PRIVACY NOTICE

  1. Notice Last Updated: [July 20, 2020]

Your privacy is very important to us. This notice (this "Privacy Notice") is provided by Energy Domain, LLC and Energy Domain Securities, LLC(collectively referred to herein as the “Firm”, “we”, “us” or “our”), and sets forth the policies of the Firm for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data and personal information (collectively referred to herein as “Personal Information”) relating to current, prospective and former customers, as applicable. This Privacy Notice is being provided in accordance with the requirements of data privacy laws, including the California Consumer Privacy Act (“CCPA”), the US Gramm-Leach-Bliley Act of 1999, as amended, or any other law relating to privacy or the processing of personal data and any statutory instrument, order, rule or regulation implemented thereunder, each as applicable to the Firm and our customers (collectively, “Data Protection ). At this time, we do not permit individual persons from the EU to register on our platform and therefore, we are not subject to the EU General Data Protection Regulation 2016/679 (“GDPR”). References to “you” or a “customer” in this Privacy Notice mean any buyer or seller who is an individual, or any individual connected with a buyer or seller who is a legal person (each such individual, a “data subject”), as applicable. Please read this Privacy Notice carefully because it provides important information and explains your rights. Please visit this website from time to time, as we may update our notice for changes in the law or our data practices. If you have any questions or concerns, or wish to exercise your privacy rights, we invite you to contact us by any of the methods listed at the end of this Privacy Notice.

  1. Who are we?

We are a broker-dealer platform connecting buyers and sellers with oil and gas interests. This Privacy Notice explains how we use the Personal Information we hold on prospective, current, or former buyers and sellers, and the rights you may have in relation to that Personal Information.

We may use your information jointly with our affiliated operating companies worldwide.

  1. What does this Privacy Notice cover?

We take your privacy seriously. This notice:

  • sets out the types of Personal Information that we collect about you;
  • explains from where we collect Personal Information about you;
  • explains how and why we collect and use your Personal Information;
  • explains when, why and with whom we will share your Personal Information;
  • explains the different rights and choices you have when it comes to your Personal Information; and
  • explains how you can contact us.
  1. What Personal Information have we collected from you?

It is routine for us to collect, process and store Personal Information about you over the course of your relationship with us.

Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include deidentified or aggregate information.

If we learn that we have collected Personal Information in error or from individuals out of any regulatory jurisdiction in which the Firm conducts business, we will delete such information from our files. A notification will be sent confirming such information has been deleted as well as a request to stop providing the information.

The following chart describes the categories of Personal Information we and, for each category, where and why we collected it, and the categories of entities with which we shared or sold the Personal Information, if any. We do not and will not sell your Personal Information to third parties.

Category of Personal Information (PI) Sources from which PI was collected Purpose of collection Categories of entities with whom PI was shared

Address and other identifiers – such as name, postal address, email address, signature, nationality, citizenship, domicile, tax identification number, date and place of birth, birth certificate, passport details, driver’s license, job title, job role, and copies of identification documents or other similar identifiers

Directly from you or from another person on your behalf.

Recording and monitoring of telephone conversations and electronic communications with you.

Administering the relationship between you and us (including communications reporting, processing transactions and resolving any complaints or disputes you are involved in).

Complying with applicable legal or regulatory requirements (including anti-money laundering, know-your-client, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).Direct marketing of our products and services.

Monitoring and analyzing our activities.

Business management and planning, including accounting and auditing.

Affiliates (i.e., financial and non-financial companies related to us by common ownership or control)

Non-affiliates (i.e., financial or non-financial companies not related to us by common ownership or control) where you may direct us to share your information, or you otherwise intentionally interact with.

Third party service providers.

Government authorities or other entities with legal authority to receive the data

Financial information – such as bank account details, information about assets or net worth, credit history, source of funds details or sensitive information

Directly from you or from another person on your behalf.

Information that we obtain in relation to any transactions between you and us.

Recording and monitoring of telephone conversations and electronic communications with you.

Administering the relationship between you and us (including communications, reporting, processing transactions and resolving any complaints or disputes you are involved in).

Complying with applicable legal or regulatory requirements (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Direct marketing of our products and services.

Monitoring and analyzing our activities.

Business management and planning, including accounting and auditing.

Affiliates (i.e., financial and non-financial companies related to us by common ownership or control) or non-affiliates (i.e., financial or non-financial companies not related to us by common ownership or control) where you may direct us to share your information, or you otherwise intentionally interact with.

Third party service providers.

Government authorities or other entities with legal authority to receive the data.

Commercial information – such as records of personal property, products or services purchased, obtained, or considered, investment history and holdings, investment performance data, or other purchasing or consuming histories or tendencies

Directly from you or from another person on your behalf.

Information that we obtain in relation to any transactions between you and us.

Administering the relationship between you and us (including communications, reporting, processing transactions and resolving any complaints or disputes you are involved in).

Complying with applicable legal or regulatory requirements (including anti-money laundering, know-your-client, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Business management and planning, including accounting and auditing.

Third party service providers.

Government authorities or other entities with legal authority to receive the data

Compliance information – including screening results of whether customers comply with Office of Foreign Assets Control (OFAC) and other sanction laws/requirements.

Directly from you or from another person on your behalf.Information that we obtain in relation to any transactions between you and us.

Complying with applicable legal or regulatory requirements (including anti-money laundering, know-your-client, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).

Third party service providers.

Government authorities or other entities with legal authority to receive the data

Where Personal Information is required to satisfy a statutory obligation (including compliance with applicable anti-money laundering or sanctions requirements) or a contractual requirement, failure to provide such information may result in your account on the platform being rejected or compulsorily withdrawn, as applicable. Where there is suspicion of unlawful activity, failure to provide Personal Information may result in the submission of a report to the relevant law enforcement agency or supervisory authority.

You have a right to object to the processing of your Personal Information where the processing is carried out for our legitimate interests or for direct marketing, by contacting us at [contact@energydomain.com] or (817) 928-3322.

  1. How we use cookies?

Like most websites, our site uses small data files stored on your computer called cookies. Cookies consist of two different types; session and persistent. Session cookies enable us to recognize your actions during the browsing session, are temporary and expire when you close your browser and are not stored beyond this. Persistent cookies remain stored on your device after you close your browser until they expire or when you delete them.

Cookies give us insight into how people use our website to help us keep improving it. Cookies do lots of different things, such as helping us to:

  • avoid asking you to register or complete details twice;
  • estimate the number of visitors to our site, including the source and patterns relating to this traffic; and
  • understand how visitors use the site, and how we can enhance this experience.

Certain of these cookies are strictly necessary to the access and operation of the site and other cookies used are non-essential to the access and operation of the site. Please see below for more information on our use of cookies.

Name Cookie Purpose

Google Analytics

Non-essential persistent cookies

These cookies are used to:

  • give us insight into how people use our site in order to help us improve the site; and
  • provide estimates of the number of visitors to our site, including the source and patterns of the user traffic, in order to see how we can enhance your experience when visiting the site.

We will only use Google Analytics where we have your prior consent to do so, which can be given via the cookie banner on our site.

CSRFToken

Essential persistent cookie

Used by the core Firm application to securely identify logged-in users.

Sessionid

Essential persistent cookie

Used by the core Firm application to track user status

  1. How do I manage my cookie settings?

You are able to accept or reject all cookies, including cookies that are necessary to the functioning and accessibility of our website, via your browser settings. Please note, that rejecting necessary cookies may have an impact on the functioning of the website.

In addition, you can also manage your preferences through the cookie banner on the homepage of our website, where you have the option of accepting the use of non-essential cookies on your device.

  1. What categories of Personal Information will we continue to collect?

We will continue to collect the same categories of Personal Information listed in the charts above, for the same purposes. If this should change, we will issue an updated Privacy Notice.

  1. Additional facts about how we share your Personal Information

The third parties with whom we share your Personal Information are bound to comply with similar and equally stringent undertakings of privacy and confidentiality.

We also share your Personal Information with third parties to comply with legal obligations; when we believe in good faith that an applicable law requires it; at the request of governmental authorities or other third parties conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to our websites, our businesses, or the public.

We do not grant access to your Personal Information to any other third parties unless we say so in this Privacy Notice or unless the law requires it.

  1. Retention periods and how we keep your Personal Information secure

We will not retain Personal Information for longer than is necessary in relation to the purpose for which it is collected, subject to Data Protection Law. Your Personal Information will be retained for the duration of your account on our platform, as applicable, and for a minimum period of six years after termination of your account, as applicable. We may retain Personal Information for a longer period for the purpose of marketing our products and services or compliance with applicable law. From time to time, we will review the purpose for which Personal Information has been collected and decide whether to retain it or to delete it if it no longer serves any purpose to us.

We aim to protect your Personal Information from unauthorized access and use, by implementing and maintaining reasonable security appropriate to the nature of the Personal Information that we collect, use, retain, transfer or otherwise process. Our reasonable security program is implemented and maintained in accordance with applicable law and relevant standards, including, in accordance with the report issued by the California Attorney General in February 2016, available at https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf. Specifically, among other safeguards, our reasonable security program implements and maintains all 20 of the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense identified in Appendix A of the California Attorney General Report. As noted in that report, “there is no perfect security,” and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.

We will notify you of any material Personal Information breaches affecting you in accordance with the requirements of Data Protection Law.

  1. What about marketing?

You may control marketing communications at any time by opting out of future communications through the link at the end of our emails or managing your preferences within your settings menu.

  1. Do we respond to “Do Not Track” signals?

We may track online activity on our site over time, including referral URLs. We do not respond to browser or do not track signals.

  1. International Transfers

Because of the international nature of broker-dealer business, Personal Information may be transferred to countries outside the United States of America (“US”) (“Third Countries”), such as to jurisdictions where we conduct business or have a service provider, including countries that may not have the same level of data protection as that afforded by the Data Protection Law in the US. In such cases, we will process Personal Information (or procure that it be processed) in the Third Countries in accordance with the requirements of the Data Protection Law, which may include having appropriate contractual undertakings in legal agreements with service providers who process Personal Information on our behalf in such Third Countries.

  1. How do you access or request deletion of your Personal Information?

You can log into your account to access or request deletion of certain information about yourself, or you can do so by using the contact details set out at the end of this Privacy Notice. For security purposes, you may be required to provide additional information to verify your identity and validate your request, and the number of identification points may vary depending on the nature and sensitivity of the information you seek. Moreover, we may not be able to grant all requests, as an exception may apply and/or we may be required to retain information for record keeping or other legal compliance purposes. We endeavor to promptly reply to any privacy rights requests, but at least shall reply to your request within the time frames required by applicable local law.

Authorized Agents. You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. Authorized Agents are required to verify your identity and the agent relationship, as further described below.

  1. What rights do you have in relation to the Personal Information we hold on you?

You may contact us at any time to limit our sharing of your Personal Information. If you limit sharing for an account you hold jointly with someone else, your choices will apply to everyone on your account. US state laws may give you additional rights to limit sharing.

US Residents

Residents of certain states may have the following additional privacy rights.

YOUR RIGHT TO REQUEST ACCESS TO INFORMATION WE COLLECT AND SHARE ABOUT YOU

We are committed to ensuring that you know what information we collect about you. You can submit a request to us for the following information, with respect to certain Personal Information we have collected:

  • The categories of Personal Information we have collected about you.
  • The categories of sources from which we collected the Personal Information.
  • The business or commercial purposes for which we collected or sold the Personal Information.
  • The third parties with whom we shared the information.
  • The specific pieces of information we collected about you.

We are also committed to ensuring that you know what information we share about you. You can submit a request to us for the following further information:

  • The categories of Personal Information (if any) that we have sold about you, the third parties to whom we sold that Information, and the category or categories of Personal Information sold to each third party.
  • The categories of Personal Information that we have shared with Service Providers who provide services to us.

Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.

YOUR RIGHT TO REQUEST THE DELETION OF PERSONAL INFORMATION WE HAVE COLLECTED FROM YOU

Upon your request, we will delete certain Personal Information we have collected about you, except for situations where specific information is necessary for us to: provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exerciserights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.

WE ARE COMMITTED TO HONORING YOUR RIGHTS AND ENSURING FAIR TREATMENT

We are committed to providing customers control over their Personal Information. If you exercise any of the rights explained in this Privacy Notice, we will continue to treat you fairly. In particular, this means that customers who exercise their rights under this Privacy Notice will not be denied or charged different prices or rates for goods or services, and individuals will not be offered a financial incentive for their Personal Information, or provided a different level or quality of goods or services than others unless those differences are reasonably related to the value of your Personal Information to the Firm.

  1. How will we handle a request to exercise your rights?

For requests for access or deletion, we will first acknowledge receipt of your request within 10 days of receipt of your request. We will provide a substantive response to your request as soon as we can; (i) within one month from receipt of your request. Although, we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances. If we expect your request is going to take us longer than normal to fulfil, we’ll let you know.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.

In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

  1. How will we verify your identity when you submit an access or deletion request?

US Residents

IF YOU MAINTAIN A PASSWORD-PROTECTED ACCOUNT WITH US
We will verify your identity using a two-step process. We will first ask you to log into your account, and we will then ask you to separately authenticate your identity by asking by entering your User ID and password and each user will be required to answer security questions for verification when they need to reset passwords. If we are unable to verify your identity through your password-protected account with a reasonable degree of certainty appropriate to the nature of your request, for security reasons, we may ask you to verify your identity in accordance with the additional requirements described below.

FOR SPECIFIC PIECES OF PERSONAL INFORMATION
We will ask you for at least three pieces of Personal Information and endeavor to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed underpenalty of perjury. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial. Additionally, we will treat the request as one seeking disclosure of the categories of Personal Information we have collected about you and endeavor to verify your identity using the less-stringent standards applicable to such requests.

REQUESTS FOR CATEGORIES OF PERSONAL INFORMATION COLLECTED ABOUT YOU
We will ask you for at least two pieces of Personal Information and endeavor to match those to information we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.

REQUESTS FOR DELETION OF PERSONAL INFORMATION WE HAVE COLLECTED FROM YOU
We do not and will not sell your Personal Information to third parties.

AUTHORIZED AGENTS –ADDITIONAL VERIFICATION REQUIRED
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain Personal Information as described above, depending on whether you hold an account with us or not and the nature of the information you require, which we will endeavor to match the information submitted to information we maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will be required to provide us with proof of the agency relationship.

  1. How can you contact us?

If you have questions on the processing of your Personal Information, would like to exercise any of your rights, or are unhappy with how we’ve handled your information, please contact [Peter O’Brien/CCO]at [pete@energydomain.com] (817) 928-3322 or by writing to 1301 W 7th St., Suite 120, Fort Worth, TX 76102. For more information or requests in relation to the processing of Personal Information or any other service provider, you may also contact the relevant service provider directly at the address specified in the Directory section of the Memorandum or by visiting their websites. If you would like to assert your privacy rights, you may also call us toll free at 817-928-3322.

  1. Accessibility Policy

We are committed to ensuring that our communications, including on our website, are accessible to people with disabilities. Our website is designed to meet content accessibility guidelines. To make accessibility-related requests or report barriers, please contact us at contact@energydomain.com or (817) 928-3322.

  1. What about changes to this Privacy Notice?

We will review and update this Privacy Notice periodically in light of changing business practices, technology, and legal requirements. If we make a significant or material change in the way we use or share your Personal Information, you will be notified via email or a notice on our website.