Effective February 10, 2020
Who We Are
Processing of Personal Data
Personal Data We Collect
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We may collect and process the following categories of Personal Data on our Sites (note, specific Personal Data elements listed in each category are only examples and may change):
Identity Data: Personal Data about you and your identity, such as your name, company, IP address, ID or account number, username and password, and other Personal Data you may provide on various forms or in an account profile (e.g. biographical information).
Contact Data: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.
Financial Data: Personal Data relating to tax identification, financial accounts or services, e.g. a credit card or other financial account number, billing accounts, and other relevant information you provide in connection with a financial transaction.
Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
Special Category Data: As defined in the EU General Data Protection Regulation, this includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation. (Note: this Personal Data may be subject to additional restrictions.)
Processing of Personal Data
Data: Clients’ users may be able to register and create an account on our Sites. If you choose to register, we will process Identity Data and Contact Data.
Uses: We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Subject to Your Rights and Choices, we may also use the Identity Data as part of our efforts to improve our Sites, and we may process the Identity Data and Contact Data in connection with marketing communications.
Fund Administration and Management Services
Data: We may process Identity Data, Contact Data, Financial Data, and certain Special Category Data (e.g. any such data provided by the Client in relation to benefits enrollment) as part of the fund administration and/or management services we provide to our Clients.
Uses: We process the Identity Data, Contact Data, Financial Data, and Special Category Data on behalf of the Clients as necessary to carry out the processes and transactions we provide the Client (e.g. pursuant to a services agreement). For example, we may generate financial reports, request payments and distributions to Clients’ limited partners, administer and process enrollments for benefits, or provide other similar services. In addition, and subject to Your Rights and Choices, we may also use this information (excluding Financial Data and Special Category Data) as part of our legitimate interests in improving the design of our Platform, and for ensuring the security and stability of the Sites.
Data: We may process Identity Data, Device Data, and Contact Data when you are enrolled to receive, and when you open or interact with, our electronic marketing communications. Note, you may be enrolled with your consent or, where allowed, in connection with an information request or other interaction with our Sites and services.
Uses: Subject to Your Rights and Choices, we may use the Identity Data, Device Data, and Contact Data to improve our services and in connection with marketing communications.
Cookies and Similar Technologies
Uses: We use Device Data and Identity Data to enable you to register with and/or use certain features of these technologies. Subject to Your Rights and Choices, we may use Identity Data, Device Data, and Contact Data to improve our services and we may use Identity Data, Device Data, and Contact Data for marketing communications.
Note: Some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Our Cookie & Similar Technology Policy provides more information about our use of these technologies.
Specific Processing Purposes
Consistent with our legitimate business interests, we (or if appropriate, our affiliates or trusted third parties) may send you marketing and promotional communications to the extent allowed by law: if you sign up for such communications, purchase products or services from us or an affiliate, register on our Sites or for a promotion or contest with us or a partner, or in connection with your communications with, or submission of User Content to, us. See Your Rights and Choices for information about how you can limit or opt out of Marketing Communications.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Clients: We process data on behalf of Clients, and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, any communications sent using our Platform and all other Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.
Service Providers: In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers who provide certain services or process data on our behalf.
Affiliates: In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Partners: We may share your Personal Data with business or marketing partners in connection with promotions, events, products, and services that are promoted, managed, supported, or otherwise undertaken with that third party. If appropriate, these parties may engage in direct marketing.
Marketers: In order to deliver more relevant information and advertisements to you, and develop better products and services, we may share certain Personal Data with our affiliates and trusted third parties for marketing, advertising, or other commercial purposes.
Corporate Events: Your Personal Data may be processed if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. Residents of the EU may wish to review the “Additional Information for EU Residents” below relating to transfers of Personal Data from the EU.
Your Rights & Choices
Note, we may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. You may exercise your rights or send us any questions, comments, updates, or corrections by contacting us at 750 Battery Street, 6th Floor, San Francisco, CA 94111 or firstname.lastname@example.org
Once we receive a request for removal, we will remove your Personal Data from our records unless we have a specific legal requirement to retain your Personal Data. Except where disclosure is required by law, we may decide not to grant access or make revisions to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in any given case or when the rights of others would be violated by granting access. Requested deletions or changes may not be effective immediately, though we aim to address requests as soon as practicable. Please note that email communications are not always secure, so please do not include sensitive information, including credit card or other financial information, in your emails to us.
For further information on how we ensure compliance with applicable EU data privacy and protection legislation, please see the “Additional Information for EU Residents” section below.
Your California Privacy Rights
Residents of California (as required by California law) may obtain a list of certain Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year, please send a written, signed request to Standish by mail at the address above.
It is possible for you to use some of our Sites without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process, which you may exercise by contacting us or otherwise as described below:
Consent: If you consent to processing, you may withdraw consent any time, to the extent required by law.
Direct Marketing: You have the choice to opt-out of processing related to marketing communications or to withdraw your consent if marketing communication was initiated through consent. You may exercise your choice via the “unsubscribe” links in our communications or by contacting us re: direct marketing.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. Note that we may not be required to cease processing based solely on an objection.
Additional Information for EU Residents
Legal Basis for Processing: All processing of your Personal Data is based on one of a number of legal conditions. Generally, these will be: (i) your consent (for example, to place cookies which process Personal Data, or for marketing from our third-party partners); (ii) the performance of our contract with you (e.g. to process a payment from you or deliver requested services); (iii) compliance with a legal obligation (e.g., where we are required to disclose information to a court or a tax authority); and (iv) our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., where we carry out our own direct marketing to existing subscribers, subject to your right to opt-out of this at any time).
Rights of EU Residents: Subject to applicable law, as a resident of the EU, you may have some or all the following rights regarding your Personal Data:
- To obtain a copy of your Personal Data together with information about how or under what basis that Personal Data is processed;
- To rectify inaccurate Personal Data (including the right to complete incomplete Personal Data);
- To delete your Personal Data (in limited circumstances and where it is no longer necessary in relation to the purposes for which it was collected or processed);
- To restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim;
- To object to processing which we have justified based on a legitimate interest (as opposed to your consent or to perform a contract with you);
- To prevent us from sending you direct marketing;
- To withdraw your consent to our processing of your Personal Data (where that processing is based on your consent);
- To object to decisions based solely on automated processing or profiling; and
- To obtain, or see a copy of the appropriate safeguards under which your Personal Data is transferred to a third country or international organization.
In addition to the above, you have the right to lodge a complaint with your local supervisory authority (for example, the ICO in the United Kingdom). In relation to these rights, please contact us using the details in this policy. Please note that we may request proof of identity and we reserve the right to charge a fee where permitted by law. We will endeavor to respond to your requests within all applicable timeframes.
International Transfer: EEA/UK/Swiss/Cayman Island residents should be aware that we are a US headquartered company and your Personal Data will routinely be transferred to and stored in the United States for processing. In relation to both internal transfers and the use of affiliates, service providers, or suppliers, if Personal Data is transferred to third countries, we will take steps to ensure that the information receives the same level of protection as your local jurisdiction including by entering into data transfer agreements, using the “Standard Contractual Clauses,” or by relying on certification schemes such as the EU-US/Swiss-US Privacy Shield. You may have a right to details of the mechanisms under which your data is transferred outside the EEA/UK/Switzerland/Cayman Islands.
EU-U.S./Swiss-U.S. Privacy Shield
We comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries, the UK, and Switzerland. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU/Swiss/UK residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU/Swiss/UK residents’ data to the extent required by law.
We follow and implement reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate and requested.
Feel free to contact us with questions or concerns using the appropriate address below.
General inquires: email@example.com
Physical address: Standish Management, LLC
750 Battery Street, 6th Floor
San Francisco, CA 94111