We are committed to maintaining the confidentiality, integrity and security of information about our users, and we endeavor to take reasonable steps (including physical, electronic and procedural measures) to protect any data or other information collected via the Site or in providing our Services. Please note, however, that we cannot guarantee that the data or information collected may not be accessed, disclosed, altered or destroyed by breach of one or more of our safety measures. No Internet, electronic transmission or electronic storage of information is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us. Please keep these risks in mind when disclosing Personal Data (as defined below) to us.
In this Policy, “you” and “your” refers to users of Parallel’s Site and Services, including individuals, entities, representatives and agents. If you have questions or complaints regarding our Policy or practices, please contact us at email@example.com.
Remember that your use of Parallel’s Services is at all times subect to the Terms of Service, which incorporates this Policy. Any capitalized terms used herein but not defined have the definitions given to them in the Terms of Service. This Policy includes additional notices that may apply to you if you are a California consumer. Please see the section further below titled “Your California Privacy Rights” for more details.
We collect information about you in a number of ways, including information you give us, information we get from others and information that is automatically collected.
Information We Collect From You
Information We Collect From Others
We may receive Personal Data about you from other sources like our customers, other end-users, online investing platforms, your employer, credit reporting agencies, data aggregators, banks, brokerages, entities with which you are affiliated (for example, an entity in which you have invested) or other third-party vendors in connection with our Services (our “Partner Companies). Our Partner Companies may supply us with Personal Data or information derived from Personal Data, including items such as your name, email, mailing address information, government or other identification document, accreditation status (including supporting documentation such as tax or other documentation), social security number, tax identification number, bank statements, brokerage statements, securities holdings information (including subscription documentation), credit reports, liabilities statements, validation information regarding photographs or other documentation uploaded and your login credentials for such Partner Company’s website or service, in order to help us provide the Services. We may add this information to the information we have already collected, or will in the future collect, from you in order to perform and improve the Services.
Information We Collect Automatically
Finally, we collect information from you, which may include Personal Data, when devices access our Site and Services. Some examples of the information we collect include: type of device, geographic location, IP address, domain name, what operating system is used, application information, unique devices, crash data and date/time stamps for your visit. The type of information we collect depends on the type of device used and its settings. We may automatically log information about you and your computer. For example, when visiting our Site, we log, among other things, your computer operating system type, browser type, browser language, pages you viewed, how long you spent on a page, location, access times and information about your use of and actions on our Site. We may also use industry standard identifiers and trackers (including cookies and their equivalents) (“Identifiers”) and navigational data like Uniform Resource Locators (URL) to gather information about you and your activity.
Facial Scan and Biometrics Information
The information collected from any “selfie”, photograph or government identification document you upload may include biometric data (such as facial geometry data). This section describes how Parallel treats such biometric data.
Parallel, acting as a service provider to you:
- compares the data from a scan of facial geometry extracted from the government identification document that you upload to the data from a scan of facial geometry extracted from the photos of your face that you upload, in order to help verify your identity (“Identity Verification”);
- may also use your information, including data from scans of facial geometry extracted from the government identification document and photos of your face that you upload, to detect and prevent fraud (“Fraud Detection”); and
- should you consent to share identity information with a third-party on our platform, enables you to share the results of the Identity Verification, Fraud Detection and other information with third-parties (“Sharing”).
The images obtained from government identification document and photos of your face that you upload, along with data from scans of facial geometry extracted from the government identification document and photos of your face that you upload, are collected, used and stored directly by Parallel on your behalf and, should you consent to share identity information with a third-party on our platform, other customers for whom Parallel is also acting as a service provider. Our platform also allows third-parties, including Customers or other end-users, to upload your government identification documents directly to us. Where your government identification document is uploaded to us by a third-party and not by you, we do not conduct a scan of facial geometry or otherwise extract biometric data.
Parallel securely stores all photos of identity documents that you upload, photos of your face that you upload and data from scans of facial geometry extracted from the photos of your face that you upload in an encrypted format. Biometric information, including the data from scans of facial geometry extracted from photos of your face that you upload, may be stored and processed by service providers utilized by Parallel.
As the initial purpose for collecting biometric identifiers, including Identity Verification, Fraud Detection and Sharing, continues in an ongoing and continuous manner after you have submitted information, Parallel will permanently destroy data from scans of facial geometry extracted from the photos of your face that you upload within three years of your last interaction with Parallel, unless Parallel is otherwise required by law or legal process to retain the data.
Parallel uses the reasonable standards of care within its industry to store, transmit and protect from disclosure data from scans of facial geometry extracted from the photos of your face that you upload in a manner that is the same as or more protective than the manner in which it stores, transmits and protects other confidential and sensitive information. Parallel will not sell, lease, trade or, other than to provide the Identity Verification, Fraud Detection and Sharing services to you and any other customer for whom you have authorized Parallel to share information as described in this policy, otherwise benefit from data from scans of facial geometry extracted from the photos of your face that you upload. Other than as set forth herein, Parallel will not disclose, redisclose, or otherwise disseminate data from scans of facial geometry extracted from the photos of your face that you upload unless doing so:
- completes an information sharing request to a third-party on our platform requested and authorized by you or your legally authorized representative;
- is required by state or federal law, or municipal ordinance;
- is required pursuant to a warrant or subpoena issued by a court of competent jurisdiction; or
- is otherwise expressly consented to by you.
How We Use the Information We Collect
We use your Personal Data and other information we collect (collectively, the “Data Set”) in a number of ways. A non-extensive list of the ways we may use the Data Set is as follows:
- We use the Data Set to operate, maintain and improve the Site, products and Services. This includes use of other information to support delivery of the Services, assist with service request, monitor for errors, remedy security or technical issues, analyze website and application performances.
- We use the Data Set to respond to comments and questions, verify permission access and provide customer service.
- We use the Data Set to set up your user account, correspond with you and otherwise enable and facilitate your usage of our Services.
- We use the Data Set to help you assert investor credentials, identity information and otherwise participate in securities transactions.
- We use the Data Set to assure us and any third party you authorize us to share information with, of the validity of any information provided to us about you.
- We use the Data Set (including biometric data) to verify your identity, investors credentials (e.g., your status as an accredited investor or qualified purchaser, your investing history, etc.), conduct and process diligence checks and establish your investor identity and credentials, eligibility and suitability for investment, as well as to detect and prevent fraud.
- We use the Data Set to facilitate your and our compliance with various laws, regulations and industry oversight pertaining among other things to banking, financial information, securities transactions, money laundering, terrorism and “know your customer” rules promulgated by, among other regulators, the U.S. Securities Exchange Commission and the Financial Industry Regulatory Authority.
- We use the Data Set to protect against fraud, site misuse, privacy and security breaches, securities and other legal violations, and to fulfill and enforce agreements reached with you and others.
- We use the Data Set to send information including confirmations, invoices and billing, technical notices, updates, security alerts and administrative messages.
- We use the Data Set to communicate system updates, upcoming events and other news about products and services offered by us. We may contact you to inform you about important services-related notices, such as privacy and policy update notices or changes in our terms of service. These communications are strictly necessary and you may not opt out of them.
- We use the Data Set to link or combine user information with other personal information. An example is when we combine the information a company has provided about their shareholders with the information entered by shareholders in their personal portfolios to improve the user experience.
- We use the Data Set to protect, investigate and deter against fraudulent, unauthorized or illegal activity.
- We use the Data Set to provide and deliver products and service customer requests. An example is when an online investment platform calls our API to obtain information about a potential investor.
As a general rule, we do not share Personal Data with outside third parties without your express consent (reserving all rights to share in the circumstances outlined below). Other than as set forth herein, Parallel will not disclose, redisclose or otherwise disseminate data from scans of facial geometry extracted from the photos of your face that you upload unless you specifically request that we do so, we are required by state or federal law, we are required pursuant to a warrant or subpoena issued by a court of competent jurisdiction or you otherwise consent to us doing so. Additionally, you can revoke your consent to share your details with a third party in your settings at any time. Please note - we use hosting and analytics technology providers internally that enable us to provide our Services, but these providers work for us and are required to protect your data. In addition, we share aggregated information or anonymous Identifiers with various third parties at our sole discretion. A non-exhaustive list of the ways we may share your Personal Data is as follows:
- Parallel will not share your biometric information with the third-party organization, but it will share the output of any biometric identity verification process (i.e., whether or not the facial images from the selfie video and identity documents are the same person).
- We may share Personal Data in compliance with any applicable law.
- We may share Personal Data for legal, protection, information security and safety purposes. Examples include enforcing contracts or policies, reporting on security breaches or assisting with investigating and preventing fraud or security issues.
- We may share Personal Data to comply with laws and regulatory requests. Examples include responding to lawful requests and legal or regulatory processes.
- We may share Personal Data with those who need it to do work for us. For example, we may grant a Parallel employee or third-party vendor the necessary access in order to review or analyze submitted documentation and verify identity or other credentials. The Personal Data we share with vendors that do work for us may include biometric data (such as facial geometry data).
- We may share aggregated or anonymized data in any manner that we deem desirable. We may disclose or use aggregated or anonymized data for any purpose, including to analyze customer traffic, optimize content and advertisements, track conversions and remarket to persons who have taken certain actions. An example would be for highlighting relevant new deals from Partner Companies for you.
- We may use Identifiers to remember that you have visited our Site before (meaning we can identify the number of unique visitors we receive), customize elements of any promotional layout and/or content of the pages of the Site and Services and collect anonymous statistical data about how you use the Services (including time spent on the Site) and where you have come to the Site from, so that we can improve the Site and our Services and learn which parts of the Sites and Services are most popular with our users.
- We may also use Identifiers, or allow our Partner Companies to use Identifiers, to monitor conversion rates, click-through rates and similar anonymized user information.
- We may strip Personally Identifiable Information from data that renders the information personally identifiable (“Anonymous Data”). We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content and functionality of our Site and Services. We also may use this data for the benefit of third parties in our sole discretion.
- We will not share Personal Data with investors of the Company unless it is in connection with the performance of our Services.
- We may share Personal Data with third parties when we have consent to do so.
- We may engage third-party companies or individuals as service providers to process information, support our Services and/or perform certain functions on our behalf, including, but not limited to, hosting, content syndication, content management tools, social media integration, marketing, analytics, billing and customer service. These entities may have access to Personal Data if needed to perform their functions. If such access is required, the third parties will be obligated to maintain the confidentiality and security of that Personal Data. They are restricted from using, selling, distributing or altering this data in any way other than to provide the requested services to the Company.
- Customers may authorize access to customer data to third parties. An example is when a company grants their lawyers access for 506(c) diligence requirements.
- We affiliate with service providers who help us with security, fraud prevention, marketing technology, information technology, site analytics, site maintenance, software development, electronic signatures and other Site and service features, provided that all such parties will be under confidentiality duties to protect and not share any Personal Data we give them.
- We may share Personal Data as needed with our own service providers such as our accountants, lawyers, auditors, information technology staff, payment providers, financial institutions and advisors.
- We may create, acquire, or otherwise partner with parent, subsidiary, or affiliate business entities, trusts, or other business entities for purposes of offering Services. These entities may use Personal Data under and consistent with the terms of this Policy.
- Although we sometimes refer to third-party affiliates as “we” or part of the Services, please be aware that some of these entities are not under common ownership with, or controlled by, Parallel. All securities transactions (including any solicitation, engagement, brokering, closing and clearing Transactions) are handled by third-party platforms or other broker-dealers. Further, per the terms of the transactions and other agreements you may enter into, Parallel may setup or contract with third parties to service, pool, and otherwise manage the securities that are the subject of the Transactions.
How You Can Access or Change Your Personal Data
Parallel understands that you may want to change, access or delete your Personal Data. Under certain circumstances, you may do so by accessing your profile yourself or by contacting us via email. Please note that all data used in the operation of Parallel becomes our sole property and can be used at our sole discretion. To protect your privacy and security, we may verify your identity before granting access or making changes to your Personal Data. For security reasons, and for other reasons at our sole discretion, Parallel will have no obligation to respond to inquiries with respect to Personal Data.
Under applicable law, you may have rights to (i) check whether and what kind of Personal Data we hold about you and to request copies of such data, (ii) to request correction, supplementation or deletion of your Personal Data that is inaccurate or processed in non-compliance with applicable requirements, (iii) to request us to restrict access to and processing of your Personal Data, (iv) in certain circumstances, to object for legitimate reasons to the processing of your Personal Data or to revoke consent previously granted where such revocation has no effect on the lawfulness of the processing prior to the revocation, (v) to request data portability, (vi) to know the identities of third parties to which your personal data are transferred and (vii) to lodge a complaint with the competent authority.
If you want to learn more about the personal information that Parallel has about you, or you would like to update or change that information, please update the information in your Settings or contact us by email at firstname.lastname@example.org.
Parallel makes good faith efforts to provide individuals with access to their Personal Data, although there may be circumstances in which Parallel is unable to comply with your request, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question or where it is commercially proprietary. If Parallel is unable to comply with your request we will provide you with an explanation of why that conclusion has been made, and provide a point of contact for further inquiries within 30 days of such request.
You may request deletion of your account information and Personal Data by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). For example, we may be required by applicable law to retain your documentation provided to support an accreditation application for up to three years after any accreditation letter issued expires.
Parallel provides ongoing identity verification and sanctions monitoring to the third-parties to whom you grant consent for your Personal Data to be shared. As such, we do not permanently destroy data, including biometric data, unless you request that your data be deleted. In all cases, we will retain information for as long as your account is active or as needed to provide you our Services. We will retain and use information as necessary to comply with our legal obligations, resolve disputes or enforce our agreements.
Third Party Access
When you grant a third party access to your Data Set, Parallel will honor that request promptly. However, Parallel does not control these third parties or their data security and control protocols. You should only grant your consent for the third party to access your Data Set if you are comfortable with their data security and control protocols in place.
If you revoke your consent for a third party to access your information, we may be required (by law or otherwise) to maintain that third party’s access to your information for a period of time. In all cases, your request to revoke that third party’s access will be honored within 30 days of such request.
Revoking access will not affect any of your information the third party may have previously accessed and saved to their systems. Any request for the third party to delete your information should be directed to a relevant contact at that third party.
Your California Privacy Rights
This section provides additional details about the Personally Identifiable Information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (“CCPA”).
Please see above for the types of information we collect, the business and commercial purposes we use that information for and how we share or disclose that information with certain third parties. We do not sell (as such term is defined in the CCPA) the Personally Identifiable Information we collect (and will not sell it without providing a right to opt out). Please note that we do use third-party cookies for our advertising purposes.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of Personally Identifiable Information we collect (including how we use and disclose this information), to delete their Personally Identifiable Information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at email@example.com. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
Important – Transfer of Data to the US of European personal information
Information that any European users submit to us is stored on servers located in the United States of America and may be transferred by us to our other offices and/or to the third parties (such as our Partner Companies) as described above, who also may be situated in the United States of America or elsewhere outside the European Economic Area (“EEA”) and may be processed by staff operating outside the EEA. The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe. Where we transfer your information, we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law. By submitting information via our Site and Services, you agree to this storing, processing and/or transfer.
We welcome your comments or questions about this Policy. You may also contact us at firstname.lastname@example.org. We may change this Policy at any time, without notice. If we make any substantive changes related to how we collect or use data, we will change the content last updated date below.