We're currently onboarding companies. Sign up to see when investments go live.

SUTTER SECURITIES GROUP, INC.

FLASHFUNDERS

PRIVACY POLICY

as of December 14, 2021

 

Our Privacy Commitment

 

This Privacy Policy describes the ways Sutter Securities Group, Inc. (collectively the “Company,” “we,” “us” or “our” or the “Firm”) is committed to respecting the privacy rights and concerns of all users of the Company’s website, FlashFunders.com (the “Site”) and customers engaging us to perform other services (the “Services”).  By visiting or browsing the Site or using any of the Services, you consent to the Company’s collection, use, storage, deletion and disclosure of information relating to you as set forth in this Privacy Policy in accordance to Rule 17 CFR 248 of the Securities Act of 1933 -Regulation S-P, Regulation S-ID, and Regulation S-AM.  This Privacy Policy is effective as of the date set forth above and is only applicable to the Site and Services and not to any other websites that you may be able to access from the Site or Services which may have its own data collection and use practices and policies.

 

This policy answers the following questions:

●          What information do we collect about you and how do we use it?

●          Will we share your personal information with third parties?

●          What choices do you have about the collection and use of your personal information?

●          What security measures do we take to safeguard your personal information?

 

 

Types of Information We Collect

 

Personal Information means information that can be used to identify and contact you.

 

Information we collect on the Site or from the Use of Services

 

Personal Information – When you visit or use the Site we may gather certain information using automated means (e.g., cookies and web beacons) including, but not limited to, device identifiers, IP address, browser version and configuration, and operating system details, language preferences and length of visits.  We also collect information that you voluntarily input into our websites or mobile applications.  For example, if you commence an account enrollment process with one of our affiliates, we may collect the information you provide or authorize us to collect, such as your name, email address, and certain financial information. In addition, if you choose to enroll in online services with one of our affiliates, we may also collect other personal information, such as your full legal name, citizenship, contact information, date of birth, Social Security number and other information that may be used to identify you.

 

From individual companies (“Issuers”), Personal Information may include your company name, email address, phone number, facsimile number, business address, state of incorporation, date of incorporation, and officer and director information (including, but not limited to, each such officer’s and director’s name, personal address, date of birth, phone number, facsimile number, occupation and biography, and other information relevant to confirming they are not a “bad actor” within the rules and regulations promulgated under the Securities Act of 1933, as amended (the “Securities Act”).

 

From investors (“Investors”), Personal Information may include your name, email address, phone number, facsimile number, personal address, social security number, bank account information, and other information necessary to verify your identity and status as an accredited investor within the meaning of Rule 501 of Regulation D promulgated under the Securities Act or as an investor qualified to purchase securities offered under Regulation A or Regulation CF (including, but not limited to, accredited investor questionnaire information, information in W-2s, information in brokerage statements, credit report information, information in tax returns, information in letters from your certified public account, legal counsel, or registered broker-dealer).

 

We may also conduct business and collect Personal Information from individuals and institutions located within the European Economic Area (“EEA”).  We are required to protect Personal Information processed in the EEA in accordance with the General Data Protection Regulation (“GDPR”).  To understand more about how we protect the data we collect from individuals and institutions located within the EEA, please see the “Privacy Statement for Data Subjects Whose Personal Information May Be Collected in or from the EEA” section below.

 

 

How We Use Your Personal Information

 

We will use the Personal Information we collect in order to: verify your status as an Issuer or Investor; conduct background checks on Issuers, Investors, and securities offerings (“Offerings”); provide customer support; set up your account; confirm and complete transactions requested by you; verify that the Personal Information is correct; analyze your needs and preferences; customize advertising content to be of interest to you; send you promotional, marketing, or administrative materials and messages; enforce this Privacy Policy and other policies and procedures, as applicable; comply with any legal or regulatory requirements; protect the security of the Site; manage our business operations; and market the products and services of third parties, among other things as applicable.

 

Additionally, we may make your Personal Information non-personally identifiable by either combining it with information about other users (aggregating your Personal Information with information about other users), or by removing characteristics (such as your name or email address) that make the information personally identifiable.  This process is known as de-personalizing your information.  You grant us a royalty-free, worldwide, perpetual, irrevocable and fully transferable right and license to use your Personal Information in connection with the creation and development of analytical and statistical analysis tools relating to the use of the customer data we collect (the “Analytical Data”).  We are expressly authorized to make any commercial use of the Analytical Data, including without limitation, sharing the Analytical Data with third parties.

 

If you are located within the EEA, your Personal Information will not be retained without your consent.

 

Cookies and other Technical Information

 

“Cookies” are small bits of electronic information that a website sends to your browser and are stored on your hard drive.  Like many websites, we employ Cookies in certain areas of the Site to allow us to provide information to make your online experience more convenient.  A user may configure his or her web browsers to accept or reject or delete the Cookies or notify the user when a Cookie is being set. A tracking “pixel” is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page and allows for the collection of information regarding the use of the web page that contains the tracking pixel.  The Company may use third party ad servers to support tracking pixels and Cookies.  We may use Cookies for business purposes such as to help us recognize you as a customer, collect information about your use of the Site or collect information about your computer or other access devices. Or, we may use Cookies for regulatory purposes (i) ensure compliance with our Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) program (“BSA/AML Program”) and (ii) ensure that your account security has not been compromised by detecting irregular or suspicious account activities.

 

Many web browsers provide options to allow you to stop accepting new cookies, or to disable existing cookies. Please be aware that if you disable the cookies on your computer you may not be able to use certain features of this website or other websites and disabling cookies may invalidate opt outs that rely on cookies to function.

 

Log Information

 

Our servers may automatically record information that your browser sends whenever you visit the Site.  This information includes your Internet Protocol address, your browser type and version, the search engine you used to find the Site, if any, and your geo-locational information.  We use this information to monitor and analyze how users use the Site, provide customer service and to maintain and improve the Site.

 

Web Beacons

 

We may employ third party tracking utility software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site by informing us what content is effective.  Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users.  In contrast to Cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.  In short, clear gifs enable two websites to share information with one another.  We do not tie the information gathered by clear gifs to our customers’ personally identifiable information.

 

“Do Not Track”

 

In compliance with California legislation, AB370, effective January 1, 2014, the Company’s practices in responding to “do not track” signals and collecting user information over time and across a network of websites when you visit the Site are described below.  We honor the request of “do not track” signals sent by your browser when you visit the Site.  Additionally, the Company does not collect user information about your online activities over time and across different websites or authorize third parties to do so.

 

Children’s Privacy

 

You must be at least 18 years of age to use the Site.  We do not knowingly collect personal information from children under 13.  Please do not send us any personal information if you are under 13 years of age. We take children’s privacy seriously and encourage parents to play an active role in their children’s online experience at all times.  In the event that we learn that we have collected Personal Information from a minor under 13, we will delete that information and comply with the requirements of the Children’s Online Privacy Protection Act and other applicable law.  If you have any concerns about your child’s Personal Information, please contact us at legal@sutterus.com.

 

 

Will we share your personal information with third parties?

 

Sharing of Information

 

We use your Personal Information as you may direct on the Site from time to time, to complete transactions, respond to your requests, deliver products and services you request, and send communications to you about promotions, updates, or special offers (which may be offered by us or one of our affiliates) that may be of interest to you.  We may share your Personal Information with carefully selected vendors and business partners that perform marketing services and other business operations for us (including providers of banking account and escrow services). We will share your information as necessary to complete a transaction or related services at your instruction.  In addition, we will share the personal information we collect from you under the following circumstances:

 

●          Investors. We may share your information with certain third parties to conduct background checks to verify your status as an Accredited Investor under the Securities Act.  We may also share your information with banking partners in order to create a bank account for investing in Offerings.  The Company may also share your personal information with other third parties necessary to effect the investment transaction, including a third party escrow provider and affiliated transfer agent.

●          Protection of rights.  We will share personal information if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Site, or (iii) such action is appropriate to protect the rights, property or safety of the Company, its employees, clients, or users of the Site and Service.

●          Asset Transfers/Mergers/Strategic Transactions.  If we become involved in a merger, acquisition or other transaction involving the direct or indirect sale of some or all of the Company’s assets, user information, including personal information collected from you through your use of the Site and Service, could be included in the transferred assets.  Should such an event occur, we will use reasonable means to notify you through a prominent notice on the Site.

●          Third Party Vendors.  We may share personal information with third party vendors so that they may provide support to our business operations, including banking services, escrow services, data processing, data storage, surveys, research, internal marketing, delivery of promotional, marketing, and transactional materials, and the Site’s maintenance and security

●          The Company may share your account information if necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (b) as appropriate to enforce its policies and procedures, (c) if necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with this Agreement or the Service, or (d) if appropriate to protect the rights, property or safety of the Company, its employees, or other users of the Service.

 

 

What choices do you have about the collection and use of your personal information?

 

Control of Your Information

 

You may update or delete your Personal Information at any time. Please note that when you ask to delete Personal Information, we may still retain your account information for a reasonable period of time afterward for the purpose of internal account management, meet regulatory recordkeeping requirements and fraud prevention activities.

 

In some cases, we may not be able to delete your Personal Information and will retain and use your information as necessary to comply with our legal obligations, regulatory recordkeeping requirements, resolve disputes, operate our business, manage your account, and enforce our agreements.

 

Privacy Statement for Data Subjects Whose Personal Information May Be Collected in or from the EEA

 

We may collect Personal Information from customers located in the EEA. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use this Site and our Services. If you are located in the EEA or Switzerland, we take measures to comply with applicable legal requirements and ensure adequate protection for the transfer of personal data to recipients in countries outside of the EEA or Switzerland, for instance through data transfer agreements based on the EU Commission’s model clauses, or a Privacy Shield certification.

 

Customers located in the EEA may withdraw consent at any time where consent is the lawful basis for processing their Personal Information. Should a customer withdraw consent for processing or otherwise object to processing that impedes our ability to comply with applicable laws and regulations, such customer may be unable to avail him or herself of the Site or Services we provide.

 

International Data Transfers (Non-EEA)

 

Some of the data recipients with whom we share your personal data may be located in countries other than the country in which your personal data was originally collected. The laws in those countries may not provide the same level of data protection compared to the country from which you initially provided your data. Nevertheless, when we transfer your personal data to recipients in other countries, including the USA, we will protect that information as described in this policy and in compliance with applicable law.

 

RIGHTS UNDER STATE LAW (CALIFORNIA)

If you are a resident of California, USA you may have rights under the California Consumer Privacy Act of 2018 (“CCPA”) regarding your personal information, as described in this section.

 

What is Covered by this Section of the Privacy Policy?

 

Much of the personal information that our Firm collects is exempt from the rights provided by CCPA. The rights under the CCPA described below do not apply, for instance, to personal information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act and its implementing regulations or the California Financial Information Privacy Act. As a general matter, those laws apply to nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes. The CCPA also exempts from most of its provisions, including the privacy policy notification requirements, certain information processed in the business-to-business context (e.g., information about an individual acting in his or her capacity as a representative of a company) and information about employees, job applicants, and contractors when processed in that context. This section (6.B); therefore, does not cover information falling with the scope of these exemptions or to which the CCPA’s relevant provisions do not apply.

 

Access and Deletion Rights Under the CCPA

 

  • Right to Request Disclosure of Personal Information We Collect and Share (Access Rights)
  • Individuals whose personal information is covered by the CCPA have a right to request that our Firm provide the following information:
  • The categories of personal information that our Firm has collected about you;
  • The categories of sources from which our Firm collected the personal information;
  • The business or commercial purposes for which our Firm collected and/or sold the personal information;
  • The categories of any third parties with which our Firm shared the Personal information; or
  • The specific pieces of personal information our Firm collected over the past year.
  • Such individuals may also submit a request for the following additional information:
  • The categories of personal information, if any, our Firm has sold about you, categories of third parties to which our Firm sold that personal information, and the categories of personal information sold to each type of third party;
  • The categories of personal information that we have disclosed for a business purpose; or
  • Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.

 

  • Right to Request the Deletion of Personal Information We Have Collected from You (“Deletion Rights”)
  • Individuals whose personal information is covered by the CCPA may also request that we delete personal information covered by the CCPA that we maintain. Upon receiving and appropriately verifying such a request, our Firm will delete the personal information, unless that information is necessary for our Firm to:  complete the transaction for which we collected the information; provide you with a good or service you requested; perform a contract our Firm entered into with you; detect security incidents; maintain the functionality or security of our firm’s systems; comply with or exercise rights provided by the law; or use the information internally in ways that are comparable with the context in which you provided the information to our Firm or that are reasonably aligned with expectations based on your relationship with our Firm, among other things. We may also retain information where another exception to the deletion requirements in Cal. Civ. Code § 1798.105(d) applies. Please note that if you request that your personal information be deleted, you may no longer be able to access or use certain parts of our or our affiliate’s websites.
  • How to Exercise Access and Deletion Rights
  • To exercise these CCPA rights, please contact us at legal@sutterus.com.
  •  You may also submit a request to our Firm in person through the representative that offered you our Firm’s services.

 

  • Our Processes for Responding to CCPA Requests
  • Verifying requests:  Depending on the nature of your request, we may ask you for additional information to verify your request and identity and a declaration attesting to your identity, signed under penalty of perjury.
  • Timeline for responding:  We will respond to requests for access or deletion as soon as practicable and, in any event, generally within 45 days after receiving your request. We may extend this period to 90 days in some cases.
  • Using an agent:  You may designate an agent to submit a request on your behalf.
  • Requests for household information:  There may be some types of personal information that can be associated with a household. Requests for access or deletion of household personal information must be made by each member of the household.
  • Sales of Information:  We do not and will not sell personal information, nor have we sold any of the categories of personal information in the last 12 months.
  • Non-discrimination:  We are committed to complying with the law. If you exercise any of the rights explained in this policy, we will continue to treat you fairly.
  • Accessibility:  our Firm is committed to ensuring that our communications, such as our Sites, are accessible to individuals with disabilities. To submit accessibility‑related requests or report barriers to accessibility, please contact us at legal@sutterus.com.

 

What security measures do we take to safeguard your personal information?

 

The Personal Information that you provide to us is stored on servers that are located in secured facilities and protected by protocols and procedures designed to ensure the security of such information.  In addition, we restrict access to personal information to employees, independent contractors and agents who need to know this information in order to develop, operate and maintain the Site and Service. We strive to protect user information through technical, physical and administrative policies and procedures. Once we receive a transmission from you, we will endeavor to maintain its security on our systems.  Please be aware though that there is no such thing as “perfect security” on the Internet, and third parties may unlawfully intercept or access transmissions or private communications. We will not be responsible or liable for any damages, losses or causes of action arising out of or in connection with the disclosure of your personally identifiable information.

 

Notification of Changes

 

This Privacy Policy is effective as of the date set forth above and applies to the Site and Service.  This Privacy Policy may change from time to time and we will post all changes on the Site.  You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you use the Site or Service after the updated Privacy Policy is posted on the Site.  If at any point you do not agree to any portion of the Privacy Policy then in effect, you must immediately stop using the Site and Service.

 

Questions?  Contact Us

 

If you have any questions about our privacy practices or this Privacy Policy, please contact us by email at legal@sutterus.com.