Privacy & Security

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Account Number, address, social security number, date of birth, and employment information
  • Account balances, transaction history and credit information
  • Net worth, assets, income and investment experience

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons CoastalOne chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information

Does Coastal share? Can you limit this sharing?
For our everyday business purposes — to process your transactions, maintain your account(s), respond to regulatory inquiries, court orders and legal investigations, or report to credit bureaus. Yes No
For our marketing purposes — to offer our products and services to you Yes No
For joint marketing with other financial companies Yes No
For our affiliates’ everyday business purposes — information about your transactions and experiences. Yes No
For our affiliates’ everyday business purposes — information about your creditworthiness. Yes Yes
For nonaffiliates’ everyday business purposes — to assist us in obtaining business or providing account maintenance or customer service to your account(s) Yes No
For our affiliates’ to market to you — to offer new products or services to you No No
For nonaffiliates’ to market to you — we do not sell, share, or disclose your nonpublic personal information to nonaffiliated third-party marketing companies No No
For financial professionals who leave CoastalOne — if you have a CoastalOne financial professional servicing your account(s) who leaves CoastalOne to join another financial institution, the advisor may retain copies of your personal information so that he or she can continue to serve you at the new firm. In doing so, your financial professional may share your information with the new firm but is otherwise required to keep confidential the personal information obtained from you while the financial professional was affiliated with Coastal, and he or she may use it only to service your account(s). Please note: Certain states require affirmative consent to allow sharing. See below for more on your rights under state law.

In the event that a CoastalOne financial professional terminates his or her relationship with CoastalOne, and you want to follow your advisor to his or her new firm, please do not request to limit our sharing.

Yes Yes

To limit our sharing

  • Call 888.657.5200 — ask for “Operations.”
  • Speak to your assigned account representative

Please note: If you are a new customer, we can begin sharing your information 45 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.

Definitions

Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.

  • Our affiliates include the companies mentioned under “Who we are.”
Non-affiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Nonaffiliates we share with can include financial services companies such as our clearing firm and other custodians or broker and nonfinancial service providers such as IT vendors we use.
Joint marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Our joint marketing partners include financial services companies.

Who We Are

Who is providing this notice? CoastalOne entities that utilize the following names: Coastal Equities, Inc.; Coastal Investment Advisors, Inc.; Coastal Equities Insurance Agency, Inc.; Coastal Risk Advisors, LLC

What We Do

How does CoastalOne protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does CoastalOne collect my personal information? We collect your personal information, for example, when you:

  • open an account or perform transactions
  • seek advice about your investments

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing? Federal law gives you the right to limit some but not all sharing related to:

  • affiliates’ everyday business purposes — information about your creditworthiness
  • affiliates from using your information to market to you
  • nonaffiliates to market to you

State laws and individual Coastal companies may give you more rights to limit sharing. See Other important information section for your rights under state law.

What happens when I limit sharing for an account I hold jointly with someone else? Your choices will apply to you alone unless you tell us otherwise

Other important information

Do Not Call Policy. This notice is the CoastalOne Do Not Call Policy under the Telephone Consumer Protection Act. We do not solicit via telephone numbers listed on the state or federal Do Not Call lists, unless the law allows. Coastal employees receive training on how to document and process telephone marketing choices. Consumers who ask not to receive telephone solicitations from Coastal will be placed on the CoastalOne Do Not Call list and will not be called in any future campaigns, including those of CoastalOne affiliates. If you communicate with us by telephone, we may monitor or record the call.

For Nevada residents only. We are providing you this notice under state law. You may be placed on our internal Do Not Call List by following the directions in the To limit direct marketing contact section. Nevada law requires we provide the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702.486.3132; email: BCPINFO@ag.state.nv.us.

Vermont: Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows. For example, we may share information with your consent, to service your accounts or under joint marketing agreements with other financial institutions with which we have joint marketing agreements. We will not share information about your credit worthiness within our corporate family except with your consent, but we may share information about our transactions or experiences with you within our corporate family without your consent.

California: Under California law, we will not share information we collect about you with companies outside of CoastalOne, unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our companies to the extent required by California law.

For Insurance Customers in AZ, CA, CT, GA, IL, ME, MA, MN, MT, NV, NJ, NC, OH, OR and VA only. The term “Information” in this part means customer information obtained in an insurance transaction. We may give your Information to state insurance officials, law enforcement, group policy holders about claims experience or auditors as the law allows or requires. We may give your Information to insurance support companies that may keep it or give it to others. We may share medical Information so we can learn if you qualify for coverage, process claims or prevent fraud or if you say we can.

Call (888) 657-5200 or email us at compliance@coastal-one.com.

Business Continuity Plan Summary

Updated On: February 24, 2020

The foregoing is a true and accurate representation of the business continuity steps taken by Coastal Equities, Inc. and Affiliates. As with any plan of this type, it is subject to change and modification without prior notification. Questions about the Plan should be directed to 888-657-5200.

Introduction

Coastal Equities, Inc. and its Affiliates (“CEI” or “Firm”), a wholly-owned subsidiary of Orange Street Holdings, Inc., has a comprehensive Business Continuity plan in place which documents the steps necessary for the firm to continue operations should we experience a disruption in business. The Business Continuity plan contains information on equipment needs, recovery sites, escalation procedures, key contacts, business unit specific information and most importantly, employee preparedness and communication.

In order to provide CEI’s customers with an overview of certain elements of the plan, this Business Continuity Plan Summary has been developed. This executive summary highlights the key processes and procedures for each of the three components of the Business Continuity Plan; Prevention, Reaction, and Recovery.

Please be advised that this executive summary does not contain all aspects of CEI’s Business Continuity Plan nor does it include parts of the plan CEI considers proprietary in nature. Rather, it is intended to make CEI’s customers aware of what CEI’s overall Business Continuity plan contemplates and provide them with certain relevant parts of the plan.

Objectives

Business Continuity planning is a critical function of every brokerage firm and every business unit within the firm. The objectives of the business continuity plan are:

  • To protect and preserve the lives of employees and others on the corporate premises.
  • Establish communication links with internal participants as well as external stakeholders (clients, regulatory agencies, vendors, etc.).
  • Prioritize business service needs and direct restoration efforts based on the risk to the firm. Restoration efforts include restoring business functions at an alternative operating environment and resuming business at the original site.
  • To ensure our ability to communicate with customers and effect transactions in a timely fashion in the event of a disaster.
  • Ensure continuity of service to clients.
  • Document the escalation procedures and succession plan.
  • To increase awareness of business continuity processes and education of employees.
  • Meet legal and regulatory requirements.
  • Test the continuity plan.
  • Manage successfully through a business disruption.

Scope of the Plan

This is a summary of the firm-wide business continuity plan for CEI. The plan supplies additional detail surrounding the recovery of customer service and administrative functions for the firm.

Scope Items:

  • Recovery time objectives
  • Key contacts and responsibilities
  • Escalation procedures
  • Communication requirements
  • Critical vendor recovery
  • Business unit specific plans
  • Emergency response procedures

Recovery Time Objectives (RTO)

An important part of planning for disaster recovery is setting objectives for recovering. The Recovery Time Objective (RTO) specifies how soon the Firm will be operational following an incident. CEI employs a top down approach to recovery time. Meaning we specify how long before mission critical functions of the enterprise are back on line while subordinate objectives are in place to specify anticipated recovery of all other essential but non-critical business functions. The recovery time objectives of this business continuity plan are:

  • Critical trading activities and operational support can be re-established as soon as personnel can get to the alternate site, and on-line access or telephonic access may be established.
  • Additional workstations can be brought on-line for non-critical operations activities.

Key Contacts

Business Continuity Contacts

In the event that a disaster is declared that renders facilities uninhabitable, Senior Management will evaluate the situation to determine if the Business Continuity plan will be activated. The following lists the high-level actions that follow the declaration of a disaster.

Communication Plans

Client Communication Plan

In the event that a disaster is declared in our home office location to the extent that staff must be displaced to a relocation site, the plan contains provisions for contacting its clearing firm and other branches to route customer communications to other offices or directly to the clearing firm where warranted.

Employee Communication Plan

The firm has made a concerted effort to improve communication channels between the firm and its employees during work outages. Should we experience a disruption in business, we have the following communication system to disseminate information:

  • Employee Email — Every employee is issued a firm email address. Emergency messages may be sent by senior management or designees via mass email to offer updated information about the outage.
  • Employee contact information — Work, home and alternate phone numbers are part of the business continuity plan and this information is distributed to the home office and OSJ branches.

Evacuation Plan

The executive officers will take appropriate steps to maintain critical operations in the event of a natural disaster or some other unforeseen event that disrupts operations in the Wilmington, DE office.

Employee Relocation

If the incident makes the Wilmington DE facility unavailable, the Business Continuity Plan details where critical employees are to report should the Business Continuity Plan be invoked. The plan addresses relocation for the executive team, critical trading personnel, key operations, and support staff.

Relocation Site

The firm has established no discrete alternate site facilities at this time. Substantially all of CEI’s operations are conducted utilizing web-based systems, including, but not limited to, its clearing firms’ proprietary trading platform. Most, if not all, operations may be conducted in other branches. In a disaster event, senior management will evaluate the situation and identify a temporary location to route CEI business until a suitable ‘brick and mortar’ office is located to serve as the Wilmington DE facility.

Business Continuity Plan

The plan is reviewed and updated (at a minimum) annually or when significant changes occur to the processes or personnel within the plans. At minimum, the plan includes the following elements:

  • Critical Processes — List the critical processes performed by the business.
  • Critical Applications — Lists the critical applications or computer systems required to perform the critical processes.
  • Employee Contact Information
    • Call Trees — An efficient method to distribute information to all employees. Generally, the branch manager or qualified delegate initiates the call tree. Includes contact information for all department employees: address, telephone numbers (work, home, alternative), wireless, etc.
  • Business Impact Analysis — The objective of the business impact analysis is to identify the Recovery Time Objective (RTO) for each function performed in each business unit. The RTO intervals are scaled to identify the functions that are essential to the ongoing survival of each business unit and would cause the most impact if they were to be disrupted for various time periods. The analysis takes into account the operational and financial impact.
  • Critical Vendor Contact Information — The plan contains provisions for contacting CEI’s critical vendors.