European Union (EU) GDPR Privacy Notice
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on May 25th, 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The information in this notice describes how Roundview Capital LLC (RVC) treats personal data of individuals in the European Economic Area (EEA). RVC’s Data Protection Officer can be reached at +1-609-688-9500 or email@example.com.
RVC is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by data protection principles.
Basis for and Purposes of Data Collecting
Your contract is with Roundview Capital LLC. RVC collects your personal data when necessary for the performance of our Investment Advisory Agreement with you or your designee. Most information RVC collects comes directly from you or from your authorized representatives. This information may include identifying data like your name, home and business address, telephone number, email address, and social security number; financial information like investment records, tax returns, brokerage and mortgage statements, benefit data, your family budget; and your investment objectives. Much of this information is supplied to us at the time you executed your Investment Advisory Agreement with us. Not all personal information is obtained from you. We may obtain personal information about you from other sources, including those publicly accessible, in order to assist us in verifying your identity.
Recipients of Personal Data
We share your personal data as authorized by you, with individuals or entities not affiliated with RVC such as your professional Advisers or other third parties (including but not limited to attorneys, accountants, insurance agents, broker-dealers, account custodians) to carry out transactions on your behalf or provide services for you or your account. RVC does not otherwise disclose any nonpublic personal information about our clients or former clients to anyone outside of RVC, except where disclosure is required or permitted by law. Examples include cooperating with governmental regulators or law enforcement authorities.
International Data Transfers
RVC is a Securities Exchange Commission (SEC) Registered Investment Adviser formed as a limited liability corporation based in the U.S. (a country for which the EEA has not issued an adequacy decision on the protection of personal data). RVC stores personal information outside of the EU. We have procedures and safeguarding measures in place to secure, and maintain the integrity of the data.
Data Storage Period
We process and store personal data for as long as is required to provide services, which is typically for the duration of our Investment Advisory Agreement with you or your designee. The criteria used to determine extended data storage (such data will be kept confidential, unless otherwise required by law) depend on our responsibilities as an SEC Registered Investment Adviser to comply with regulatory and legal requirements, along with corporate standards, and maintain cyber and information security and privacy protections, as well as data integrity and system controls.
You have the right to access any personal data that RVC processes. In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, you can exercise or address the rights listed below by contacting our Data Protection Officer identified in the beginning of this Notice.
• The right to obtain personal data we hold about you
• The right to have inaccurate or incomplete data about you corrected or completed
• The right to request erasure of personal data (where applicable)
• The right to restrict processing of your personal data in specific cases
• The right to object to the processing of your personal data on grounds relating to your particular situation
• The right to receive your personal data in a machine-readable format and send it to another party
• The right to lodge a complaint with a Supervisory Authority within your Member State