EU-US & Swiss Privacy Shield Policy
Effective May 15, 2018, Growth Capital Services (GCS) commits to cooperate with the EU Data Protection Authorities (DPA) under the EU-U.S. Privacy Shield Framework and/or the Swiss Federal Data Protection and Information Commissioner under the Swiss-U.S. Privacy Shield Framework, in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities. Our commitment to the Privacy Shield is also enforceable under U.S. law by the U.S. Federal Trade Commission (FTC).
This statement outlines our general policy and practices for implementing the Privacy Shield Program, including the types of personal data the firm gathers, how we use it, and the choices affected individuals have regarding our use of, and their ability to correct, the personal data relating to them.
To learn more about the Privacy Shield Programs and to view Growth Capital Services’ certification, please visit: https://www.privacyshield.gov.
This policy applies to personal data we handle. For purposes of this statement, “personal data” means information that:
- is transferred from the European Economic Area (EEA) and Switzerland to the United States in reliance on the Privacy Shield Framework;
- is about, or pertains to, a specific individual; and
- can be linked either directly or indirectly to that individual.
Generally speaking, our broker-dealer firm collects and processes personal data as follows:
- from employees and independent contractors of the firm in the context of the employment or contractor relationship,
- from clients (registered representatives and chaperoned affiliates) who wish to conduct private placement securities transactions via the firm, and
- from customers and issuers (parties participating in securities transactions) as necessary to effect transactions and as required by regulatory agency or legal requirements.
Principles Protecting Individuals’ Privacy Notice and Choice
We collect personal data from individuals only as permitted by the Privacy Shield Program, as follows:
- We notify individuals about the personal data we collect from them, how we use it and how to contact us with privacy concerns.
- We provide such notice through this statement, our engagement letters or other similar documents, instructions on the personal data collection forms within our proprietary software, and direct communication with individuals from whom we collect personal data.
- Consent for personal data to be collected, used, and/or disclosed in certain ways (including opt-in consent for sensitive data) may be required in order for an individual to obtain or use our services. Such consent is provided through our engagement letters, employment agreements, customer identification forms, subscription agreements and other similar documents.
Disclosures and Transfers
We do not disclose an individual’s personal data to third parties, except when one or more of the following conditions is true:
- We have the individual’s permission to make the disclosure.
- The disclosure is required by lawful request by public authorities, including to meet national security, regulatory agency or law enforcement requirements.
- The disclosure is required by law or mandatory professional standards.
- The disclosure is reasonably related to the sale or other disposition of all or part of our business.
- The information in question is publicly available.
- The disclosure is reasonably necessary for the establishment of legal claims.
- The disclosure is to persons or entities providing services on our or the individual’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question, is subject to law providing an adequate level of privacy protection or has agreed to provide an adequate level of privacy protection.
- We may transfer personal data from one jurisdiction to another. Privacy laws vary by jurisdiction, and some may provide less or different legal protection than others. However, we will protect personal data in accordance with the Privacy Shield Program regardless of the jurisdiction in which the data resides.
We may supply personal data to a transferee for the purpose of verifying identification or suitability for customers and issuers.
We may supply personal data to a transferee for the purpose of obtaining a background check for employees, independent contractors, registered representatives and chaperoned affiliates of the firm. Certain biographical information may be published on our website with permission from the employee, contractor or client.
Data, Security, Integrity and Access
We employ various physical, electronic, and managerial measures, including education and training of our personnel, designed to reasonably protect personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction. Personal data collected or displayed through a website is protected in transit by standard encryption processes. However, we cannot guarantee the security of information on or transmitted via the Internet. We do not track users via our website or proprietary software portal, OLIVIA.
We process personal data only for the limited and specific purpose for which it was originally collected or authorized by the individual. To the extent necessary for such purposes, we take reasonable steps so that personal data is accurate, complete, current, and otherwise reliable with regard to its intended use.
An individual has the right to access personal data we hold about them as specified by the Privacy Shield Program. An individual may contact us using the information below to correct, amend, or delete information where it is inaccurate or has been processed in violation of the principles. The individual will need to provide sufficient identifying information, such as name, address, and birth date. We may request additional identifying information as a security precaution such as possibly a national identifier (e.g. a Social Security number). In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or where the rights of persons other than the individual would be violated. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.
Accountability and Enforcement
We have established a program to monitor our adherence to the Privacy Shield Program and to address questions and concerns regarding our adherence. This program will include a statement, at least once a year, signed by an authorized representative of GCS, verifying that this statement is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible. We encourage interested persons to raise any concerns with us using the contact information below.
In additions, individuals may file a complaint in connection with our processing of their personal data under the Privacy Shield Program. With respect to any dispute relating to this policy that cannot be resolved through our internal processes:
- If the dispute involves data collected in the context of an employment relationship, we will cooperate with competent EU or Swiss data protection authorities and comply with the advice of such authorities. In the event that we or such authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.
- Personnel who violate our privacy policies will be subject to disciplinary process.
- An individual may under certain conditions invoke binding arbitration. Please see the Privacy Shield website for more information on conditions giving rise to binding arbitration.
We may amend this policy from time to time by posting a revised policy on the GCS website. If we amend the policy, the new policy will apply to personal data previously collected only insofar as the rights of the individual affected are not reduced. So long as we adhere to the Privacy Shield Program, we will not amend our policy in a manner inconsistent with the Privacy Shield Program.
Information Subject To Other Policies
We are committed to following the Principles for all personal data within the scope of the Privacy Shield Program. However, certain information is subject to policies of the firm that may differ in some respects from the general policies set forth in this statement.
Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any engagement letter or other similar letters or agreements with the client, and applicable laws and professional standards.
Contact Information / Filing a Complaint
For further information, questions, access requests, or any other issues arising under the Privacy Shield, please contact:
Chief Compliance Officer
Growth Capital Services
582 Market Street, Suite 300
San Francisco, CA 94104
Phone: 415-692-0050 ext. 89
You may also file a complaint via the firm’s IRM (Independent Recourse Mechanism provider for dispute resolution):
The United States Council for International Business (USCIB)