Effective Date: April 30, 2021
Templum Markets LLC (“Templum,” “the Platform”, “us”, “we”, and “our”) and its Affiliates respect your privacy and are committed to keeping your Personal Data safe and secure. We have prepared this policy to explain how we collect and secure Personal Data within the Platform.
Templum will collect personal information from you to establish your account pursuant to U.S. Securities Laws and to confirm your identity. The type of information we collect about you can vary depending on the country from which you access our Services and the relationships we maintain with certain parties who have directed you to the Platform. At Templum, we may collect the following information in order to establish, maintain, and service your account at Templum:
• Personal Identification Information
• Financial Information
• Transaction Data
• Other Information
We also collect information about you from other third-party sources for various purposes including, but not limited to:
• Identity Verification Services. Templum uses a third-party service to assist in making a good verification on your identity in accordance with U.S. regulations.
• Background Information. We may obtain background reports on you from publicly available records as part of our verification procedures.
“Personal Data” is any information which may be related to an identified or identifiable natural person or legal entity, including information that relates to a Subscriber to the Platform. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, phone number, age, gender, an employee, a job applicant, clients, suppliers and other business partners. This also includes special categories of Personal Data (sensitive Personal Data) and confidential information such as health information, account number, identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or confidential information as it pertains to a certain legal entity.
Your Personal Data falls into one of two categories at Templum:
• Tier 1 Personal Data is considered any Personal Data which can be used to “identify” an individual or legal entity (and its controlling members) and also includes legal name, date of birth, government issued identification number (“Personal Identification Information”).
• Tier 2 Personal Data is considered any Personal Data which can be used to “link” to an individual, or legal entity, and includes information which, when combined with other Personal Data, could logically link an individual or legal entity to their identity (or in the case of a legal entity the identity of its controlling members), such as address, employment information, financial information, telephone number, and email address.
Regardless of the category of your Personal Data, such information shall always be:
• processed lawfully, fairly and in a transparent manner in relation to the data subject;
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed;
• processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
To the extent there are any changes to your Personal Data, you should contact the party that has directed you to the Templum Platform. You may also contact Templum’s Chief Compliance Officer to make a request to correct Personal Data which you have previously provided. We may need to verify your identity, including contacting the party that directed you to Templum, if you request a change to your information.
Templum Markets operates the Platform, an alternative trading system that facilitates trades in securities including, but not limited to, debt, equity, profit participation interests, and limited partnership interests that in most cases are not registered under the Securities Act or Section 12(g) the Securities Exchange Act of 1934 (the “Exchange Act”), and in all cases that are not listed on a registered national securities exchange such as the New York Stock Exchange, or the Nasdaq (each a “Security”, and collectively the “Securities”). Templum uses your Personal Data in accordance with applicable law to determine your eligibility to access the Platform and to provide the Platform and any related Services once you have been approved to access the Platform.
Templum may share your Personal Data with its Affiliates and third-party vendors. In such instances, Templum will only share the minimum amount of information required to provide, maintain, and improve upon the Services.
Personal Data (Tier 1 and Tier 2) is shared with Affiliates and third-party vendors as follows:
• To confirm your identity and conduct Know Your Customer (KYC) and Anti-Money Laundering (AML) screenings
• To maintain the official books and records related to your account.
• To prepare tax documentation
• To enable processing of banking and payment functions
• To conduct email and notification services related to the Services
• To perform document signature services related to the Service
• To perform custodial and clearing services related to the Securities
Your Personal Data is also maintained within Microsoft Azure, which Templum uses as its primary database provider to process and store your information. All information within Microsoft Azure is secured by Templum information security procedures which means that no individual within Microsoft can view your Personal Data.
Templum will not share your Personal Data for advertising or marketing purposes. We will only contact you in instances where it is necessary to service your account or where we are required to do so under applicable law.
Processing of Personal Data requires a legal basis. The most predominant legal bases for processing Personal Data within Templum are: (i) Consent from the data subject for one or more specific purposes; (ii) The performance of a contract to which the data subject is party; (iii) A legal obligation or requirement; and (iv) Legitimate interests pursued by Templum.
• Consent. If the collection, registration and further processing of Personal Data on clients, suppliers, other business relations and employees are based on such a person’s consent to the processing of Personal Data for one or more specific purposes, Templum shall be able to demonstrate that the data subject has consented to processing of such Personal Data. Consent shall be freely given, specific, informed and unambiguous. The data subject must actively consent to the processing of Personal Data by a statement or by a clear affirmative action, to him/her. A request for consent shall be presented in a manner which is clearly distinguishable from other matters, in an intelligible and easily accessible form, and using clear and plain language. The data subject is entitled to withdraw his/her consent at any time and upon such withdrawal, we will stop collecting or processing Personal Data about that person unless we are obligated or entitled to do so based on another legal basis.
• Necessary for the Performance of a Contract. It will be legitimate to collect and process Personal Data relevant to the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This applies to all contractual obligations and agreements signed, acknowledged or consented to with Templum, including the Templum Markets Subscriber Agreement.
• Comply with a Legal Obligation. Templum must comply with various legal obligations and requirements. Such legal obligation, to which Templum is subject, may be sufficient as a legitimate basis for processing of Personal Data. In line with GDPR regulations, Templum must also comply with U.S. Securities Laws and Treasury Laws, such as the Bank Secrecy Act. Such legal obligations include obligations to collect, register and/or make available certain types of information relating to employees, clients, etc. Such legal requirements will then form the legal basis for us to process the Personal Data, however, it is important to note whether the provisions allowing or requiring Templum to process certain Personal Data also set out requirements in relation to storage, disclosure and deletion.
• Legitimate Interests. Data will only be processed where it is necessary for the purposes of the legitimate interests pursued by Templum, and these interests or fundamental rights are not overridden by the interests of the data subject. Templum will, when deciding to process data ensure that the legitimate interests override the rights and freedoms of the individual and that the processing would not cause unwarranted harm. For instance, it is a legitimate interest of Templum to process Personal Data on potential Subscribers in order to verify the identity of the customer. The data subject must be given information on the specific legitimate interest if a processing is based on this provision.
• Templum as Data Controller. Templum will be considered a data controller to the extent that we decide by which means the data subject’s Personal Data shall be processed e.g. when a data subject signs, acknowledges or consents to an agreement for service, such as the Subscriber Agreement, with Templum.
• Use of Data Processors. An external “Data Processor” is a company, which processes Personal Data on behalf of Templum and in accordance with Templum’s instructions, e.g. in relation to HR systems, third-party IT providers, etc. When Templum outsources the processing of Personal Data to Data Processors, Templum ensures that said company as a minimum applies the same degree of data protection as Templum.
• Data Processing Agreements. Prior to transfer of Personal Data to the Data Processor, Templum shall enter make commercially reasonable efforts to enter into a written data processing agreement with the Data Processor. The data processing agreement ensures that Templum controls the processing of Personal Data, which takes place outside Templum for which Templum is responsible.
• Disclosure of Personal Data. If the Data Processor is located outside the EU/EEA, the following applies. Before disclosing Personal Data to others, it is the responsibility of Templum to consider whether the recipient is employed by us or not. Furthermore, we may only share Personal Data within Templum if we have a legitimate business purpose in the disclosure. It is Templum’s responsibility to ensure that the recipient has a legitimate purpose for receiving the Personal Data and to ensure that sharing of Personal Data is restricted and kept to a minimum. Templum must show caution before sharing Personal Data with persons, data subjects or entities outside of Templum. Personal Data shall only be disclosed to third parties acting as individual data controllers if a legitimate purpose for such transfer exists. If the third-party recipient is located outside the EU/EEA in a country not ensuring an adequate level of data protection, the transfer can only be completed if a transfer agreement has been entered into between Templum and the third party. The transfer agreement shall be based on the EU Standard Contractual Clauses.
When Templum collects and registers Personal Data on data subjects, Templum is obligated to inform such persons about:
• The purposes of the processing for which the Personal Data are intended as well as the legal basis for the processing;
• The categories of Personal Data concerned;
• The legitimate interests pursued by Templum, if the processing is based on a balancing of interests;
• The recipients or categories of recipients of the Personal Data, if any;
• Where applicable, the fact that Templum intends to transfer Personal Data to a third party and the legal basis for such transfer;
• The period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period;
• The existence of the right to request from Templum access to and rectification or erasure of Personal Data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
• Where the processing is based on the data subject’s consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• The right to lodge a complaint with Templum via the correct procedure or with a supervisory authority;
• Whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the Personal Data and of the possible consequences of failure to provide such data; and
• The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
This information may be provided via a privacy notice on Templum’s Legal Hub.
Any person whose Personal Data Templum is processing, including, but not limited to, Templum employees, job applicants, external suppliers, clients, potential clients, business partners, etc. has the right to request access to the Personal Data which Templum processes or stores about him/her.
• If Templum processes or stores Personal Data about the data subject, the data subject shall have the right to access the Personal Data and the reasons for the data to be processed in relation to the criteria set out in this section.
• The data subject shall have the right to obtain from Templum without undue delay the rectification of inaccurate Personal Data concerning him or her.
• The data subject shall have the right to obtain from Templum the erasure of Personal Data concerning him or her and Templum shall have the obligation to erase Personal Data without undue delay, unless required by law to retain any information for a prescribed period of time, for example, by financial regulators or tax authorities.
• The data subject shall have the right to obtain from Templum restriction of processing, if applicable.
• The data subject shall have the right to receive the Personal Data registered in a structured and commonly used and machine-readable format, if applicable.
• The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her which is based on a balancing of interests, including profiling.
• Any requests received from a data subject to exercise the rights in this clause will be answered as soon as reasonably possible, and no later than thirty (30) days from receipt. Requests shall be forwarded without delay to Templum’s Compliance Team. The Compliance Team will be supported by the Templum Markets’ Chief Executive Officer and Chief Compliance Officer to process the request to meet the reply deadline.
New Products. New products, services, technical solutions, etc. must be developed so that they meet the principles of data protection by design and data protection by default. Data protection by design means that when designing new products or services, due consideration to data protection is taken.
• Templum will take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing.
• Templum shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymizing, which are designed to implement data protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet data protection requirements and protect the rights of data subjects.
Data Protection by Default. Data protection by default requires that relevant data minimization techniques are implemented.
• Templum shall implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which is necessary for each specific purpose of the processing is processed.
• This minimization requirement applies to the amount of Personal Data collected, the extent of their processing, the period of their storage and their accessibility.
• Such measures shall ensure that by default Personal Data is not made accessible without careful consideration.
In certain instances, Templum, its Affiliates, vendors, licensors and agents may collect anonymous, data about your account, including pending or executed orders, bids, offers and other information related to trading activity, general trading market activity and the Platform, including information gained through the use of tags and other means. You agree that we may use this data for purposes of improving our services, and for our other business purposes.
Templum shall, as data controller, maintain records of processing activities under Templum’s responsibility. The records shall contain the following information:
• The name and contact details of the account owner;
• The purposes of the processing;
• A description of the categories of data subjects and of the categories of Personal Data;
• The recipients to whom the Personal Data have been or will be disclosed, including recipients in third parties or international organizations;
• Where applicable, transfers of Personal Data to a third country, including the identification of that third country and, if relevant, the documentation of suitable safeguards;
• Where possible, the envisaged time limits for erasure of the different categories of data; and
• Where possible, a general description of the applied technical and organizational security measures.
Templum shall make the records available to relevant data protection authorities upon request.
Personal Data shall be deleted when Templum no longer has a legitimate purpose for the continuous processing or storage of the Personal Data, or when it is no longer required to store the Personal Data in accordance with applicable legal requirements.
If Templum processes Personal Data that is likely to result in a high risk for the persons whose Personal Data is being processed, a Data Protection Impact Assessment (“DPIA”) shall be carried out. A DPIA implies that Templum will, taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with data protection requirements. The technical and organizational measures shall be reviewed and updated where necessary in a commercially reasonable period of time. Adherence to approved codes of conduct or approved certification mechanisms may be used as an element by which to demonstrate compliance with the appropriate technical and organizational measures pursuant to this clause.
Templum shall comply with both the GDPR and national data protection legislation. If applicable national legislation requires a higher level of protection for Personal Data than such policies/guidelines, such stricter requirements are to be complied with. If Templum’s policies/guidelines are stricter than the local legislation, our policies/guidelines must be complied with.
You understand that we cannot absolutely guarantee the security of the transmission and storage of your Personal Data as the internet is not an absolutely secure environment; however, we have taken numerous steps to ensure that the appropriate technical and organizational measures are in place to demonstrate a high level of data protection and keep, to the best of our ability, your Personal Data secure.
“Affiliates” mean companies related by common ownership or control. They can be financial companies and nonfinancial companies. Templum Markets LLC’s Affiliates include Templum, Inc.
“Nonaffiliates” mean companies that are not related by common ownership or control. They can be financial and nonfinancial companies. Templum does not share Personal Data with nonaffiliates so that they can market to you.
For Nevada residents. We are providing you this notice pursuant to state law. You may be placed on our internal Do Not Call List by calling 800-326-7141. Nevada law requires that we also provide you with the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number - 702-486-3132; email: BCPINFO@ag.state.nv.us.
For Vermont Residents. In accordance with Vermont law, we will not share information we collect about Vermont residents with companies who are Nonaffiliates, except as permitted by law, such as with your consent or to service your accounts. We will not share information about your creditworthiness with our Affiliates without your authorization or consent, but we may share information about our transactions or experiences with you with our Affiliates without your consent.
For California Residents. In accordance with California law, we will not share information we collect about you with Nonaffiliates, except as allowed by law. For example, we may share information with your consent or to service your accounts. Among our Affiliates, we will limit information sharing to the extent required by California law.