The official language used by Topstep is English; in the event of a conflict between the English language version of this document and any version translated into any other language, the English language version shall prevail.
“Account” means an account of a User that is registered with Topstep that has access to specified Services of Topstep.
“Authorization” means the set of rights and privileges on the Web Site assigned to a User by Topstep.
“Brazilian User” means a User who resides in Brazil.
“Content” means all information and other materials present on the Sites, including Topstep’s products and services, text, images, photos, trading ideas, opinions rumors, advice, charts, financial information, ratings, reviews, or similar information.
“Controller” means a person or entity who, either alone or jointly, determines the purposes and means of the processing of Personal Data, controls the data, and is responsible for it.
“Cookies” means small files that are placed on your hard drive for identification purposes. These files are used for site registration and customization the next time you visit us.
“Credit Card Information” means that information required to process a credit card payment, including name of the debit card holder, credit card number, CVV number, expiration date, billing address, phone number, and email address.
“Data” means information generated by you and other Users (whether aggregated or otherwise).
“Data Protection Officer” means the person or entity in charge of the data processing operation.
“Data Subject” means an identified or identifiable natural person.
“Debit Card Information” means that information required to process a debit card payment, including name of the debit card holder, debit card number, CVV number, expiration date, billing address, phone number, and email address.
“EU” means the European Union.
“EU User” means a User who resides in the European Union.
“Feedback” means your comments, feedback, information, or other materials regarding the Sites and Services.
“GDPR” means the General Data Protection Regulation, adopted as Regulation (EU) 2016/679 of the European Parliament on April 14, 2016.
“LGPD” means Lei Geral de Proteção de Dado, Brazil’s Data Protection Law. The LGPD is effective on May 3, 2021.
“Log Data” means information that your browser sends whenever you visit a website; this information is automatically recorded by our servers.
“Personal Data” means any information relating to an identified or identifiable natural person or any information that is used for the behavior profiling of a particular natural person, if that person is identified.
“Sensitive Data” means data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data, data that concerns health, or data that concerns a natural person’s sex life or sexual orientation.
“User Submission” means any comment, or personal information, including ideas, suggestions, opinions, comments, observations, or other material , posted to any public form on our Sites or Services, including any publication, article, social network page, blog, chat room, or other such forum.
“Visitor” means a legal or natural person who visits our Site without having an Account.
3. TOPSTEP AS DATA CONTROLLER / DATA PROTECTION OFFICER
4. DESIGNATED AGENT
Topstep’s Designated Agent for purposes of the Digital Millennium Copyright Act may be contacted at support@Topstep.com. Please refer to “Designated Agent” in the subject line of your email. You may also call us at (888) 407-1611 or write to us at: Topstep LLC, Attn: Designated Agent, 130 S. Jefferson St., Suite 200 Chicago, Illinois 60661.
5. COLLECTION OF PERSONAL DATA
You may choose to register an Account with our Sites or Services, and we may collect certain personal information from you in order to provide services and to complete transactions.
When you register with us through our Sites or Services, we will ask you for Personal Data. Personal Data may include your name, phone number, email address, postal address, username, password, zip code, and age (optional).
Our Sites or Services may provide links to third-party applications, products, services, or web sites for your convenience and information. If you access those links, you will leave our Sites or Services. We do not control those third-party sites and services or their privacy practices, which may differ from our practices. We do not endorse or make any representations about third-party sites. Any information you choose to provide to, or that is collected by those third parties is not covered by the Agreement. We cannot control the activities of third parties, and we have no responsibility for any use of the information provided by such third parties. Any information you choose to provide to third party web sites or products will be governed by the policies of those third-party web sites and products.
If you post a User Submission to any public forum on our Sites or Services, including any publication, article, social network page, blog, chat room, or other such forum, please be aware that any Personal Data disclosed in your User Submission can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor we control. We may also aggregate all or any part of User Submissions into a resource that we may use, share, or distribute provided that any Personal Data has been anonymized. Topstep is not responsible for the Personal Data contained in your User Submission.
6. LEGAL BASIS FOR COLLECTING YOUR PERSONAL DATA
7. PURPOSES FOR WHICH WE COLLECT PERSONAL DATA / HOW WE USE AND SHARE YOUR PERSONAL DATA / LOCATION OF PROCESSING
Purposes for Which We Collect Personal Data
We do not sell your Personal Data to third parties to use for their own marketing purposes. Topstep uses the information we collect for the following purposes:
- Provide our Services. To provide the services we offer on our Sites and Services, to communicate with you about your use of our Sites or Services, to respond to your inquiries, to provide troubleshooting, and for other customer services designed to make your experience better.
- To tailor the content and information that we may send or display to you, to suggest personalized help and instructions, and to otherwise personalize your experience while visiting or using our Sites or Services.
- To display interest-based advertising to you, to improve our advertising and measurement systems so that we can show you more relevant ads, and to measure the effectiveness and reach of ads and services.
- Marketing and Promotions. For marketing and promotional purposes, such as to send you news and updates, special offers, and promotions, or other otherwise contact you about products, services, or information we think may interest you, including information about third party products and services.
- To gather metrics to better understand how Users access and use the Sites and Services; to evaluate and improve the Sites and Services; and to develop new products and services.
- Comply with the Law. To comply with legal obligations, as part of our general business operations, and for other business administration purposes.
How We Use and Share Your Personal Data
We use the information you provide to offer, manage, or improve our Sites or Services, including but not limited to:
- improving content;
- adapting or adding in new features and functionality;
- providing and improving service and support;
- delivering relevant advertising;
- assisting with social sharing functionality;
- developing new products and services;
- selecting content to be communicated to you;
- aggregating certain types of information to better understand or provide better engagement with our Users; and
- contacting you regarding our products or services; and preventing and detecting security threats, fraud or other malicious activity.
Topstep may share your Personal Data with our affiliates or with third parties, which provide services to us and which agree to keep such Personal Data confidential. You may view our agreements our affiliates and providers here.
We may employ third-party companies and individuals for any of the following:
- to facilitate the Sites or Services;
- to provide the Sites or Services on our behalf;
- to perform related services, including maintenance, database management, web analytics, and improvement of the features or functionality;
- to assist us in data analysis; and
- to process debit, credit, and other payments and to perform related services.
Topstep may collect and compile general information about you, your preferences and interests and use that information as described in this Section. We may share with or sell such information to third parties for these same purposes but would never do so without your consent. When you sign up for an Account, you will be asked if you consent to us sharing or selling your information. If you do not provide your consent, we will not share with or sell any of your information to third parties.
We retain the right to disclose Personal Data as allowed or required by law. We may also disclose Personal Data under the following circumstances:
- to respond to duly authorized information requests of police and governmental authorities;
- to comply with any law, regulation, subpoena, or court order;
- to investigate and help prevent security threats, fraud or other malicious activity;
- to investigate and help prevent a violation of any contractual or other relationship with Topstep or the perpetration of any illegal or harmful activity;
- to enforce and protect the rights and properties of Topstep, its affiliates and its business partners; and
- to protect the personal safety of our employees, agents, affiliates, business partners, customers or site users.
Location of Processing
Personal Data is processed in the United States of America. Personal Data from EU Users and Brazilian Users is processed in the United States. Topstep shall process such Personal Data in accordance with the requirements of the GDPR and LGPD.
8. CALIFORNIA PRIVACY RIGHTS
Our Site or Services collects information that may identify, relate to, describe, reference, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device (“Personal Information”). Personal Information does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information; or
- Information excluded from the CCPA’s scope.
In particular, our Sites or Services has collected the following categories of Personal Information from consumers within the last 12 months:
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers||YES|
|B. Personal Information categories listed in the California Consumer Records State (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or Federal Law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO|
|E. Biometric Information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation Data||Physical location or movements.||NO|
|H. Sensory Data||Audio, electronic, visual, olfactory, or similar information.||NO|
|I. Professional or employment-related information||Current or past job history or performance evaluations.||NO|
|J. Non-public education information||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
We obtain the categories of Personal Information listed above from the following categories:
- Directly from you. For example, forms you complete or products and services your purchase; and
- Indirectly from you. For example, from observing your actions on our Site.
The CCPA provides California residents with specific rights regarding their Personal Information. California residents have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures of a business purpose, identifying the Personal Information categories that each category of recipient obtained.
- The specific pieces of Personal Information we collected about you (also called a portability request).
California residents also have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the Personal Information applies. We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
To exercise your rights to know or delete described above, please submit a request by submitting a request to: c/o Topstep LLC, Attn: Data Protection Officer, 130 S. Jefferson St., Suite 200 Chicago, Illinois 60661 or at support@Topstep.com. Only you, or someone legally authorized to act on your behalf, may request to know or delete related to your Personal Information. You may also make a request to know or delete on behalf of your child. You may only submit a request to know within a 12-month period. Your request to know or delete must provide sufficient information that allows us to reasonably verify you are the persona bout whom we collected Personal Information or an authorized representative. We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
We will not discriminate against you for exercising any of your CCPA rights. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to support@Topstep.com or write us at: Topstep LLC, Attn: Data Protection Officer, 130 S. Jefferson St., Suite 200 Chicago, Illinois 60661.
9. GDPR AND LGPD
European Union General Data Protection Regulation 2016/679
European Union General Data Protection Regulation EU 2016/679 (“GDPR”), approved by the European Parliament on April 14, 2016, and effective May 25, 2018, addresses the protection of natural persons located in the EU with respect to the processing of their Personal Data. GDPR recognizes that Personal Data shall be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
As a Controller, Topstep shall be responsible for, and shall be able to demonstrate compliance with, the foregoing principles. Therefore, you have the right:
- to request the correction or update of any Personal Data that is incorrect or incomplete;
- to request the erasure of your Personal Data (the right to be forgotten);
- to portability of your Personal Data;
- to object to the processing of your Personal Data;
- not to be subject to a decision based on automated decision-making, including profiling;
- to withdraw consent to the processing of your Personal Data; and
- to register a complaint with an EU supervisory authority.
LGPD Supplemental Privacy Notice
This Section addresses legal obligations and rights set forth in the LGPD that apply only to eligible residents of Brazil. These obligations and rights apply to businesses doing business in Brazil and to Brazilian residents and information that relates to Brazilian Users. IT does not apply to information that has been anonymized by the LGPD.
If you are a Brazilian resident, the following provisions apply in addition to the terms of the Privacy Notice:
- request the deletion, blocking or anonymization of your Personal Data, if you believe Topstep is processing your Personal Data information in an unnecessary, exceeding or non-compliant matter;
- request the portability of your Personal Data; and
- request information about the entities with which Topstep has shared your Personal Data with.
- Because the Services and Sites are provided to you by Topstep in the United States, Topstep needs to carry out international transfers of your Personal Data from Brazil to the United States and other countries for the proper operation of the Services. Therefore, the international transfers of all Brazilian Users’ Personal Data are based upon contractual necessity, as provided by the LGPD.
Request for the deletion of Personal Data
Under the GDPR and the LGPD, EU Users and Brazilian Users may have the right to request the deletion of their Personal Data that Topstep collects, stores, or processes. In the event Topstep receives such a request, Topstep will erase the Personal Data without undue delay (which will be no longer than 30 days for EU Users and no longer than 15 days for Brazilian Users). All requests will be subject to our information request requirements, including identity verification and authentication procedures, as well as compliance with applicable law. To the extent permitted by the applicable laws, we may decline, however, requests that are unreasonable, incomplete, do not comply with our information request procedures or that are not required to be honored by applicable law.
If you would like to submit a request for erasure (request to be forgotten), please use the form linked here.
10. KEEPING YOUR PERSONAL DATA SECURE
To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, Topstep utilizes generally accepted industry standards to protect your Personal Data submitted to Topstep or relies on the services of third parties to provide the same. However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your Personal Data.
11. CHILDREN’S PRIVACY
Topstep Sites or Services are not intended for use by minors under the age of 18 and are not targeted to children. Topstep does not knowingly collect information from children under the age of 16, solicit information from such children, or market products to such children.
12. SENSITIVE DATA
We do not intentionally collect, process, transfer, or store Sensitive Data.
13. LOG DATA AND COOKIES
Our servers also automatically record Log Data which includes information such as your internet service provider, your computer’s internet protocol address, browser type and operating system, referring/exit pages, clickstream data, pages of our Sites and Services that you visit (and the time spent on these pages), information you search for on our Sites or Services, and other statistics. We use this information to monitor and analyze your use of our Sites or Services and to better tailor them to your needs in order to provide you with a better experience.
Please click here to see the Cookies used on our site.
14. ACCESS TO AND ACCURACY OF YOUR PERSONAL DATA
Topstep strives to keep your Personal Data accurately recorded. You have the right to access and request the correction, amendment, or deletion of all of your recorded personal information that has been collected by us. If you wish to review your recorded Personal Data, please contact us at:
c/o Topstep LLC, Attn: Data Protection Officer, Email: support@Topstep.com U.S. Mail: 130 S. Jefferson St., Suite 200 Chicago, Illinois 60661.
If you write to us, please include your name, email address, and telephone number and let us know what kind of information you would like to see. You may view and copy your information in person, or if you prefer, we will copy and send you your information. If you see any mistakes, let us know and we will review it. If we agree, we will correct our files. If we disagree, you may file a short statement of dispute with us. Your statement will be included with any data we disclose in the future. We will also send the statement to anyone you ask us to who received your information from us in the past two years.
15. DATA RETENTION
Topstep retains Personal Data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, Topstep takes into consideration local laws, contractual obligations, and the expectations and requirements of our Users. We will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. When we no longer need personal information, we securely delete or destroy it.
17. CONTACT US
c/o Topstep LLC, Attn: Data Protection Officer, 130 S. Jefferson St., Suite 200 Chicago, Illinois 60661.