Privacy & Security

Facts: What does Coastal do with your personal information?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Account Number, address, social security number, date of birth, and employment information

  • Account balances, transaction history and credit information

  • Net worth, assets, income and investment experience

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Coastal chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information

reasons.PNG

To limit our sharing

  • Call 888.657.5200 — ask for "Operations."

  • Speak to your assigned account representative

Please note: If you are a new customer, we can begin sharing your information 45 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.

definitions.PNG
who we are.PNG
what we do.PNG

Other important information

Do Not Call Policy. This notice is the Coastal Do Not Call Policy under the Telephone Consumer Protection Act. We do not solicit via telephone numbers listed on the state or federal Do Not Call lists, unless the law allows. Coastal employees receive training on how to document and process telephone marketing choices. Consumers who ask not to receive telephone solicitations from Coastal will be placed on the Coastal Do Not Call list and will not be called in any future campaigns, including those of Coastal affiliates. If you communicate with us by telephone, we may monitor or record the call.

For Nevada residents only. We are providing you this notice under state law. You may be placed on our internal Do Not Call List by following the directions in the To limit direct marketing contact section. Nevada law requires we provide the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702.486.3132; email: BCPINFO@ag.state.nv.us.

Vermont: Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows. For example, we may share information with your consent, to service your accounts or under joint marketing agreements with other financial institutions with which we have joint marketing agreements. We will not share information about your credit worthiness within our corporate family except with your consent, but we may share information about our transactions or experiences with you within our corporate family without your consent.

California: Under California law, we will not share information we collect about you with companies outside of Coastal, unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our companies to the extent required by California law.

For Insurance Customers in AZ, CA, CT, GA, IL, ME, MA, MN, MT, NV, NJ, NC, OH, OR and VA only. The term “Information” in this part means customer information obtained in an insurance transaction. We may give your Information to state insurance officials, law enforcement, group policy holders about claims experience or auditors as the law allows or requires. We may give your Information to insurance support companies that may keep it or give it to others. We may share medical Information so we can learn if you qualify for coverage, process claims or prevent fraud or if you say we can.

Call (888) 657-5200 or email us at compliance@coastal-one.com.

Business Continuity Plan Summary

Updated On: February 24, 2020

The foregoing is a true and accurate representation of the business continuity steps taken by Coastal Equities, Inc. and Affiliates. As with any plan of this type, it is subject to change and modification without prior notification. Questions about the Plan should be directed to 888-657-5200.

Introduction

Coastal Equities, Inc. and its Affiliates (“CEI” or “Firm”), a wholly-owned subsidiary of Orange Street Holdings, Inc., has a comprehensive Business Continuity plan in place which documents the steps necessary for the firm to continue operations should we experience a disruption in business. The Business Continuity plan contains information on equipment needs, recovery sites, escalation procedures, key contacts, business unit specific information and most importantly, employee preparedness and communication.

In order to provide CEI’s customers with an overview of certain elements of the plan, this Business Continuity Plan Summary has been developed. This executive summary highlights the key processes and procedures for each of the three components of the Business Continuity Plan; Prevention, Reaction, and Recovery.

Please be advised that this executive summary does not contain all aspects of CEI’s Business Continuity Plan nor does it include parts of the plan CEI considers proprietary in nature. Rather, it is intended to make CEI’s customers aware of what CEI’s overall Business Continuity plan contemplates and provide them with certain relevant parts of the plan.

Objectives

Business Continuity planning is a critical function of every brokerage firm and every business unit within the firm. The objectives of the business continuity plan are:

  • To protect and preserve the lives of employees and others on the corporate premises.

  • Establish communication links with internal participants as well as external stakeholders (clients, regulatory agencies, vendors, etc.).

  • Prioritize business service needs and direct restoration efforts based on the risk to the firm. Restoration efforts include restoring business functions at an alternative operating environment and resuming business at the original site.

  • To ensure our ability to communicate with customers and effect transactions in a timely fashion in the event of a disaster.

  • Ensure continuity of service to clients.

  • Document the escalation procedures and succession plan.

  • To increase awareness of business continuity processes and education of employees.

  • Meet legal and regulatory requirements.

  • Test the continuity plan.

  • Manage successfully through a business disruption.

Scope of the Plan

This is a summary of the firm-wide business continuity plan for CEI. The plan supplies additional detail surrounding the recovery of customer service and administrative functions for the firm.

Scope Items:

  • Recovery time objectives

  • Key contacts and responsibilities

  • Escalation procedures

  • Communication requirements

  • Critical vendor recovery

  • Business unit specific plans

  • Emergency response procedures

Recovery Time Objectives (RTO)

An important part of planning for disaster recovery is setting objectives for recovering. The Recovery Time Objective (RTO) specifies how soon the Firm will be operational following an incident. CEI employs a top down approach to recovery time. Meaning we specify how long before mission critical functions of the enterprise are back on line while subordinate objectives are in place to specify anticipated recovery of all other essential but non-critical business functions. The recovery time objectives of this business continuity plan are:

  • Critical trading activities and operational support can be re-established as soon as personnel can get to the alternate site, and on-line access or telephonic access may be established.

  • Additional workstations can be brought on-line for non-critical operations activities.

Key Contacts

Business Continuity Contacts

In the event that a disaster is declared that renders facilities uninhabitable, Senior Management will evaluate the situation to determine if the Business Continuity plan will be activated. The following lists the high-level actions that follow the declaration of a disaster.

Communication Plans

Client Communication Plan

In the event that a disaster is declared in our home office location to the extent that staff must be displaced to a relocation site, the plan contains provisions for contacting its clearing firm and other branches to route customer communications to other offices or directly to the clearing firm where warranted.

Employee Communication Plan

The firm has made a concerted effort to improve communication channels between the firm and its employees during work outages. Should we experience a disruption in business, we have the following communication system to disseminate information:

  • Employee Email — Every employee is issued a firm email address. Emergency messages may be sent by senior management or designees via mass email to offer updated information about the outage.

  • Employee contact information — Work, home and alternate phone numbers are part of the business continuity plan and this information is distributed to the home office and OSJ branches.

Evacuation Plan

The executive officers will take appropriate steps to maintain critical operations in the event of a natural disaster or some other unforeseen event that disrupts operations in the Wilmington, DE office.

Employee Relocation

If the incident makes the Wilmington DE facility unavailable, the Business Continuity Plan details where critical employees are to report should the Business Continuity Plan be invoked. The plan addresses relocation for the executive team, critical trading personnel, key operations, and support staff.

Relocation Site

The firm has established no discrete alternate site facilities at this time. Substantially all of CEI’s operations are conducted utilizing web-based systems, including, but not limited to, its clearing firms’ proprietary trading platform. Most, if not all, operations may be conducted in other branches. In a disaster event, senior management will evaluate the situation and identify a temporary location to route CEI business until a suitable ‘brick and mortar’ office is located to serve as the Wilmington DE facility.

Business Continuity Plan

The plan is reviewed and updated (at a minimum) annually or when significant changes occur to the processes or personnel within the plans. At minimum, the plan includes the following elements:

  • Critical Processes — List the critical processes performed by the business.

  • Critical Applications — Lists the critical applications or computer systems required to perform the critical processes.

  • Employee Contact Information

    • Call Trees — An efficient method to distribute information to all employees. Generally, the branch manager or qualified delegate initiates the call tree. Includes contact information for all department employees: address, telephone numbers (work, home, alternative), wireless, etc.

  • Business Impact Analysis — The objective of the business impact analysis is to identify the Recovery Time Objective (RTO) for each function performed in each business unit. The RTO intervals are scaled to identify the functions that are essential to the ongoing survival of each business unit and would cause the most impact if they were to be disrupted for various time periods. The analysis takes into account the operational and financial impact.

  • Critical Vendor Contact Information — The plan contains provisions for contacting CEI’s critical vendors.