We Respect Your Privacy
Growth Capital Services (“GCS”) places a high value on the trust and confidence you place in us. We are committed to following the Principles for all personal data within the scope of the Privacy Shield Program and we have written this statement accordingly. However, certain information is subject to policies of the firm that may differ in some respects from the general policies set forth in this statement regardless of our efforts to keep policies consistent. In instances where this statement differs from our official Written Supervisory Procedures, then the Written Supervisory Procedures will supersede this statement.
This policy applies to personal data we may collect, process, and handle. For purposes of this statement, “personal data” means information that:
• is about, or pertains to, a specific individual; and
• can be linked either directly or indirectly to that individual.
Generally speaking, our broker-dealer firm collects and processes personal data as follows:
• from employees and independent contractors of the firm in the context of the employment or contractor relationship,
• from clients (registered representatives and chaperoned affiliates) who wish to conduct private placement securities transactions via the firm, and
• from customers and issuers (parties participating in securities transactions) as necessary to effect transactions and as required by regulatory agency or legal requirements.
Principles Protecting Individuals’ Privacy Notice and Choice
We collect personal data from individuals as follows:
• We notify individuals about the personal data we collect from them, how we use it and how to contact us with privacy concerns. All personal data is collected and processed with the express and informed consent of the relevant individuals or is collected and processed pursuant to mandatory legal requirements, including but not limited to those imposed by FINRA and the SEC.
• We provide such notice through this statement, our engagement letters or other similar documents, instructions on the personal data collection forms within our proprietary software, and direct communication with individuals from whom we collect personal data.
• Consent for personal data to be collected, used, and/or disclosed in certain ways (including opt-in consent for sensitive data) may be required in order for an individual to obtain or use our services. Such consent is provided through our engagement letters, employment agreements, customer identification forms, subscription agreements and other similar documents.
Disclosures and Transfers
We do not disclose an individual’s personal data to third parties, except when one or more of the following conditions is true:
• We have the individual’s permission to make the disclosure.
• The disclosure is required by lawful request by public authorities, including to meet national security, regulatory agency or law enforcement requirements.
• The disclosure is required by law or mandatory professional standards.
• The disclosure is reasonably related to the sale or other disposition of all or part of our business.
• The information in question is publicly available.
• The disclosure is reasonably necessary for the establishment of legal claims.
• The disclosure is to persons or entities providing services on our or the individual’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question, is subject to law providing an adequate level of privacy protection or has agreed to provide an adequate level of privacy protection.
• We may transfer personal data from one jurisdiction to another. Privacy laws vary by jurisdiction, and some may provide less or different legal protection than others.
We may supply personal data to a transferee for the purpose of verifying identification or suitability for customers and issuers.
We may supply personal data to a transferee for the purpose of obtaining a background check for employees, independent contractors, registered representatives and chaperoned affiliates of the firm. Certain biographical information may be published on our website with permission from the employee, contractor or client.
Before disclosing your personal data to a transferee or third-party agent, we will obtain assurances from the recipient that it will use the personal data only to assist us in providing our services, provide at least the same level of protection for personal data as required by the Privacy Shield Principles, and notify us if the recipient is no longer able to provide the required protections. Upon notice, we will act promptly to stop and remediate unauthorized processing of personal data by a recipient. We will remain liable for onward transfers to our transferees and third-party agents.
We may also be required to disclose, and may disclose, personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, we will inform our relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.
Data, Security, Integrity and Access
We employ various physical, electronic, and managerial measures, including education and training of our personnel, designed to reasonably protect personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction. Personal data collected or displayed through a website is protected in transit by standard encryption processes. However, we cannot guarantee the security of information on or transmitted via the Internet. We do not track users via our website or proprietary software portal, OLIVIA.
We process personal data only for the limited and specific purpose for which it was originally collected or authorized by the individual. To the extent necessary for such purposes, we take reasonable steps so that personal data is accurate, complete, current, and otherwise reliable with regard to its intended use.
An individual has the right to access personal data we hold about them as specified by the Privacy Shield Program. An individual may contact us using the information below to correct, amend, or delete information where it is inaccurate or has been processed in violation of the principles. The individual will need to provide sufficient identifying information, such as name, address, and birth date. We may request additional identifying information as a security precaution such as possibly a national identifier (e.g. a Social Security number). In addition, we may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or where the rights of persons other than the individual would be violated. In some circumstances, we may charge a reasonable fee, where warranted, for access to personal information.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Notwithstanding the foregoing, we reserve the right to keep any information in our archives that we deem necessary to comply with our legal and regulatory obligations, resolve disputes and enforce our agreements.
Your rights under relevant data protection laws are complex. We have attempted to summarize your rights herein, but not all details can be included in these summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
You have the right to consent to whether we collect any personal data from you, and whether or not we process your personal data. Where we do process or share personal data, you have the right to know the purposes of the processing, the categories of personal data concerned, and any recipients of your personal data.
You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
To the extent not inconsistent with our legal and regulatory obligations, you may have the right to the erasure of your personal data.
You may have the right to restrict or object to the processing of your personal data under certain circumstances, subject to external legal and regulatory requirements. If you object, we will cease to process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us (see Contact Information below).
EEA and Swiss Resident Rights
This policy additionally applies to personal data that is transferred from the European Economic Area (EEA) and Switzerland to the United States in reliance on the Privacy Shield Framework.
GCS commits to cooperate with the EU Data Protection Authorities (DPA) under the EU-U.S. Privacy Shield Framework and/or the Swiss Federal Data Protection and Information Commissioner under the Swiss-U.S. Privacy Shield Framework, in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities. Our commitment to the Privacy Shield is also enforceable under U.S. law by the U.S. Federal Trade Commission (FTC).
If you are a resident of the European Economic Area or Switzerland, you have the right to file a complaint in connection with our processing of your personal data under the Privacy Shield Program. If the dispute involves data collected in the context of an employment relationship, we will cooperate with competent EU or Swiss data protection authorities and comply with the advice of such authorities. In the event that we or such authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance. If you have a complaint about our processing of your personal data, you should first contact us to advise of your complaint by emailing us at firstname.lastname@example.org. With respect to any dispute relating to this policy that cannot be resolved through our internal processes, contact our IRM (Independent Recourse Mechanism provider) for dispute resolution at https://www.privacyshield.gov/assistance. In addition to the above dispute resolution mechanisms, you may be able to invoke binding arbitration under certain circumstances if your complaint is not resolved by our IRM or by the Department of Commerce after referral from the relevant data protection authority in the EEA or Switzerland. For more information about binding arbitration, visit https://www.privacyshield.gov/assistance.
Accountability and Enforcement
You may file a complaint in connection with our processing of your personal data under is Policy using the contact information below. We will take appropriate steps to address any adverse effects and to promote future compliance. Personnel who violate our privacy policies will be subject to disciplinary action or termination.
We may amend this policy from time to time by posting a revised policy on the GCS website. If we amend the policy, the new policy will apply to personal data previously collected only insofar as the rights of the individual affected are not reduced. So long as we adhere to the Privacy Shield Program, we will not amend our policy in a manner inconsistent with the Privacy Shield Program.
Information Subject To Other Policies
We are committed to following the Principles for all personal data within the scope of the Privacy Shield Program. However, certain information is subject to policies of the firm that may differ in some respects from the general policies set forth in this statement.
Information obtained from or relating to clients or former clients is further subject to the terms of any privacy notice to the client, any engagement letter or other similar letters or agreements with the client, and applicable laws and professional standards.
For further information, questions, access requests, or any other issues arising under the Privacy Shield, please contact:
Justin Schleifer, Chief Compliance Officer
Growth Capital Services
582 Market Street, Suite 300
San Francisco, CA 94104
Phone: 415-692-0050 ext. 89