We recognize that your privacy is very important and take it seriously. This Privacy & Cookies Policy describes the policies and procedures for SECURITY TOKEN MARKET, LLC (βSTMβ), on the collection, use and disclosure of your information when you use the services, websites, and applications offered by STM (the "Services") and tells you about your privacy rights and how the law protects you. By using the Services, you consent to our use of your information in accordance with this Privacy & Cookies Policy. We will not use or share your personal information with anyone except as described in this Privacy & Cookies Policy. Capitalized terms that are not defined in this Privacy & Cookies Policy have the meaning given them in our Terms of Service . With that in mind, this Privacy and Cookies Policy is designed to describe:
Who we are and how to contact usWe will post any modifications or changes to this Privacy & Cookies Policy on this page.
Who we are. SECURITY TOKEN MARKET, LLC (doing business as STM) is the Controller (for the purposes of the GDPR) of your Personal Data (referred to as either "STM", "we", "us" or "our" in this Privacy & Cookies Policy). Our address is [_______________].
How to contact us. If you have any questions about our practices or this Privacy & Cookies Policy, please contact us at [email protected].
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of using the Services or consent to direct marketing communications.
STM uses Personal Data we collect to provide the Services, personalize content, remember information to help you efficiently access your account, analyze how the Services are used, diagnose service or technical problems, maintain security, monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns, and track user content and users as necessary to comply with the Digital Millennium Copyright Act and other applicable laws.
Information You Directly Provide to Us. There are many occasions when you provide information that may enable us to identify you personally ("Personal Data") while using the Services. The Personal Data we may collect from you is outlined in the table below.
Category of Personal Data collected |
What this means |
Identity Data |
First name, surname, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, picture, password. |
Contact Data |
Your home address, work address, billing address, email address and telephone numbers. |
Transaction Data |
Any details about payments to and from you and other details of subscriptions and services you have purchased from us. |
Content Data |
Any content you post to the Services not already included in another category, including without limitation, your profiles, questions, preference settings, answers, messages, comments, and other contributions on the Services, and metadata about them (such as when you posted them) ( "Content"). |
Marketing and Communications Data |
Your preferences in receiving marketing from us and our third parties and your communication preferences. If you correspond with us by email or messaging through the Services, we may retain the content of such messages and our responses. |
Behavioral Data |
Inferred or assumed information relating to your behavior and interests, based on your online activity. This is most often collated and grouped into "segments." |
Technical Data |
Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services. |
Personal Data from Third Party Sources.In addition to the Personal Data that we collect directly from you (as described in the section immediately above this one), you may submit certain Personal Data information to our third party providers (which may be an affiliate of our company) to verify accredited investor status. This information may include your social security number and/or tax identification number, copies of ID cards or other forms of identification, bank account and payment card details, and statements about your wealth and financial situation. Such third party providers will let us know whether or not you are an accredited investor, which may reveal certain information about you indirectly, such as your wealth and financial situation.
Aggregated Data. We may also collect, use and share "Aggregated Data" such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data for the purposes of the GDPR as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy & Cookies Policy.
No Special Categories of Personal Data. We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We generally use Personal Data for the following: to deliver and improve our Services; to manage your account and provide you with customer support; to perform research and analysis about your use of the Services; to develop, display, and track Content and advertising tailored to your interests on the Services; website or mobile application analytics; to diagnose or fix technology problems; to automatically update the Services on your device; to verify your identify and prevent fraud or other unauthorized or illegal activity; to enforce or exercise any rights in our Terms of Service ;
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or
We need to process your data to comply with a legal or regulatory obligation.
We may also rely on your consent as a legal basis for using your Personal Data where we have expressly sought it for a specific purpose. If we do rely on your consent to a use of your Personal Data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place). We have set out below, in a table format, more detailed examples of relevant purposes for which we may use your Personal Data.
Purpose |
Why do we do this |
Providing, updating, and maintaining our Services, Site and business |
To deliver the Services you have requested, including, for example, registering you as a user, managing your account and profile, and authenticating you when you log in. |
Processing payments |
To protect against or identify possible money-laundering or other fraudulent transactions, and otherwise as needed to manage our business. |
Research and development |
To enable us to improve the Services and better understand our users and the markets in which we operate. For example, we may conduct or facilitate research and use learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, areas for additional features and improvement of the Services and other insights. We also test and analyze certain new features with some users before introducing the feature to all users. |
Communicating with users about the Services |
To send communications via email and within the Services, including, for example, responding to your comments, questions and requests, providing customer support, and sending you technical notices, product updates, security alerts, and administrative, billing and account management related messages. We may also provide tailored communications based on your activity and interactions with us. For example, we may provide you with updates regarding investment opportunities, and providing information regarding your investments through the Site. These communications are part of the Services and in most cases you cannot opt out of them. If an opt out is available, you will find that option within the communication itself or in your account settings. |
Providing customer support |
To resolve technical issues you encounter, to respond to your requests for assistance, comments and questions, to analyze crash information, to repair and improve the Services and provide other customer support. |
Enhancing security |
To keep our website, our Services and associated systems operational and secure, including, for example, verifying accounts and activity, monitoring and investigating suspicious or fraudulent activity and to identify violations of our terms and policies. |
Marketing, promoting and driving engagement with the Services and third-party products and services |
To send promotional communications that may be of specific interest to you, including, for example, by email and by displaying products, investment offerings, and other information on our Site or other companies' websites. These communications may be aimed at driving engagement and maximizing what you get out of the Services or promoting third-party products and services. You generally can control whether you receive these communications as described in this policy under Marketing Communications Preferences. |
To comply with applicable law, legal process and regulations and protect legitimate business interests |
As we believe is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights, interests and the interests of others, such as, for example, in connection with the acquisition, merger or sale of securities or a business (e.g. due diligence). |
What happens when you do not provide necessary Personal Data? Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Services). In this case, we may have to stop you using our Services.
STM may collect non-personally identifiable information regarding your usage of the Services, including the pages and articles and presentations you viewed, time spent using certain features of the website, demographic data such as server locations, connection speed, and other information that does not identify you. Like most online services, we also use cookies, log files, clear GIFs, tracking pixels, web beacons, and other technologies that may collect Personal Data.
Cookies:What are cookies? When you visit the Services, we may send one or more "cookies" β small data files β to your computer to uniquely identify your browser and let STM help you log in faster and enhance your navigation through the Site. A cookie may convey anonymous information about how you browse the Services to us so we can provide you with a more personalized experience, but does not collect personal information about you. A persistent cookie remains on your computer after you close your browser so that it can be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser's directions. A session cookie is temporary and disappears after you close your browser.
What cookies do we use? Our Site uses the following types of cookies for the purposes set out below:
Type of cookie |
Purpose |
Essential Cookies |
These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request to load quickly. Without these cookies, the Services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. |
Functionality Cookies |
These cookies allow our Site to remember choices you make when you use our Site, such as remembering your login details and remembering the changes you make to other parts of our Site which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site. |
Analytics and Performance Cookies |
These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered via these cookies does not "directly" identify any individual visitor. However, it may render such visitors "indirectly identifiable". This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our Site. The information collected is aggregated and anonymous. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site. |
Targeted and advertising cookies |
These cookies track your browsing habits to These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites. Third party advertisers may also use other technologies in addition to cookies placed on the Site (such as JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize the advertising content. |
In addition, Personal Data you choose to add to your profile will be available for public viewing on the Site. If you are an Issuer, most of your Content will be accessible to other users.
We may also share non-Personal Data (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain Services or conduct independent research based on such anonymous usage data.
If you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data, we will convey that request to any third-party with whom we have shared your data. We are not, however, responsible for revising or removing your Personal Data obtained by any third party who has previously been provided your information by us in accordance with this policy or any third party to whom you have provided such information (whether by sharing your login and password, or otherwise).
We will retain your information for as long as your account is active or it is reasonably needed for the purposes set out in How We Use Your Personal Data and Why unless you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). This may include keeping your Personal Data after you have deactivated your account for the period of time needed for us to conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
The Services are maintained in the United States of America. Personal Data that you provide us may be stored, processed and accessed by us, our staff, sub-contractors and third parties with whom we share Personal Data in the United States of America or elsewhere inside or outside of the EU for the purposes described in this policy. We may also store Personal Data in locations outside the direct control of STM (for instance, on servers or databases co-located with hosting providers). Although we welcome users from all over the world, by accessing the Services and providing us with your Personal Data, you consent to and authorize the export of Personal Data to the United States and its storage and use as specified in this Privacy & Cookies Policy. Note the laws of the United States might not be as comprehensive or protective as laws in the country where you live.
STM uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality. We cannot, however, ensure or warrant the security of any information you transmit to STM or guarantee that your information on the Services may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, managerial, or technical safeguards. We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event that personal information is compromised as a result of such a breach of security, STM will promptly notify those persons whose personal information has been compromised, in accordance with the notification procedures set forth in this Privacy & Cookies Policy, or as otherwise required by applicable law. STM cannot ensure that your Personally Data will be protected, controlled or otherwise managed pursuant to this Privacy & Cookies Policy if you share your login and password information with any third party, including any third party operating a website or providing other services.
This Privacy & Cookies Policy is intended to meet our duties of transparency under the "General Data Protection Regulation" or "GDPR".
You have the right under this Privacy and Cookies Policy, if you are within the European Union (βEUβ), to:
Request access to your Personal Data. If you are within the EU, this enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your Personal Data.This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right if you are within the EU to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
Object to processing of your Personal Data.This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your Personal Data.If you are within the EU, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent.This right only exists where we are relying on consent to process your Personal Data ("Consent Withdrawal"). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights. If you want to exercise any of the rights described above, please contact us using the contact details in Who We Are and How to Contact Us. Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
ComplaintsIf you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us at: [email protected]. We will reply to your complaint as soon as we can. If you feel that your complaint has not been adequately resolved, please note that if you are in the EU the GDPR gives you the right to contact your local data protection supervisory authority.
Protecting the privacy of young children is especially important. The Services are not intended for children below 16 and STM does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register with the Services. If you are under the age of 16, please do not submit any personal information through the Site. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our Privacy & Cookies Policy by instructing their children never to provide personal information on this Site. If we become aware that we have collected personal information from a child under age 16, we will take steps to remove that information.
This Privacy & Cookies Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by STM. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy & Cookies Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our Site, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy & Cookies Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy & Cookies Policy regularly for changes. You can determine if changes have been made by checking the Effective Date below. Your continued use of our Site following the posting of any changes to this Privacy & Cookies Policy means you consent to such changes.