INDATA SERVICES CO., LLC PRIVACY POLICIES AND PROCEDURES
INDATA Services Co., LLC (“INDATA”®) is dedicated to protecting and maintaining the privacy and confidentiality of its clients’ personal identifiable information and other proprietary and confidential information in connection with its collection and use and to prevent against any unauthorized or unintended disclosure and, in the process, comply with all applicable U.S and foreign laws, including the General Data Protection Regulation (EU) 2016/679) (“GDPR”), Title V of the US Financial Services Modernization Act in 1999, Canada’s Personal Information Protection Act (C-6), and Australia’s Privacy Act 1988. In the operation of its software and services business of providing securities portfolio modeling, performance measurement, back office reporting and trade order management solutions, INDATA acquires personally identifiable information (“PII”) of its clients and their employees and others accessing and using its cloud-based systems. In general, INDATA and its employees do not have access to client PII data in its system because clients customarily restrict INDATA’s access to their systems only to allow for maintenance and client servicing activities upon client request. INDATA does have access to client PII only when expressly authorized by individual clients. In instances where, at the request and authorization of clients, INDATA has access and uses or processes PII on behalf of clients, INDATA complies with established industry privacy principles and practices, including notice, choice, consent and control, fairness and integrity, consistent with all domestic and international legal standards.
Scope of Data Privacy
As a best-of-class provider of software, technology and managed services to a wide variety of high-end institutional money managers, including asset managers, registered investment advisors, wealth management firms, pension funds, hedge funds, insurance companies and municipalities, INDATA is fully committed to the privacy of both its clients and others who access its website. Therefore, INDATA’S privacy policies and practices apply to all our business activities, including the design, maintenance and operation of our cloud-based licensed software system.
For the purposes of the GDPR and other applicable data protection laws, INDATA is the “Controller” of any PII collected on its website.
If a client or anyone else accesses INDATA’s Website our Website automatically recognizes the accessing computer’s “domain name”, commonly referred to as the “IP” (Internet Protocol) address, which consists of a set of numbers that uniquely identify the accessing computer. While the IP alone does not provide or disclose any PII, it does identity the IP of the accessing computer.
From time to time, we examine our traffic in aggregate to help us improve our Websites, to maintain quality of the service, and to provide general statistics regarding use of the Websites. Under no circumstances do we sell, rent, or give your e-mail address to a third party for the purpose of that party sending you “spam mail” or otherwise using your email address in any way not directly associated with INDATA providing its Services to you.
Our Websites collect and store client and Website user information. This information may include names, company names, addresses, telephone numbers, facsimile numbers and email addresses. In addition, INDATA may ask employees of clients for Website addresses, product and service interests with respect to service retention, and other information.
We routinely collect personal data – which may relate to employees, customers, or other third parties – from our clients in the course of providing our Services to them. This personal data will be requested by INDATA only where it is reasonably required in order to provide our Services, in accordance with our terms of engagement.
If you represent one of INDATA’s clients or prospective clients, we may collect and keep your business contact information in a variety of ways, including through face-to-face meetings, public directories or networking sites, and other professional encounters.
For more information about cookies including how to set your Web browser to reject cookies please go to: www.allaboutcookies.org.
Different types of cookies are used for different purposes on our Website. These are known as strictly necessary cookies, performance cookies, and functionality cookies. Some cookies may be provided by an external third party to provide additional functionality to our Website, and these are described below.
Strictly Necessary Cookies
These are cookies that are essential to fulfill an action requested by you, such as identifying you as being logged in. If you prevent these cookies by adjusting your browser settings we cannot guarantee how our Website will perform during your visit.
These are cookies used to improve our Website, for example for analytics that let us see how our Website is being used and where to make improvements. These cookies are used to collect information about how visitors use our Website. The information is collected in an anonymous form and includes the number of visitors, where visitors have come from to the Websites and the pages they visited.
These cookies enhance the performance and functionality of our Website, often as a result of something you are doing as a user. For instance, we may personalize our content for you or remember your preferences.
Use of Personal Information
When processing personal information, INDATA adheres to applicable domestic, national, and international data privacy laws. The personal information we collect is used for the purposes below.
Where relevant under applicable law, all processing (i.e., use and storage) of your personal information will be justified by a “condition” for processing. In the majority of cases, processing will be justified on the basis that:
- you have consented to the processing;
- the processing is necessary to perform a contract with you or take steps to enter into a contract;
- the processing is necessary for us to comply with a relevant legal obligation; or
- the processing is in our legitimate commercial interests, subject to your interests and fundamental rights.
We use the personal information we collect to:
- deliver our Services to our clients;
- help us maintain the quality of our Website and the Services we offer generally;
- operate and customize our Website to users’ needs;
- enable you to subscribe to and receive INDATA’s news services and other additional INDATA Services, and enable INDATA to deliver to you those Services that you have requested;
- correspond with users to resolve their queries or complaints;
- market our Services to our clients;
- manage client relationships; and
- comply with applicable laws and regulations.
- help our clients and visitors personalize their online experience; and
- identify users and track trends among clients and other users who visit our Websites.
Our Website may request your email or mailing address for the purpose of providing you with further information, administering online registrations to courses and similar events run by INDATA, or in association with other organizations such as universities
INDATA also makes every effort to keep personal information up-to-date and we welcome our clients and visitors to access and update this personal information. Except for disclosure amongst the members of INDATA and its subsidiaries, INDATA does not sell lists, accept advertising, or generate any third-party revenue from the data that is generated on this Website.
Disclosure of Personal Information
INDATA does not disclose personal information to third parties except where we may make this information available (i) to outside contractors working on client-specific projects bound by written obligations of confidentiality and non-disclosure; or (ii) to outside mailing houses bound by written obligations of confidentiality and non-disclosure, working under INDATA’s direction to provide INDATA mailings to our clients.
In relation to both internal transfers and the use of service providers, if personal information is transferred outside your local jurisdiction (e.g., the European Economic Area, “EEA”), we will take steps, where required by applicable law, to ensure that the information receives the same level of protection as if it remained within your local jurisdiction. INDATA is accountable for the onward transfer of personal information to third-party service providers or agents who assist us in providing services. We maintain contracts with these third parties in compliance with our obligations under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework (described below) and other obligations. We accept liability under the Privacy Shield Principles if any of these parties fail to process the personal information transferred in a manner consistent with our Privacy Shield obligations, unless we demonstrate that we are not responsible for the event giving rise to the damage. For internal transfers, we have put in place an Intra Group Data Transfer Agreement which protects customer data transferred between global INDATA entities. For EU residents, you may have a right to details of the mechanisms under which your data is transferred outside of the EEA.
In addition, INDATA recognizes standard domestic and international legal and public policy exceptions to non-disclosure. Important exceptions to the general rule of non-disclosure without permission have been codified internationally in such privacy laws as the 1995 EU Privacy Directive (and from 25 May 2018, the General Data Protection Regulation (EU) 2016/679), Title V of the US Financial Services Modernization Act in 1999, Canada’s Personal Information Protection Act (C-6), and Australia’s Privacy Act 1988. As such, INDATA may therefore collect, use, and disclose personal information necessary for the establishment, exercise, or defense of legal claims, as required by law, or where the collection, use, and disclosure is necessary for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment, or the management of health care services. For example, INDATA may maintain such data in our system for a client using INDATA to store or process health insurance records for the purposes of the coordination of insurance benefits, in conformity with applicable national privacy and security requirements. As provided by applicable US federal law (or applicable local laws), INDATA may also disclose personal information without the consent of the individual to protect the confidentiality or security of the firm’s records pertaining to the customer, the service or product, or the transaction to protect against or prevent actual or potential fraud, for institutional risk control, for the enforcement of contractual obligations, to resolve client disputes or injuries, and for various other purposes provided by law. Please also be aware that INDATA may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Where lawful to do so, we may communicate with you to tell you about our products and Services. If you do not wish us to use personal information about you in order to inform you about Services and courses provided by INDATA, news on industry developments, or other corporate and industry-related announcements, please contact us using the information in the “Contact Information” section at the bottom of this page. You can also use the <Unsubscribe> link provided in our emails.
Security of your Personal Information
INDATA uses data storage and security techniques to protect your personal information from unauthorized access, use, or disclosure, unauthorized modification or unlawful destruction or accidental loss. INDATA secures personally identifiable information on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. Personal information gathered through our Website is transmitted only within the INDATA domain and it is protected through the use of encryption and/or other means. However, it is important to remember that no Website can be 100% secure and we cannot be responsible for unauthorized or unintended access that is beyond our control.
Retention of your Information
We apply a general rule of keeping personal information only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances we may retain personal information for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements. In specific circumstances we may also retain your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
Please note that the Website may contain links to third party sites and if you link to a third party site from INDATA, any information you provide to that site and any use of that information by the third party are not under the control of INDATA and are not subject to this Privacy Notice. You should consult the privacy policies of each site you visit. This Privacy Notice applies solely to personal information collected by our Websites.
Subject to applicable law, you may have some or all of the following rights in respect of your personal information:
- the right to access your own personal data subject to certain limitations, such as where the legitimate rights of other persons would be infringed or where the burden or expense of providing access would be disproportionate;
- to obtain a copy of your personal information together with information about how and on what basis that personal information is processed;
- to rectify inaccurate personal information (including the right to have incomplete personal information completed);
- to erase your personal information (in limited circumstances, where it is no longer necessary in relation to the purposes for which it was collected or processed);
- to restrict processing of your personal information where: •the accuracy of the personal information is contested
- we no longer require the personal information but it is still required for the establishment, exercise or defense of a legal claim;
- to challenge processing which we have justified on the basis of a legitimate interest (as opposed to your consent, or to perform a contract with you);
- to prevent us from sending you direct marketing;
- to withdraw your consent to our processing of your personal information (where that processing is based on your consent);
- to object to decisions that are based solely on automated processing or profiling; and
- to obtain, or see a copy of the appropriate safeguards under which your personal information is transferred to a third country or international organization.
In relation to all of these rights, please contact us using the details given below. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavor to respond to your requests within all applicable timeframes.
Changes to this Statement
INDATA will occasionally update this Privacy Notice to reflect company and user feedback. INDATA encourages you to periodically review this Privacy Notice to be informed of how INDATA is protecting your information.
Privacy Shield Certification
In compliance with the Privacy Shield Principles, INDATA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact:
INDATA SERVICES CO., LLC at:
Legal & Compliance
9 Greenwich Office Park
INDATA has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Contact and Enforcement
INDATA welcomes your comments regarding this Privacy Notice. If you have any questions relating to this privacy statement, believe that INDATA has not adhered to this Privacy Notice, wish to exercise any of your rights, or if you have any suggestions or problems, please contact us at:
INDATA Services Co., LLC
Legal & Compliance
9 Greenwich Office Park
INDATA will use all reasonable efforts to promptly determine and remedy any problems reported to us. INDATA has a practice of responding to individuals within forty-five (45) days of an inquiry or complaint.
INDATA has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the JAMS Privacy Shield Program. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
You also may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.