Privacy Policy
INDATA SERVICES CO., LLC PRIVACY POLICIES AND PROCEDURES
INDATA Services Co., LLC (“INDATA”®) is dedicated to protecting and maintaining the privacy and confidentiality of its clients’ personal identifiable information and other proprietary and confidential information in connection with its collection and use and to prevent against any unauthorized or unintended disclosure and, in the process, comply with all applicable U.S and foreign laws, including the General Data Protection Regulation (EU) 2016/679) (“GDPR”), Title V of the US Financial Services Modernization Act in 1999, Canada’s Personal Information Protection Act (C-6), and Australia’s Privacy Act 1988. In the operation of its software and services business of providing securities portfolio modeling, performance measurement, back office reporting and trade order management solutions, INDATA acquires personally identifiable information (“PII”) of its clients and their employees and others accessing and using its cloud-based systems. In general, INDATA and its employees do not have access to client PII data in its system because clients customarily restrict INDATA’s access to their systems only to allow for maintenance and client servicing activities upon client request. INDATA does have access to client PII only when expressly authorized by individual clients. In instances where, at the request and authorization of clients, INDATA has access and uses or processes PII on behalf of clients, INDATA complies with established industry privacy principles and practices, including notice, choice, consent and control, fairness and integrity, consistent with all domestic and international legal standards.
Scope of Data Privacy
As a best-of-class provider of software, technology and managed services to a wide variety of high-end institutional money managers, including asset managers, registered investment advisors, wealth management firms, pension funds, hedge funds, insurance companies and municipalities, INDATA is fully committed to the privacy of both its clients and others who access its website. Therefore, INDATA’S privacy policies and practices apply to all our business activities, including the design, maintenance and operation of our cloud-based licensed software system.
For the purposes of the GDPR and other applicable data protection laws, INDATA is the “Controller” of any PII collected on its website.
Information Collected
If a client or anyone else accesses INDATA’s Website our Website automatically recognizes the accessing computer’s “domain name”, commonly referred to as the “IP” (Internet Protocol) address, which consists of a set of numbers that uniquely identify the accessing computer. While the IP alone does not provide or disclose any PII, it does identity the IP of the accessing computer.
From time to time, we examine our traffic in aggregate to help us improve our Websites, to maintain quality of the service, and to provide general statistics regarding use of the Websites. Under no circumstances do we sell, rent, or give your e-mail address to a third party for the purpose of that party sending you “spam mail” or otherwise using your email address in any way not directly associated with INDATA providing its Services to you.
Our Websites collect and store client and Website user information. This information may include names, company names, addresses, telephone numbers, facsimile numbers and email addresses. In addition, INDATA may ask employees of clients for Website addresses, product and service interests with respect to service retention, and other information.
We routinely collect personal data – which may relate to employees, customers, or other third parties – from our clients in the course of providing our Services to them. This personal data will be requested by INDATA only where it is reasonably required in order to provide our Services, in accordance with our terms of engagement.
If you represent one of INDATA’s clients or prospective clients, we may collect and keep your business contact information in a variety of ways, including through face-to-face meetings, public directories or networking sites, and other professional encounters.
Cookies
A cookie is a text file that is placed on your computer’s hard drive or other electronic storage device by a Web page server. We use cookies to obtain some of the information that is collected automatically as described above. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can be read only by a Web server in the INDATA domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time by telling the Web server that you have returned to a specific page. Cookies can be deleted from your system at any time. You also have the ability to accept or decline cookies and most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Websites you visit.
For more information about cookies including how to set your Web browser to reject cookies please go to: www.allaboutcookies.org.
By continuing to use our Websites, you agree to our use of cookies in accordance with this Privacy Notice.
Different types of cookies are used for different purposes on our Website. These are known as strictly necessary cookies, performance cookies, and functionality cookies. Some cookies may be provided by an external third party to provide additional functionality to our Website, and these are described below.
Strictly Necessary Cookies
These are cookies that are essential to fulfill an action requested by you, such as identifying you as being logged in. If you prevent these cookies by adjusting your browser settings we cannot guarantee how our Website will perform during your visit.
Performance Cookies
These are cookies used to improve our Website, for example for analytics that let us see how our Website is being used and where to make improvements. These cookies are used to collect information about how visitors use our Website. The information is collected in an anonymous form and includes the number of visitors, where visitors have come from to the Websites and the pages they visited.
Functionality Cookies
These cookies enhance the performance and functionality of our Website, often as a result of something you are doing as a user. For instance, we may personalize our content for you or remember your preferences.
Use of Personal Information
When processing personal information, INDATA adheres to applicable domestic, national, and international data privacy laws. The personal information we collect is used for the purposes below.
Where relevant under applicable law, all processing (i.e., use and storage) of your personal information will be justified by a “condition” for processing. In the majority of cases, processing will be justified on the basis that:
- you have consented to the processing;
- the processing is necessary to perform a contract with you or take steps to enter into a contract;
- the processing is necessary for us to comply with a relevant legal obligation; or
- the processing is in our legitimate commercial interests, subject to your interests and fundamental rights.
We use the personal information we collect to:
- deliver our Services to our clients;
- help us maintain the quality of our Website and the Services we offer generally;
- operate and customize our Website to users’ needs;
- enable you to subscribe to and receive INDATA’s news services and other additional INDATA Services, and enable INDATA to deliver to you those Services that you have requested;
- correspond with users to resolve their queries or complaints;
- market our Services to our clients;
- manage client relationships; and
- comply with applicable laws and regulations.
Our Website uses cookies to:
- help our clients and visitors personalize their online experience; and
- identify users and track trends among clients and other users who visit our Websites.
Our Website may request your email or mailing address for the purpose of providing you with further information, administering online registrations to courses and similar events run by INDATA, or in association with other organizations such as universities
INDATA also makes every effort to keep personal information up-to-date and we welcome our clients and visitors to access and update this personal information. Except for disclosure amongst the members of INDATA and its subsidiaries, INDATA does not sell lists, accept advertising, or generate any third-party revenue from the data that is generated on this Website.
Disclosure of Personal Information
INDATA does not disclose personal information to third parties except where we may make this information available (i) to outside contractors working on client-specific projects bound by written obligations of confidentiality and non-disclosure; or (ii) to outside mailing houses bound by written obligations of confidentiality and non-disclosure, working under INDATA’s direction to provide INDATA mailings to our clients.
In relation to both internal transfers and the use of service providers, if personal information is transferred outside your local jurisdiction (e.g., the European Economic Area, “EEA”), we will take steps, where required by applicable law, to ensure that the information receives the same level of protection as if it remained within your local jurisdiction. INDATA is accountable for the onward transfer of personal information to third-party service providers or agents who assist us in providing services. We maintain contracts with these third parties in compliance with our obligations under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework (described below) and other obligations. We accept liability under the Privacy Shield Principles if any of these parties fail to process the personal information transferred in a manner consistent with our Privacy Shield obligations, unless we demonstrate that we are not responsible for the event giving rise to the damage. For internal transfers, we have put in place an Intra Group Data Transfer Agreement which protects customer data transferred between global INDATA entities. For EU residents, you may have a right to details of the mechanisms under which your data is transferred outside of the EEA.
In addition, INDATA recognizes standard domestic and international legal and public policy exceptions to non-disclosure. Important exceptions to the general rule of non-disclosure without permission have been codified internationally in such privacy laws as the 1995 EU Privacy Directive (and from 25 May 2018, the General Data Protection Regulation (EU) 2016/679), Title V of the US Financial Services Modernization Act in 1999, Canada’s Personal Information Protection Act (C-6), and Australia’s Privacy Act 1988. As such, INDATA may therefore collect, use, and disclose personal information necessary for the establishment, exercise, or defense of legal claims, as required by law, or where the collection, use, and disclosure is necessary for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment, or the management of health care services. For example, INDATA may maintain such data in our system for a client using INDATA to store or process health insurance records for the purposes of the coordination of insurance benefits, in conformity with applicable national privacy and security requirements. As provided by applicable US federal law (or applicable local laws), INDATA may also disclose personal information without the consent of the individual to protect the confidentiality or security of the firm’s records pertaining to the customer, the service or product, or the transaction to protect against or prevent actual or potential fraud, for institutional risk control, for the enforcement of contractual obligations, to resolve client disputes or injuries, and for various other purposes provided by law. Please also be aware that INDATA may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Marketing Communications
Where lawful to do so, we may communicate with you to tell you about our products and Services. If you do not wish us to use personal information about you in order to inform you about Services and courses provided by INDATA, news on industry developments, or other corporate and industry-related announcements, please contact us using the information in the “Contact Information” section at the bottom of this page. You can also use the <Unsubscribe> link provided in our emails.
Security of your Personal Information
INDATA uses data storage and security techniques to protect your personal information from unauthorized access, use, or disclosure, unauthorized modification or unlawful destruction or accidental loss. INDATA secures personally identifiable information on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. Personal information gathered through our Website is transmitted only within the INDATA domain and it is protected through the use of encryption and/or other means. However, it is important to remember that no Website can be 100% secure and we cannot be responsible for unauthorized or unintended access that is beyond our control.
Retention of your Information
We apply a general rule of keeping personal information only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances we may retain personal information for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements. In specific circumstances we may also retain your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
External Links
Please note that the Website may contain links to third party sites and if you link to a third party site from INDATA, any information you provide to that site and any use of that information by the third party are not under the control of INDATA and are not subject to this Privacy Notice. You should consult the privacy policies of each site you visit. This Privacy Notice applies solely to personal information collected by our Websites.
Your Rights
Subject to applicable law, you may have some or all of the following rights in respect of your personal information:
- the right to access your own personal data subject to certain limitations, such as where the legitimate rights of other persons would be infringed or where the burden or expense of providing access would be disproportionate;
- to obtain a copy of your personal information together with information about how and on what basis that personal information is processed;
- to rectify inaccurate personal information (including the right to have incomplete personal information completed);
- to erase your personal information (in limited circumstances, where it is no longer necessary in relation to the purposes for which it was collected or processed);
- to restrict processing of your personal information where: •the accuracy of the personal information is contested
- we no longer require the personal information but it is still required for the establishment, exercise or defense of a legal claim;
- to challenge processing which we have justified on the basis of a legitimate interest (as opposed to your consent, or to perform a contract with you);
- to prevent us from sending you direct marketing;
- to withdraw your consent to our processing of your personal information (where that processing is based on your consent);
- to object to decisions that are based solely on automated processing or profiling; and
- to obtain, or see a copy of the appropriate safeguards under which your personal information is transferred to a third country or international organization.
In relation to all of these rights, please contact us using the details given below. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavor to respond to your requests within all applicable timeframes.
Changes to this Statement
INDATA will occasionally update this Privacy Notice to reflect company and user feedback. INDATA encourages you to periodically review this Privacy Notice to be informed of how INDATA is protecting your information.
Privacy Shield Certification
INDATA complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. INDATA has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. INDATA is committed to subjecting such personal data to the Frameworks to the extent that we have received it in reliance on the Frameworks, including the Frameworks’ Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. The Federal Trade Commission has jurisdiction over INDATA’s compliance with the Privacy Shield.
In compliance with the Privacy Shield Principles, INDATA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact:
INDATA SERVICES CO., LLC at:
Legal & Compliance
71 Arch Street
Greenwich, CT 06830
Email: info@indataipm.com
INDATA has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Contact and Enforcement
INDATA welcomes your comments regarding this Privacy Notice. If you have any questions relating to this privacy statement, believe that INDATA has not adhered to this Privacy Notice, wish to exercise any of your rights, or if you have any suggestions or problems, please contact us at:
INDATA Services Co., LLC
Legal & Compliance
9 Greenwich Office Park
Greenwich, CT
Email: info@indataipm.com
INDATA will use all reasonable efforts to promptly determine and remedy any problems reported to us. INDATA has a practice of responding to individuals within forty-five (45) days of an inquiry or complaint.
INDATA has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the JAMS Privacy Shield Program. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
You also may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.