Privacy Notice

Notice Last Updated: [July 23, 2020]


Your privacy is very important to us.  This notice (this "Privacy Notice") is provided by Energy Domain Securities, LLC (collectively referred to herein as the “Firm”, “we”, “us” or “our”), and sets forth the policies of the Firm for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data and personal information (collectively referred to herein as “Personal Information”) relating to current, prospective and former customers, as applicable.  This Privacy Notice is being provided in accordance with the requirements of data privacy laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), the US Gramm-Leach-Bliley Act of 1999, as amended, or any other law relating to privacy or the processing of personal data and any statutory instrument, order, rule or regulation implemented thereunder, each as applicable to the Firm and our customers (collectively, “Data Protection Law”).  References to “you” or a “customer” in this Privacy Notice mean any buyer or seller who is an individual, or any individual connected with an buyer or seller who is a legal person (each such individual, a “data subject”), as applicable. For the purposes of EEA and UK data protection laws, we are the controller of your Personal Information.

Please read this Privacy Notice carefully because it provides important information and explains your rights. Please visit this website from time to time, as we may update our notice for changes in the law or our data practices. If you have any questions or concerns, or wish to exercise your privacy rights, we invite you to contact us by any of the methods listed at the end of this Privacy Notice.

Who are we?

We are a broker-dealer platform connecting buyers and sellers with oil and gas interests. This Privacy Notice explains how we use the Personal Information we hold on prospective, current, or former buyers and sellers, and the rights you may have in relation to that Personal Information.

We may use your information jointly with our affiliated operating companies worldwide.  

What does this Privacy Notice cover?

We take your privacy seriously. This notice:

  • sets out the types of Personal Information that we collect about you;
  • explains from where we collect Personal Information about you;
  • explains how and why we collect and use your Personal Information;
  • explains when, why and with whom we will share your Personal Information;
  • explains the different rights and choices you have when it comes to your Personal Information; and
  • explains how you can contact us.

What Personal Information have we collected in the past 12 months?

It is routine for us to collect, process and store Personal Information about you over the course of your relationship with us.

Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not include deidentified or aggregate information.

The following chart describes the categories of Personal Information we collect from youmay have collected about you in the past 12 months and, for each category, where and why we collected it, and the categories of entities with which we shared or sold the Personal Information, if any. We do not and will not sell your Personal Information to third parties.

Category of Personal Information (PI)

Sources from which PI was collected

Purpose of collection

Categories of entities with whom PI was shared

Address and other identifiers – such as name, postal address, email address, signature, nationality, citizenship, domicile, tax identification number, date and place of birth, birth certificate, passport details, driver’s license, job title, job role, and copies of identification documents or other similar identifiers

Directly from you or from another person on your behalf.

Recording and monitoring of telephone conversations and electronic communications with you.

Administering the relationship between you and us (including communications reporting, processing transactions and resolving any complaints or disputes you are involved in).

Complying with applicable legal or regulatory requirements (including anti-money laundering, know-your-client, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Direct marketing of our products and services.

Monitoring and analysinganalyzing our activities.

Business management and planning, including accounting and auditing.

Affiliates (i.e., financial and non-financial companies related to us by common ownership or control)

Non-affiliates (i.e., financial or non-financial companies not related to us by common ownership or control) where you may direct us to share your information, or you otherwise intentionally interact with.

Third party service providers.

Government authorities or other entities with legal authority to receive the data

Financial information – such as bank account details, information about assets or net worth, credit history, source of funds details or sensitive information

Directly from you or from another person on your behalf.

Information that we obtain in relation to any transactions between you and us.

Recording and monitoring of telephone conversations and electronic communications with you.

Administering the relationship between you and us (including communications,  reporting, processing transactions and resolving any complaints or disputes you are involved in).

Complying with applicable legal or regulatory requirements (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Direct marketing of our products and services.

Monitoring and analysinganalyzing our activities.

Business management and planning, including accounting and auditing.

Affiliates (i.e., financial and non-financial companies related to us by common ownership or control) or non-affiliates (i.e., financial or non-financial companies not related to us by common ownership or control) where you may direct us to share your information, or you otherwise intentionally interact with.

Third party service providers.

Government authorities or other entities with legal authority to receive the data.

Commercial information – such as records of personal property, products or services purchased, obtained, or considered, investment history and holdings, investment performance data, or other purchasing or consuming histories or tendencies

Directly from you or from another person on your behalf.

Information that we obtain in relation to any transactions between you and us.

Administering the relationship between you and us (including communications,  reporting, processing transactions and resolving any complaints or disputes you are involved in).

Complying with applicable legal or regulatory requirements (including anti-money laundering, know-your-client, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Business management and planning, including accounting and auditing.

Third party service providers.

 

Government authorities or other entities with legal authority to receive the data

Compliance information – including screening results of whether customers comply with Office of Foreign Assets Control (OFAC) and other sanction laws/requirements.

Directly from you or from another person on your behalf.

Information that we obtain in relation to any transactions between you and us.

Complying with applicable legal or regulatory requirements (including anti-money laundering, know-your-client, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Third party service providers.

Government authorities or other entities with legal authority to receive the data

Where Personal Information is required to satisfy a statutory obligation (including compliance with applicable anti-money laundering or sanctions requirements) or a contractual requirement, failure to provide such information may result in your account on the platform being rejected or compulsorily withdrawn, as applicable. Where there is suspicion of unlawful activity, failure to provide Personal Information may result in the submission of a report to the relevant law enforcement agency or supervisory authority.

We may share your Personal Information with our affiliates for direct marketing purposes, such as offers of products and services to you, by us or our affiliates.  

You have a right to object to the processing of your Personal Information where the processing is carried out for our legitimate interests or for direct marketing, by contacting us at [email address] or [phone].

How we use cookies?

Like most websites, our site uses small data files stored on your computer called cookies. Cookies consist of two different types; session and persistent. Session cookies enable us to recognize your actions during the browsing session, are temporary and expire when you close your browser and are not stored beyond this. Persistent cookies remain stored on your device after you close your browser until they expire or when you delete them.

Cookies give us insight into how people use our website to help us keep improving it. Cookies do lots of different things, such as helping us to:

  • avoid asking you to register or complete details twice;
  • estimate the number of visitors to our site, including the source and patterns relating to this traffic; and
  • understand how visitors use the site, and how we can enhance this experience.

Certain of these cookies are strictly necessary to the access and operation of the site and other cookies used are non-essential to the access and operation of the site.

Please see below for more information on our use of cookies.

Name

Cookie

Purpose

[Note to firm: Please insert name of cookie used on website. Examples below. ]

[Note to firm: Please insert type of cookie used on website e.g., session or persistent. Examples below.]

[Note to firm: Please insert purpose of cookie. Examples below.]

Google Analytics

Non-essential persistent cookies

These cookies are used to:

  • give us insight into how people use our site in order to help us improve the site; and
  • provide estimates of the number of visitors         to our site, including the source and patterns of the user traffic, in order to see how we can enhance your experience when visiting the site.

We will only use Google Analytics where we have your prior consent to do so, which can be given via the cookie banner on our site.

CSRFToken

Essential persistent cookie

Used by the core EnergyDomain application to securely identify logged-in users.

sessionid

Essential persistent cookie

Used by the core EnergyDomain application to track user status

How do I manage my cookie settings?

You are able to accept or reject all cookies, including cookies that are necessary to the functioning and accessibility of our website, via your browser settings. Please note, that rejecting necessary cookies may have an impact on the functioning of the website.

In addition, you can also manage your preferences through the cookie banner on the homepage of our website, where you have the option of accepting the use of non-essential cookies on your device.

What categories of Personal Information will we collect in the next 12 months and why?continue to collect?

We will continue to collect the same categories of Personal Information listed in the charts above, for the same purposes.  If this should change, we will issue an updated Privacy Notice.

Additional facts about how we share your Personal Information

The third parties with whom we share your Personal Information are bound to comply with similar and equally stringent undertakings of privacy and confidentiality.

We also share your Personal Information with third parties to comply with legal obligations; when we believe in good faith that an applicable law requires it; at the request of governmental authorities or other third parties conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to our websites, our businesses, or the public.

We do not grant access to your Personal Information to any other third parties unless we say so in this Privacy Notice or unless the law requires it.

Retention periods and how we keep your Personal Information secure

We will not retain Personal Information for longer than is necessary in relation to the purpose for which it is collected, subject to Data Protection Law. Your Personal Information will be retained for the duration of your account on our platform, as applicable, and for a minimum period of six years after termination of your account, as applicable. We may retain Personal Information for a longer period for the purpose of marketing our products and services or compliance with applicable law. From time to time, we will review the purpose for which Personal Information has been collected and decide whether to retain it or to delete it if it no longer serves any purpose to us.

We aim to protect your Personal Information from unauthorized access and use, by implementing and maintaining reasonable security appropriate to the nature of the Personal Information that we collect, use, retain, transfer or otherwise process.  Our reasonable security program is implemented and maintained in accordance with applicable law and relevant standards, including, in accordance with the report issued by the California Attorney General in February 2016, available at https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf.  Specifically, among other safeguards, our reasonable security program implements and maintains all 20 of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense identified in Appendix A of the California Attorney General Report. As noted in that report, “there is no perfect security,” and reasonable security is a process that involves risk management rather than risk elimination.  While we are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented.  Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.

We will notify you of any material Personal Information breaches affecting you in accordance with the requirements of Data Protection Law.

What about marketing?

You may control marketing communications at any time by opting out of future communications through the link at the end of our emails.  

Do we respond to “Do Not Track” signals?

We may track online activity on our site over time, including referral URLs.  We do not respond to browser or do not track signals.

International Transfers

Because of the international nature of broker-dealer business, Personal Information may be transferred to countries outside the EEA (“Third Countries”), such as to jurisdictions where we conduct business or have a service provider, including countries that may not have the same level of data protection as that afforded by the Data Protection Law in the EEA. In such cases, we will process Personal Information (or procure that it be processed) in the Third Countries in accordance with the requirements of the Data Protection Law, which may include having appropriate contractual undertakings in legal agreements with service providers who process Personal Information on our behalf in such Third Countries.

How do you access or request deletion of your Personal Information?

You can log into your account to access or request deletion of certain information about yourself, or you can do so by using the contact details set out at the end of this Privacy Notice.  For security purposes, you may be required to provide additional information to verify your identity and validate your request, and the number of identification points may vary depending on the nature and sensitivity of the information you seek.  Moreover, we may not be able to grant all requests, as an exception may apply and/or we may be required to retain information for record keeping or other legal compliance purposes.  We endeavourendeavor to promptly reply to any privacy rights requests, but at least shall reply to your request within the time frames required by applicable local law.

Requests for Household Information. There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling).  Requests for access or deletion of household Personal Information must be made by each member of the household, and each request must be verified before we can fulfil a household request.

Authorized Agents.  You may designate an agent to submit requests on your behalf.  The agent can be a natural person or a business entity that is registered with the California Secretary of State.  Authorized Agents are required to verify your identity and the agent relationship, as further described below.

What rights do you have in relation to the Personal Information we hold on you?

European Economic Area (EEA) Residents

If based in the EEA you have certain rights under the GDPR in relation to our processing of your Personal Information and these are, generally: (i) the right to request access to your Personal Information; (ii) the right to request rectification of your Personal Information; (iii) the right to request erasure of your Personal Information (the “right to be forgotten”); (iv) the right to restrict our processing or use of Personal Information; (v) the right to object to our processing or use where we have considered this to be necessary for our legitimate interests (such as in the case of direct marketing activities); (vi) where relevant, the right to request the portability of your Personal Information; (vii) where your consent to processing has been obtained, the right to withdraw your consent at any time; and (viii) the right to lodge a complaint with a supervisory authority. You should note that your right to be forgotten that applies in certain circumstances under the GDPR is not likely to be available in respect of the Personal Information we hold, given the purpose for which we collect such Information, as described above.

You may contact us at any time to limit our sharing of your Personal Information. If you limit sharing for an account you hold jointly with someone else, your choices will apply to everyone on your account. US state laws may give you additional rights to limit sharing.

U.S. Residents

Residents of certain states may have the following additional privacy rights.  

Your Right To Request Access To Information We Collect And Share About You

We are committed to ensuring that you know what information we collect about you.  You can submit a request to us for the following information, with respect to certain Personal Information we have collected:  

  • The categories of Personal Information we have collected about you.
  • The categories of sources from which we collected the Personal Information.
  • The business or commercial purposes for which we collected or sold the Personal Information.
  • The third parties with whom we shared the information.
  • The specific pieces of information we collected about you.

We are also committed to ensuring that you know what information we share about you.  You can submit a request to us for the following further information:  

  • The categories of Personal Information (if any) that we have sold about you, the third parties to whom we sold that Information, and the category or categories of Personal Information sold to each third party.
  • The categories of Personal Information that we have shared with Service Providers who provide services to us.  

Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.

Your Right To Request The Deletion Of Personal Information We Have Collected From You  

Upon your request, we will delete certain Personal Information we have collected about you, except for situations where specific information is necessary for us to: provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law.  The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.

We Are Committed To Honoring Your Rights And Ensuring Fair Treatment

We are committed to providing customers control over their Personal Information.  If you exercise any of the rights explained in this Privacy Notice, we will continue to treat you fairly. In particular, this means that customers who exercise their rights under this Privacy Notice will not be denied or charged different prices or rates for goods or services, and individuals will not be offered a financial incentive for their Personal Information, or provided a different level or quality of goods or services than others unless those differences are reasonably related to the value of your Personal Information to the Firm. 

How will we handle a request to exercise your rights?

For requests for access or deletion, we will first acknowledge receipt of your request within 10 days of receipt of your request.  We will provide a substantive response to your request as soon as we can; (i) within one month from receipt of your request, where you are a resident in the EEA; and (ii) generally within 45 days from receipt of your request where you reside in the U.S.. Although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances.  If we expect your request is going to take us longer than normal to fulfil, we’ll let you know.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.

In some cases, the law may allow us to refuse to act on certain requests.  When this is the case, we will endeavour to provide you with an explanation as to why.  

How will we verify your identity when you submit a access or deletion request?

U.S. Residents

If You Maintain a Password-Protected Account with Us

We will verify your identity using a two-step process.  We will first ask you to log into your account, and we will then ask you to separately authenticate your identity by asking by entering your User ID and password and each user will be required to answer security questions for verification  when they need to reset passwords. If we are unable to verify your identity through your password-protected account with a reasonable degree of certainty appropriate to the nature of your request, for security reasons, we may ask you to verify your identity in accordance with the additional requirements described below.

Requests for Specific Pieces of Personal Information

We will ask you for at least three pieces of Personal Information and endeavour to match those to information we maintain about you.  Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.  If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request.  We will notify you to explain the basis of the denial.  Additionally, we will treat the request as one seeking disclosure of the categories of Personal Information we have collected about you and endeavour to verify your identity using the less-stringent standards applicable to such requests.  

Requests for Categories of Personal Information Collected About You

We will ask you for at least two pieces of Personal Information and endeavour to match those to information we maintain about you.  If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request.  We will notify you to explain the basis of our denial.  

Requests for Deletion Of Personal Information We Have Collected From You  

We do not and will not sell your Personal Information to third parties.  

Authorized Agents – Additional Verification Required

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process.  You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information you require, which we will endeavour to match the information submitted to information we maintain about you.  Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization.  The agent will be required to provide us with proof of the agency relationship.

How can you contact us?

If you have questions on the processing of your Personal Information, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact [insert name/position] at [insert email address] [phone number] or by writing to the [insert office address], For more information or requests in relation to the processing of Personal Information or any other service provider, you may also contact the relevant service provider directly at the address specified in the Directory section of the Memorandum or by visiting their websites.  If you would like to assert your privacy rights, you may also call us toll free at [xxx-xxx-xxxx].

Accessibility Policy

We are committed to ensuring that our communications, including on our website, are accessible to people with disabilities. Our website is designed to meet content accessibility guidelines. To make accessibility-related requests or report barriers, please contact us at [insert email], [insert phone number].  

What about changes to this Privacy Notice?

We will review and update this Privacy Notice periodically in light of changing business practices, technology, and legal requirements.  If we make a significant or material change in the way we use or share your Personal Information, you will be notified via email or a notice on our website.