FBG Holding LLC (“Company” or “us” or “our”) operates US Green card and immigration online consulting and management services (“Service(s)”) as governed by our terms, available at: https://www.dv-lottery.us/service.html (“Terms of Use” or “ToU”). This Privacy Policy (“Policy”) is an integral part of the Terms of Use, and definitions herein shall have the same meaning as defined therein.
We have designed this Policy to provide a transparent and detailed explanation of our privacy practices, the data we collect and how we use it, as required under applicable privacy laws, including the EU General Data Protection Regulation (“GDPR”).
- TYPES OF DATA COLLECTED
When you access and browse our website or use the Services in any manner, we collect certain types of data that can be classified as follows:
- Non-identifiable aggregated data (“Non-Personal Data”), such as technical information transmitted by the device you are using and certain aggregated data regarding your use of the Services.
- Individually identifiable information (“Personal Data” or “Personal Information”, subject to applicable law definitions). This may include name, email address, and online identifiers, as detailed in the table below.
It is important to note that the Company will not combine Personal Data you voluntarily provide with Non-Personal Data that Triple Space collects. However, if we do combine these types of data, we will treat the combined data as Personal Data.
Please see the list below, which details the types of data collected while you browse our website or use the Services offered therein, as well as the purpose of collection and how we use it:
- Application Details:
If you wish to receive our Services, you will be required to provide us with information such as your full name, gender, English level, education level, income level, email address, date of birth, birth country, marital status, phone number, and occupation.
Some of our service features may require you to provide us with additional information, depending on the specific features of our Services.
You may enter your details through an online form, in an application that we operate, or through phone call, voicemail, email, online chat, social network communication, postal delivery, or using any other method.
Further, during the application process, you will be supplied with a username and password for your account. At this time, you thereby represent and warrant that you are responsible for maintaining the confidentiality of your details and password. You also represent and warrant that you will not provide us with inaccurate, misleading, or false information.
Purpose of Collection and How We Use It: We collect and process the application details in order to provide our Services.
For EU Individuals: Legal Basis under the GDPR: Performance of a contract
- Recorded Phone Calls:
If you contact us or a representative acting on our behalf, such as a customer service representative, your calls may be recorded and/or documented in writing.
Purpose of Collection and How We Use It: We record and process phone calls to monitor the quality of service provided to you, to provide our Services, or to prevent fraud.
For EU Individuals: Legal Basis under the GDPR: Performance of a contract
- Contact Details:
If you voluntarily choose to get in touch with us for any reason, including support or questions, through any available communication channel (e.g., online form, email, mail, etc.), we will gather and process the information you provide, which may include your name and email address.
Purpose of Collection and How We Use It: We will process your contact details and contact history to respond to your inquiries and provide the service or support you requested. Additionally, we may store this information if we believe it is necessary for our legitimate interests, such as defending legal claims.
For EU Individuals: Legal Basis under the GDPR: Performance of a contract
Internet Protocol Address (IP) and Technical Data:
When you visit our website and use the Services, we (directly or through our third-party service providers) will collect your IP address. Note that while IP addresses are considered personally identifiable information in many jurisdictions (such as the EEA), there are some jurisdictions where such datasets are not considered Personal Data. Therefore, we treat such information as Personal Data, in accordance with applicable laws.
In addition, we may collect technical Non-Personal Data, such as operating system type, device type, browser type, language preference, time and date of website access, click stream on the website, approximate geographical location, etc.
Purpose of Collection and How We Use It: We will process this data to operate, provide, maintain, protect, manage, customize, and improve our website and the services offered through it, as well as to audit and track usage statistics and traffic flow. This data may also be collected for remarketing purposes, as detailed in the “Cookies” section below, and subject to your consent, where required under applicable law.
For EU Individuals: Legal Basis under the GDPR: We process this information based on your consent provided through our cookie notice.
- Newsletter:
In the event you sign up to receive our newsletter or other marketing materials, you will be requested to provide your email address and additional information such as, name, company and job title. We will use Upland’s services for our email marketing.
Purpose of Collection and How We Use It – We will use this data solely to send the marketing materials.
In order to Opt-out – you may easily unsubscribe by contacting us at [email protected] or by other means we will make available (e.g. “unsubscribe” link within the applicable email).
For EU Individuals: Legal Basis under the GDPR – If you registered to our newsletter, you have provided your consent. Otherwise, as our partner or Customer we have legitimate interest to send you such updates and content.
- Payment Information
If you make a payment for our Services or products using a credit card, you will be asked to provide your credit card number and other details.
Purpose of Collection and How We Use It
We will use this information only to process your payment.
For EU Individuals: Legal Basis under the GDPR
We process this information based on the performance of a contract.
- How We Collect Your Data
The data listed above can be collected in two ways:
- Voluntarily: You provide us with your data when you contact us.
- Automatically: We use tracking technologies, such as cookies and pixels, to collect data about you automatically.
- COOKIE POLICY
Our website uses tracking technologies such as cookies and pixels. These technologies are used to collect information about you automatically, either by us or by service providers on our behalf.
Cookies are small text files that are placed on your hard drive by a web server when you visit a website. They are used for a variety of purposes, such as making the interaction between you and the website quicker and easier, enabling automatic activation of certain features, and providing the website in the appropriate language. Cookies can also be used for remarketing purposes, as explained below.
You can find more information about cookies at www.allaboutcookies.org: https://www.allaboutcookies.org/.
Most browsers allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You can remove cookies by following the instructions in your device preferences. However, please note that if you choose to disable cookies, some features of our website may not operate properly and your online experience may be limited.
In addition to our own cookies, we may also allow third parties to use cookies or other tracking technologies on our website:
- Analytics and Performance-related Cookies: These cookies are used to track and analyze the use of our website for internal purposes, and may collect your IP address.
- Essential, Functionality & Operation: These cookies are strictly necessary for the website to function properly.
- Targeting & Advertising: These cookies are used to target and deliver advertising to you.
You can control how your browser responds to cookies by adjusting the privacy and security settings of your web browser. Please refer to the support page of the browser you are using for more information.
Additionally, you may opt out of certain Advertisers’ cookies and browser-enabled, interest-based advertising at the following websites:
- Network Advertising Initiative (NAI): NAI consumer opt-out: https://optout.networkadvertising.org/
- Digital Advertising Alliance (DAA): DAA opt-out page: https://optout.aboutads.info/
- Analytics and Performance-related Cookies:
Source:
Google.com
Google Analytics.
This cookie is placed in order to track and analyze the use of our Services, for internal purposes, and may include the collection of your IP.
Privacy Policy / Opt Out:
www.google.com/policies/privacy/partners
https://tools.google.com/dlpage/gaoptout.
For additional information of our use of Google products, click here.
- Essential, Functionality & Operation:
Source:
Google Tag Manager
This cookie is strictly necessary and is used to load scripts into our website pages.
Privacy Policy / Opt Out:
https://policies.google.com/privacy
https://policies.google.com/technologies/managing?hl=en
- Targeting & Advertising:
Source:
Google AdWords Remarketing
Facebook Remarketing
Taboola
Outbrain
Yahoo
Privacy Policy / Opt Out:
https://policies.google.com/privacy
https://policies.google.com/technologies/managing?hl=en
https://www.facebook.com/policies/cookies/
https://www.taboola.com/privacy-policy#users
https://www.taboola.com/cookie-policy
https://www.outbrain.com/legal/
https://policies.yahoo.com/xa/en/yahoo/privacy/index.htm
https://policies.yahoo.com/xa/en/yahoo/privacy/topics/cookies/index.htm
You may control how your browser responds to cookies by adjusting the privacy and security settings of your web browser.
Please refer to the support page of the browser you are using.
Additionally, you may opt out of certain Advertisers’ cookies and browser-enabled, interest-based advertising at the Network Advertising Initiative’s (“NAI”) website – NAI consumer opt-out and the Digital Advertising Alliance’s (“DAA”) website – DAA opt-out page.
- Sharing Data with Third Parties
We do not share any Personal Data collected from you with third parties except in the following cases:
- Authorized Disclosures: We may disclose your information to third parties when you consent to a particular disclosure. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.
- Legal Requirement: We may share your information in this case only if we are required to do so in order to comply with any applicable law, regulation, legal process, or governmental request (e.g., to comply with a court injunction, comply with tax authorities, etc.).
- Third Party Rights: We may share your information in order to prevent harm to the rights (including any legal rights), property (including intellectual property), or safety of us, our users, or any applicable third party.
- Affiliated Companies and Corporate Transactions: We may share your information with our parent company, any of our subsidiaries, joint ventures, or other companies that are under common control with the Company (“Affiliated Companies”) solely if and when applicable or necessary for the purposes described in this Policy, as well as in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). In the event of the above, we will make our best efforts to ensure that our Affiliated Companies or acquiring company assumes the rights and obligations as described in this Policy.
- Service Providers and Business Partners: We may share your information with third parties that perform services on our behalf (e.g., analytics services). Certain of our Service Providers shall include governmental agencies and representatives, legal advisers, or consultants.
We reserve the right to use, disclose, or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed, and analyzed by us and transferred in a combined, collectively, and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.
- YOUR RIGHTS
Personal Data: This refers to any information that can identify an individual, such as their name, address, or contact details.
Exercise your rights: This means utilizing the privileges or entitlements granted to you under data protection and privacy laws, like the right to access, correct, or delete your personal information.
Privacy Rights Policy: This is a document that outlines the specific rights and protections individuals have concerning their personal data.
Submit a request: This involves sending a formal petition or inquiry, often to a company or organization, to take action regarding your personal data.
Data privacy and related laws: These are regulations that dictate how organizations must handle and protect personal data.
- DATA RETENTION
Non-Personal Data: Information that cannot be used to directly identify an individual, such as anonymous statistics or aggregated data.
Legal obligations: These are requirements imposed by law, which an organization must adhere to.
Delete its Personal Data: Removing or erasing the individual-specific information an organization has about you.
Rectify, replenish, or remove: This means correcting, adding to, or deleting incomplete or inaccurate information in their records.
Sole discretion: The exclusive right or authority to make a decision.
- SECURITY
Physical, technical, and administrative security measures: These are various methods employed to safeguard information, including physical security (e.g., locked rooms), technical security (e.g., encryption), and administrative security (e.g., access controls).
Proper authorization: The correct permission or approval required for accessing certain information or systems.
Improperly used or disclosed: When someone accesses or shares information in a way that goes against established rules or regulations.
Unlawfully destructed: Information that has been illegally or improperly destroyed.
- CHILDREN
Legal competence: The ability to make legally binding decisions.
Not directed or intended for individuals under the age of 18: The service is not meant for or aimed at individuals who are younger than 18 years old.
Knowingly collect or solicit information: Deliberately gathering or requesting data, especially when aware of the age of the individuals involved.
Actual knowledge: Real awareness or factual information.
Shared any information: Provided any details or data.
- TRANSFER OF YOUR DATA
Adequate level of data protection: Ensuring that your data receives an appropriate degree of safeguarding when transferred to another country.
Requires your consent: Demanding your agreement or permission.
Express consent: Clear and explicit approval or agreement.
- AMENDMENTS
Periodically amend or revise: Making changes or alterations to a document, policy, or agreement at regular intervals.
Go into effect immediately: Becoming valid and applicable right away.
Privacy practices: The procedures and methods an organization follows to protect and manage personal data.
Check for any amendments: Reviewing to see if there have been any modifications or revisions to a document or policy.
- CONTACT US
Data Protection Officer: An individual responsible for overseeing data protection and privacy matters within an organization.
- SECURITY POLICY
FBG Holding LLC. (the “Company”) is committed to transparency regarding the security measures and policies it has implemented to protect Personal Data, as defined by applicable data protection law, including the General Data Protection Regulation (GDPR). This Security Policy outlines the Company’s current security measures. The Company will update this policy as needed to comply with applicable laws and its internal policies.
The Company has implemented technical and organizational safeguards, and established a comprehensive information and cybersecurity program, to protect the Personal Data it processes.
Security Measures
We take the following measures to protect your Personal Data from unauthorized access, use, or disclosure:
- Physical Access Control
We implement physical security measures to protect our servers and facilities that store Personal Data. We use a reputable cloud storage provider, Microsoft Azure, which has its own security measures in place. Additionally, we use a passcode to control access to our offices and have fire and smoke alarms in place. All data backups are stored in fire- and water-resistant safes.
- Security Risk Analysis and Management
We regularly assess the risks and vulnerabilities to our Personal Data and implement appropriate security measures to mitigate them. We also test our disaster recovery plan regularly to ensure that we can recover from a disaster.
- System Control
We restrict access to our database to authorized personnel only. We have safeguards in place for remote access and wireless computing. Employees are required to follow our password policy, and we monitor user access and passwords. We also use a captcha and lock-out mechanism to prevent unauthorized logins.
- Data Access Control
We restrict access to Personal Data to employees who have a legitimate need to access it. Access is granted by our cybersecurity officer. Personal Data cannot be accessed, modified, copied, used, transferred, or deleted without authorization. Usernames and passwords are required to access Personal Data, and passwords are changed regularly and blocked when necessary. User passwords are encrypted, and each employee can only perform actions according to their permissions. All access is logged and monitored, and unauthorized access is reported automatically.
- Removable Media and Media Controls
We have a policy in place for the use of removable media to prevent the loss of Personal Data. Removable media is disposed of in accordance with our policy. Employees can remotely access Personal Data in accordance with our policy, using secure and encrypted remote control software.
- Organizational and Operational Security
We invest significant resources in training our employees on security practices and procedures. We also have safeguards in place for our hardware and software, including web content filtering, firewalls, and antivirus software. These safeguards cannot be deactivated by any user other than our cybersecurity officer.
- Transfer Control
All transfers of Personal Data between the client side and our servers are encrypted, and Personal Data is encrypted before transfer. Our servers are protected by industry-best standards. We also have a contract with our clients that includes a provision for the destruction of Personal Data after termination of the engagement. Additionally, our business partners are required to sign a Data Processing Agreement in accordance with applicable laws.
- Data Retention
We retain Personal Data for as long as needed to provide our services or as required by law. Individuals can request that their data be deleted, but this request is not absolute and is limited as described in our Privacy Policy.
- Job Control
All of our employees are required to sign an employment agreement that includes confidentiality and data protection provisions. Employees also undergo a screening process. In the event that an employee breaches their obligations or does not comply with our policies, we may take disciplinary action, up to and including termination of employment. We also review the security policies of third-party contractors before engaging with them, to ensure that they meet our standards for data security protection. Third-party contractors can only access Personal Data as explicitly instructed by us.
EN