Effective July 2022
About this notice
We are committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which we will process any personal data we collect from you, or that you provide to us, either directly or through our trusted partners. Please read this Privacy Notice carefully to understand our treatment and use of personal data.
In this Privacy Notice, references to “you” means the person about whom we collect, use and process personal information.
We will use personal data about you only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of personal data is in compliance with applicable U.S. laws and regulations, as well as with, to the extent applicable, European data protection legislation, including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR and any subsequent amendments (collectively referred to as “Data Protection Legislation”).
For the purposes of the Data Protection Legislation BoliColi.com is a “controller” for personal information collected through this website or for the purposes of setting up and maintaining your account with us. BoliColi.com can be reached via email at email@example.com or by telephone at 781-942-5700.
We may also collect personal information about you on behalf of other companies. For example, to assist you in applying for or purchasing financial products, such as life insurance. Where we collect personal information on behalf of other companies, those respective companies are the “controller” for the purposes of the Data Protection Legislation.
When does this privacy notice apply?
This Privacy Notice applies to personal information that we collect, use, and otherwise process about you on our own behalf through this website, in person, by phone, or through email or other electronic messaging services. When we collect and process information about you on behalf of other financial product and services companies, we will let you know and refer you to those companies’ privacy policies.
Processing of your personal data
The personal data we collect about you helps us to provide you with high-quality financial planning services and advice. We also collect the data necessary to comply with our legal and regulatory obligations. We will also collect data that is necessary for the conduct of our business, such as improving the performance of our electronic services, including our website. The personal data we collect, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of personal data” section below).
Basis of processing
How do you exercise this right?
Identifiers such as your name, postal address, email address, telephone number, account name, signature, social security number, driver’s license number, passport number, photo identification or other similar identifiers.
This information is necessary for the performance of our contract with you, i.e., to provide you with our financial advisory and planning services; to take steps necessary to enter into such a contract; or is required by law.
This data is required to enable us to enter into and administer the contractual relationship, provide financial planning and advisory services to you, and to comply with applicable laws, including “Know Your Customer” requirements.
Personal characteristics such as your age, date of birth, gender, marital status, and numbers and ages of children.
This information is necessary for the performance of our contract with you to provide financial advisory and planning services; to assist you in selecting and purchasing financial products from third parties; or is required by law.
This information enables us to provide better financial advisory and planning services designed to meet your particular needs and those of your family, and to comply with applicable laws.
Financial information, including information about your net worth, savings, investments, assets, debts, employment status, present and projected income, investor status (accredited or qualified), and accounts with financial institutions, including insurers.
This information is necessary for the performance of our contract with you; to take steps necessary to enter into your contracts with third parties, such as purchasing insurance policies, annuities, or other financial instruments, or to comply with legal obligations.
This is required to enable us to administer the contractual relationship, provide financial planning and advisory services to you, and to comply with applicable laws, including “Know Your Customer” requirements.
Internet or other electronic identifiers, such as Internet Protocol address, mobile device identifiers, and other electronic identifiers that might uniquely identify you, along with information about your interaction with our electronic services.
It is necessary for the purposes of our legitimate interests to maintain the security and integrity of our computer systems and to administer our website quality.
This is required to help diagnose problems with our computers and to maintain and improve our website. Also, we may use a log file of IP addresses to gauge overall usage, traffic, and performance of our website. Even though it could be used to uniquely identify users, we do not use IP addresses to personally identify users or to track the usage patterns of individual users.
How does BoliColi.com obtain my personal data?
Most of the personal data we process is obtained from you when we establish a relationship with you and as we work with you to provide our services. We may also obtain personal data about you from insurance companies and other financial services companies that provide you with products or services, such as account balances, where you have authorized us to have access to that information.
In some circumstances, we may request your explicit consent to process specific types of personal data. For example, in certain circumstances if you request marketing material. In these circumstances, you are able to withdraw your consent at any time by following the instructions provided when you gave consent or at the contact details below. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we need to rely on – in which case, we will let you know. Your withdrawal of your consent will not impact any of our processing up to that point.
While you are on-line, your computer saves so-called “cookies.” These are small files that control how our website is displayed and operates. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective and secure.
We therefore save them and analyze their data – although they do not identify you personally. This improves the usefulness of our website. We perform anonymous statistical analyses of our internet presence, and do not identify you personally.
You can change your browser settings so that you are notified when cookies are being used, and you can allow them only once, or refuse them in certain cases or completely. You may also activate the automatic deletion of cookies when you close your browser. Deactivating cookies may restrict website functionality.
We also use Google Analytics, a web analytics service provided by Google Inc. Google Analytics sets cookies in order to evaluate your use of our website and compile reports for us on activity on it.
Google stores the information collected by the cookies on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website and accepting cookies from it, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
We do not support the “Do Not Track” browser option.
Sharing of personal data
We use third-party service providers who provide services to us or on our behalf, including IT services, such as website maintenance, computer support, and systems operations.
We will check any third party that we use to ensure that they can provide sufficient control over the confidentiality and security of personal data about you that they may process or maintain for us. We will endeavor to ensure that all non-governmental third parties to which we transfer your personal data agree, as part of their contract with us, to treat your personal data in accordance with the Policy.
Disclosures to third parties
In certain circumstances, we share or are obliged to share your personal data with third parties for the purposes described above and in accordance with Data Protection Legislation.
These third parties include:
- Regulatory authorities;
- Financial institutions;
- Relevant industry self-regulatory bodies;
- Others, where it is permitted by law, or where we have your consent
We do not disclose your personal data to third parties for those third parties’ direct marketing purposes, nor do we sell your personal data. If you would like information about opting out of other discretionary sharing of your personal information with third parties, please contact us (see “Contact us” section below).
Transfers outside of the European Economic Area
Your personal information will be stored and processed in the United States, and may be transferred to or stored or processed in other jurisdictions outside of the European Economic Area (“EEA”). If you are a European data subject, for any follow-on transfers of personal data about you to a jurisdiction outside of the EEA, we take additional steps in line with Data Protection Legislation. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights; e.g., we establish an adequate level of data protection through contractual clauses based on the standard contractual clauses for the transfer of personal data approved by the European Commission in accordance with Data Protection Legislation.
If you would like to see a copy of any relevant provisions, please contact us (see “Contact us” section below).
How is my personal data secured?
We operate and use appropriate technical and physical security measures to protect your personal data.
We have, in particular, taken appropriate security measures to protect personal data about you from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process personal data about you. In addition, our service providers are also selected carefully and are required to use appropriate protective measures.
Storage of personal data
We will keep personal data about you for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information. The criteria we use to determine data retention periods for personal data includes the following:
- Retention based on our business relationship – we will retain it for a reasonable period after the relationship between us has ceased, but for no longer than 2 years;
- If we do not enter into a relationship with you after you have provided us with personal information, we will retain for a reasonable period, not to exceed 2 years.
- Retention in case of claims – we will retain it for the period in which it may be enforced (this means we will retain it for 10 years in some instances); and
- Retention in accordance with legal and regulatory requirements – we will consider whether we need to retain it after the period described above of a legal or regulatory requirement.
If you would like further information about our data retention practices, please contact us to ask for details (see “Contact us” information, below).
Depending upon where you live, or depending on your jurisdiction, you may have various rights under data protection legislation in that country or state.
These may include (as relevant) that you may access the personal data about you that we store. You may also review or make certain corrections to the personal data we store about you. You may also request the deletion of personal data about you or object to its processing. In limited circumstances, you may have data portability rights in relation to certain personal data we hold about you. These rights are not unlimited and the exercise of these rights, and the limits upon them, are summarized below:
What does it mean?
How do you exercise this right?
Conditions to exercise?
Right of access
Subject to certain conditions, you are entitled to have access to your personal data which we hold (this is more commonly known as submitting a “data subject access request”). Requests for such information should be made in writing to firstname.lastname@example.org or 781-942-5700. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not affect the rights and freedoms of others, e.g., privacy and confidentiality rights of other customers. Data solely retained for data backup purposes is principally excluded. There may be certain restrictions on how frequently you may be able to make such a request.
Right of data portability
Subject to certain conditions, you are entitled to receive the data which you have provided to us and which is processed by us by automated means, in a commonly-used machine readable format. Requests for such information should be made in writing to email@example.com or 00781-942-572. If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. Data Protection Legislation does not necessarily establish a general right to data portability. This right may only apply if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (e.g. not for paper records). It affects only personal data that was “provided” by you. Hence, it may not, as a rule, apply to personal data that was created by us or obtained from other sources. There may be certain restrictions on how frequently you may be able to make such a request.
Rights in relation to inaccurate personal or incomplete data
You may challenge the accuracy or completeness of personal data which we process about you. If it is found that personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate. We encourage you to notify us of any changes regarding personal data about you as soon as they occur, including changes to your contact details, telephone number, identification documents. Please always check first whether self-help tools are available. If no such tools are available, requests should be made in writing to firstname.lastname@example.org or 781-942-5700.
This right only applies to personal data about you. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processing
Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal data. Requests for such information should be made in writing to email@example.com or 781-942-5700. This right may only apply if the processing of personal data about you is explicitly based on our so-called “legitimate interests” (see “basis of processing” above). Objections must be based on grounds relating to your particular situation. They must not be generic so that we can demonstrate that there are still lawful grounds for us to process your personal data.
Right to have personal data erased
Subject to certain conditions, you are entitled, on certain grounds, to have your personal data erased (also known as the “right to be forgotten”); e.g., where you think that the information we are processing is inaccurate, or the processing is unlawful.
Requests for such information should be made in writing to firstname.lastname@example.org or 781-942-5700. There are various lawful reasons why we may not be in a position to erase personal data about you. This may apply (i) where we have to comply with a legal obligation, (ii) in case of exercising or defending legal claims, or (iii) where retention periods apply by law or our statutes.
Right to withdrawal
You have the right to withdraw your consent to any processing for which you have previously given that consent. Requests for such information should be made in writing to email@example.com or 781-942-5700. If you withdraw your consent, this will only take effect for the future.
Please note, you may not have access to all of these rights depending on the country you live and/or work in, and only those relevant in your jurisdiction will apply.
In addition, California law entitles California residents who have used our services for personal, household, or family purposes, to request information concerning whether we have disclosed certain information about you within the past year to any third parties for the third parties’ direct marketing purposes. California users who wish to request further information in compliance with this law or have questions or concerns about our privacy practices and policies may contact us as specified in the “Contact us” section below.
As stated above, we do not sell your personal information to third parties for their direct marketing purposes.
Children and minors
Our services are not intended for individuals under 17 years of age. No one under 17 years of age should submit or post personal information through our website. We do not knowingly collect personal information from persons under the age of 17. If we become aware or suspect that you are under the age of 17, any information you submit will not be used or retained by us. We urge parents and legal guardians to spend time online with their children and to participate in and monitor the online activities of their children.
Your right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy you might have, you may have the right under data protection legislation in your country (where applicable) to lodge a complaint with the relevant data protection supervisory authority in your country if you consider that we have infringed applicable data protection legislation when processing personal data about you. This means the country where you are habitually resident, where you work, or where the alleged infringement took place.
Changes to this information
We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post the revised policy to our website, https://bolicoli.com/privacy-policy, so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our services after notice is provided, you accept and agree to this Privacy Notice as modified.