PRIVACY POLICY

Effective 07.01.2018
Welcome!

We take your privacy seriously and know you do too. This Privacy Policy is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process your personal data. Please read this policy carefully.

Who We Are

This is the Privacy Policy of Standish Management, LLC (“Standish,” “us,” “our,” or “we”). You can contact us here.

Applicability

This Privacy Policy applies to our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”).

Agreement

This policy is incorporated into the Terms of Use governing your use of any of our Sites. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use. Supplemental policies may also apply, such as our Cookie & Similar Technologies Policy.

Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Sites indicates your consent to the practices described in this Policy.

Third Parties

Standish is a service provider for funds and fund administrators (our “Clients”). This Policy reflects only how we process personal data through our Platform. This Policy does not apply to Clients’ own uses of your data. Similarly, this Privacy Policy does not apply to information collected by third parties, for example, when you visit a third party website or interact with online advertisements, unless and until we receive your information from those parties. Please review those third-parties’ privacy policies before disclosing information to them. See our list of third parties for information regarding sources and recipients of personal data.

Processing of Personal Data
Personal Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We may collect and process the following categories of Personal Data on our Sites (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data:             Personal Data about you and your identity, such as your name, company, IP address, ID or account number, username and password, and other Personal Data you may provide on various forms or in an account profile (e.g. biographical information).

Contact Data:            Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.

Financial Data:          Personal Data relating to tax identification, financial accounts or services, e.g. a credit card or other financial account number, billing accounts, and other relevant information you provide in connection with a financial transaction.

Device Data:              Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Special Category Data: As defined in the EU General Data Protection Regulation, this includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation.  (Note: this Personal Data may be subject to additional restrictions.)

 

Processing of Personal Data

Account Registration

Data:     Clients’ users may be able to register and create an account on our Sites. If you choose to register, we will process Identity Data  and Contact Data.

Uses:      We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Subject to Your Rights and Choices, we may also use the Identity Data as part of our efforts to improve our Sites, and we may process the Identity Data and Contact Data in connection with marketing communications.

Fund Administration and Management Services

Data:     We may process Identity Data, Contact Data, Financial Data, and certain Special Category Data (e.g. any such data provided by the Client in relation to benefits enrollment) as part of the fund administration and/or management services we provide to our Clients.

Uses:      We process the Identity Data, Contact Data, Financial Data, and Special Category Data on behalf of the Clients as necessary to carry out the processes and transactions we provide the Client (e.g. pursuant to a services agreement). For example, we may generate financial reports, request payments and distributions to Clients’ limited partners, administer and process enrollments for benefits, or provide other similar services. In addition, and subject to Your Rights and Choices, we may also use this information (excluding Financial Data and Special Category Data) as part of our legitimate interests in improving the design of our Platform, and for ensuring the security and stability of the Sites.

Marketing Communications

Data:     We may process Identity Data, Device Data, and Contact Data when you are enrolled to receive, and when you open or interact with, our electronic marketing communications. Note, you may be enrolled with your consent or, where allowed, in connection with an information request or other interaction with our Sites and services.

Uses:      Subject to Your Rights and Choices, we may use the Identity Data, Device Data, and Contact Data to improve our services and in connection with marketing communications.

Cookies and Similar Technologies

Data:     We, and certain third parties, may process Identity Data, Device Data, Contact Data, and certain User Content when you interact with cookies and similar technologies. We may receive this data from third parties if allowed by the partner; otherwise, this Privacy Policy will not apply.

Uses:      We use Device Data and Identity Data to enable you to register with and/or use certain features of these technologies. Subject to Your Rights and Choices, we may use Identity Data, Device Data, and Contact Data to improve our services and we may use Identity Data, Device Data, and Contact Data for marketing communications.

Note:     Some of these technologies can be used by us and/or our third party partners to identify you across platforms, devices, sites, and services. Our Cookie & Similar Technology Policy provides more information about our use of these technologies.

Specific Processing Purposes

Marketing Communications

Consistent with our legitimate business interests, we (or if appropriate, our affiliates or trusted third parties) may send you marketing and promotional communications to the extent allowed by law: if you sign up for such communications, purchase products or services from us or an affiliate, register on our Sites or for a promotion or contest with us or a partner, or in connection with your communications with, or submission of User Content to, us. See Your Rights and Choices for information about how you can limit or opt out of Marketing Communications.

Additional Processing

If we process Personal Data in connection with our Sites in a way not described in this Privacy Policy, this Privacy Policy will still apply generally (e.g. with respect to Your Rights and Choices) unless otherwise stated when you provide it. Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, protect the vital interests of any individuals, or otherwise in the public interest. Please see the data sharing section for more information.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Clients:               We process data on behalf of Clients, and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, any communications sent using our Platform and all other Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.

Service Providers:   In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers who provide certain services or process data on our behalf.

Affiliates:            In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Partners:             We may share your Personal Data with business or marketing partners in connection with promotions, events, products, and services that are promoted, managed, supported, or otherwise undertaken with that third party. If appropriate, these parties may engage in direct marketing.

Marketers:          In order to deliver more relevant information and advertisements to you, and develop better products and services, we may share certain Personal Data with our affiliates and trusted third parties for marketing, advertising, or other commercial purposes.

Corporate Events:         Your Personal Data may be processed if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures:  In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required (including, without limitation, for law enforcement or national security purposes), to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

International Transfers

We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. Residents of the EU may wish to review the “Additional Information for EU Residents” below relating to transfers of Personal Data from the EU.

Your Rights & Choices
Your Rights

Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, certain individuals have rights in Personal Data as described in this Privacy Policy (Residents of the EU may wish to review the “Additional Information for EU Residents” below). While we may notify Clients of your request, we are unable to directly fulfill rights requests regarding Personal Data we control or for which we have the necessary rights of access, and we may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request.

Note, we may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. You may exercise your rights or send us any questions, comments, updates, or corrections by contacting us at 750 Battery Street, 6th Floor, San Francisco, CA 94111 or info@standishmanagement.com

Once we receive a request for removal, we will remove your Personal Data from our records unless we have a specific legal requirement to retain your Personal Data. Except where disclosure is required by law, we may decide not to grant access or make revisions to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in any given case or when the rights of others would be violated by granting access.  Requested deletions or changes may not be effective immediately, though we aim to address requests as soon as practicable. Please note that email communications are not always secure, so please do not include sensitive information, including credit card or other financial information, in your emails to us.

For further information on how we ensure compliance with applicable EU data privacy and protection legislation, please see the “Additional Information for EU Residents” section below.

Your California Privacy Rights

Residents of California (as required by California law) may obtain a list of certain Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year, please send a written, signed request to Standish by mail at the address above.

Your Choices

It is possible for you to use some of our Sites without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process, which you may exercise by contacting us or otherwise as described below:

Consent:                          If you consent to processing, you may withdraw consent any time, to the extent required by law.

Direct Marketing:             You have the choice to opt-out of processing related to marketing communications or to withdraw your consent if marketing communication was initiated through consent. You may exercise your choice via the “unsubscribe” links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech:    If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Privacy Policy, or Google Analytics Opt-out. Our Site does not respond to your browser’s do-not-track request.

Other Processing:               You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. Note that we may not be required to cease processing based solely on an objection.

Additional Information for EU Residents

Legal Basis for Processing:    All processing of your Personal Data is based on one of a number of legal conditions.  Generally, these will be: (i) your consent (for example, to place cookies which process Personal Data, or for marketing from our third-party partners); (ii) the performance of our contract with you (e.g. to process a payment from you or deliver requested services); (iii) compliance with a legal obligation (e.g., where we are required to disclose information to a court or a tax authority); and (iv) our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., where we carry out our own direct marketing to existing subscribers, subject to your right to opt-out of this at any time).

Rights of EU Residents:     Subject to applicable law, as a resident of the EU, you may have some or all the following rights regarding your Personal Data:

  • To obtain a copy of your Personal Data together with information about how or under what basis that Personal Data is processed;
  • To rectify inaccurate Personal Data (including the right to complete incomplete Personal Data);
  • To delete your Personal Data (in limited circumstances and where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • To restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim;
  • To object to processing which we have justified based on a legitimate interest (as opposed to your consent or to perform a contract with you);
  • To prevent us from sending you direct marketing;
  • To withdraw your consent to our processing of your Personal Data (where that processing is based on your consent);
  • To object to decisions based solely on automated processing or profiling; and
  • To obtain, or see a copy of the appropriate safeguards under which your Personal Data is transferred to a third country or international organization.

In addition to the above, you have the right to lodge a complaint with your local supervisory authority (for example, the ICO in the United Kingdom).  In relation to these rights, please contact us using the details in this policy.  Please note that we may request proof of identity and we reserve the right to charge a fee where permitted by law.  We will endeavor to respond to your requests within all applicable timeframes.

International Transfer:        EU residents should be aware that we are a US headquartered company and your Personal Data will routinely be transferred to and stored in the United States for processing.  In relation to both internal transfers and the use of affiliates, service providers, or suppliers, if Personal Data is transferred outside the European Economic Area (“EEA”), we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU-US Privacy Shield.  You may have a right to details of the mechanisms under which your data is transferred outside the EEA.

Security

We follow and implement reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

Data Retention

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate and requested.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of our Sites following notice of any changes indicates acceptance of any changes.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

General inquires:               info@standishmanagement.com

Physical address:                Standish Management, LLC

750 Battery Street, 6th Floor

San Francisco, CA 94111