GLOBAL PRIVACY NOTICE
Last updated: January 1, 2020
Autonomy Capital (“Autonomy”) collects nonpublic personal information (“NPI”) from current, former and prospective Clients primarily to process requests and transactions, provide customer service, and communicate information about advisory products and services. Autonomy respects the privacy of its Clients and will not use or disclose NPI for any purpose other than in connection with the servicing of Clients accounts and as required or authorized by law. This Policy details Autonomy’s privacy practices, and may be updated from time to time to reflect business changes or legal requirements. Please check back frequently for any updates. Individuals with disabilities can access this policy in alternative formats by contacting us at the address, phone, or email address below. This Privacy Notice is reviewed on an annual basis and may be updated from time to time.
The NPI that Autonomy collects about investors includes:
-information Autonomy receives from an investor on managed account agreements, fund subscription documents and related forms or through its website, such as name, address, Social Security number, birth date, assets, income, and investment experience; and
-information about an investor’s transactions with Autonomy, its affiliates, or others, such as account activity and balances.
Clients should note that this privacy notice does not prevent Autonomy from disclosing to appropriate third parties such information that Autonomy or the third party may, in its sole discretion, deem necessary or advisable in order to comply with applicable anti-money laundering and other applicable United States or foreign laws and regulations or as may be required by regulatory authorities with jurisdiction over Autonomy’s activities.
Autonomy restricts access to NPI that Autonomy collects about a Client to its personnel who need to know that information in order to provide products or services to the investor and to administer the firm as referenced above. Autonomy maintains physical, electronic and procedural controls in accordance with regulations of the Securities and Exchange Commission and other pertinent regulatory bodies, to safeguard NPI.
Autonomy will not market to any consumer based on any “eligibility information” about such consumer received from its affiliates, or share with any affiliate for marketing purposes any investor’s “eligibility information”, unless such consumer or investor has (i) received notice of the potential marketing use of such information; (ii) been provided a reasonable opportunity and a simple method to opt out of receiving the marketing solicitation; and (iii) has not opted out.
If you have questions or concerns about our use of the data and information you provide, please contact Autonomy at firstname.lastname@example.org.
Autonomy Capital – Privacy Notice for Investors in the European Economic Area (the “EEA”), the United Kingdom, Jersey and/or Switzerland, and Investors in our Cayman Islands investment funds
This notice sets forth the privacy practices of Autonomy and its affiliates and Cayman Islands investment funds (collectively, “Autonomy”) with respect to the personal data of Investors (and directors, officers, employees and/or beneficial owners of investors) in the funds for which Autonomy serves as investment adviser or general partner or in some similar capacity (“Investor Personal Data”). For the purposes of applicable data protection laws, Autonomy is the data controller. The administrator of the funds or its affiliates (collectively, the “Administrator”) may also act as a data controller of Investor Personal Data in connection with the performance of its legal and contractual obligations as Administrator of the funds. For further information you can access the Administrator’s privacy notice at: https://citco.com/footer/privacy-policy/ This Data Privacy Notice only applies to Investors in the EEA, the United Kingdom, Jersey and/or Switzerland, and Investors in our Cayman Islands investment funds. Investors must provide a copy of this Notice to any third parties whose personal data an Investor discloses to Autonomy and/or the Administrator.
Data That May Be Collected. Autonomy and/or the Administrator may collect certain Investor Personal Data, including, without limitation, (a) information received from an Investor, such as social security number, tax identification number, account information and wire transfer instructions and (b) information about an Investor’s transactions with any affiliates of Autonomy or non-affiliated third parties, such as account balances, account numbers and account activity. Autonomy and/or the Administrator may obtain such Investor Personal Data when the Investor makes an investment in an Autonomy fund, provides information on the Investor’s subscription documents and related forms, gives contact information, makes a wire transfer, provides government-issued ID, makes an additional contribution to an Autonomy fund or requests a redemption. Where Autonomy or the Administrator requires Investor Personal Data to comply with legal requirements, failure to provide this information may result in Autonomy terminating its relationship with the Investor.
Use of Investor Personal data. Autonomy and/or the Administrator will use Investor Personal Data in the course of business for tasks such as, processing transactions, performing general, financial and regulatory accounting and reporting, maintaining investor accounts, carrying out anti-money laundering checks and related actions, and responding to court orders and legal investigations. Autonomy and/or the Administrator may also use Investor Personal Data to communicate with Investors and offer products and services to Investors. The provision of Investor Personal Data by an Investor may be necessary for the performance of any contractual relationship with the Investor, for compliance with legal or regulatory obligations, and for the other purposes as set out in this Notice where in the legitimate interests of Autonomy and/or the Administrator. Where Autonomy and/or the Administrator, requires your Personal Data to comply with anti-money laundering or other legal requirements, failure to provide this data means the Investor may not be accepted or may result in the relationship with the Investor being terminated.
Disclosure to Certain Third Parties. Autonomy and/or the Administrator may disclose certain Investor Personal Data: (i) to its affiliates, service providers, such as transfer agents, custodians, broker-dealers, accountants and lawyers, in connection with the oversight, safekeeping, administration, distribution or operation of the funds; (ii) to fraud prevention agencies and law enforcement agencies in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) to courts, governmental and non-governmental regulators and ombudsmen; (iv) to any third party that acquires, or is interested in acquiring or securitizing, all or part of Autonomy’s or Administrator’s assets or shares, or that succeeds Autonomy or Administrator in carrying on all or a part of its business, whether by merger, acquisition, reorganization or otherwise; or (v) as required or permitted by law, including to comply with a subpoena or similar legal process or government request, or when Autonomy and/or Administrator believes in good faith that disclosure is legally required or Autonomy and/or Administrator has a legitimate interest in making a disclosure, such as where necessary to protect Autonomy’s and/or Administrator’s rights and property.
Transfer of Investor Personal Data Outside the EEA, the United Kingdom, Jersey and/or Switzerland, and other international transfers. Autonomy may disclose Investor Personal Data to recipients (including affiliates) located in countries outside of the EEA, the United Kingdom, Jersey and/or Switzerland, including in the U.S., which may not have data privacy laws equivalent to those the EEA, the United Kingdom, Jersey and/or Switzerland (as applicable). In such a case, Autonomy will take all necessary steps to ensure the safety of Investor Personal Data in accordance with applicable data protection laws. Autonomy has, inter alia, authorized the Administrator as its agent to ensure the transfer of data by the Administrator outside of the EEA, the United Kingdom, Jersey and/or Switzerland is subject to and governed by data transfer agreements, designed to ensure that Personal Data is protected.
Any international transfer of personal information by us or our duly authorized affiliates and/or delegates shall be in accordance with the requirements of the Data Protection Law, 2017 of the Cayman Islands (“DPL"), where applicable, and may include the foregoing measures.
Accountability for Onward Transfer. Where Autonomy transfers Personal Data from EU, British and Swiss individuals, or Personal Data of Investors in our Cayman Islands investment funds, covered by our Privacy Shield certification to a third party, we will do so consistent with the notice provided to you and any consent provided (if applicable), and contractually require the third party to process the Personal Data for limited and specified purposes consistent with the lawful basis for processing; provide at least the same level of protection as required under the Privacy Shield Principles and provide us notice of any concerns in its ability to comply with these promises. Autonomy remains liable under the Privacy Shield Principles where any third party service provider processes Personal Data subject to its Privacy Shield certification in a manner inconsistent with the Principles, except where Autonomy is otherwise not responsible for the event giving rise to the damage.
Retention. Autonomy and the Administrator will retain Investor Personal Data in accordance with Autonomy’s record-keeping policies and procedures and for as long as required to comply with applicable legal/regulatory obligations. Further details are available on request.
Security. Autonomy will take steps to protect Investors’ personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held. All Investor personal data will be retained in accordance with Autonomy’s record-keeping policies and procedures.
To Exercise your Privacy Rights and Choices, or to Contact us. All inquiries, requests or concerns regarding this Notice, or any requests to exercise your privacy and data protection choices and rights, or any other question or comment relating to the processing of Investor Personal Data should be sent to email@example.com and one of our Data Protection Representatives below. We will respond to you as soon as reasonably possible, but at least within 30 calendar days.
Data Protection Representatives:
Ciena Evasco (UK Representative) – firstname.lastname@example.org
Kelly Gouveia (Jersey Representative) – email@example.com
Recourse, Enforcement and Liability. Autonomy’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. In compliance with the Privacy Shield Principles, after you have contacted us at the email above, if we are unable to resolve your concerns, Autonomy has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If we are unable to resolve your concerns, or you do not receive a timely acknowledgement of your complaint, please visit https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Autonomy Capital – Privacy Notice for Investors in California
If you are a resident of California, you may have rights under the California Consumer Privacy Act of 2018 (“CCPA”), as described in this section of our Privacy Notice. In addition, not all rights in this section of our Privacy Notice is applicable to personal information that constitutes NPI subject to the Gramm-Leach-Bliley Act and our GLBA privacy notice, or processed solely in the business-to-business context, or other data that is exempt from certain requirements of the CCPA.
Your Right to Request Disclosure of Information We Collect and Share About You
Autonomy is committed to ensuring that you know what information Autonomy collects about you. You can submit a request to Autonomy for the following information:
- The categories of Personal Information that Autonomy has collected about you.
- The categories of sources where Autonomy collected the Personal Information.
- The business or commercial purposes for why Autonomy collected and/or sold the Personal Information.
- The third parties with whom Autonomy shared the information.
- The specific pieces of information we collected.
Autonomy is also committed to ensuring that you know what information Autonomy shares about you. You can submit a request to Autonomy for the following further information:
- The categories of Personal Information, if any, Autonomy has sold about you, categories of third parties to whom Autonomy sold that Personal Information, and the category or categories of Personal Information sold to each category of third party. However, Autonomy does not and will not sell Personal Information.
- The categories of Personal Information that we’ve shared with third parties for business or commercial purposes.
Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.
Your Right to Request the Deletion of Personal Information We Have Collected from You
Upon receiving and verifying such request, Autonomy will delete the Personal Information that Autonomy has collected about you, except for situations when that information is necessary for Autonomy to: provide you with a good or service that the client requested; perform a contract Autonomy entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to Autonomy or that are reasonably aligned with expectations based on the your relationship with Autonomy.
Our Process for Responding to Privacy Rights Requests under the CCPA
To exercise your CCPA rights, contact Autonomy at 212-796-1900 or at our compliance email firstname.lastname@example.org.
For requests for access or deletion, we will respond to your request or your authorized agent’s in writing, or verbally if requested, as soon as practicable and in any event generally not more than within 45 days after receipt of the request. We may extend this period to 90 days and, in the event that we do extend the period, we will explain to you or your authorized agent why we did so. As part of processing your request, we may ask you for information to verify your identity against information we maintain. The information we may need to verify your identity may vary depending on the nature of your request or the data we may share. If we cannot verify your identity with the degree of certainty required, we will not be able to respond to the request and will notify you and explain the basis of the denial.
Requests for Household Information require a verified request from each member of the household. You may also wish to designate an agent to submit a request on your behalf. If you would like to designate an agent to act on your behalf, you and the agent will need to verify your identity, and provide written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship. This subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney, which will be processed in accordance with California law pertaining to powers of attorney.
Information about the Personal Information We Collect
Key to Collection Purposes Below:
The capitalized terms in the chart above have the following meanings:
- Client Services—such as identifying potential clients; on-boarding new clients; opening accounts; servicing existing accounts; closing accounts; responding to requests and concerns; offering services, events, and educational activities and materials; determining suitability of financial products and services.
- Business Operations—such as performing services on behalf of the business, for instance, client service, fulfilling requests and orders, and processing transfers and payments; managing administrative matters such as invoicing, renewal, or auditing; developing, maintaining, or enhancing the operation of our networks, devices, systems, products, and services; conducting research and analytics to determine how our products and services are working, developing new products and services; carrying out our obligations under contracts and enforcing the same; verifying or authenticating individuals’ identities, including for access to our networks, systems, products, and services.
- Marketing—such as marketing our services and other services.
- Protection and Defense—such as protecting and monitoring our facilities, networks, devices, systems, products, services, property, personnel, and the public; preventing fraud, abuse, security threats, and crime; responding to emergencies (including contacting designated contacts in case of emergency).
- Regulatory and Legal—such as managing and fulfilling legal and regulatory requirements (such as regulatory registration and know-your-customer requirements); responding to valid legal requests.
- Compliance and Oversight—such as complying with health and safety regulations or security measures; carrying out equal opportunities monitoring and other reporting; conducting internal investigations, including for noncompliance with law or violations of policies; dealing with disciplinary matters and any grievance raised by or involving you; ensuring compliance with our rules and processes, for example we may monitor CCTV records and use of our IT systems, including email, internet and intranet.
Additional Information about How We Collect and Share your Personal Information
With respect to each of the categories of data above, we may also share Personal Information with any person to whom we transfer any of our rights or obligations under any agreement, or in connection with a sale, merger or consolidation of our business or other transfer of our assets, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor or transferee.
You have a right not to be discriminated against for the exercise of the privacy rights conferred by the CCPA.