Privacy Policy - Fund Focus

Our Data Protection Commitment

We are committed to protecting your personal information and respecting your privacy rights. This policy explains how we collect, use, and safeguard your data when you interact with our ETF and index fund education platform.

Our data practices are designed to comply with applicable privacy regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data protection laws. We work with trusted advertising platforms to deliver relevant content while maintaining transparency about our data usage.

We believe in your right to understand and control how your personal information is used. This policy provides clear explanations of our practices and your options for managing your data.

Data Collection by Advertising Platforms

Google Services Data Collection

Google Analytics: Collects page views, session duration, bounce rates, device information, browser type, referring websites, and pages visited to help us understand website usage patterns.

Google Ads: Gathers conversion data, remarketing audiences, interest categories, and advertising interaction data to measure campaign effectiveness and create targeted advertising experiences.

Data Points Collected: IP address (anonymized), browser type, device information, referring site URLs, pages visited, time spent on site, and interaction with website elements.

Cross-Device Tracking: Google may use User ID tracking to connect your activity across different devices when you are signed into your Google account.

Retention Period: Google Analytics retains data for 26 months by default, while advertising data follows Google's standard retention policies which may vary by data type.

Facebook/Meta Data Collection

Facebook Pixel: Tracks page views, button clicks, form submissions, scroll depth, and other website interactions to measure advertising performance and optimize campaigns.

Custom Audiences: Creates audiences through email matching, website visitor retargeting, and lookalike audience development based on existing user characteristics.

Data Points: User behavior patterns, device identifiers, location data derived from IP addresses, browser information, and interaction with Facebook advertising content.

Cross-Platform Tracking: Facebook integrates data across its family of apps (Instagram, WhatsApp, Messenger) to create comprehensive user profiles for advertising purposes.

Retention Period: Facebook typically retains website interaction data for 180 days for remarketing purposes, with some data retained longer for campaign optimization.

Microsoft/Bing Data Collection

UET Tag: Microsoft's Universal Event Tracking tag monitors user actions, conversion events, goal completions, and website interactions for search advertising optimization.

Remarketing Lists: Creates audience segments based on website visitors, engagement levels, and specific actions taken to enable targeted advertising on Microsoft's search network.

Data Points: Search queries (when referred from Bing), click data, demographic information, device specifications, and behavioral patterns.

Microsoft Account Integration: When users are signed into Microsoft accounts, data may be connected across Microsoft services for enhanced personalization.

Retention Period: Microsoft Advertising typically retains user data for up to 390 days, though specific retention periods may vary based on data type and legal requirements.

How We Use Your Data

Purposes of Processing

Educational Services

• Course delivery and enrollment management
• Learning progress tracking and assessment
• Educational content personalization
• Student support and communication
• Certificate generation and verification

Marketing and Analytics

• Website performance analysis and optimization
• Advertising campaign measurement and targeting
• User experience improvement initiatives
• Market research and competitive analysis
• Lead generation and conversion tracking

Security and Compliance

• Fraud prevention and detection systems
• Security monitoring and threat assessment
• Legal obligation fulfillment
• Regulatory compliance maintenance
• Account verification and authentication

Business Operations

• Payment processing and financial transactions
• Customer service and support delivery
• Internal analytics and business intelligence
• Quality assurance and service improvement
• Strategic planning and decision making

Legal Basis for Processing

Consent: For marketing communications, non-essential cookies, advertising personalization, and optional data processing activities where explicit consent is required.

Legitimate Interest: For analytics, security measures, fraud prevention, business intelligence, and service improvement where processing serves legitimate business purposes.

Contract Performance: For service delivery, course enrollment, payment processing, and fulfilling our educational service obligations to students.

Legal Obligation: For tax record keeping, regulatory reporting, law enforcement cooperation, and compliance with applicable legal requirements.

Vital Interests: Only in exceptional circumstances involving emergency situations or protecting someone's health and safety.

Data Sharing with Third Parties

Advertising Partners

Primary Platforms

Google: Analytics, Ads, Tag Manager, and associated advertising technologies for performance measurement and targeting.
Meta/Facebook: Pixel implementation, Conversions API integration, and audience management tools.
Microsoft: Bing Ads platform, UET tracking, and Microsoft Advertising ecosystem integration.

Additional Networks

Programmatic Networks: Third-party advertising exchanges and demand-side platforms for broader reach.
Retargeting Platforms: Specialized services for remarketing campaign execution and management.
Attribution Services: Cross-platform measurement and attribution modeling providers.

Service Providers

Web Hosting Providers: Infrastructure partners who host our website, databases, and associated technical systems with appropriate security measures.

Email Service Providers: Platforms that handle marketing communications, transactional emails, and automated messaging with subscriber consent.

Payment Processors: Financial services partners who handle payment transactions, billing, and related financial processing activities.

Customer Support Tools: Platforms that enable customer service, chat support, helpdesk functionality, and support ticket management.

Cloud Storage Services: Secure data storage providers who maintain backups, archives, and operational data with enterprise-grade security.

International Data Transfers

EU-US Data Privacy Framework: We work with service providers who participate in the EU-US Data Privacy Framework, ensuring appropriate safeguards for transatlantic data transfers.

Standard Contractual Clauses (SCCs): Where applicable, we implement Standard Contractual Clauses approved by the European Commission to protect data transfers to third countries.

Adequacy Decisions: We prioritize service providers in countries with European Commission adequacy decisions where possible to streamline compliant data transfers.

Data Localization: We consider data residency requirements and work to minimize unnecessary international transfers while maintaining service quality.

Your Rights and How to Exercise Them

GDPR Rights (EU/UK Residents)

Right to Access

Request a copy of the personal data we hold about you, including details about processing purposes and data sources.

Right to Rectification

Request correction of inaccurate or incomplete personal data in our systems.

Right to Erasure

Request deletion of your personal data under certain circumstances, including withdrawal of consent.

Right to Restrict Processing

Limit how we use your personal data while maintaining the data in our systems.

Right to Data Portability

Receive your personal data in a machine-readable format for transfer to other services.

Right to Object

Opt-out of marketing communications, profiling, and processing based on legitimate interests.

Right to Withdraw Consent

Revoke previously given consent for data processing activities at any time.

Right to Lodge Complaints

File complaints with your local data protection authority regarding our data practices.

CCPA Rights (California Residents)

Right to Know: Request information about the personal information we collect, use, disclose, and sell, including specific pieces of personal information we have collected about you.

Right to Delete: Request deletion of personal information we have collected from you, subject to certain legal and operational exceptions.

Right to Opt-Out: Opt-out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.

Right to Non-Discrimination: Receive equal service and pricing regardless of whether you exercise your privacy rights under CCPA.

Right to Correct: Request correction of inaccurate personal information we maintain about you in our records.

Right to Limit Use: Limit the use and disclosure of sensitive personal information to specific business purposes.

Platform-Specific Privacy Controls

Google Privacy Controls

My Ad Center - Manage Google Ads Settings

Facebook Privacy Center

Microsoft Privacy Dashboard

Industry Opt-Out Tools

NAI Consumer Opt-Out

How to Exercise Your Rights

Contact Form Requests: Use the contact form on our website to submit privacy-related requests, including data access, deletion, and correction requests.

Platform-Specific Settings: Adjust your privacy preferences directly through the advertising platform controls linked above for immediate effect.

Browser Privacy Controls: Manage cookies, tracking protection, and privacy settings through your web browser's privacy or security sections.

Email Opt-Out: Use unsubscribe links in marketing emails or contact us to remove your email from marketing communications.

Account Deletion: Request complete account and data deletion through our contact form, subject to legal retention requirements.

Response Timeframes: We typically respond to privacy requests within 30 days, as required by applicable privacy laws.

Data Retention and Deletion

Data Retention Periods

Data Type	Retention Period	Purpose
Contact Form Data	3 years from last interaction	Customer service and follow-up
Analytics Data	26 months (Google Analytics)	Website performance analysis
Marketing Data	Until consent withdrawn or 2 years inactive	Marketing communications
Legal Records	5-7 years as required by law	Legal compliance
Security Logs	90 days	Security monitoring and analysis

Data Deletion Procedures

Automatic Deletion: Data is automatically deleted from our systems when retention periods expire, following established data lifecycle management procedures.

Manual Deletion Requests: Upon receiving valid deletion requests, we remove personal data within 30 days, coordinating with third-party processors as necessary.

Anonymization Alternative: In some cases, we may anonymize data rather than delete it completely, removing all personal identifiers while preserving analytical value.

Backup System Purging: Deleted data is purged from backup systems within 30-90 days depending on backup rotation cycles and technical limitations.

Third-Party Deletion: We coordinate with advertising platforms and service providers to ensure deletion requests are properly executed across all systems.

Exceptions to Data Deletion

Legal Obligations: Data required for tax, accounting, or regulatory compliance purposes may be retained beyond normal periods as required by law.

Legitimate Business Purposes: Information necessary for defending legal claims, preventing fraud, or protecting vital interests may be retained longer.

Security and Safety: Data needed to maintain security, prevent fraud, or protect against harmful activities may be preserved for safety purposes.

Freedom of Expression: Publicly posted content may be retained longer to support freedom of expression and public discourse, subject to other rights.

Research Purposes: Anonymized data may be retained indefinitely for statistical, historical, or scientific research purposes in the public interest.