Last Updated July 30th, 2020
1.1. Equa Start, LLC (“Equa”) respects your privacy. This Privacy Statement informs you about our privacy practices including details of the personal data we collect, use, disclose and transfer as well as choices you can make and rights you can exercise about your data. This Privacy Statement is available from a link on the footer of every Equa web page.
1.2. Equa considers the major privacy principles and frameworks around the world, including the OECD Guidelines on the Protection of Privacy and Transborder Flows, EU General Data Protection Regulation 2016/679 (“GDPR”), the APEC Privacy Framework, and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
2. Information About Us.
2.1. Equa is a global company based in Denver, Colorado.
2.2. Equa provides the following services: cap table management, encrypted document storage, automated shareholder voting, and digital-currency payment processing.
2.3. Data Protection Officer: Kelley Cochran
2.4. Chief Counsel: John Lubitz of Lewis Brisbois
3. What Does This Policy Cover?
3.1. Equa and its subsidiaries respect your privacy.
3.2. This Policy informs you about our privacy practices including details of the personal data we collect, use, disclose and transfer as well as choices you can make and rights you can exercise about your data. This Privacy Statement is available from a link on the footer of every Equa web page.
3.3. This Policy applies to all Equa-owned: websites, platforms, mobile applications, and its client-service help desk.
4. Privacy Principles.
4.1. We have an accountability-based program and are committed to the following principles, which are based on internationally recognized frameworks and fair information practices:
4.1.1. Lawfulness, Fairness & Transparency: We process personal data in accordance with the law, and with transparency and fairness to you. Our data processing activities are conducted: 1) with your consent; 2) in order to fulfill our contractual obligations; 3) for the legitimate interest of our company, or 4) in accordance with legal obligations.
4.1.2. Notice & Choice of Data Use: We are transparent and provide clear notice to you about the types of personal data collected, and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these Principles, our Privacy Statement, or specific notices associated with Equa Start’s Services.
4.1.3. Data Access: We provide you with reasonable access along with the ability to review, correct, amend, or delete the personal data you have shared with us; unless prohibited because of our legitimate interest or legal obligations.
4.1.4. Data Integrity & Purpose Limitation: We only use personal data for the purposes described at the time of collection or for additional compatible purposes in accordance with law. We take reasonable steps to ensure that personal data is accurate, complete, and current and we only collect personal data which is relevant and limited to what is necessary for the purposes for which it is collected. We will keep personal data for no longer than is necessary for the purposes for which it was collected and then we will securely delete or destroy it.
4.1.5. Data Security: To protect personal data against unauthorized use or disclosure we implement strong information security controls in all of our operations.
4.1.6. Accountability for Onward Transfer: We acknowledge our potential liability for transfers of personal data among Equa Start entities or to third parties. Personal data will only be shared when third parties are obligated by contract to provide equivalent levels of protection.
4.1.7 Recourse, Oversight & Enforcement: We are committed to resolving any concerns regarding your personal data. We voluntarily participate in several international privacy programs that provide recourse to individuals if they feel Equa Start has not adequately respected their rights.
5. What Information We Collect About You.
5.2. Information you provide directly to Equa:
5.2.1. Contact Data: We may collect personal and/or business contact information including your first name, last name, mailing address, telephone number, email address, and other similar data.
5.2.2. Payment Data: We collect information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers, and other related billing information.
5.2.3. Account Data: We collect information such as how you purchased or signed up for Equa’s Services, your transaction, billing and support history, the Services you use and anything else relating to the account you create.
5.2.4. Location Data: We collect geolocation data when you enable location-based services or when you choose to provide location-related information during product registration or when interacting with our website.
5.2.5. Security Credentials Data: We collect user IDs, passwords, password hints, and similar security information required for authentication and access to Equa accounts.
5.2.6. Demographic Data: We collect, or obtain from third parties, certain demographic data including, for example, country, gender, age, preferred language, and general interest data.
5.2.7. Preferences: We collect information about your preferences and interests as they relate to Equa’s Services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
5.2.8. Social Media Data: We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites.
5.2.9. Other Unique Identifying Information: Examples of other unique information that we collect from you include information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of Equa’s Services and to respond to your inquiries.
5.3. Information automatically collected about your use of an Equa product or service:
5.3.1. Product Usage Data: We collect product usage data such as log-in, log-off, duration, pages.
5.3.2. Device Data: We collect information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product.
5.3.3. Application Data: We collect information related to Equa’s applications such as location, language, software versions, data sharing choices and update details.
5.3.4. Performance Data: We collect information regarding the performance of individual device hardware components, firmware, software, and applications.
5.3.5. Website Browsing Data: We collect information about your visits to and your activity on our Equa websites, applications or websites “powered by” another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behavior (such as the pages you view, the links you click or which items you've added to your shopping basket).
5.4. Information from third-party sources:
5.4.1. Fraud prevention or credit reporting agencies: Data collected to prevent fraud and in connection with credit determinations.
5.4.2. Analytics Providers: We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
6. How We Use Information About You.
6.1. Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following describes how we may use your personal data and our lawful bases for doing so.
6.2. Performance of a contract: 6.2.1. Registering you on our Site: First Name, Last Name, Title, Company, Email, Phone, Country, and State/Province.
6.2.2. Providing and managing your Account: First Name, Last Name, Title, Company, Email, Phone, Country, and State/Province.
6.2.3. Personalizing and tailoring your experience on our Sites: Contact Data, Payment Data, Account Data, Other Unique Identifying Information.
6.2.4. Providing and managing your access to Our Site: Name, Email, Phone Number, Address, Payment Details, IP address, device ID and/or location.
6.2.5. Administering Our Site: Contact Data, Account Data, Location Data, and Other Unique Identifying Information.
6.2.6. Administering our business: Contact Data, Payment Data, Account Data, Location Data, Security Credentials, Social Media Data, Other Unique Identifying Information.
6.2.7. Supplying our products and services to you: Contact Data, Payment Data, Account Data, Location Data, Security Credentials, Social Media Data, Other Unique Identifying Information.
6.2.8. Managing payments for our products and services: Contact Data, Payment Data, Account Data, Other Unique Identifying Information.
7. How We Share Your Information.
7.1. We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
7.1.1. In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of government.
7.2.2. We may share your personal data to comply with laws or to cooperate with a legal investigation or a request from a government authority.
7.2.3. We may share your personal data to protect our legal rights and legitimate interests, and those of our business partners, service providers, and clients.
7.2.4. We may share your personal data to protect the legal rights, safety, and security of users of our websites and prevent fraud.
7.2.5. We may share your personal data with other companies in our group for legitimate business purposes. This includes subsidiaries and/or our holding company and its subsidiaries.
7.2.6. We may share your personal data with service providers who help us with: development, maintenance, and support of our websites and mobile applications, marketing research and analysis, communications, and customer service. We do not authorize these service providers to use or disclose your personal information except as necessary to perform tasks we have asked them to do for us or to comply with legal requirements;
7.2.7. If we sell, transfer, or merger part of our business or assets, your personal data may be transferred to a third party. We may sometimes contract with the following third parties to supply certain products and/or services.
7.2.8. If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above.
7.2.9. In addition to your rights under the Data Protection Legislation, when you submit personal data via Equa websites, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails at the point of providing your details and by managing your Account.
7.4. If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request.”
7.5. All subject access requests should be made in writing and sent to the email address shown in the Contact Us section. To make this as easy as possible for you, a Data Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
7.6. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests), a fee may be charged to cover our administrative costs in responding.
7.7. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
8. Your Rights Regarding Your Information.
8.1. Under Data Protection Law, you have the following rights, which we will always work to uphold:
8.1.2. The right to access the personal data we hold about you. We have provided a Data Subject Access Request Form is available for you to request information.
8.1.3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in the Contact Us section to find out more.
8.1.4. The right to be forgotten, i.e., the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in the Contact Us section to find out more.
8.1.5. The right to restrict (i.e., prevent) the processing of your personal data.
8.1.6. The right to object to us using your personal data for a particular purpose or purposes.
8.1.7. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
8.1.8. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
8.2. For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in the Contact Us section.
8.3. Further information about your rights can also be obtained from the U.S. Federal Trade Commission or your local Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
8.4. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the U.S. Federal Trade Commission. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in the Contact Us section.
9.1. With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes, and you will be able to opt-out at any time.
9.2. You have a right at any time to stop other companies in our Group or us from sending you marketing messages or giving your information to other Equa companies.
9.3. You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, updating your communication preferences, or by sending us an email to: email@example.com. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.
9.4. If you want to opt-out of targeted interest-based advertising, please visit Network Advertising Initiative (NAI) Consumer Opt-Out website, or if you are located in the European Union/European Economic Area, please visit European Interactive Digital Advertising Alliance (EDAA) Your Online Choices website.
10.2. By using Equa websites, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on Equa websites to frame service content to/from our business partners while preserving the look and feel of our websites. For more details, please refer to the table below. These Cookies are not integral to the functioning of Equa websites, and your use and experience of Equa websites will not be impaired by refusing consent to them. All Cookies used by and on Equa websites are used in accordance with current Cookie Law.
10.3. Before Cookies are placed on your computer or device, you will be shown a Cookie Notice pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Equa websites may not function fully or as intended. You will be given the opportunity to allow only first-party Cookies and block third-party Cookies.
10.4. Certain features of Equa websites depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary.” These Cookies are shown in the table below. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings as detailed below, but please be aware that Equa websites may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
10.5. The following first-party Cookies may be placed on your computer or device: 10.5.1. Strictly Necessary Cookies means the cookies are essential for the provision of the site and any requested services but do not perform any additional or secondary function.
10.5.2. Performance Cookies are those that provide statistical information on site usage, i.e., web analytics.
10.5.3. Functionality Cookies These cookies allow the provision of enhanced functionality and personalization, such as videos and live chat. They may be set by third-party providers whose services we have added to our pages or by us. If you do not allow these cookies, then some or all of these functions may not work properly.
10.6. Third Parties whose content appears on Our Site may use third-party Cookies. Please note that we do not control the activities of such third parties, nor the data that they collect and use themselves and we advise you to check the privacy policies of any such third parties. The following third-party Cookies may be placed on your computer or device:
10.6.1. Functionality Cookies These cookies allow the provision of enhanced functionality and personalization, such as videos and live chat. They may be set by third-party providers whose services we have added to our pages or by us. If you do not allow these cookies, then some or all of these functions may not work properly.
10.6.2. Targeting/spamvertising Cookies are used to create profiles or personalize content. Third parties often set them, and these cookies present the highest privacy risks to visitors.
10.7. In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device. You can choose to delete Cookies on your computer or device at any time. However, you may lose any information that enables you to access Equa websites more quickly and efficiently including, but not limited to, login and personalization settings.
10.8. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
10.9. Equa websites use analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyze anonymous usage information, enabling us to understand better how Equa websites are used. This, in turn, enables us to improve Equa websites and the products and services offered through it.
10.11. The analytics service(s) used by Equa websites use(s) Cookies to gather the required information. You do not have to allow us to use these Cookies, however, while our use of them does not pose any risk to your privacy or your safe use of Equa websites, it does enable us to improve Equa websites continually, making it a better and more useful experience for you.
10.12. The analytics service(s) used by Equa websites use(s) the following Cookies:
10.12.1. A first party cookie associated with Google Universal Analytics. This appears to be a new cookie, and as of Spring 2017, no information is available from Google. It appears to store and update a unique value for each page visited.
10.12.2. A first party cookie associated with Google Universal Analytics, according to the documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes.
10.12.3. A first party cookie associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s analytics reports. By default, it is set to expire after 2 years, although this is customizable by website owners.
10.12.4. A first party cookie associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s analytics reports. By default, it is set to expire after 2 years, although this is customizable by website owners.
10.13. In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
10.14. You can choose to delete Cookies on your computer or device at any time. However, you may lose any information that enables you to access Equa websites more quickly and efficiently including, but not limited to, login and personalization settings.
10.15. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
11. California Privacy Rights.
11.1 If you live in California, California law allows you to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed your personal information (if any, and as defined under California law) for the third party’s direct marketing purposes in the prior calendar year, as well as the type of your personal information disclosed to those parties.
11.2. If you live in California and would like to request this information, please send your request in an email to firstname.lastname@example.org.
12. Transferring Your Information to Other Countries.
12.1. Our websites and mobile applications are provided from within the United States and are subject to state and federal laws of the United States.
12.2. If you are located outside the United States, your personal information is being transferred to, stored, used, and shared in the United States.
13. EU-US and Swiss-US Privacy Shield.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Equa is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
Equa’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Equa remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Equa proves that it is not responsible for the event giving rise to the damage.
13.3. Under the Privacy Shield Frameworks, we are subject to the regulatory and enforcement authority of the Federal Trade Commission. In certain situations, we may be required to disclose personal information requested by government authorities, including for national security or law enforcement purposes.
13.4. In compliance with the Privacy Shield Principles, Equa commits to resolve complaints about our collection or use of your personal information. If you are located in the European Union (EU), Switzerland or European Economic Area (EEA), or United Kingdom, and have a question or complaint regarding data collected in the EU or Switzerland and subsequently transferred to the U.S. under the Privacy Shield Frameworks, the question/complaint should first be directed to the Equa Legal Department who can be reached via email@example.com.
13.5. Equa has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
13.6. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction. Please contact us using the details below in the Contact Us section for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.
14. Other Websites and Social Media.
15. LinkedIn and Job-Search Websites.
15.1. In addition to on our website Careers page, you can apply for a job on our websites using LinkedIn and other job search websites.
15.2. Those websites will verify your identity, give you the option to share personal information (such as your name and email address) with us, and auto-fill our job application signup form.
16. Internet Blogs/Forums.
16.2. We are not responsible for the results of your blog or forum postings.
17. Security of Your Information.
17.1. The security of your personal data is essential to us, and to protect your data; we take a number of important measures, including the following:
17.1.2. Information security policy. Our Information security policy mandates the use of appropriate technical and organizational security measures throughout the data importer's organization to protect personal data against unauthorized and unlawful processing and against accidental loss, damage or destruction. It will further describe the measures to be taken, and individuals to be notified, in the event of an actual or suspected data or security breach.
17.1.3. Information security officer. Appointed a duly skilled, qualified and experienced employee with responsibility for ensuring the security of personal data processed by the data importer throughout its organization and for reviewing, maintaining and updating the data importer's information security policy in accordance with best industry practice.
17.1.4. Physical security. Access to data processing facilities will be restricted to duly authorized employees and contractors who have been issued with security badges.
17.1.5. Firewall and anti-virus. Our Sites implement an appropriate firewall, anti-virus, anti-spyware and other anti-malware software and technologies on all networks and systems it uses to process personal data. The data importer will update its firewall, anti-virus, anti-spyware and other anti-malware software and technologies on a regular basis to ensure that they protect against the- current virus, spyware, and other malware threats.
17.1.6. Encryption. All personal data processed by the data importer on behalf of the data exporter shall be transmitted in encrypted format only, including personal data processed by the data importer on portable media or portable devices.
17.1.7. Access controls. Implement technical access controls that restrict access to personal data; it processes to duly authorized employees and contractors only. The data importer will further maintain a log of all access to personal data on its systems by any individual. Duly authorized employees and contractors will be permitted to access personal data only to the extent necessary for the performance of their duties. The data importer will identify and appoint a system administrator with overall responsibility for granting, changing or voiding data access privileges to its data processing systems.
17.1.8. Usernames / passwords. Access to personal data will be controlled through access privileges (described above), usernames and confidential passwords. No two employees or contractors may share or use the same username. Employees and contractors will be required to change their passwords on a regular basis. All employee passwords will be stored in encrypted format and must be at least eight characters long consisting of one uppercase letter, one lowercase letter, one numeral, and one symbol.
17.1.9. Data separation. Ensure that personal data processed on behalf of a data exporter is kept logically and/or physically separate from all other data processed by the data importer.
17.1.10. Disaster recovery / business continuity. Implement appropriate disaster recovery and business continuity plans that will ensure the availability, security, integrity and (where necessary) restoration of the personal data on the occurrence of a force majeure or similar business interruption event.
19. How to Contact Us.
19.1. We may be contacted by email to firstname.lastname@example.org.