Privacy Policy

This privacy policy (“Privacy Policy”) covers our treatment of personally identifiable information (“Personal Information”) that we gather from individuals (“users” or “you”) when accessing or using our websites and service (“Services” or “Platform”) offered at Herobullion.com (“Hero Bullion”, “we”, “us” or “our”) but not to the practices of companies we don’t own or control, or people that we don’t manage. This Privacy Policy outlines the types of information we collect, how we use and store that information, and your rights regarding your personal data. By accessing or using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Please review this Privacy Policy carefully. By using our Platform, you consent to the collection and use of your information as described herein. If you do not agree with the practices outlined in this Privacy Policy, please do not access or use our Platform.

By continuing to use our Platform, you signify your acceptance of this Privacy Policy and your consent to the collection, use, storage, and disclosure of your information in accordance with this Privacy Policy and applicable laws and regulations. If you have any questions or concerns about this Privacy Policy, please contact us using the information provided in the “Contact Us” section below.

We may modify or update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be effective upon posting of the updated Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

The California Consumer Privacy Act (“CCPA”) and the EU General Data Protection Regulation (“GDPR”) are included in our Privacy Policy and the specific sections apply to our processing of personal information of Californian, European and Swiss consumers (as the terms “personal information” and “consumer” are defined under the CCPA). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the Privacy Policy.

What Information Do We Collect and For What Purpose?

The following chart shows the categories of personal information that we have collected during the past twelve (12) months, the sources of such information, and the business or commercial purposes for which we may use such information. For all categories of personal information collected, we may disclose data to our service providers and other third parties to help us accomplish the business purposes described below.

The table below is intended to be illustrative and not exhaustive.

Categories of Personal Information	Sources of Personal Information	Business and Commercial Purposes
Personal identifiers (e.g. name, address, e-mail address, phone number(s))	Website or services (information collected directly from the user) Industry affiliates Vendors	Customer support and feedback process, fulfillment, and maintenance Delivery of marketing communications Analytics Account administration
Commercial information (e.g. precious metals purchased, obtained, or inquired about)	Website or services (information collected directly from the user) Industry affiliates Vendors	Customer support and feedback process, fulfillment, and maintenance Delivery of marketing communications Analytics
Internet or Network Activity (e.g. IP address, browser and operating system, referral URL, pages viewed, date/ time of visit)	Website or services (information collected directly from the user) Third-party advertisers/promoters Vendors	Delivery of marketing communications Analytics
Inferences are drawn from any of these personal information categories (e.g. interest based on analytics)	Website or services (information collected directly from the user) Vendors	Customer support and feedback process, fulfillment, and maintenance Delivery of marketing communications Analytics
Financial information (e.g. credit card information, bank account information)	Website or services (information collected directly from the user)	Process, fulfillment, and maintenance Account administration

No Sale of Data

We uphold the highest standards of data privacy and are committed to protecting the personal information of our users. In line with this commitment, we firmly assert that we do not engage in the sale of any user’s personal data. This stance is a core element of our privacy practices and reflects our dedication to maintaining the trust and confidence of our users.

For clarity, the term “sale” of data, as used in this Privacy Policy, refers to the exchanging, transferring, or otherwise making available of a user’s personal data to third parties for monetary or other valuable consideration. We understand the importance of this distinction and assure our users that their personal data will not be treated as a commodity in any business transactions.

It is important to note that this Privacy Policy does not preclude us from sharing data in ways that do not constitute a “sale” as defined above. This includes sharing information with service providers who assist us in operating our Platform, conducting our business, or serving our users, so long as these parties agree to keep this information confidential and use it solely for the purposes we have directed. Moreover, we may disclose personal data when legally required to do so, to comply with a subpoena, bankruptcy proceedings, or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We prioritize transparency in all our data practices and aim to provide our users with control over their personal data. In line with this, we ensure that users are informed about the types of data we collect, the purposes for which we collect it, and the circumstances under which it might be shared, as detailed in other sections of this Privacy Policy.

This No Sale of Data policy is subject to regular review and may be updated to reflect changes in our practices or legal obligations. Any updates will be communicated through revisions to our Privacy Policy, and we encourage users to review this policy periodically to stay informed about how we protect their personal information.

How We Use Cookies and Other Tracking Technology to Collect Information

“Cookies” are unique identifiers that we transfer to your browser or device to allow us to recognize your browser or device for future visits to help us ascertain how and when you use certain pages and features of our website. We use cookies and similar technologies to recognize your repeat visits and preferences, as well as to measure the effectiveness of campaigns and analyze traffic. Through cookies we place on your browser or device or through our browser extension, we may collect information about your online activity after you leave our Services. Just like any other usage information we collect, this information allows us to improve the Services and customize your online experience, and otherwise as described in this Privacy Policy.

The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on’s settings or visiting the Website of its manufacturer. Because cookies allow you to take advantage of some of our essential features, we recommend that you leave them turned on.

Lawful Basis for Collection

A primary legal basis for the collection of your data is your explicit consent. When you register for our Platform, use our Services, or voluntarily provide information, you are giving us your consent to process your personal data for specified purposes. This consent is freely given, specific, informed, and unambiguous, as per data protection regulations. You have the right to withdraw your consent at any time, although this will not affect the lawfulness of processing based on consent before its withdrawal.

We collect and process personal data as necessary to enter into or perform a contract with you. When you agree to our Terms of Service, you enter into a contractual relationship with us. The processing of your data is essential for the performance of this contract, enabling us to provide you with the services you request and manage our contractual obligations.

In certain instances, we are legally required to collect and process your data. This includes compliance with tax laws, anti-fraud regulations, and other legal requirements. Processing of your personal data in these cases is necessary for compliance with a legal obligation to which we are subject.

We may process your data when it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. These legitimate interests include but are not limited to:

Enhancing, modifying, personalizing, or otherwise improving our services and communications for the benefit of our users.
Identifying and preventing fraud.
Ensuring the security and integrity of our services.
Understanding how our users interact with our services.
Management and operation of our business and services.
In rare situations, we may process personal data to protect an individual’s vital interests, such as in emergency medical situations.

Keeping Your Information Safe

We care about the security of your information and use commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information collected through our Service. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Data Breach Notification

In the unlikely event of a data breach, we are fully committed to acting swiftly and responsibly to mitigate any potential harm. Our Data Breach Notification protocol is designed to address such situations with the utmost urgency and transparency, in full compliance with applicable data protection laws. The key components of our Data Breach Notification process are as follows:

Upon discovering a data breach, we will promptly initiate an investigation to determine the scope and impact of the incident. This involves identifying the nature of the breach, the type of data affected, the number of individuals impacted, and the potential risks associated with the breach.
In accordance with legal requirements, we will report the breach to the relevant data protection authorities without undue delay, typically within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
If the breach poses a high risk to the rights and freedoms of individuals, we will notify the affected users directly. This notification will be clear, concise, and will provide details of the nature of the breach, the likely consequences, the measures taken to address it, and advice on steps they can take to protect themselves. Notifications will be made without undue delay, in accordance with the timeframe stipulated by applicable laws.

Data Retention

We retain personal data in a manner consistent with the purposes for which it was originally collected, as detailed in the ‘How We Use Data’ section of this Privacy Policy. This includes retaining data for the duration necessary to provide our Platform’s services, maintain our business relationships, and comply with legal obligations.

In some instances, we may be legally required to retain certain data for a specified period due to regulatory requirements, such as financial records for tax purposes. In such cases, the data will be retained in accordance with the applicable legal or regulatory retention period.

We regularly review our data retention practices to ensure that we do not retain personal data beyond the necessary period. Our aim is to minimize data retention and securely delete or anonymize personal data that is no longer required for the stated purposes.

Upon reaching the end of the retention period, personal data is securely deleted or anonymized, so it can no longer be associated with an individual. We employ industry-standard techniques to safely dispose of personal data to prevent unauthorized access or use.

In certain circumstances, we may retain data for longer periods, particularly if required by law, in the context of an ongoing legal proceeding, or as necessary to support business operations, such as fraud prevention, IT backup systems, and safeguarding the stability and security of our operations.

We may retain anonymized or aggregated data for research and analytical purposes. This data is stripped of personal identifiers and is used to gain insights that can drive improvements in our services.

Children’s Information

Our Services are not directed to children under the specified age. We do not knowingly engage in transactions or communications with children under this age. Our Terms of Service prohibit users under this age from accessing our Platform and Services.

If we learn that we have collected personal information from a child under the specified age without parental consent, we will take steps to delete the information as soon as possible. We strongly encourage parents and guardians to take an active role in their children’s online activities and to inform us if they believe their child has provided personal information to us without their consent.

In the rare event that we collect personal information from children under the specified age with parental consent, such information will be used solely for the purpose for which it was collected, and in accordance with this Privacy Policy.

Parents or guardians who believe that their child under the specified age has submitted personal information to our Platform can contact us to request access to, correction of, or deletion of their child’s personal data. We understand the importance of safeguarding children’s privacy and security online. We implement stringent security measures to protect children’s personal information and comply with relevant legal requirements pertaining to data protection and privacy.

California Rights

If you are located in California, per the CCPA you have the following rights in respect of your personal data that we hold:

Right to Know: California residents have the right to request disclosure of our data collection and sales practices in relation to their personal data, including the categories of personal data we have collected, the source of the data, our use of the data, and, if applicable, whether we have sold or disclosed it.
Right to Access: You have the right to request a copy of the specific personal information collected about you during the 12 months before your request.
Right to Deletion: California residents have the right to request the deletion of their personal information that we have collected, subject to certain exceptions as provided by law.
Right to Opt-Out of Sale: If we sell personal information, California residents have the right to opt-out of the sale of their personal information. We will provide an opt-out link on our website or you can contact us directly to exercise this right.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means that we will not deny goods or services, charge different prices, provide a different level or quality of services, or suggest that you might receive a different price or rate for services or a different level or quality of goods or services.
Right to Appointment of an Authorized Agent: California residents have the right to appoint an authorized agent to exercise their rights on their behalf.
Process for Making a Request: To exercise any of the above rights, California residents can submit a request via our provided contact details. We will verify your identity before responding to your request, using personal information provided by you.
Response Timeframe and Format: We aim to respond to consumer requests within forty-five (45) days of receiving them. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by email.
Annual Reporting: In compliance with the CCPA, we will compile and disclose the number of requests to know, requests to delete, and requests to opt-out that we have received, complied with in whole or in part, and denied, and will maintain records of this information.

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such a request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf (e.g. previous transactions of the person to whom the request relates).

We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable processing fee or refuse to act on a request if the request is excessive, repetitive, or manifestly unfounded.

If you wish to exercise one of these rights, please contact us at [email protected] and write in the subject line: “CCPA PRIVACY REQUEST – [INSERT NAME]”.

Colorado Rights

If you are located in Colorado, per the CPA you have the following rights in respect of your personal data that we hold:

Right to Opt-Out of Sale: If we sell personal information, Colorado residents have the right to opt-out of the sale of their personal information. We will provide an opt-out link on our website or you can contact us directly to exercise this right.
Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.
Right to Erasure (‘Right to be Forgotten’): You may request the deletion or removal of your personal data when there is no compelling reason for its continued processing.
Right to Access: You have the right to request a copy of the specific personal information collected about you during the 12 months before your request.
Right to Data Portability: Where applicable, you have the right to receive, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, and the right to transmit that data to another controller.

If you wish to exercise one of these rights, please contact us at [email protected] and write in the subject line: “CPA PRIVACY REQUEST – [INSERT NAME]”.

Connecticut Rights

If you are located in Connecticut, per the CTDPA you have the following rights in respect of your personal data that we hold:

Right to Know: Connecticut residents have the right to request disclosure of our data collection and sales practices in relation to their personal data, including the categories of personal data we have collected, the source of the data, our use of the data, and, if applicable, whether we have sold or disclosed it.
Right to Access: You have the right to request a copy of the specific personal information collected about you during the 12 months before your request.
Right to Deletion: Connecticut residents have the right to request the deletion of their personal information that we have collected, subject to certain exceptions as provided by law.
Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.
Right to Data Portability: Where applicable, you have the right to receive, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, and the right to transmit that data to another controller.
Right to Opt-Out of Sale: If we sell personal information, Connecticut residents have the right to opt-out of the sale of their personal information. We will provide an opt-out link on our website or you can contact us directly to exercise this right.

If you wish to exercise one of these rights, please contact us at [email protected] and write in the subject line: “CTDPA PRIVACY REQUEST – [INSERT NAME]”.

Utah Rights

If you are located in Utah, per the UCPA you have the following rights in respect of your personal data that we hold:

Right to Access: You have the right to request a copy of the specific personal information collected about you during the 12 months before your request.
Right to Know: Utah residents have the right to request disclosure of our data collection and sales practices in relation to their personal data, including the categories of personal data we have collected, the source of the data, our use of the data, and, if applicable, whether we have sold or disclosed it.
Right to Data Portability: Where applicable, you have the right to receive, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, and the right to transmit that data to another controller.
Right to Opt-Out of Sale: If we sell personal information, Connecticut residents have the right to opt-out of the sale of their personal information. We will provide an opt-out link on our website or you can contact us directly to exercise this right.
Right to Deletion: Utah residents have the right to request the deletion of their personal information that we have collected, subject to certain exceptions as provided by law.
If you wish to exercise one of these rights, please contact us at [email protected] and write in the subject line: “UCPA PRIVACY REQUEST – [INSERT NAME]”.

Virginia Rights

If you are located in Virginia, per the VCDPA you have the following rights in respect of your personal data that we hold:

Right to Access: You have the right to request a copy of the specific personal information collected about you during the 12 months before your request.
Right to Know: Virginia residents have the right to request disclosure of our data collection and sales practices in relation to their personal data, including the categories of personal data we have collected, the source of the data, our use of the data, and, if applicable, whether we have sold or disclosed it.
Right to Deletion: Virginia residents have the right to request the deletion of their personal information that we have collected, subject to certain exceptions as provided by law.
Right to Opt-Out of Sale: If we sell personal information, Connecticut residents have the right to opt-out of the sale of their personal information. We will provide an opt-out link on our website or you can contact us directly to exercise this right.
Right to Data Portability: Where applicable, you have the right to receive, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, and the right to transmit that data to another controller.

If you wish to exercise one of these rights, please contact us at [email protected] and write in the subject line: “VCDPA PRIVACY REQUEST – [INSERT NAME]”.

Third Party Links

Our Platform or Services may contain links to third-party websites or services that are not operated or controlled by us. These third-party links are provided for your convenience and reference only. Please note that we have no control over the content, policies, or practices of these third-party websites or services.

By clicking on these third-party links, you acknowledge and agree that we are not responsible for the privacy practices or the content of such websites or services. This Privacy Policy applies solely to the information collected by our Platform. We encourage you to read the privacy policies of any third-party websites you visit to understand their data collection, use, and disclosure practices.

While we strive to include only reputable and trusted third-party links on our Platform, we cannot guarantee the accuracy, completeness, or quality of the information, products, or services provided on these external sites. The inclusion of any third-party link on our Platform does not imply our endorsement, sponsorship, or recommendation of the linked website or its content.

Please be aware that when you leave our Platform and access a third-party website, your interactions and any information you provide are subject to the terms and policies of that website. We encourage you to exercise caution and review the privacy policies of any website you visit.

Your Specific Rights in Respect of Your Personal Information if You are Located in the EU or Switzerland

For the purposes of EU data protection laws, Hero Bullion is a data controller (i.e., the company who is responsible for, and controls the processing of, your personal data). If you are located in the EU or Switzerland, per the GDPR you have the following rights in respect of your personal data that we hold:

Right of Access: You have the right to obtain access to your personal data held by us. This includes the right to request a copy of the personal data we hold about you and information about how we use it.
Right to Rectification: You have the right to request the rectification of inaccurate or incomplete personal data without undue delay.
Right to Erasure: You have the right to request the erasure of your personal data without undue delay under certain circumstances, such as when the personal data is no longer necessary for the purposes for which it was collected or processed, if you withdraw your consent on which the processing is based and there is no other legal ground for the processing, or if you object to the processing and there are no overriding legitimate grounds for the processing.
Right to Restriction of Processing: You have the right to request the restriction of processing your personal data under certain circumstances, such as when you contest the accuracy of the personal data, for a period enabling us to verify its accuracy, or when the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance. This right applies when the processing of your personal data is based on consent or a contract and the processing is carried out by automated means.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests and for direct marketing purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent: If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. In the EU, each member state has a supervisory authority, and you may lodge a complaint in the member state of your habitual residence, place of work, or place of the alleged infringement.
Right to be Informed: You have the right to be informed about the collection and use of your personal data. This includes information about the purposes for processing your personal data, retention periods for that personal data, and who it will be shared with.
Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your rights under the GDPR.

You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you wish to exercise one of these rights, please contact us at [email protected] and write in the subject line: “GDPR PRIVACY REQUEST – [INSERT NAME]”.

Do Not Track

Our Platform or Services currently do not respond to “Do Not Track” (DNT) signals from web browsers. DNT is a privacy preference that you can set in your web browser to indicate your preference regarding the tracking of your online activities.

While many web browsers support the DNT feature, there is no standard interpretation or industry consensus regarding the meaning of DNT signals. As a result, our Platform does not currently recognize or respond to DNT signals.

Please note that even if you have enabled the DNT feature in your web browser, certain third-party services integrated into our Platform may still collect and track your online activities in accordance with their own privacy policies. We encourage you to review the privacy policies of these third-party services for more information on their tracking practices.

Modification

We reserve the right to modify or update this Privacy Policy at any time. Any changes we make will be effective immediately upon posting the revised Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information

For significant changes that affect your rights or how we handle your personal information, we will notify you by email (if you have provided one) or through a prominent notice on our Platform.

By continuing to use our Platform after any changes to this Privacy Policy, you acknowledge and agree to the updated terms. It is your responsibility to review this Privacy Policy periodically and ensure that you are aware of any modifications. If you disagree with any changes, you should discontinue your use of our Platform and contact us if you would like to request the deletion of your personal information.

Please note that any provision of this Privacy Policy that imposes an obligation on you or grants us a right will survive the termination or expiration of this Privacy Policy or your use of our Platform.

Contact Us

If you have any questions regarding this Privacy Policy, please contact us via email at [email protected].