On 25 May 2018, the General Data Protection Regulation (EU) 2016/679, known as “GDPR,” came into effect. GDPR mandates that Personal Data and Sensitive Personal Data be treated in certain ways and only be collected for certain reasons.
Everstrong Capital LLC (together with its affiliated entities), treats all Personal Data and Sensitive Personal Data in accordance with GDPR and other data protection laws.
What Are Personal Data and Sensitive Personal Data and Why Does Everstrong Capital LLC Collect Them?
“Personal Data” means any information that could identify a living person. Personal Data may include names, postal addresses, email addresses, telephone numbers, copies of government-issued identification or any other information that might identify an individual.
“Sensitive Personal Data” means Personal Data that reveal a living person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership; data concerning health or sex life and sexual orientation; and genetic data or biometric data.
Everstrong may collect Personal Data and Sensitive Personal Data for purposes including, but not limited to, verifying investors’ identities, verifying employees’ identities and maintaining its operations as a business. Everstrong would collect Personal Data and Sensitive Personal Data on bases including, but not limited to, the performance of contracts, compliance with legal obligations and the pursuit of legitimate interests.
Everstrong will retain Personal Data and Sensitive Personal Data in accordance with legal and regulatory requirements, as set out in this Privacy Notice and in Everstrong’s Regulatory Compliance Manual and other policies and procedures.
Who Everstrong Shares Information With
Everstrong will not share Personal Data or Sensitive Personal Data with third parties without the data subject’s consent, except where Everstrong is required by law or by contract to do so.
- Examples of a requirement by law include, but are not limited to, the transmission of the above-mentioned data to law enforcement agencies, financial regulators, and public authorities, courts and dispute-resolution bodies.
- Examples of a requirement by contract include, but are not limited to, the transmission of the above-mentioned data to IT services, client relationship management platforms and service providers with a need to access such information.
Transferring Personal Data or Sensitive Personal Data Outside the EEA
Everstrong will only transfer Personal Data or Sensitive Personal Data outside of the European Economic Area (“EEA”) when such a transfer complies with GDPR. Reasons for transferring Personal Data and Sensitive Personal Data outside the EEA include, but are not limited to, public interest, contractual obligations, the pursuit or defense of legal claims and, as permitted by law, Everstrong’s legitimate interests.
In the event of such a transfer of Personal Data or Sensitive Personal Data outside the EEA, Everstrong will ensure that any recipient(s) of Personal Data or Sensitive Personal Data maintain levels of data protection comparable with the protections afforded by GDPR.
Under GDPR, you, as a data subject, have certain rights, as explained below.
- The right to be informed: to contact Everstrong, and to be informed by Everstrong how, why and for what time period Everstrong will use your Personal Data and/or Sensitive Personal Data.
- The right of access: to request a copy of your Personal Data or Sensitive Personal Data which are held by Everstrong.
- The right to rectification: to request that Everstrong correct any of your Personal Data or Sensitive Personal Data if they are found to be inaccurate or out of date.
- The right of erasure (also known as the right to be forgotten): to request that Everstrong erase your Personal Data or Sensitive Personal Data where Everstrong no longer has a basis to retain such data.
- The right to restrict processing: to prevent Everstrong from processing of your Personal Data or Sensitive Personal Data under certain circumstances as described in GDPR.
- The right to data portability: to request that Everstrong provide you with a copy of your Personal Data or Sensitive Personal Data in a commonly used and machine-readable format.
- The right to object: to object to any further processing of your Personal Data or Sensitive Personal Data, where such processing, including profiling, is based on Article 6(1)(e) or (f) of GDPR.
- The right not be subject to decisions based solely on automated processing, including profiling: to object to the automated making of decisions or the automated creation of profiles based on your Personal Data or Sensitive Personal Data. Everstrong does not currently make decisions or create profiles automatically.
Data Protection Officer
Everstrong has determined that the Chief Compliance Officer will take primary responsibility for ensuring Everstrong’s compliance with GDPR, including the obligation to respond to any concerns raised by data subjects.
The Chief Compliance Officer is Maureen M. O’Brien, who can be reached on +1 (203) 989 9900 or firstname.lastname@example.org
Changes to this Privacy Notice
Everstrong may deem it necessary in future to make changes to this Privacy Notice and any related policies and other disclosures.