Privacy and Security Policy

The Texas Bullion Depository® is committed to protecting and safeguarding your privacy rights.

This privacy policy describes how we collect, use, and share personal information. Sensitive information and confidential information are not disclosed, made available, or otherwise used for purposes other than those specified at the time of collection, except with your consent or as authorized by law or regulation.

By using our Services, you agree to this Privacy Notice. If you do not agree, please do not use our Services.

We may update this Privacy Notice at any time, and if we do, we will update the link to our Privacy Policy.

Our Contact Details

If you have questions, comments, or concerns about this privacy notice, please contact our Information Security/Privacy Office:

By email: informationsecurity@cpa.texas.gov

By mail:

Information Security

Comptroller of Public Accounts

P.O. Box 13528, Capitol Station

Austin, TX 78711-3528

If you have a complaint about our use, processing or sharing of your personal information, we ask that you contact us at informationsecurity@cpa.texas.gov to provide us with an opportunity to address your concerns. You also have the right to file a complaint with the applicable data protection authority.

Our Website

Our website is managed by Lone Star Tangible Assets, L.P. on behalf of the Texas Bullion Depository. When you visit our Site you will be presented with a notice to consent or reject cookies. The notice will require your consent to access the Site. You may withdraw your consent any time. If you reject the use of cookies, you may have limited access to all websites features and content. See About Cookies and Other Related Technologies for details on cookie use and operations.

What Information Is Collected?

We may collect your personal information directly through online form submissions and indirectly from website visitors. We may also collect your personal information from public databases and third parties when necessary to further the Depository’s services (for example, identity verification upon opening an account). Categories of personal information collected from users of the Site include:

• Identity Information including first name, last name, title, job title, and company name.)
• Contact Information including email address, telephone number, billing address.
• Payment Information including credit card or bank account information to pay account and transaction fees.
• Social Media Information including account handle, information you may share publicly on social networks and information you share related to your interactions with our social media posts or advertisements.
• Internet or Technical Information including IP address, domain name of internet service provider, browser type, operating system and platform.
• Usage Information including how you use our Services such as which pages you visit on our Site or otherwise how you engage with the Services.
• Marketing Information includes your preferences to receive alerts, updates, and other marketing communication from us.

About Cookies and Other Related Technologies

Our Site and Apps use online technologies, including cookies and analytics services. We or our third-party service providers, such as our web-hosting provider, may place cookies (small text files) on your device. Cookies allow us to optimize your interaction with our Site and Apps. It also allows us to compile statistics about how the website is used. You may have the ability to change your browser settings to refuse to accept cookies. Please note that if cookies are disabled you may have limited access to all websites features and content.

Why and How We Collect Information

We will only process your personal information where we have a lawful basis to do so. Our lawful basis to use your personal information as described in this privacy policy is based on our legitimate interest and/or to comply with a legal obligation.

We may collect your personal information from various sources including:

• Directly from information you provide on applications and other forms.
• From your transactions with us and with our affiliates, such as by visiting our website.
• From information we receive from other entities not affiliated with us, such as information we request to verify your identity.
• From social media platforms such as Twitter or LinkedIn.
• From publicly available databases.

How We May Use Your Information

We may use your information for the following business purposes:

• To perform the services under this Agreement.
• To respond to your inquiries when you have contacted us.
• To provide, support and develop our Services by conducting data analysis.
• To provide marketing material that may be of interest to you.
• For fraud or security monitoring purposes or to enforce our terms and conditions.
• To satisfy our legal and regulatory requirements.

We will not use your personal information for the purposes of automated decision-making.

How We May Share Your Information

We limit access to your information to those employees who need to know in order to conduct our business and perform the services under this Agreement. However, we may also share your information with:

• Our affiliates.
• Our third-party service providers that assist us in providing the Services.
• Other entities as required to comply with applicable laws and regulations or to comply with government authorities.

How Long We Keep Your Information

We retain information for as long as it is needed to perform the business purpose for which it was collected and subject to records retention requirements under applicable law. We will store or use sensitive and confidential information submitted by you for the least amount of time needed.

Your personal information will be transferred and stored in the United States. If you do not consent to this data transfer or storage, do not use our Services.

How You Request or Correct Your Information

With few exceptions, you have the right to exercise certain rights in relation to your personal information. As required by applicable law, we will respond to requests from you for:

Access to personal information. We will provide you with access to the personal information we have collected about you, subject to any relevant exemptions and verification of your identity.

Correction and Deletion. Upon your request and verification of your identity, we will correct your personal information or delete information, subject to any relevant exemptions.

Data Portability. We will provide you with your personal information in a format that may be ported to another entity.

If we are relying on consent to collect, use or share your personal information, you have the right to withdraw such consent. We shall honor such requests, subject to any relevant exemptions, unless we have a legitimate basis to retain or use your personal information.

To exercise any of the above rights relating to your personal information, please submit your request via one of the methods listed below and ensure your request includes enough description and detail so we may accurately identify and locate your information.

By email: open.records@cpa.texas.gov

By mail:

Open Records Section

Comptroller of Public Accounts

P.O. Box 13528

Austin, TX 78711-3528

By fax: 512-475-1610

In person:

Open Records Section

Comptroller of Public Accounts

111 E. 17th St.

LBJ State Office Bldg., Ste. 210

Austin, TX 78701

Privacy Notices

STATE OF TEXAS PRIVACY NOTICES

FEDERAL PRIVACY ACT NOTICE- Disclosure of your social security number on the Application is required and authorized under law, for the purpose of tax administration and identification of any individual affected by applicable law, 42 U.S.C. §405(c)(2)(C)(i); Tex. Govt. Code §§403.011 and 403.078. Release of information on this form in response to a public information request will be governed by the Public Information Act, Chapter 552, Government Code, and applicable federal law.

TEXAS PRIVACY NOTICE - Under Ch. 559, Government Code, you are entitled to review, request, and correct information we have on file about you, with limited exceptions in accordance with Ch. 552, Government Code. To request information for review or to request error correction, contact us at Texas Bullion Depository, Attention: Open records Section, P.O. Box 13528, Austin, TX 78711-3528 or (512) 475-1610.

EU PRIVACY RIGHTS

If you are an individual in the European Union (EU), you have privacy rights under the European Union’s General Data Protection Regulation (GDPR) and this section of the Privacy Policy is here to make you aware of your rights.

Under GDPR, you have certain rights in relation to your personal data, including:

• The Right to Information – the right to be informed if an organization is using your personal data.
• The Right of Access – you have a right to obtain a copy of your personal information that an organization has about you.
• The Right to Rectification – you have the right to challenge the accuracy of information held about you by an organization.
• The Right to Erasure - you have the right to request an organization delete personal information about you.
• The Right to Restriction of Processing – you can limit the way an organization uses your personal data.
• The Right to Data Portability – you have a right to get your personal information from an organization in a way that is accessible.
• The Right to Object – you have the right to object to the processing or use of your personal data in some circumstances.
• The Right to Avoid Automated Decision-Making – you have the right to prevent decisions about you being made without people being involved or to prevent profiling.

Our privacy policy fully incorporates these rights. To the extent that our privacy policy is inconsistent with these rights, your rights under the GDPR will take precedence.