Last Updated: February 3, 2022
Copia Wealth Studios Inc. together with its representatives, consultants, employees, officers, and directors (collectively “Copia,”) operates the Copia mobile and/or web application (“App”) and website located at www.copiawealthstudios.com (the “Site”) offering a financial intelligence and wealth management platform that tracks the financial investments and assets to help those with complex portfolios simplify their wealth (together with the Site and App, the “Services”).
Data Collection Summary
|Categories of Personal Information||Do we Collect?||Do we Disclose for a business purpose?||Do we sell?|
|Identifiers: (Contact details, such as real name, alias, address, telephone number, unique personal identifiers, online identifiers, IP address, email address, and account name)||Yes||Yes||No|
|Categories of Information described in the California Customer Records statute: (including name, email, and phone number)||Yes||Yes||No|
|Commercial Information: (Transaction information, purchase history, financial details, payment information, and payment history)||Yes||Yes||No|
|Inferences Drawn from other Personal Information to Create a Profile About a Consumer: (Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics)||No||No||No|
|Characteristics of Protected Classifications under California or Federal Law (age, ethnicity, gender, date of birth, and marital status)||No||No||No|
|Geolocation Data: (device location)||Yes||Yes||No|
|Internet or other Electronic Network Activity Information:
(Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements)
|Biometric Information: (Fingerprints and voiceprints)||No||No||No|
|Audio, Visual, or Similar Information: (Images and audio, video, or call recordings created in connection with our business activities) (only with your prior permission)||Yes||Yes||No|
|Professional or Employment Related Information: (Business contact details in order to provide you our services at a business level, job title as well as work history and professional qualifications)||No||No||No|
|Non-Public Education Information (per the Family Educational Rights and Privacy Act) (Student records and directory information)||No||No||No|
Information that Copia Collects
|Types of Information Collected - Personal Data||“Personal Data” is information by which you may be personally identified. Copia may collect the following Personal Data from you:
|Types of Information Collected - Non Personal Data||Non-personal data includes any data that cannot be used on its own to identify, trace, or identify a person. We may collect your IP Address, browser type, domain names, access times, device information, or location information.
|How we collect information.||We collect information about you in the following ways:
|Why we collect and how we use your information. (Legal Basis)||We collect and use your Personal Data when we have a legitimate purpose to do so, including the following reasons:
|Information Collected from Third Parties||Information from our service providers: We may receive information about you from third-party service providers that we engage for verification of eligibility, log-in, or marketing our products and services.
Information from social media sites and other publicly available sources: When you interact or engage with us on social media sites through posts, comments, questions and other interactions, we may collect such publicly accessible information, including profile information, to allow us to connect with you, improve our products, or better understand user reactions and issues. We must tell you that once collected, this information may remain with us even if you delete it from the social media sites.
|Accessing and Controlling Your Information||If you would like to prevent us from collecting your information completely, you should cease use of our Services as our platform does not operate without collecting information. You can also control certain data via these other methods:
|Exercise Your Data Rights||
We also recognize that you have the right to prohibit sale of your data, but we do not sell data.
You can exercise the rights described above by making adjustments in your User account or by contacting us at firstname.lastname@example.org. Only you, or an agent authorized to make a request on your behalf, may make a request related to your personal information.
We cannot respond to your request if, (i) we cannot verify your identity; or (ii) your request lacks sufficient details to help us handle the request. We will make our best efforts to respond to your request within 45 days of its receipt. If we cannot respond in 45 days, we will inform you, in writing, the reason for the delay and will respond to your request within 90 days. Any information we provide will only cover the 12-month period preceding the request's receipt.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We are not obligated to provide responses to your data requests more than twice in a 12-month period.
|How Long do we Store Personal Data?||We will only retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which it is collected, or to comply with applicable legal requirements, or until you ask us to delete your Personal Data. This length of time may vary according to the nature of your relationship with us. Subject to the foregoing, we will delete your Personal Data after 3 months of nonuse of an account, or immediately on your written request and confirmation to us that you will download or export your data (or acknowledge that you will not download or export your data).|
|Automated Data Collection Methods; Log Files||Log Files: We use means through the Services to collect IP addresses, browser types, access times, physical or device location. We use this information to ensure compliance with various state or federal laws, including by verifying location, and to improve our Services, verify identity, and monitor financial transactions.|
|Users under the age of 16||Our Services are not intended for anyone under 18, particularly children under 16 years of age and we do not knowingly collect Personal Data from children under 16. If you are under 16, do not use or register on the Services, make any purchases, use any of the interactive or public comment features, or provide any information about yourself to us. If we learn we have collected or received Personal Data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at the email address listed below.|
|Do Not Track Settings||We do not track our Users over time and across third party websites to provide targeted advertising and do not specifically respond to Do Not Track (“DNT”) signals.|
Who We Share Data With
We may use aggregated (anonymized) information about our Users, and information that does not identify any individual, without restriction.
We do not sell or otherwise disclose Personal Data specific personal or transactional information to anyone except as described below.
|Third Parties||We may, for our legitimate interests, share your information with third parties whom you have designated to us, solely when you have provided us with your prior written authorization to do so.|
|Law enforcement and other governmental agencies||We may share your information when we believe in good faith that such sharing is reasonably necessary to investigate, prevent, or take action regarding possible illegal activities or to comply with legal process. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organizations.|
|Service Providers||We may, for our legitimate interests, share certain information with contractors, service providers, third party authenticators, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. Some of the functions that our service providers provide are as follows:
Third-Party Services and Websites
Copia is not responsible for the privacy policies or other practices employed by websites linked to, or from, or integrated with, our Services nor the information or content contained therein, and we encourage you to read the privacy statements of any linked or integrated third party. This includes sharing information via social media websites.
Users in the European Economic Area (EEA) and the GDPR
For the purposes of data collection under the General Data Protection Regulation (GDPR), Whop shall be the data controller. If you are an individual resident in EEA, you have the following data protection rights regarding personal data:
- You have the right to access, correct, update or request deletion of your personal data. You can do so at any time by contacting us.
- You have the right to object to processing of your personal data, to ask us to restrict processing of your personal data, or to request portability of your personal data. Again, you can exercise these rights by contacting us.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us.
- You have that right to revoke consent that was previously given. If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Data.
For more information, please contact your local data protection authority. If you would like to exercise any of the above rights, please contact email@example.com or through our Chief Privacy Officer at firstname.lastname@example.org
Users in Canada and the Personal Information Protection and Electronic Documents Act (PIPEDA)
The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In order to comply with PIPEDA, our business needs to follow the 10 fair information principles, which outline the standards for the collection, use, and disclosure of personal information and user’s rights. The 10 principles include:
- Accountability. Organizations are responsible for the personal information they store and need to appoint someone to ensure the organization is compliant with the 10 principles.
- Identifying purposes. Organizations need to state the purposes for data collection before or at the time of data collection.
- Consent. Organizations need to obtain implicit or explicit meaningful consent in order to collect, share, and use personal information from users. Organizations can choose to implement either opt-in or opt-out measures in order to obtain consent, depending on the sensitivity of the personal information they have collected.
- Limiting collection. Organizations need to only collect the necessary amount of information for processing purposes.
- Limiting use, disclosure, and retention. Organizations need to use personal information only for their stated purposes unless the users give additional consent.
- Accuracy. Organizations need to keep personal information accurate, complete, and up to date.
- Safeguards. Organizations need to implement safety measures to protect the personal data.
- Individual access. Organizations need to honor their users’ rights in accessing, reviewing, and correcting personal information.
- Challenging compliance. Individuals have the right to challenge an organization’s compliance with these 10 principles. Individuals should address their inquiries to the person responsible for the organization’s compliance with PIPEDA or the chief privacy officer.
For more information, please contact your local data protection authority. If you would like to exercise any of the above rights, please contact email@example.com or through our Chief Privacy Officer at firstname.lastname@example.org.
Data Storage and How Copia Protects Your Information
Copia employs physical, electronic, and managerial control procedures to safeguard and help prevent unauthorized access to your information. We choose these safeguards based on the sensitivity of the information that we collect, process and store and the current state of technology. Our outsourced service providers who support our operations are also vetted to ensure that they too have the appropriate organizational and technical measures in place to protect your information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted to the Services. Any transmission of information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. In the event that there is breach in the information that we hold; we shall notify of such breach via email or via notice on the Services.
Questions or Comments