brassica's Platform and administering related services;
- operating our Platform;
- protecting the security of our systems, detecting or preventing fraud;
- marketing, market research and business development;
- internal group administrative purposes;
With your consent.
Where applicable, wherever we rely on the consent legal basis, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
3. Personal Information We Collect. Personal information is data relating to an identified or identifiable Individual. Sensitive Personal Data (or " Sensitive Personal Information") is data that reveals a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, genetic data, biometric data, and data concerning health, sex life or sexual orientation. We collect personal information and Sensitive Personal Data from you in several ways when you use our Platform as described below.
Directly from Individuals – We collect information when individuals use our Website or mobile application or register with us. We will also collect information when individuals place an order, subscribe to our marketing activities, respond to a survey, or to report on our clients' financial information. This information includes names, email addresses, phone numbers, and other demographic and contact information.
From Third Parties – We collect information from third parties including an individual's company and from those who validate identity. Examples of these collection methods include referrals from other Brassica users, integration of cryptocurrency service providers, and third-party sign-in credentials (e.g., Google).
From Individuals Passively – We use third party tools to collect information from individuals when visiting our Website and mobile application. Using cookies and other tracking technologies, we will automatically collect:
- unique device identification numbers
- device type
- operating system version
- browser type and version
- pages viewed
- links clicked
- IP address
- date and time of visit
- number of times you return to our Website
- geolocation data (GPS-based information)
- motion tracking (e.g., number of steps taken, heart rate)
- Wi-Fi connectivity
Security and Authentication – We collect certain information to protect our users' information, and to verify an individual's identity. This involves collecting biometric data, such as voiceprints, video and photographic footage, geolocation data, and motion tracking information (see above).
Combining Information – We combine information received from third parties with information already stored. We will also combine information from an individual's profile with information submitted from surveys.
Brassica uses the personal information we have about you for the purpose for which it was collected or provided to us (as stated at the point of collection). Your personal information will be used to: provide our services, communicate with you, market and improve our services, conduct surveys, comply with the GDPR and other applicable laws, protect our assets, perform other purposes with your consent, and create de-identified or aggregate information.
5. Retention & Storage
Brassica only keeps or processes personal information for as long as necessary to carry out its business and legal purposes. Personal information is deleted or anonymized when no longer required for the purposes for which it was collected, in accordance with our record retention policies. The specific periods for which we keep information about you vary depending on the nature of the information, why we need it, and whether the personal information is de-identified. We also consider the minimum necessary retention period prescribed by applicable laws, recommended by industry standards, and stated in contracts and other legal obligations. Additionally, you may request deletion of your personal information consistent with Section 7 "Individual Rights" below.
We may be legally required to retain your personal information to comply with legal obligations, resolve disputes, and enforce rights.
We may use data hosting service providers in the U.S. to store information we have about you, and we use reasonable technical measures to secure your information.
6. Sharing with Third Parties
We share information we have about you with third parties, service providers, and Brassica affiliates who assist us with administering our services and advertising on third party platforms. We at times partner with other companies to offer products or services jointly; we may share your personal information to facilitate that offering. Any third parties that we share your personal information with are limited by law and by contract in their ability to use your personal information. Brassica requires third party service providers acting on our behalf or with whom we share your information to provide appropriate security measures in accordance with industry standards and in compliance with this Notice, their privacy and security obligations, and any other appropriate confidentiality and security measures. However, we are not responsible for the privacy and data security practices of third parties outside of personal information we receive from or transfer to them.
7. Your rights. You have the following rights in relation to the personal information we hold about you:
Right of access – You can ask us if we are processing your personal information and to provide you with a copy of it (along with certain details). If you require additional copies, we may need to charge a reasonable fee.
Right to rectification – If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
Right to erasure – You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent to our processing of your personal information (where applicable).
Right to restrict processing – You can ask us to "block" or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information.
Right to data portability – You have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Right to object – You can ask us to stop processing your personal information, and we will do so, if we are:
- relying on our own or someone else's legitimate interests to process your personal information, unless we can demonstrate compelling legal grounds for the processing; or
- processing your personal information for direct marketing purposes.
Right to withdraw consent – If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Right to lodge a complaint with the supervisory authority – If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to the relevant Supervisory Authority. You can find your data protection regulator here.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us via email at email@example.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
9. Data Transfer
Brassica and its affiliates are based in the United States (U.S.). We use data hosting service providers in the U.S. to host the information we collect from or about you. When we transfer your personal information outside of Europe, we will do so in accordance with the GDPR using a valid cross-border transfer mechanism. To the extent required by applicable law, we will protect the cross-border transfer of your personal information through the use of applicable legal adequacy mechanisms. We generally use approved Standard Contractual Clauses to ensure the personal information is adequately protected when it is transferred outside the EEA or the UK to countries without an adequate level of data protection.
Please contact us via email at firstname.lastname@example.org if you would like more information about cross-border transfers or to obtain a copy of the Standard Contractual Clauses. We also transfer your personal information to third parties as described above in Section 6, "Sharing with Third Parties".
10. Changes to this Notice
We may change or update this Notice in the future. When we do, we will post the revised version on our Website. This notice was last updated and became effective on the date posted at the top of this page.
11. Contact Us
If you have any questions about this Notice or our privacy practices please contact us at email@example.com.