Privacy Policy
Treaty Oak Financial Services, LLC
Treaty Oak Financial Services, LLC (“Treaty Oak,” “we,” “us,” or “our”) provides back-office services, including bookkeeping services, controller services, CFO services, financial modeling, and stock administration services (our “Services”). This Privacy Policy (“Privacy Policy”) provides information about our personal information processing practices in the context of marketing and selling our Services to prospective customers, providing our Services to our customers, and operating our business.
​
We collect, use, and disclose information for the purpose of marketing, selling, and providing services to businesses and other organizations in the United States, and not individuals. To the extent we process personal information about an individual (“you”), it is for the purpose of marketing and selling to the organization which employs you (or with which you are affiliated), or it is in connection with (a) providing our Services to the organization which has collected your data and (b) operating or improving our Services. As a provider of services to organizations, we do not knowingly process data of individuals who are under sixteen years old.
​
By using our Services or our website, you agree to this Privacy Policy. If you do not agree with our policies or practices, your choice is to not use our Services or our website.
​
If you have questions regarding our Privacy Policy or practices, or if you are a California or Virginia resident and wish to exercise any of the rights described below, please contact us at team@treatyoak.co.
INFORMATION FOR PROSPECTIVE CUSTOMERS
This section applies to you if you are a visitor to our website, if you have attended a Treaty Oak-organized or Treaty Oak-sponsored event (whether online or in person), if we have obtained your contact information in the context of our other marketing and sales activities (for example, via a referral, lead purchase, or marketing survey), or if you are in the process of purchasing our Services on behalf of your employer.
Information We Process
Categories of personal information we collect in the context of our sales and marketing efforts and sources from which we obtain personal information are set forth in the table below. The section titled “General Information” describes disclosures of personal information outside of Treaty Oak.
Website visitor; Event attendee; Referral, lead purchase, or other marketing; Representative of prospective customer purchasing Services
Personal Information Category
Identifiers
Employment-related information
Example
-
Name
-
Business email address
-
Business phone number
-
Business address
-
Your employer’s name
-
Your job title
Sources
-
You, if you choose to provide your name and contact information
-
Someone else in your organization if they provide us with your name and business contact information
-
An acquaintance of yours who thinks your organization could use our Services may provide us with your business contact information
-
Publicly available information
-
Social media sites
-
Promotional partners
-
Integration partners
-
Lead sellers
-
You, if you choose to provide this information
-
Someone else in your organization if they provide us with your name, title and the company where you work
-
An acquaintance of yours who thinks your organization could use our Services may provide us with your business contact information
-
Publicly available information
-
Social media sites
-
Promotional partners
-
Integration partners
-
Lead sellers
Website visitor; Representative of prospective customer purchasing Services
Identifiers
Internet activity information
Inferences from personal information
Geolocation data
-
Internet protocol (IP) address
-
Cookie identifier
-
Information about your visit to our websites, including referring pages and your navigation through our websites
-
Information about your interactions with our marketing emails
-
Analysis of effective ways to position our products by sales personnel based on communications with you and/or your engagement with our website or marketing materials
-
IP address
-
Our tools for measuring activity on and use of our website collect your IP address and set Cookies on your browser
-
Our tools for identifying the organization with which you are associated based on your IP address collect your IP address
-
Our tools for managing email campaigns
-
Our tools for measuring activity on and use of our website and engagement with email marketing efforts, which include the use of Cookies
-
Our tools for monitoring the effectiveness of our advertising and sales campaigns, which include the use of Cookies
-
Sales and marketing service providers that provide scoring and analytical tools
-
Our tools for measuring activity on and use of our website collect your IP address
Event attendee; Representative of prospective customer purchasing Services
Audio and visual information
-
Recording of your voice and likeness in calls or video conferences with our sales and service delivery personnel
-
Recording of your voice and likeness at events, if you attend an event, such as a virtual event, and ask a question that is recorded
-
You, with your consent as required by law
How We Use Your Information
We collect and process personal information for the business purposes of marketing and selling our Services. We process your personal information with the goal of entering into an agreement to provide our Services with your employer or organization with which you are affiliated. This includes, for example:
-
Sending you marketing communications like emails or newsletters to (1) make you aware of, or provide you with information you have requested about, our Services or the services of our partners, (2) engage with you, and (3) analyze and improve our marketing efforts based on your engagement with our marketing communications, including analyzing whether you opened an email and how you interacted with it.
-
Communicating with you during the sales process, including, for example, via email, SMS, call or videoconference.
-
Creating, managing, and maintaining lead lists.
-
Collecting information about your visits to our websites to (1) collect information about your organization’s needs and your position within your organization, (2) determine how to optimize our sales efforts with respect to your organization, (3) measure and improve the effectiveness of our website, and (4) measure the effectiveness of targeted marketing efforts. Please see “Operation of Our Corporate Website” below for additional information.
-
Analyzing our interactions with you to optimize our sales processes.
-
Improving our sales and marketing processes, including training our sales personnel and updating strategies and initiatives.
-
Conducting market research and product research and development.
-
Conducting surveys for marketing or product research and development purposes, for example, to assess the needs of the industries that we serve.
-
Managing event registrations and attendance, including communicating with you about the event.
​​
IMPORTANT NOTE: During the sales process, you may provide samples of your business’s financial data or access to repositories containing your financial data that we use to determine the appropriate Services to quote you. This financial data may include personal information such as identifiers, names of individuals, relationships of individuals with our prospects (like job title), and commercial information or employment-related information related to transactions between individuals and our prospects (like invoice amounts or payroll amounts), as well as information related to entities (like names, transaction dates, and amounts). While your financial data may contain personal information, we do not control what personal information is included, and only use it as part of your financial transactions data to determine the appropriate Services to quote you. If you provide this sample financial data we store it in our email and file storage systems and analyze it using software tools, which our service providers provide.
​
Operation of Our Corporate Website
​
Cookies and tracking technologies. In accordance with applicable law, Treaty Oak, our service providers, and other third party website services providers whose services we use on our corporate website use commonly-used tools to recognize your visit and track your interactions with our corporate website (including subpages) such as cookies, web beacons, pixels, local shared objects, local storage, event trackers, and other tracking technologies (collectively, “Cookies”).
​
We use this tracking data to operate our corporate website. For example, we use Cookies to personalize and improve your experience on our corporate website and to record your preferences. If you identify yourself on our corporate website, for example, by completing a web form, we match (using a service provider) your identifying information with a Cookie associated with you (but which does not identify you by name, email, or phone number) to analyze the effectiveness of our marketing efforts (such as measuring the results of marketing campaigns), communicate with you and provide you relevant information, and determine sales efforts to apply to your company.
​
We also combine data about your visit to our corporate websites collected from Cookies with that of other website visitors to improve your and other website visitors’ experience.
​
Third party website services providers may collect personal information from visitors to our websites for their own purposes.
​
Links to other sites. Our corporate website includes links to other websites whose privacy practices may differ from those of Treaty Oak. If you visit or submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
​
How long we retain information for prospective customers
We retain your business contact information and related sales and marketing activity in our systems for purposes of maintaining a record of our relationships with customers and prospective customers, analyzing and improving our sales and marketing efforts and Services (including developing new Services based on feedback you may share with us in the course of our interactions with you in the sales and marketing context), complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud. We generally retain this information until the earlier of your request that we delete your information and our determination that we no longer need your information for the purpose of marketing and selling our services to your employer. We may retain your business email address indefinitely to keep a record of email marketing opt-out or deletion requests.
Retention of internet activity information collected by third party website services providers is determined by the applicable third party.
INFORMATION FOR CUSTOMERS
This section applies to you if you are affiliated with one of our customers and would like to understand how we process personal data in the context of providing our Services and operating our business.
​
Information We Process
​
In connection with providing our Services, we process Customer Data, Business Records Data, and Administrative Data. The sections below describe each of these data categories, purposes of processing, and retention period. The section titled “General Information” describes disclosures of personal information outside of Treaty Oak.
​
Customer Data. Customer Data is data provided by our customers or at their direction for the provision of the Services, and excerpts and reports of such data prepared as part of the Services for customers.
​
Customer Data includes financial and business information of our customers that they provide or make available to us that enables us to provide our Services. We receive this information directly from our customers or when they authorize us to access third party data repositories (including customer vendors and data aggregating services). For example, we may import transaction data from a customer’s payment processing service, payroll service provider, bookkeeping software, or other service provider of customer, or from a data aggregating service via software integration (such as an application programming interface) or obtain transaction data via log-in information provided by the customer. We may develop ways to obtain transaction information from third party repositories that are more efficient than the initial method, and may update the ways of obtaining transaction data under a customer's initial authorization. Customer Data includes metadata from these third party data repositories that we may have access to.
​
This financial and business information may include personal information such as identifiers, names of individuals, relationships of individuals with our customers (like job title or social security numbers of certain individuals for purposes of providing payroll services), and commercial information or employment-related information related to transactions between individuals and our customers (like invoice amounts or payroll amounts), as well as information related to entities (like names, transaction dates and amounts, bank account and wire numbers, names of corporate officers and directors, ownership information, and business contact information). Customer Data provided in the context of our stock administration services may include employment status (active or terminated), personal contact information (personal email and address), and social security numbers (if provided by the individual equity holder).
​
Customer Data also includes financial information that we generate on behalf of our customers in the course of providing our Services, such as reports of financial information provided by our customers or at their direction, which may incorporate personal information. For example, we prepare financial statements on behalf of our bookkeeping customers, which contains data that we compute on our customers’ behalf. Depending on the customer’s form of business organization, the financial statements may include the names of individuals as line item names.
​
For customers who subscribe to more than one of our Services, one Service may obtain Customer Data from another Service to prevent duplicative requests for the same information. For longer term customers, we may use Customer Data from prior years’ Services for current Services.
​
IMPORTANT NOTE: Customers provide us access to third-party systems. Information practices of these third parties are governed by their privacy policies and data governance programs and are outside of Treaty Oak’s control.
​
How we use Customer Data. We process Customer Data on behalf of our customers for purposes of providing Services to our customers, and maintaining and improving our Services. For example, we process Customer Data:
​
To provide, monitor, and improve our Services. We process Customer Data on behalf of our customers to provide, monitor, and improve our Services. For example:
-
Our service delivery personnel review reconciliations of transaction data to prepare financial statements on behalf of our customers.
-
We may create automated rules that increase efficiency in tasks such as categorizations based on learnings from Customer Data.
-
We test and analyze new features of our Services intended to improve their efficiency or to enable customer insights into their financial information. These activities may include processing of Customer Data.
-
We make product development investments based on trends in customer behavior.
​​
​To Provide Customer Service and Technical Support. We may also process Customer Data in connection with customer support requests.
​
How long we retain Customer Data. Except as discussed below in Business Records Data, we retain other Customer Data for the purposes of assisting former customers (upon request at current hourly rates) with post-termination questions related to our Services as they transition, for example, to a different service provider, complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud. We generally retain Customer Data until we receive a request to delete it, in which case, subject to any applicable legal requirements, we will take reasonable steps to remove or de-identify Customer Data in our systems that is not contained in Business Record Data.
​
Business Record Data. In the course of providing our Services, our personnel communicate with representatives of our customers through a number of channels, including email, messaging applications, and conference calls (including video conference calls), all of which generate Business Record Data. Business Record Data includes customer instructions and authorizations that we rely on to provide our Services to our customers, as well as work papers and other information incidental to Service delivery, such as meeting scheduling information and follow up questions to customers (and information relating to our methodology that guides our processes and timing of gathering information from customers in order to provide our Services). Categories of personal information we collect in Business Record Data and sources from which we obtain personal information are set forth in the table below:
Personal Information Category
Identifiers
Employment-related information
Audio and visual information
Inferences from personal information
Example
-
Name
-
Business email address
-
Business phone number
-
Business address
-
Your employer’s name and your job title
-
Recording of your voice and likeness in calls or video conferences with our sales and service delivery personnel
-
Customer satisfaction survey results
Source(s)
-
Individual points of contact of our customers who correspond with us as we provide our services.
-
Customer points of contact provide personal information about additional points of contact.
-
Individual points of contact of our customers who correspond with us as we provide our services, for example, a job title commonly appears in an email signature.
-
Customer points of contact provide personal information about additional points of contact.
-
Individual points of contact of our customers who participate in calls or video conferences, with their consent
-
Individual points of contact of our customers who respond to customer satisfaction surveys
How we use Business Record Data. We collect and process Business Record Data for our business purposes. For example, we process Business Record Data to provide our Services and customer support to our customers and for our business purposes, including service delivery management, analysis and improvement, new product and process development, and recordkeeping.
​
How long we retain Business Record Data. We retain Business Record Data for the purposes of maintaining documented customer instructions and approvals and a record of our relationships with customers, complying with legal obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions, and detecting and preventing fraud. We retain this data for as long as we may have a legal or business reason to keep it, which is at least up to the end of the longest applicable statute of limitations period. We may delete this data earlier if we determine that it is not necessary to retain for the purposes mentioned above. Customer Data may also be included in emails, messages, or call recordings. To the extent Customer Data exists in our Business Record Data, it is incidental to our business purpose for retaining Business Record Data, and we process this Customer Data only for recordkeeping and legal purposes, and only in the context of our business relationships with our customers.
​
Administrative Data. Administrative Data includes information related to Service management (for example, billing information), information about the usage of our Services (for example, log data or metadata from service delivery communications and customer interactions, such as email senders and recipients, subject lines, dates of communication, and response times), information derived from Customer Data that we use for service delivery, sales and marketing, and operational purposes (for example, account status indicators like whether a customer has account balances or expenses over certain thresholds).
​
Categories of personal information we collect and sources from which we obtain personal information are set forth in the table below:
Personal Information Category
Identifiers
Employment-related information
Internet activity information
Inferences from personal information
Example
-
Name
-
Business email address
-
Business phone number
-
Business address
-
Internet protocol address
-
Cookie identifiers
-
Your employer’s name and your job title
-
Information about a user’s navigation through our application
-
Your responses to a customer satisfaction survey included in the email signatures of correspondence related to Treaty Oak Services
-
Analysis of effective ways to improve our services for all customers
Source(s)
-
You, if you choose to provide this information
-
Individual points of contact of our customers who correspond with us as we provide our services.
-
Customer points of contact provide personal information about additional points of contact
-
Treaty Oak’s systems collect identifiers like internet protocol addresses and Cookies automatically
-
You, if you choose to provide this information
-
Our third-party data enrichment services
-
Our tools for measuring activity on and use of our application, which include the use of Cookies
-
Our analysis of metadata that we collect about the use of our products and services
How we use Administrative Data. We collect and process Administrative Data for our business purposes, which include, for example:
Account Registration. We may use your name, business address, business phone number, and business email address to register an account for you for certain Services we provide and to communicate important information to you. If you set up an account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your personal information.
​
To Provide Our Services and Operate Our Business. We may use your information to operate our business, including providing our Services to your employer, providing support related to our Services, and protecting our Services, including to combat fraud and to protect your information. For example:
-
We monitor a customer’s expenses to ensure appropriate pricing.
-
We may collect IP addresses to track and aggregate non-personal information, such as using IP addresses to monitor the regions from which users navigate to our Services to comply with US trade restrictions.
​
Customer Service and Technical Support. We may use your name, business address, business phone number, business email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience.
​
Communicate with You and Tell You About Other Services. We may use your business contact information to communicate with you about our Services and to give you offers for third party (for example, our Integration Partners) products and services that we think may be of use to you. Please see below under “General Information—Your Rights and Managing Your Privacy” for the choices you have regarding these communications. We track changes in a customer’s business to monitor account health and identify opportunities for customer outreach and sales opportunities; for example, if a customer has a financing event we may contact the customer regarding additional offerings.
​
To Improve Services and Develop New Services. We use Administrative Data to personalize or customize your experience and the Services, develop new features or services, and to improve the overall quality of Treaty Oak’s Services.
​
Feedback. We may use (a) any suggestions that you make to us and (b) information you volunteer in surveys you answer for us, and combine them with feedback and/or answers from other customers, in order to better understand our Services and how we may improve them. Answering any survey is optional.
​
Research, Including Publishing or Sharing Combined Information from Multiple Customers or Users, But Only in a Way that Would Not Allow the Customer or Any Other Person to be Identified. Only in a way that would not allow a customer or any other identifiable person to be identified, we may share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow a customer or any other identifiable person to be identified.
​
How long we retain Administrative Data. We retain Administrative Data as long as necessary to serve you, to maintain a customer’s account for the entire period during which a customer subscribes to our Services, or as otherwise needed to operate our business. We retain and use Administrative Data as required by applicable law and Treaty Oak’s records and information management policies to comply with our legal obligations, resolve disputes, enforce our agreements, complete any outstanding transactions, and for the detection and prevention of fraud, as well as to improve our Services, develop new services, and for any other business use, including disclosure to third parties or publicly, provided that we will not publicly disclose information that identifies a customer by name or its employees without the customer’s consent, unless otherwise required by law. We retain Administrative Data until we determine that we no longer need it for the purposes described above. We may retain different types of Administrative Data for different periods.
​
When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and, unless you have opted out of receiving marketing communications, let you know about products and services that may interest you.
​
GENERAL INFORMATION
Call Recordings
As noted above, we may record calls and video conferences in both the sales and service delivery context. Recordings contain identifiers of individual participants in the call, such as name, as well as audio and, if a participant has their camera on in a video conference, visual information. We use these recordings for training, note-taking, service delivery, process analysis and optimization, recordkeeping (for example, as Business Record information), and research and development. Recordings may be shared with Treaty Oak personnel who need to access it for these business purposes. We store the recordings in our systems, including those of our vendors that we use to store and analyze the recordings. We retain recordings until the earlier of your request that we delete your information (subject to any limitations provided by applicable law) and our determination that we no longer need your information for the purpose for which we collected it, which is generally three years.
​
How We Disclose Your Personal Information
In the course of providing our Services and operating our business we disclose personal information outside of Treaty Oak as described below.
​
Service Partners. We provide or make available information (or service providers collect information on our behalf), including personal information, to service providers who perform various functions to enable us to provide our Services and help us operate our business, including, for example, functions like website design, telephony and system administration, marketing (including website marketing tools), sales (including sales tools), customer support, data enrichment, email communications, communication management, fraud detection and prevention, customer care, data storage, or performing analytics. Use of our service providers’ services may generate data (for example, log data or aggregated or anonymized data) that we do not input into these services and over which we have no control. These types of usage data are subject to the privacy policies of the applicable service provider.
​
Integration Partners. As noted above, we may access Customer Data that we need to perform our Services through integrations with other vendors who provide back office or financial services (for example, payroll services providers). Accessing data via integrations increases the efficiency of our Services. If a customer (whether a Treaty Oak or integration partner customer) chooses to accept an integration partner’s services, after providing consent to either the integration partner or to us, Treaty Oak and such integration partner may exchange information regarding a customer, including personal information about individuals representing the customer (for example, business contact information), as well as information about how the customer or its users interact with each company’s service or product. These partners’ activities are subject to their privacy policies and data governance programs.
​
Third Party Website Services Providers. We may use services of third parties that are not “service providers” (as defined in the California Consumer Privacy Act (CCPA)) on our website. These include ad networks and analytics and marketing services that we use for internet marketing and website analytics purposes.
​
Response to Subpoenas and Other Legal Requests. We may share information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we’re required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request. We may also share information with litigants in civil litigation in accordance with our customer agreements and as required by law.
​
Protection of Treaty Oak and Others. We may share account information and personal information when we believe it is appropriate to enforce or apply our agreements; or protect the rights, property, or safety of Treaty Oak, our Services, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing personal information of our customers for commercial purposes in violation of the practices described in this Privacy Policy.
​
Affiliates. We may disclose the information you provide or that we collect to our affiliates for service delivery purposes.
​
Sale of Our Business. If we sell, merge, or transfer any part of our business, we may transfer to the acquirer information in our possession or control, including personal information.
​
Business Advisors. We may disclose information customers provide to us or that we collect or prepare to professional advisors who are subject to professional or contractual confidentiality requirements such as lawyers, bankers, auditors, brokers, and insurers.
​
Per Customer Instructions. An authorized representative of a Treaty Oak customer may from time to time instruct us to disclose information to a third party that includes personal information.
​
With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your personal information may be shared with other third parties.
​
De-identified and Aggregated Data
Once de-identified or aggregated in a way that does not permit reidentification, data is not personal information and we may use it for any purpose and retain it for any period.
​
International Data Transfers
In accordance with and as permitted by applicable laws and regulations, we reserve the right to transfer your information, process and store it outside your country of residence to locations where we or our third party service providers operate. Our service fulfillment partners use personnel who are located outside of the United States. Information that we provide or make available, or that you provide directly, to our service fulfillment partners may, as permitted by law, be transferred outside the United States for purposes of Service fulfillment.
​
How to Contact Us
If you have questions or comments about this Privacy Policy, please contact us. We welcome your feedback and comments.
If you have questions or complaints regarding our Privacy Policy or practices, please contact us by email at team@treatyoak.co.
​
Changes to our Privacy Policy
We reserve the right to make changes or updates to our Privacy Policy at any time.
If we make material changes to the way we process your Personal Information, we will provide you notice via our Services or by other communication channels, such as by email or posting on this website. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may provide a notice of non-renewal in accordance with your agreement with us. All changes are effective immediately upon posting and your use of our Services or website after a notice of material change or posting of an updated Privacy Policy shall constitute your consent to all changes.
​
Your Rights and Managing Your Privacy
Updates and Access. You can update information that you have provided to us (for example, in the context of account creation). In addition, as required by applicable law (see for example, “Privacy Rights” below), you may contact us to confirm whether we maintain any of your personal information and to review it in order to verify its accuracy. Where you have determined that the personal information we collected about you is inaccurate, you may also request that your personal information be updated or corrected. Subject to applicable law, you may also request that we delete your personal information. Requests for access to your personal information and to have it corrected, amended, or deleted should be sent to team@treatyoak.co.
​
IMPORTANT NOTE: If you believe that one of our customers collects data about you that we are processing, please contact the customer directly.
​
Managing Marketing Communications From Us. We will honor your choices about receiving marketing communications from us. Please note that even if you choose not to receive marketing communications from us, we will continue to send you required Service or transactional communications.
​
Cookies and Other Tracking Technologies. You have control over some of the Cookies that we use on our corporate websites. Information on changing your browser settings to opt out of Cookies can be found in your browser settings. If you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.
​
Do Not Track. Like most other companies, our Services and corporate website are not currently configured to respond to browsers’ “Do Not Track” signals.
​
Privacy Rights
Under the United States California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), Nevada’s, Colorado’s, Connecticut’s, Virginia’s, and Utah’s privacy laws, and other state-specific consumer privacy laws regarding notice of information collected, residents of these states have statutory data rights. We provide the same control and rights over your data no matter where you choose to live in the United States. As a user of Treaty Oak’s Services, you have the following control over your data:
-
Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared.
-
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
-
Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
-
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
-
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
-
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing
​
To our knowledge, we have not sold or shared personal information of consumers (as defined in the CCPA) under 16 years of age. For California residents: Treaty Oak does not use or disclose sensitive personal information for purposes other than those specified in Section 7027(m) of the California Consumer Privacy Act Regulations (“Section 7027(m)”). The purposes described in Section 7027(m) include performing services reasonably expected by an average California resident who requests the services; preventing, detecting, and investigating security incidents; resisting malicious, deceptive, fraudulent, or illegal actions directed at us; ensuring the physical safety of natural persons; short-term, transient use; performing services on our behalf; verifying or maintaining the quality of our Services; and/or other collecting or processing of sensitive personal information where the collection or processing is not for the purpose of inferring characteristics about a California resident.
If you are a resident of the European Economic Area (“EEA”), you may have certain rights under the European Union’s General Data Protection Regulation (“GDPR”). The information collected from you by us must be explained as follows in order for GDPR compliance. Please email us if you have any questions or want to exercise your rights in accordance with this Privacy Policy under these applicable laws.
-
Treaty Oak’s legal basis for the processing your data includes the necessity to contract with you and provide the Services.
-
Treaty Oak’s legitimate interests in collecting such data include legitimate interests of our business, including but not limited to providing the Services to you and others, collecting necessary information in order to safely and accurately provide the Services, fraud prevention, information security, direct marketing, and legal compliance.
-
Treaty Oak may transfer personal data outside of the jurisdiction, such as in the United States, and where we conduct our services.
-
Treaty Oak stores this information for as long as necessary (i) to conduct the Services, (ii) to perform its obligations under applicable laws, rules or regulations, (iii) to perform its obligations with third parties and with its affiliates, (iv) in accordance with industry standards, or otherwise (v) in accordance with its bona fide information retention policies to provide the Services.
-
Treaty Oak does not use automated decision-making, such as profiling, during your application process.
-
If you are a citizen where GDPR applies, you have the right to object to or restrict data processing, the right to erasure also known as the right to be forgotten, and the right to data portability.
-
At any time, you have the right to withdraw your consent for us to use, store, or collect your data and file a complaint with your local supervisory authority.
​
If you have any questions about how we handle your information, the contents of this Policy, how to update your records or how to obtain a copy of the information that we hold about you or exercise your rights under the CCPA, VCDPA, or GDPR, please write to team@treatyoak.co. We will generally verify your identity using information in your inquiry and data in our possession. We may ask you for additional information to verify your request. A consumer’s authorized agent may also submit a request on behalf of the consumer. The authorized agent should follow the process outlined above. Treaty Oak will request proof that the consumer gave the authorization written permission to submit the request and, depending on the nature of the information, will require the consumer to either verify their own identity directly with Treaty Oak or directly confirm with Treaty Oak that they provided the authorized agent permission to submit the request.
To obtain a copy of prior versions of our Privacy Policy, please write to team@treatyoak.co.