European Union Privacy Notice
ICONIQ Capital, LLC and our affiliates and subsidiaries (collectively, “ICONIQ”, “we”, “our” or “us”) recognize the importance of protecting personal information. This European Union Privacy Notice (“EU Privacy Notice”) applies to personal information that we collect regarding EU and UK data subjects. It also explains who we are and how you can exercise your privacy rights.
This EU Privacy Notice also applies to personal information we collect from individuals in Australia who are protected by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Section 11 below will also apply to those individuals.
1. What personal information do we collect?
The personal information that we collect about you broadly falls into the following categories:
1.1 Information that you provide voluntarily
If you are (or are prospectively) our client or an investor in one of our affiliated financial vehicles, during or before the provision of our services we will ask you to provide personal information voluntarily. To the extent applicable for the provision of our services, we will ask for:
• Identifying and contact information (including your name, date of birth, tax identification number, copies of your government-issued identification document and the relevant information thereon, physical and mailing addresses, phone number, email, and other types of contact information)
• Information related to your finances and financial accounts (including your net worth, gross assets, investment sophistication and goals, financial account information, asset/investment-specific information, income, trust and estate information, tax status and other relevant tax information, and transaction-specific information
• Information related to your various activities and relationships (including information related to your businesses and professional engagements, your professional relationships, your familial relationships, your charitable activities, your personal undertakings, and your service providers)
If you are not our client or an investor in one of our affiliated financial vehicles but nonetheless have a relationship with us in any other capacity, we will ask you for:
• Identifying and contact information (including your name, mailing address, phone number, email and other types of contact information)
• Information related to your affiliations (including information related to your business(es) or professional engagements, and information related to your relationship with any of our clients or investors, but not including any special categories of information as described in Section 1.4)
1.2 Information that we collect as part of our services
If you are our client or an investor in one of our affiliated financial vehicles, during the provision of our services as applicable we also collect certain information about you which may be considered personal information under applicable law, including:
• Information related to your interactions with us (including written communications between you and us, notes related to in-person meetings or telephone calls between you and us, and information related to your IP address or other device identifiers when using our website or electronic delivery portals)
• Information related to the provision of our services for you (including fees and billing information, records related to acts we take on your behalf, notes regarding your service preferences, and transaction-specific information)
1.3 Information that we obtain from third party sources
If you are our client or an investor in one of our affiliated financial vehicles, during or before the provision of our services we collect certain information about you which may be considered personal information under applicable law from third party sources (including our and your service providers), including:
• Information related to your finances and financial accounts (including financial account information, transaction-specific information, information regarding the value of your portfolio and assets, tax information, and trust and estate information)
• Information related to your various activities and relationships (including information related to your businesses and professional engagements, your professional relationships, your familial relationships, your charitable activities, and your personal undertakings, but not including special categories of information as described in Section 1.4)
If you are not our client or an investor in one of our affiliated financial vehicles but nonetheless have a relationship with us in any other capacity, we collect certain information about you which may be considered personal information under applicable law from third party sources (including our and your service providers), including:
• Identifying and contact information (including your name, mailing address, phone number, email and other types of contact information)
• Information related to your affiliations (including information related to your business(es) or professional engagements, and information related to your relationship with any ICONIQ client or investor in ICONIQ’s affiliated financial vehicles, but not including special categories of information as described in Section 1.4)
1.4 Special categories of information
We do not directly request or intend to collect special categories of information, including information about your health, race, religion, political opinions, philosophical beliefs, sexual preferences, sexual orientation, genetics, biometric data, or information regarding participation in trade union membership. However, please note that certain other types of information we collect may allow us to indirectly infer the corresponding special category of information notwithstanding that we are not collecting or otherwise processing such information; for example, transaction information regarding a charitable donation to a religious organization or political entity may imply a religious or political preference, information regarding joint financial accounts with your spouse may imply your sexual orientation, and information related to your business activities that do not show trade union membership implies that you are not participating in trade union membership.
2. How do we use your personal information?
We use your information for the following purposes:
• To provide investment and financial recommendations or products
• To support our interactions with you, including responding to your communications with us
• To open financial accounts or assist in the opening of financial accounts
• To facilitate transactions with third parties
• To refer third party service providers
• To comply with our legal and regulatory obligations, including the retention of records required by the U.S. Securities and Exchange Commission’s rules promulgated under the U.S. Investment Advisers Act of 1940, to participate in required audits and regulatory examinations, to detect and prevent fraud and fraudulent behavior, and applicable anti-money laundering laws and regulations
• To exercise, establish or defend our legal rights, or to protect your vital interest or those of any other person
• To detect potential conflicts of interest in the provision of our services and operation of our business
• To provide any other specific services for which you have engaged us
We will only use your personal information for the purposes described above, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
3. What is our legal basis for processing your personal information?
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. If you are our client or an investor in one of our affiliated financial vehicles, we collect and use personal information as necessary for the performance of the contract between you and us. If you are not our client or an investor in one of our affiliated financial vehicles, we collect and use personal information where such processing is in our legitimate interest and is not overridden by your rights. Our legitimate interests in processing your personal information include detecting potential conflicts of interest in the provision of our services and the operation of our business, as well as supporting our interactions with you.
4. Who do we share your personal information with?
We share personal information to the following categories of recipients:
• With our employees, officers, directors, partners, affiliates, advisors, independent contractors and service providers; provided that within such categories, we restrict access (time and entry) to personal information to those who access the personal information to provide our services. Service providers include accountants, administrators, attorneys, auditors, compliance and IT consultants, custodians, SAAS (software as a service) providers, and other third parties engaged by us to assist with or support our provision of services.
• As part of a transaction, with third parties that require the personal information to execute the contemplated transactions.
• With the U.S. Securities and Exchange Commission and other competent law enforcement bodies, government agencies, courts or third parties where we reasonably believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
· As anonymized data, to third parties under obligations of confidentiality who request such information as part of our services or as part of a business transaction with us.
· With any other person with your consent to the disclosure.
5. Where do we transfer your personal information?
In performing our services, we may have to transfer your personal information outside of the European Economic Area (“EEA”) or the United Kingdom or to countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country or those of the EEA or the UK.
Specifically, our servers are in the United States, and we have an affiliate that operates in Singapore. This means that when we process your personal information, we process it in either of these countries. Additionally, we may transfer data to service providers for processing in these countries or other countries, for the purposes described in this policy. Nonetheless, we ensure appropriate safeguards are in place so that your personal information will remain protected in accordance with this EU Privacy Notice.
6. How do we secure and safely store your personal information?
We use reasonable and appropriate technical and organizational measures designed to protect your personal information. We have in place a robust framework to ensure the security of your information. Specific measures we undertake include the logical separation of data structures and enhanced encryption processes.
7. How long do we keep your personal information?
How long we keep your personal information will vary primarily depending on:
• The purpose for which we are using your personal information - we will keep your personal information for as long as is necessary to provide the relevant services, and
• Our legal obligations - laws or regulation set a minimum period for which we are required to keep certain of your personal information.
We only store data that identifies you so long as it is necessary to carry out the purposes described in this policy. When we no longer need your personal information, we will either erase or de-identify it, or if this is not possible (because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from further processing until erasure is possible.
8. What are your data protection rights?
You have the following data protection rights:
• To access, correct, update, port or request deletion of your personal information that we process. Due to applicable regulatory requirements, there may be instances in which we cannot completely delete your personal information, although we will delete personal information to the extent consistent with our worldwide regulatory obligations.
• To object to or restrict processing of your personal information (so long as we are processing such personal information on the legal basis of pursuing our legitimate interest).
• To complain to a data protection authority about our collection and use of your personal information.
To contact us about any of your rights, see Section 10 (How can we be contacted?).
9. How do we notify you regarding changes to this Privacy Notice?
If we make changes to this Privacy Notice, we may notify you by updating the Privacy Notice with a “Last Updated” date at the top. We may also provide additional notice in some cases, such as by providing a statement on our website, or by sending an email notification. The most current version of our Privacy Notice will be available on our website.
10. How can we be contacted?
For the purposes of the EU General Data Protection Regulation (“GDPR”) and the GDPR as incorporated into English law and the UK Data Protection Act 2018 (“UK GDPR”), we are the data controller for the processing of any personal information which we process about you. This EU Privacy Notice is effective as of March 18, 2021.
For questions about this EU Privacy Notice or to exercise your rights under the GDPR or UK GDPR, please contact us at:
Post: ICONIQ Capital, 394 Pacific Ave., 2nd Floor, San Francisco, CA 94111
Email: legal@iconiqcapital.com
Tel: 1-415-967-7763
11. Australian privacy laws
Where our processing of your personal information is governed by the Privacy Act 1988 (Cth) then this section 11 applies to you.
Use of personal information
We will collect, hold, use and disclose your personal information only for the purpose for which you provide it to us, including the purposes set out above in clause 2. We will not use or disclose personal information about you for any secondary purpose, unless you consent to that use or disclosure, or you would reasonably expect the use or disclosure in the circumstances, and that secondary purpose is:
• in the case of non-sensitive information: related to the primary purpose for which we have collected that information, and
• in the case of sensitive information: directly related to the primary purpose.
Direct marketing
We may also send out newsletters, event invitations and other information to individuals that agree to receive marketing material. We will not add your details to mailing lists without your prior knowledge and consent. You are under no obligation to agree to receive marketing communications, and if you have agreed but no longer wish to receive communications, you may unsubscribe or opt out to remove yourself from the mailing list.
Overseas disclosure
We will collect, store and disclose your personal information outside Australia as described in Section 5 above. We will take reasonable precautions to ensure that our affiliates and service providers protect your personal information in accordance with the APPs.
Requests to access or correct personal information
If you wish to access your personal information held by us or request that your personal information be corrected, please contact our Chief Compliance Officer using the details set out above in section 10.
Our Chief Compliance Officer will endeavor to respond to you within a reasonable time and we will provide access and/or correct the personal information unless an exception under law applies.
Complaints
If you have any questions about this Privacy Notice or you believe a breach of the APPs has occurred, you can contact our Chief Compliance Officer at the details set out in section 10.
Our Chief Compliance Officer will endeavor to address and answer any questions or complaints you have in a reasonable time, and may further investigate or take steps in order to resolve the matter.
If you still feel our response was unsatisfactory, you may discuss the issue with us further, or contact the Australian Information Commissioner for more information at:
Website: https://www.oaic.gov.au/about-us/contact-us/.
Tel: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001