Content last updated: September 4th, 2019
What we collect
We get information about you in a range of ways.
Information You Give Us
We may collect your name, postal address, email address, phone number, username, password, demographic information (such as your occupation), social security number, tax ID number, bank account information, as well as other information you directly give us on our website.
For customers who have paid software services, we collect your billing details such as credit card information, banking information, and/or billing address.
Information We Get From Others
We may get information about you from other sources, such as your employer when they issue you options or shares. We may add this to information we get from this website.
Information Automatically Collected
We may collect information about the devices accessing our website and application. Some examples are: type of device, operating system used, application information, unique device identifiers and crash data. The type of information we collect depends on the type of device used and its settings.
We may automatically log information about you and your computer. For example, when visiting our website, we log your computer operating system type, browser type, browser language, pages you viewed, how long you spent on a page, location, access times and information about your use of and actions on our website.
Third party data
Carta may receive data about organizations, industries, website visitors, marketing campaigns, and other matters related to our business from affiliates, subsidiaries, partners, or others that we use to make our own information better or more useful. This data may be combined with other information we collect and might include aggregate level data. One example is to help our customers know how many stakeholders have accepted their securities on our platform.
Use of personal information
We may use personal information as follows:
- We use your personal information to operate, maintain, and improve the website, products, and services. This includes use of other information to support delivery of our services under contract, assist with service request, monitor for errors, remedy security or technical issues, analyze website and application performances.
- We use your personal information to respond to comments and questions, verify permission access, and provide customer service.
- We use your personal information to send information including confirmations, invoices and billing, technical notices, updates, security alerts, and administrative messages.
- We use your personal information to communicate system updates, upcoming events, and other news about products and services offered by us. We may contact you to inform you about important services-related notices, such as privacy and policy update notices or changes in our terms of service. These communications are strictly necessary and you may not opt out of them.
- We use your personal information to link or combine user information with other personal information. An example is when we combine the information a company has provided about their shareholders with the information entered by shareholders in their personal portfolios to improve the user experience.
- We use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
- We use your personal information to provide and deliver products and service customers requests. An example is when an employee exercises their stock options and we may provide a tax form to the company for their IRS reporting requirements.
Sharing of personal information
We may share personal information as follows:
- We may share information per our customers’ instructions.
- We may share personal information in compliance with any applicable law.
- We may share personal information when we do or negotiate a business deal involving the sale or transfer of all or a part of our business or assets in which a successor or purchaser will be operating a similar business. These deals can include any merger, acquisition, or bankruptcy transaction or proceeding. Any such successor or purchaser (or recipient of information during negotiation or due diligence) will be required to comply with reasonable confidentiality restrictions with respect to personal information.
- We may share personal information for legal, protection, information security, and safety purposes. Examples include enforcing contracts or policies, reporting on security breaches, or assisting with investigating and preventing fraud or security issues.
- We may share customer and user access on the customer’s account. Equity administrators for the customer, authorized users and other designated representatives may be able to add, modify or restrict access. An example is the company administrator designates a legal administrator to issue new securities on behalf of the company.
- We may share information to comply with laws and regulatory requests. Examples include responding to lawful requests and legal or regulatory processes.
- We may share information with those who need it to do work for us. An example is granting a Carta employee the necessary access in order to perform their duties.
- We may share aggregated or anonymized data. We may disclose or use aggregated or anonymized data for any purpose. An example would be for marketing, analytics or research purposes.
- We will not share personal information with investors of the Company beyond any personal information that such investors are entitled to for customary legitimate business purposes.
- We may share other information with consent with third parties when we have consent to do so. We may engage third party companies or individuals as service providers to process information and support our services. An example would be cloud services for data center colocation and storage services.
- Customers may authorize access to customer data to third parties. An example is when a company grants their financial auditors access for annual audits.
To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
To the extent prohibited by applicable law, Carta does not allow the use of our services and Site by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.
Information choices and changes
Our marketing emails tell you how to “opt out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to our customers.
You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.
You can typically remove and reject cookies from our website with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it may affect how our website works for you.
We strive to provide you the tools to update your personal information. If you are unable to correct inaccurate information on your own, you may request our assistance to update such information by contacting privacy@Carta.com.
Notice for Residents of the European and Swiss Economic Areas, Privacy Shield and Contractual Terms
The following Carta subsidiaries also adhere to the Privacy Shield Principles: Carta Securities LLC, Carta Valuations LLC, and Carta Investor Services, Inc.
Carta is responsible for the processing of personal data we receive, and subsequently transfers to a third party acting as an agent on our behalf. Carta abides by the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including, unless we prove that we are not responsible for the event giving rise to the damage, the onward transfer of liability provisions.
Carta commits to cooperate with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Carta is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Carta may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance.
Under certain circumstances an arbitration option is available to you to determine, for residual claims, whether Carta has violated its obligations to you under the Privacy Shield Principles, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes. Please be advised that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
Carta may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Carta transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law.
These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. Carta offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. A copy of our standard data processing addendum, incorporating Model Clauses, is available upon request to privacy@Carta.com.
eShares, Inc. DBA Carta, Inc. 195 Page Mill Road, Suite 101 Palo Alto, California 94306