Privacy and Cookie Policy

LAST MODIFIED: JULY 2019

This Privacy and Cookie Policy (this “Policy”) describes the ways in which MG3 Software, LLC (“MG3”) collects, uses, and discloses information about the Customer, including personally identifiable information, in connection with the Customer's use of InvestNext and the services that MG3 provides to the Customer (collectively, the “System”). Throughout this Policy, “Customer” refers to the individual or entity who accesses, uses or registers to use the the System. By using the System, the Customer consents to the use of information as set forth in this Policy.

  1. Definitions.

    1. Highly-Sensitive Personal Information. Means an (i) individual’s government-issued identification number; (ii) financial account number information.

    2. Identifiable Natural Person. Means one who can be identified, directly or indirectly, in particular by reference to an identifier including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses, identification numbers, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    3. Personal information. Means information provided to MG3 by or at the direction of the Customer, or to which access was provided to MG3 by or at the direction of the Customer that: (i) relates to an identified or Identifiable Natural Person (a “Data Subject”); or (ii) can be used to authenticate a Natural Person (including, without limitation, employee identification numbers, government issued identification numbers, passwords or PINs, financial account numbers, credit report information, answers to security questions and other personal identifiers), in case of both subclauses (i) and (ii), including, without limitation, all Highly-Sensitive Personal Information. The Customer’s business contact information is not by itself deemed to be Personal Information.

    4. Authorized Persons. Means (i) MG3’s employees who have a need to know or otherwise access Personal Information to enable MG3 to perform its Services; and (ii) MG3’s contractors who have a need to know or otherwise access Personal Information to enable MG3 to perform its services.

  2. This Policy.

    1. Scope. MG3 hosts and operates the System on behalf of the Customer, who, together with MG3, utilize the System to provide certain investor management and communication services (the “Services”). In the course of providing the Services to the Customer, MG3 may collect Personal Information. MG3 does not collect Personal Information except to perform the Services for the Customer, or as specifically set forth in this Policy. MG3 is not responsible for the use of Personal Information by the Customer; any such use will be subject to the Customer’s applicable privacy policies and terms of use.

    2. Changes to this Policy. MG3 reserves the right to update this Policy from time to time by posting a new Policy on the System homepage, and in some cases where changes are material, MG3 may also contact the Customer via electronic mail or post a notice on the homepage to let the Customer know of such changes. The Customer is advised to consult this Policy regularly for any changes. The Customer’s continued use of the System after such changes have been made constitutes acceptance of those changes.

  3. Collection of Information.

    1. Information that the Customer Provides. MG3 collects any information that the Customer voluntarily provides, including when the Customer created an account on the System or when the Customer uses the Services available through the System. Information that the Customer may provide includes their email address, name, phone number, location, bank account information, financial information, and online social accounts. MG3 may also collect information that the Customer provides by electronic mail, telephone or other means, including correspondence with MG3.

    2. Automatically Collected Information. MG3 may automatically collect certain technical information from the Customer’s computer or mobile device when the Customers uses the System, such as the Customer's Internet Protocol address, the Customer's web browser type and version, the name and version of the Customer's operating system, the pages Customers view on the System, the pages Customers view immediately before and after Customers access the System, and the search terms the Customer enters on the System. This information allows MG3 to recognize the Customer and personalize their experience if they return to the System using the same computer or mobile device, and to improve the System and the Services.

    3. Service Providers. The Customer may voluntarily provide information to Dwolla (a third-party payments provider) and Lob (a third-party payments and mailing service). Information that the Customer may provide includes their name, email address, date of birth, bank account information, social security number, and employer identification number. Any information provided to Dwolla or Lob can be used in accordance to their respective privacy policies.

    4. Information about Legal and Other Materials. In addition, MG3 may collect technical information from the Customer’s computer or mobile device concerning the Customer’s receipt of communications, access to materials and approval or execution of contracts, consents or other statements or agreements by means of the System, including the System’s Terms of Use and this Policy.

    5. Cookies. MG3 may collect this information using “cookies,” which are small text files that the System saves on the Customer's computer or mobile device, or similar technologies. Customer can disable cookies in their browser settings, but doing so may affect the functionality of the System. MG3 may also collect information using “web beacons,” which are clear electronic images that can recognize certain types of information on the Customer's computer, such as cookies, when Customer viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon or using unique links that can distinguish when individual users click the link. Web beacons and unique links, alone or in conjunction with cookies, may help MG3 compile information about the Customer's interactions with electronic mail sent to Customer in connection with the Services. For further information, see the Cookie Policy in section 7 below.

    6. Information We Collect from the Customer and Other Third Parties. MG3 may collect information about Data Subjects being managed in the System from the Customer and other third-party sources. For instance, a Customer that invited an individual to use and/or register an account on the System may facilitate the account registration process by uploading certain information about the individual that is already in the Customer’s possession.

    7. Cross-Site Tracking. MG3 does not utilize technical measures in the System to track the Customer's activities across different web sites or online services, whether the Customer configures their browser’s Do Not Track feature or otherwise. The System does utilize third-party application programming interfaces controlled by third parties, such as to display maps and graphs, that may attempt to track the Customer's activity across other sites that utilize those interfaces.

    8. Use by the Customer.The System processes the Customers' information as they direct and in accordance with MG3’s agreement with the Customer, but MG3 does not have control over its collection or management. MG3’s agreement with the Customer prohibits us from using that information, except as necessary to provide and improve the System, as permitted by this Policy, and as required by law. We have no direct relationship with Data Subjects who provide Personal Information to the Customer. MG3 acknowledges that the Customer has the right to access their Personal Information. The Customer controls and is responsible for correcting, deleting or updating information they have collected from Data Subjects, using the System. If requested to remove data MG3 will respond within a reasonable timeframe. MG3 may work with the Customer to help them provide notice to Data Subjects about their data collection, processing and usage. We are not responsible for our customers' use of information they collect in the System. The System manages information under the direction of the Customer, and MG3 has no direct relationship with the Data Subjects whose Personal Information the System processes.

    9. Reviewing and Updating Information. The System and related documentation gives the Customer the ability to access and update their information from within the System. The Customer can update their profile information within their profile settings and modify content that contains information about them using the editing tools associated with that content.

  4. Use and Disclosure of Information. MG3 may collect, use, share, and otherwise process the Customer's personal information for a number of purposes, including, but not limited to:

    1. Accessing the System and Providing the Services. MG3 uses the Customer's Personal Information to provide Services, or products, services or information related to the System or the Services; providing the Customer with information about the System, Services or required notices; customizing the Customer's experience when using the System, such as by providing interactive or personalized elements on the System; and providing the Customer with content based on their interests. The legal basis for such use are the System’s Terms of Use and this Policy.

    2. Analysis. MG3 uses the Customer's Personal Information for improving the System and/or the Services, including by (i) combining or aggregating any of the information collected through the System or elsewhere for generating and analyzing statistics about the Customer's use of the System and user demographics and traffic patterns and (ii) using anonymized data that may or may not be derived from Personal Information but does not personally identify the Customer for the purpose of enhancing the Services and developing new Service offerings. The legal basis for such use are the System’s Terms of Use and this Policy and MG3’s legitimate interest in improving the System and Services.

    3. Marketing. If the Customer submits their information to MG3, MG3 may provide the Customer with information about the System, Services or required notices. MG3 does not sell or share the Customer's Personal Information with other companies so that they can market to the Customer. The Customer has the right to ask MG3 not to process their Personal Information for marketing purposes and MG3 will cooperate with the customer in accommodating such request.

    4. Security. MG3 may use the Customer's Personal Information for safety and security purposes, including sharing of the Customer's information for such purposes, when it is necessary to pursue MG3’s legitimate interests in ensuring the security of the System and Services, including detecting, preventing and responding to fraud, intellectual property infringement, violations of the System’s Terms of Use, violations of law or other misuse of the System; and when MG3 believes in good faith that disclosure is necessary (A) to protect MG3’s rights, the rights of the customer or other users of the System, the integrity of the System, or the Customer's safety or the safety of others, or (B) to detect, prevent or respond to fraud, intellectual property infringement, violations of the System’s Terms of Use, violations of law or other misuse of the System.

    5. Service Providers. MG3 engages and shares information with third-party service providers (such as payment processors, hosting providers and analytics and security providers) to assist in operating and marketing the System. MG3’s engagement of third-party service providers is often necessary for MG3 to provide the Services to the Customer, particularly where such third-party service providers ensure that the System and Services are operating and secure. In other cases, MG3 has a legitimate interest in third-party service providers that can help improve the System and the Service.

    6. Other Disclosure. MG3 may disclose Personal Information about the Customer to others: (a) if MG3 has the Customer's valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation; (c) to enforce any of the MG3 terms and conditions or policies; or (d) as necessary to pursue available legal remedies or defend legal claims. MG3 may also transfer the Customer's Personal Information to an affiliate, a subsidiary or a third party in the event of any reorganization, merger, acquisition or sale, joint venture, assignment, transfer or other disposition of all or any portion of MG3’s business, assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any such entity that MG3 transfer Personal Information to will not be permitted to process the Customer's Personal Information other than as described in this Policy without providing the Customer notice and, if required by applicable laws, obtaining the Customer's consent.

  5. Handling of Personal Information.

    1. MG3 acknowledges and agrees that, in the course of its engagement with the Customer, MG3 may receive or have access to Personal Information. MG3 shall comply with the terms set forth in this Policy in its collection, receipt, transmission, storage, disposal, use and disclosure of such Personal Information and be responsible for the unauthorized collection, receipt, transmission, access, storage, disposal, use and disclosure of Personal Information under its control or in its possession by all Authorized Persons.

    2. MG3 agrees and covenants that it shall:

      1. keep and maintain all Personal Information in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use or disclosure;

      2. use and disclose Personal Information solely and exclusively for the purposes for which the Personal Information, or access to it, is provided pursuant to the terms and conditions of this Policy, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Information for MG3’s own purposes or for the benefit of anyone other than the Customer, in each case, without the Customer’s prior written consent; and

      3. not, directly or indirectly, disclose Personal Information to any person other than its Authorized Persons without express written consent from Customer.

  6. Storage.

    1. Jurisdiction. Information collected through the System will be stored in, processed in and subject to the laws of the United States, which may not provide the same level of protection for the Customer's information as the their home country, and may be available to the United States government or its agencies under a lawful order made in the United States. By using the System, the Customer consents to such transfer to, storage in and processing within the United States.

    2. Security. MG3 is committed to protecting the Customer's information from unauthorized access, use or disclosure. The system and its operators maintain administrative, technical and physical safeguards designed to protect the information collected through the System. For example, all information the Customer transmits to the System is encrypted using Transport Layer Security technology (TLS). However, no information or communication system can be 100% secure, so MG3 cannot guarantee the absolute security of the Customer's information. In addition, MG3 is not responsible for the security of information that the Customer transmits to the System over networks that MG3 does not control, including the Internet and wireless networks.

    3. Retention. MG3 will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. If the Customer wishes to access or correct any information MG3 holds about them, the Customer may have their data deleted, blocked or corrected (as long as compliant with applicable law). MG3 also collects and retains information through the System in an anonymized form, i.e. tracking the pages the Customer visits and how long was spent on each page. Any data shared with a third-party service provider will be retained in accordance with the service provider’s privacy policy and procedures.

    4. Return and Destruction of Personal Information At any time during the course of its engagement with the Customer, at the Customer’s written request or upon the termination or expiration of its Agreement with the customer, for any reason, MG3 shall, as an Authorized Person, promptly return to the Customer all copies, whether in written, electronic or other form or media, of Personal Information in its possession, or securely dispose of all such copies, and certify in writing to the Customer that such Personal Information has been returned to Customer or disposed of securely. MG3 shall comply with all reasonable directions provided by Customer with respect to the return or disposal of Personal Information.

  7. Cookie Policy. This section provides MG3’s cookie policy and describes how MG3 uses Cookies and similar technologies. For more information on MG3’s general data privacy practices, please see the full Policy.

    1. Cookies. Cookies are small pieces of data that are stored on the Customer's computer, mobile phone, or other device when the Customer first visits a page. MG3 uses cookies, web beacons and similar technologies (“Cookies”) to enhance the Customer's user experience, understand the Customer's usage of the System and Services and to perform analytics. Cookies may also be set by other websites or services that run content on the page the Customer is visiting. The provision of the Customer's data via Cookies is voluntary except for those Cookies that MG3 places on the Customer's device because it is necessary for the performance of the System or Services. MG3 uses “session cookies” and “persistent cookies.” Session Cookies are temporary Cookies that remain on the Customer's device until the Customer leaves the System or Services. A persistent Cookie may remain on the Customer's device for much longer until the Customer manually deletes it.

    2. Use. Cookies can contain the following information about the Customer and their use of the System: browser type, search preferences, data relating to which pages of the System that Customer has visited and the date and time of the Customer's use. MG3 uses Cookies for the following purposes:

      1. To enable and support security features, prevent fraud, and protect the Customer's data from unauthorized access.

      2. To enable features and help us provide the Customer with personalized content.

      3. To analyze how the Customer uses the System and to monitor site performance. These Cookies help us to identify and fix errors, understand and improve services, research and test out different features, and monitor how the Customer reached the System.

    3. Third-Party Cookies. MG3 uses the following third-party Cookies on the System:

      1. Dwolla (if applicable). Our application provides the option to transfer funds via Dwolla. If the Customer interacts with Dwolla via our application, they may encounter cookies used by Dwolla in their internal operations. See https://www.dwolla.com/legal/privacy/ for details.

      2. Lob (if applicable). Our application provides the option to automatically send physical statements and checks via Lob. If the Customer interacts with Lob via our application, they may encounter cookies used by Lob in their internal operations. See https://lob.com/legal/privacy for details.

      3. HelloSign (if applicable). Our application provides the option to execute agreements via HelloSign. If the Customer interacts with HelloSign via our application, they may encounter cookies used by HelloSign in their internal operations. See https://www.hellosign.com/privacy for details.

      4. Nylas (if applicable). Our application provides the option for users to synchronize their email clients via Nylas and automatically track email communications in InvestNext. If the Customer interacts with Nylas via our application, they may encounter cookies used by Nylas in their internal operations. See https://www.nylas.com/privacy-policy/ for details.

      5. YouTube and Vimeo. Our application provides a capability to embed video from Wistia, YouTube, or Vimeo as part of offering marketing materials. If the Customer views marketing materials containing embedded video, the video player may use cookies in its internal operations, including functions such as tracking how many visitors play the video, and how much of the video they play. See https://policies.google.com/privacy, and https://vimeo.com/privacy for details.

      6. Kayako. MG3 provides help materials via an integration with Kayako. When the Customer uses our help center, they may encounter cookies used by Kayako in their internal operations. See https://www.kayako.com/about/privacy for details.

      7. MailChimp. MG3 utilizes MailChimp for sending updates about the System, such as announcements describing new features, to staff users of MG3. MailChimp may utilize web beacons or other cookies in their internal operations. See https://mailchimp.com/legal/privacy/ for more details.

    4. Opting Out. The Customer can control and/or delete cookies as they wish – for details, see www.aboutcookies.org. The Customer can delete all cookies that are already on their computer and the Customer can set most browsers to prevent them from being placed. If the Customer does this, however, they may have to manually adjust some preferences every time the Customer visits a site and some services and functionalities may not work as intended by MG3.

  8. GDPR.

    1. From May 25th, 2018, if the Customer is a resident of the European Union, MG3 will process the Customer's Personal Information in compliance with the EU General Data Protection Regulation (“GDPR”). For information submitted using the System, MG3 Software, LLC is the data processor, as defined under GDPR. In accordance with GDPR, as a Data Subject the Customer will be accorded with any applicable rights, which may include the following:

      1. right of confirmation;

      2. right of access;

      3. right to rectification;

      4. right to erasure;

      5. right of restriction of processing;

      6. right to data portability;

      7. right to object;

      8. right to withdraw data protection consent; and

      9. the right to lodge a complaint with a supervisory authority.

  9. Third-Party Websites. The System and communications from MG3 may contain links to websites operated by third parties, including sites operated by the Customer. The Customer acknowledges and agrees that MG3 is not responsible for the collection and use of the Customer’s information by such websites that are not under MG3’s control. MG3 encourages the Customer to review the privacy policies of each website they visit.

  10. Children’s Information. The System is not directed to, nor does MG3 knowingly collect information from, children under the age of 13. If the Customer becomes aware that the Customer's child or any child under the Customer's care has provided information without the Customer's consent, please contact MG3 immediately using the contact information provided below.

  11. Other Agreements. The Customer may from time to time enter into binding legal agreements relating to certain Services available through the System, which may have terms that are different from those of this Policy. In the event of any inconsistency, the terms of such other agreement shall control with respect to such Services.

  12. Contact Information. If the Customer has any questions about this Policy or the collection or use of information about them, please write to MG3 at privacy@investnext.com or 1420 Washington Blvd, Suite 301, Detroit, MI 48226.

  13. Google User Data. Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App's use of that data will be subject to these additional restrictions:

    1. The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read,and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

    2. The App will not use this Gmail data for serving advertisements.

    3. The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App's internal operations and even then only when the data have been aggregated and anonymized.