Platform Fl, LLC is the owner of the website www.myfundamental.net (“the Website”) and the Fund@mental mobile application (“the App”; collectively and separately known as “the Service”). Platform FL, LLC is committed to protecting your privacy and we understand you want to keep your information private, safe and discrete. This Privacy Policy is designed to help you decide whether to use the Service and in what manner, and it describes how we collect, store and use information on individuals who use the Service.

This Policy is a legally binding agreement between you (“you” or “user”) and us. By visiting, accessing or using the Website or App, or providing information to us in any other format, you agree to and accept the terms of this Privacy Policy, as amended from time to time, and you consent to the collection and use of information in the manner set out in this Policy. We encourage you to review this Policy carefully and to periodically refer to it so that you understand it and its subsequent changes if any. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, PLEASE STOP USING THE SERVICE IMMEDIATELY AND WHERE RELEVANT UNINSTALL.

The registration, access and use of the Service, shall involve the collection, registration and obtaining of various categories of data of users who use the service (hereinafter, without distinction, “User” or “Users”).

The data controller of the personal data of the Users of this Service, is Platform FL, LLC registered in Florida (USA), and located at 8051 N Tamiami trail, suite E6, Sarasota, Fl, 34243. USA (hereinafter, the “Data Controller”). 

The Data Controller is the natural or legal person, who determines and decides the content, means and purposes of the use and processing of the User's personal information.

Data processing means any operation carried out on personal information, through automated or non-automated means, consisting of or implying its collection, registration, structuring, consultation, collation, storage, saving, modification, deletion, limitation, destruction, communication and interconnection.

A personal data is any information referring to a natural person, which allows it to be identified or makes it identifiable without disproportionate effort.

It should be noted that the concept of personal data only applies to information associated with natural persons (not legal persons or companies), so certain business data such as a name or registered office, will not fall within the concept of personal information.

​

Likewise, irreversibly dissociated information, which cannot be linked or singled out in a particular natural person, will not be defined as personal information, but as anonymous information (or non-personal data).

As User of the Service, both during the registration process and in the subsequent use of the Service, as well as in questionnaires of additional information, the Data Controller shall request and have access to personal data, such as:

• Identifying data (e.g. name, surname)

• Contact details (e.g. postal address, email, telephone)

• Personal characteristics (e.g. gender, age) 

• Professional data (e.g. position, employer, professional experience, accreditations, licenses, designations, functions)

• Financial data (e.g. equity, mortgages, asset level, savings capacity, expectations)

Personal information that is not marked as optional on registration forms or questionnaires shall be considered necessary and indispensable to access the service and make use of the Service. Certain fields or categories of data shall be considered optional, such as: licenses, designations, email or secondary telephone.

The holders of the personal information obtained and processed shall be the Service Users, differentiated or divided into four possible profiles: investor (individual or corporate/institutional); advisor; asset manager; and external advisor.

The categories of data requested may vary depending on the type of profile selected by the User when registering and signing up for the Service.

The personal data provided by the user, in the different phases of registration, access and use of the Service, shall be processed by the Data Controller to fulfill the following specific purposes:

• Access to the service provided to the User through the Service and use of the functionalities of the same (configuration of user profile, chat conversations, generation of surveys, synchronization of contacts, notifications about notifications and information of interest).

• Execution and fulfillment of the legal or contractual relationship between the parties (Controller and User), reflected in the acceptance of the terms and conditions of use by the User.

• Sending of informative communications, such as notices of technical incidents, changes in functionality, or updates of the Service and its terms of use, privacy policy and cookies.

• Sending promotional communications electronically, about content, news and services related to the Service.

Production of statistics based on previously anonymized data, limiting the possibility of linking, singling out and inferring the information with a specific natural person or User.

Attention and response to requests for exercise of rights submitted by Users, especially those aimed at the rectification and deletion of their personal data.

Individualized decisions will not be made through automated processing, likely to produce significant legal effects on the rights and freedoms of Users.

The legal bases that legitimize the Data Controller to process the Users' data are essentially the following:

• The free, specific, informed and unequivocal consent of the User, making available this privacy policy, which must be accepted by means of a statement or a clear affirmative action, such as marking a box provided for this purpose. In this sense, it should be noted that omissions or inactions understood as tacit consent do not constitute an unequivocal consent of the User.

• In cases where it is necessary - such as the sending of promotional communications electronically - obtaining the express consent of the User, which enables the Data Controller to send communications electronically for this specific purpose.

• Additionally, the existence and execution of a previous contractual or legal relationship, existing between the Data Controller and the User, by accepting the terms and conditions of use of the service or Service. This legal basis shall also apply, on a supplementary basis, as an exception to the general rule of consent for promotional communications by electronic means.

In no case shall the processing of personal data of Users be carried out without there being legitimate cause or legal basis, which allows to affirm the lawfulness of the processing of the information.

The personal data provided by the User will be kept in the systems and databases of the Data Controller, as long as the latter continues to make use of the Service, and are useful for the purposes that initially motivated its obtaining. At the time any User requests the deactivation of his/her account, or requests the deletion of their information, personal information will be deleted or erased, so that it disappears from the interface of the Service, and may affect the following contents or elements of their account:

​

• Profile and personal information (e.g. identification data, professionals, contact, image)

​​

•  Individual and/or group chats

​​

•  Any user-generated content (e.g. surveys, literary, photographic or audiovisual content) 

​​

•  List of contacts (including those synchronized with the device's agenda or account on the Linkedin social network)

However, the data may be kept internally, in the databases or systems of the Data Controller, for the period of prescription that is necessary with the aim of purging the possible responsibilities derived from the processing, although in any case, an attempt shall be made to adopt and effectively comply with the principle of minimum retention of personal data.

In any case, the information shall be kept subject to blocking and limiting, through strict technical and organizational measures, the access, use and/or visualization thereof, being available only to the competent authorities and bodies that may request or request it, especially in the framework of investigations and administrative or judicial procedures.

Once the aforementioned period has ended, the information will be permanently deleted or destroyed. 

The personal data provided by the Users shall not be transferred to third parties, except under legal obligation or in the event that they are requested by competent authorities or bodies, in the framework of administrative, judicial or investigation procedures.

However, the User is informed that third parties (Ex: Google) may use data storage and retrieval devices (cookies), which allow certain categories of information to be obtained from users of the Service, for analytical purposes, for activity measurement or to generate statistics. You can learn more about these aspects by consulting our Cookie Policy: www.myfundamental.net/cookies-policy.

There is also no provision for international transfers of personal data outside the European Economic Area (EEA), involving international movements of information, and under no circumstances to countries that do not guarantee a sufficient level of reciprocity with regard to the security of personal data.

In the event that this circumstance is modified, it shall be duly recorded in this Privacy Policy, in order to inform the user about the reason for the transmission, the possible recipients and the guarantees adopted. 

On the other hand, certain service providers subcontracted by the Data Controller (hereinafter, the “Data Processors”), such as hosting, system providers and IT media, or cloud services, may have potential access to the personal information of Users, for the sole purpose of fulfilling the services contracted by the Data Controller.

The Data Processors shall be legally linked to the Data Controller, by means of a processing contract, or conditions and terms of service that guarantee the confidentiality, security and secrecy of the information processed.

The personal data provided by the Users shall not be transferred to third parties, except under legal obligation or in the event that they are requested by competent authorities or bodies, in the framework of administrative, judicial or investigation procedures.

The Data Controller shall take the technical and organizational measures necessary to ensure the security, integrity and confidentiality of the data collected and processed through this Service.

Among the main security measures applied by the Data Controller, the following are noteworthy, but not limited to:

• Technical measures to ensure the ongoing confidentiality, integrity, availability and resilience of data processing systems and services.

• Measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, including the regular backup and establishment of back-up recovery protocols and procedures.

• Continuous processing for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

• Techniques of encryption, pseudonymization and/or anonymization of personal data appropriate and adapted to the level of risk or criticality of the information processed.

• Technical measures that allow the adoption of a privacy system by design and by default in the use of the Service.

Likewise, the Data Controller has specific protocols and procedures regarding risk management and the resolution, notification and management of security breaches, with the aim of neutralizing and minimizing any possible damage or condition that may occur, eventually, on the personal information of Users.

There is also no provision for international transfers of personal data outside the European Economic Area (EEA), involving international movements of information, and under no circumstances to countries that do not guarantee a sufficient level of reciprocity with regard to the security of personal data.

In the event that this circumstance is modified, it shall be duly recorded in this Privacy Policy, in order to inform the user about the reason for the transmission, the possible recipients and the guarantees adopted. 

On the other hand, certain service providers subcontracted by the Data Controller (hereinafter, the “Data Processors”), such as hosting, system providers and IT media, or cloud services, may have potential access to the personal information of Users, for the sole purpose of fulfilling the services contracted by the Data Controller.

The Data Processors shall be legally linked to the Data Controller, by means of a processing contract, or conditions and terms of service that guarantee the confidentiality, security and secrecy of the information processed.

The User may exercise at any time his/her rights of access, rectification, deletion, limitation, opposition and portability, as well as revoke the consent initially given when this is the legal basis that legitimizes the processing of his personal data, in a simple way and for free, by communication addressed to the email address: admin@myfundamental.net.

The Data Controller reserves the right to request accreditation that allows verification of the User's identity or additional information that is necessary to be able to comply with their request for the exercise of rights.

We will respond as soon as possible to your request, sending you a response within the legally established deadlines, to the same electronic address used by you to submit the request for the exercise of rights, or, where appropriate, to the additional electronic or physical address indicated to us to send you the answer.

The User is entitled to lodge complaints in defense of his/her rights with the competent data protection authorities or equivalent bodies that have assumed such competence.

The User may submit claims to the competent control authority in their country of habitual residence, taking into account the cooperation mechanisms established among the competent bodies at the international level. In certain countries or territories, data protection supervisory authorities will not be specific, since these powers will be conferred on other competent bodies, for example, in the field of trade or consumption (e.g.: U.S.A).

However, the competence of the national supervisory authority of the User's country of habitual residence will depend to a large extent on the territorial scope of its legislation and, where appropriate, on the extraterritorial nature of such legislation.

The purposes of the User's processing indicated in this Privacy Policy include the possibility for the Data Controller to send promotional communications.

As a general rule, the Data Controller will not send promotional communications electronically to the User of the Service, in the event that the latter has not previously given an express and specific consent for their receipt by this means.

For the purposes hereof, e-mail, instant messaging applications, SMS, MMS, Bluetooth, or any analogous means having equivalent functionalities for the purpose of establishing communications and sending information to a recipient shall be considered electronic means.

For the electronic transmission of this type of promotional communications, the Data Controller will request the express consent of the User, with the aim of obtaining an explicit request in the reception of this type of electronic communications, in accordance with this specific purpose of the processing.

However, as an exception to the general rule, the Data Controller may send promotional communications to the User, provided that there is a prior legal relationship between the parties and such communications refer to services similar to those initially requested by the User and provided through the Service.

The User may unsubscribe from its reception at any time, by request addressed in a simple way and for free, to the email address: admin@myfundamental.net.

The Data Controller reserves the right to make changes to this Privacy Policy, at any time, due to changes in regulations, applicable laws and jurisprudence. Such changes will be recorded by notice to Users, and through the convenient update of the last date of edition of this Policy.

For any questions or queries regarding the processing of your personal data as a User, or in relation to the content of the Privacy Policy, you may contact the Data Controller by communication addressed to the email address: admin@myfundamental.net.

Applicable legislation

The applicable legislation on personal data protection and privacy shall mainly be the legislation in force at European level:

​

• Regulation (EU) 2016/679, of April 27, 2016, or General Data Protection Regulation (GDPR): this standard is superior at the hierarchical level and sets the highest standards of security. Its application is extraterritorial, since it is not essential that the data controller has its headquarters or establishment in the European Union (EU), and can be applied whenever it affects EU citizens.

Other possible rules applicable at European level would be:

• Directive 2000/31/EC of the European Parliament and of the Council of June 8, 2000, on certain legal aspects of information society services, in particular electronic commerce, in the internal market: this rule applies to promotional communications by electronic means.

• Regulation (EU) 2018/1807 of November 14, 2018 for the free movement of non-personal data in the EU: this regulation regulates the processing of anonymous or non-personal data.

Likewise, within the territory of the EU, national regulations of the different countries or Member States in which the Service Users reside may be applicable, provided that their territorial scope requires, for example: (i) the effect on the rights and freedoms of citizens residing in said territory; and/or (ii) that the processing of data takes place in that country or territory, regardless of where the establishment or registered office of the data controller is located.

Processing of Personal Information is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and to comply with our legal obligations.

Since we operate globally, it may be necessary to transfer data, including Personal Information, to countries outside the European Union. In these instances, we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection or enter into legal agreements ensuring an adequate level of data protection.

General

This notice addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulation by the Attorney General (collectively, “CCPA”). Any terms defined in the CCPA have the same meaning when used in this Privacy Notice.

Platform FL, LLC provides disclosures for the 12 months preceding the date the Privacy Notice was last revised, as required by the CCPA vis-à-vis California residents.

This Privacy Notice outlines our practices with respect to the information we collect from you when you use the Service, the manners in which we use such information and the choices available for you.

By accessing, downloading or using our Service, you acknowledge that you have read and understood the terms of this Privacy Notice. If you disagree to any term provided herein, please do not install or use the Service.

In addition to this policy, please also review our Privacy Policy and Terms and Conditions, which this Privacy Notice is incorporated thereto by reference, along with such other policies of which you may be notified of by us from time to time.

​

In our Privacy Notice, you will learn about:

• What Information We Process

• Sources of Personal Information

• Business/Commercial Purpose for Collection

• Sharing Personal Information

• Selling Personal Information

• User Rights Under the CCPA

• Non Discrimination

• Do Not Track Signals

• Record Keeping

• Children's Information

• Updates or Amendments to the Privacy Notice

• How to Contact Us

If you have a visual disability, you may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents of this Privacy Notice.

We may collect and process certain information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”). We treat information that is specifically connected or linked to any Personal Information – as long as such connection or linkage exists – as Personal Information.

​

We may also disclose Personal Information we have collected with our service providers for a business purpose (as further detailed in “Business/Commercial Purpose for Collection” section below), subject to a contract that describes the purpose and restricts the use of Personal Information disclosed, or with other third parties for a commercial purpose, which may be considered a sale under the CCPA.

​

In the 12 preceding months, we have collected, disclosed and/or sold the following categories of Personal Information: please note that you will only find this information in the desktop version of the privacy policy.

​

We may share or transfer Personal Information to third parties as assets that are part of a merger, acquisition, bankruptcy or other transaction in which the third party assumes control of all or part of the Company. Such transfer will be handled according to the requirement of the CCPA and shall not be regarded as a sale of Personal Information under the CCPA.

​