River East Financial Limited. Website: www.rivereastfinancial.com
Personal Information REF Collects
REF collects Personal Information about our customers from the following two main channels:
1. Website, Account and General Communications
In order to provide materials and services to you, when you visit our website, request materials from us, register for events, or contract with us, we will collect data from you. We will receive your information in these circumstances, as examples:
· Visiting and using our website
· Account Application Forms and other documents and data submitted by customers, such as customer name, residential address, date of birth, employment information, investment experience, annual income, and estimated net worth
· Customer Transactions with REF such as ordering our products/services, account deposits and withdrawals that require customers to provide bank account information
· Communications with REF including with customer service representatives and our Live Chat function. We refer collectively to these interactions as “Website Services”. We explain below how we collect and use your information collected through the Website Services.
2. Account Application/Payment
If you wish to open an account using our online application or make use of our online payment portal (the “Application/Payment”), the information collected through the portal additional information as listed below will also be collected. REF does not collect more Personal Information than is required to open and operate customers’ accounts, and to comply with regulatory compliance and other legal obligations.
Website, Account and General Communications
We may collect your information, including your Personal Information, when providing the Website Services including:
· Address, City, State/Province, Zip/Postal Code,
· User Name
What We Collect:
We may collect your information, including your Personal Information:
· Phone Number
· Country of Residence
· Date of Birth/Age
· Tax Identification Number/Foriegn Account Number
· Income Source
· Level of liquid savings and investment
· Employment Status
· Employer Name
· Trading Experience
· Offences by way of a background check
· Government Identifiers: National/Personal Identification Card (front & back), Passport, Drivers License (front & back).
Purpose and Use of Collected Information:
River East Financial collects personally-identifiable information when you voluntarily fill out the forms on this website to request assistance, literature or information. We retain that information in our database and use it to fulfil your request as well as using it for technical administration of the website, research and development, customer administration, and marketing. We do not require this information for users to obtain access to any part of our public website. You can access REFs website home page and browse our site without disclosing your personally-identifiable data. By sending River East Financial an electronic mail message (for example, an e-mail message containing an information request), you may be sending us personally-identifiable information. In these cases, we may retain the information as long as necessary to respond to your request or otherwise resolve the subject matter of your e-mail. To become a River East Financial Limited client, you must provide personally-identifiable information that meets the requirements that allow River East to know who our clients are and meet the requirements of our Anti-Money Laundering (AML) Policy. River East Financial uses personal information that identifies the client for internal purposes: to process your order, to maintain or update your River East account, or to send you updates about special offers, new services, special promotions, and noteworthy news and events. River East Financial does not sell or rent personal information that identifies our clients or any other information about our clients to third parties. Additionally, River East Financial offers its clients the choice whether or not to receive e-mails or updates about special benefits, promotions, or offers from River East Financial. If you no longer wish to receive these updates, or to unsubscribe from these notices, please Contact Us. River East Financial does not link non-personal information stored in cookies with personal data about any specific client. River East Financial collects only the personally-identifiable data that you may volunteer while using our services. We do not seek or collect information about our clients from other sources, such as public records or public agencies or private organizations.
Services and Links of Our Website:
Please be aware that the REFs site may contain links to other web service sites. Please note that these third party web service providers may collect personally identifiable data about our visitors who connect to their links. These websites are owned and operated independently of River East Financial and have their own separate privacy and data collection practices. Any information that you provide to these websites will be governed under the terms of their respective privacy policies, if any. River East Financial has no responsibility or liability whatsoever for the independent actions or policies of these third party websites and is not responsible for the content or privacy practices of these websites. River East Financial's Privacy Statement applies solely to the information collected by www.rivereastfinancial.com
When you visit the REFs site, we may send your computer a “cookie,” a small file that resides on your computer’s hard drive. Cookies do not identify an Internet user, although they do identify a user’s computer. You can set your browser’s option not to accept cookies, though you may not be able to access all of the features of the REFs site.
Change of Address or Contact Information:
If your e-mail address or contact information has changed or is incorrect, please Contact Us.
This REF Privcy Policy has been updated to comply with the General Data Protection Regulation (GDPR) EU 2016/679 (27 April 2016) of teh European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The GDPR repeals Directive 95/46/EC. It is also REF's policy to follow the OECD Guidelines Governing the Protection of Privacy and Trans border Flows of Personal Data (2013) [C(80)58/FINAL, as amended on 11 July 2013 by C(2013)79]; and the International Chamber of Commerce (ICC) Guidelines on advertising and Marketing on the Internet.
Law Enforcement and Other Compelled Disclosures:
In the event that we are required by law (including a court order) to disclose the information you submit, we will make an effort to provide you with notice (unless we are prohibited) that a request for your information has been made and give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. We will independently object to over-broad requests for access to information about users of our site. If you do not challenge the disclosure request, we may be legally required to turn over information.
REF may disclose Personal Information of current and former customers to affiliated and non-affiliated third party entities in connection with our business (which may be located outside the European Union (where adequate safeguards are in place for the transfer), as set out further in the section marked "Where do we store your Personal Information" including, without limitation:
· to REFs service providers that perform services on REF’s behalf under written agreements which restrict use of Personal Information to the limited purposes for which it is provided to them and to refrain from further use or disclosure except as permitted by law. This may include companies who perform background checks or identity verification, infrastructure, data analysis.
· to communicate with credit reference and information agencies
· to REFs strategic partners to permit them to assess your interest in Website Services, including foreign exchange payments and international money transfers
· in the ordinary course of business to REF’s attorneys, accountants and auditors
· to persons holding a legal or beneficial interest relating to the customer’s account
· to persons acting in a fiduciary, representative, or attorney capacity in relation to an account · to protect against actual or potential fraud, unauthorised transactions, claims or other liability
· to government, regulatory or law enforcement agencies to the extent permitted or required by law, or to comply with applicable legal requirements
· to any FCA-regulated or PRA-regulated individual who is seeking to obtain a reference on your account or persons we believe to be seeking a credit reference in good faith
· to monitor our services, whether provided by ourselves or a third party
· to comply with civil, criminal or regulatory investigations, or judicial process, summons or warrant by appropriate EU or UK authorities or
· in the event of a proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of REF’s business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Privacy of Children
Section Overview: The Site is intended for people who are at least 18 years of age.
If you are less than 18 years old, please do not send any user information to us--including information such as your name, address, or e-mail address. We do not knowingly or intentionally collect (nor do we wish to collect) any personally identifiable information or other user information from children under the age of 18. In the event that we learn we have collected any personal information from a child under the age of 18, we will delete that information from our database and terminate the corresponding account, if any. We encourage you to discuss the Site with your parent or guardian.
Confidentiality and Security:
We understand that protecting confidential information requires trustworthy, reliable and secure servers and web hosting facilities. To safeguard your data, River East Financial employs state-of-the-art security facilities, systems and practices. River East Financial has a number of technological and operational security functions in place to protect the confidentiality of personal information. River East Financial employees and data processors, who have access to and are associated with the processing of personally-identifiable data, are obliged to respect the confidentiality of our visitors' personally-identifiable data. River East Financial uses a secured document server to send and receive personal information. Perfect security on the Internet does not exist, but River East Financial takes every step possible to protect private information. River East Financial has implemented security policies, rules and technical measures to protect the personal information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss. While we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third party "hackers" from illegally obtaining this information.
Where we store your Personal Information:
REF’s core data processing is on an integrated software system that is state of the art equipment to manage and secure information through a managed firewall.
REF has redundant systems that can take over during a disaster to keep your business active. Our business has a documented disaster recovery for your business continuity plan.
Compliance Cloud (HIPAA and PCI)
We are HIPAA/HITECH and PCI DSS Compliant
REF systems are maintained on an active Compliance Program through EasyStreet, our co-location to ensure our services are in line with the compliance objectives of our clients. Our team of experts add specialized certifications where practical.
The independent security testing and certification firm Coalfire has verified that Easystreet has Private Clouds for which the operational, administrative, technical, and physical security controls meet the requirements for HIPAA/HITECH, and PCI DSS compliance. Using a common control design assessment model, Coalfire considers the current state of HIPAA/HITECH and PCI DSS compliancy a “1,” meaning our co-location exhibits strong design in every respect.
SSAE 16 and its predecessor, SAS 70, are widely recognized audit standards maintained by the American Institute of Certified Public Accountants (AICPA).
The SSAE audit report allows service organizations to provide independent third party verification regarding the state of internal controls that govern the services provided to its user organizations.
EasyStreet’s SSAE audits are performed by Linford & Company LLP. Clients and prospects may request a copy of EasyStreet’s audit report from their EasyStreet account executive.