Updated May 24, 2018
Institutional Cash Distributors, LLC, a U.S. broker-dealer registered with the SEC, member FINRA, and Institutional Cash Distributors, Ltd, a UK broker-dealer authorised and regulated by the Financial Conduct Authority (collectively “ICD”) understands your privacy is important. We have posted this notice in accordance with the laws and regulations of the jurisdictions where ICD conducts business. Relevant regulatory regimes include, but are not limited to, the European Union (“EU”) General Data Protection Regulation (“GDPR”), which regulates the use of personal data.
This notice will help you understand what types of personal data we may collect, how we use it and how we protect your privacy.
We collect personal data solely for the purpose of conducting business with, and on behalf of, customers, and to satisfy broker-dealer regulatory obligations. Customer business is conducted in accordance with agreements ICD has established with its customers. Where we collect personal data of, or relating to, our clients and website users for the purposes set out in this Notice, we are the data controller of that personal data. As a data controller we are subject to requirements under applicable data protection law and regulation, including the General Data Protection Regulation ((EU) 2016/679).
We have policies and procedures in place to protect personal data. We do not sell or otherwise furnish personal data to third parties, i.e., companies or individuals that are not affiliated with or contracted with ICD to conduct our customer’s business.
We do not disclose any personal data to anyone outside of the ICD business and regulatory environment; the business and regulatory environment includes vendors that may hold personal data (i.e. email vendor).
Please be aware that not providing the requisite personal data may preclude us from pursuing a business relationship with you, and/or from rendering our services to you.
Q: What types of personal data does ICD collect?
A: ICD, its employees, representatives, agents and selected third parties may collect personal data, including:
- Information provided to us, such as on applications or other forms.
- Information about transactions with us, our affiliates or third parties.
- Information from others, such as credit reporting agencies, employers and government agencies.
- Information that may be disclosed on recorded telephone conversations, in order to facilitate our customers business.
ICD only collects the personal data required to conduct business with our customers. The personal data collected is required to open accounts introduced by ICD, and to use ICD’s website portal.
The types of personal data ICD collects include names, phone numbers, and business email addresses of the people with whom we conduct business. This information is stored in secure physical and server locations, as well as ICD’s secure, firewall-protected, back-office website. For certain customer entity accounts, additional personal detail may be required of authorizing personnel or senior officials/exectuives, including but not limited to government identifying numbers (i.e. SSN or passport numbers). This information is not stored on any ICD website, and is only retained in secure physical and server locations.
Q: What does ICD do to protect personal data?
A: ICD takes the following measures to protect personal data:
- We restrict access to personal data to those employees, agents, representatives or third parties who need to know the information to provide products and services to our customers.
- We have policies and procedures that give direction to our employees, agents and representatives acting on our behalf, regarding how to protect and use personal data.
- We maintain physical information and procedural safeguards to protect personal data.
- We have a vendor security management program that requires annual attestation of rigorous personal data protection in compliance with GDPR and other regulations.
Q: With whom does ICD share personal data, and why?
A: We do not share personal data about our customers with anyone, including other affiliated companies or third parties, except as permitted by law and required to conduct our customers’ business. We may disclose, as allowed by law, personal data we collect when needed, to affiliated companies, agents, employees, representatives and third parties that administer and service customer accounts on our behalf; or other financial institutions with whom we have joint agreements; or contracted auditors.
Personal data is utilized or stored within the countries where ICD conducts business, which include, but is not limited to the U.S. and UK. In today’s global market, it is necessary for us to transfer your personal data across national borders. On the most part, these transfers will involve at least one of our entities operating in the EEA and as such will apply the European standard of protections to the personal data we process. In practice, this means that all the entities agree to process your personal data in line with our high global standards. Where we transfer your personal data outside of the EEA, that data subsequently receives the same degree of protection as it would in the EEA through the implementation of EU Commission approved standard contractual clauses.
Q: How long does ICD keep personal data
A: We retain personal data in accordance with the maximum duration of country broker-dealer regulatory requirements. After the expiration of the retention period, personal data may be requested to be destroyed. Please contact firstname.lastname@example.org for regulatory retention details.
Q: How do I request more information on ICD’s use of personal data, or exercise my rights to cease use of my personal data?
A: Requests for more information regarding how we collect and use personal data, or requests to cease use of personal data, or complaints to ICD, may be made in writing to the following contact information:
Institutional Cash Distributors, Ltd.
9 Devonshire Square
London, EC2M 4YF
Institutional Cash Distributors, LLC
580 California Street, Suite 1335
San Francisco, CA 94104
Formal complaints regarding personal data may be made to the Supervisory Authority of the requisite country/domicile in question.
With respect to GDPR, under EU law you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below:
- The right to access data relating to you (‘access right’).
- The right to rectify/correct data relating to you (‘right to rectification’).
- The right to object to processing of data relating to you (‘right to object’).
- The right to restrict the processing of data relating to you (‘right to restriction’).
- The right to erase/delete data relating to you (i.e. the “right to erasure”).
- The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’).
Even if you object to ICD’s use of personal data, we are nevertheless allowed to continue the same if the use is (i) legally mandatory, (ii) necessary for the performance of a contract to which the you or your organization are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we follow, including the establishment, exercise or defense of legal claims.