Greenwich Advisor Compliance Services Corp. Privacy Policy

Greenwich Advisor Compliance Services Corp. (hereinafter referred to as “GACS”, “we” or “us”) and our Interactive Brokers Group affiliates (collectively, “IBG”) are committed to respecting your privacy. GACS has developed this Privacy Policy (this “Policy”) to advise you of the ways and manners in which we collect, use, share and protect information you share with us through our website, www.greenwichcompliance.com, and any other website or application where this Policy is posted. Any person accessing, browsing or otherwise using the Site, either manually or via an automated device or program, is a “User” for purposes of this Policy.

This Policy is based on the privacy and data protection principles common to the countries in which we operate, including the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). This Policy is specifically addressed to those who provide Personal Information to GACS or who visit or use GACS’s websites and social media sites.


Who is responsible for your Personal Information?

GACS is responsible for the Personal Information that we may collect and/or control in the manner discussed below.


How do we collect your Personal Information and what Personal Information do we collect?

GACS collects and processes Personal Information from you. This may include, among other things, information:

  • provided during use of Schedule a Consultation and/ or Send RIA Compliance Questions to Greenwich Compliance (for example, your business’s name, your name, legal address, email address, telephone number, investment objectives, etc.);
  • collected through Internet cookies (for further information on our use of cookies, please see our Cookie Policy).
  • transmitted from one of the IBG affiliated entities.

Are you required to provide Personal Information?

In order for you to utilize our services, you will provide us with your Personal Information entirely voluntarily. In most circumstances GACS cannot take action without utilizing certain of your Personal Information, for example, because this Personal Information is required to process your instructions or orders or provide you with access to our services or marketing materials. In most cases, it will be impossible for us to provide the services to you without the relevant Personal Information.


For what purposes will we use your Personal Information?

We may use your Personal Information for the following purposes (“Permitted Purposes”):

  • To provide you with RIA registration and/or compliance services available through GACS, and/or to deal with any requests or inquiries you may have;
  • To pursue legitimate interests, including to carry out, monitor and analyze our business or operations;
  • To contact you (unless you tell us that you prefer us not to) regarding services that may be of interest to you;
  • To enter into or carry out contracts of various kinds;
  • To comply with applicable laws or regulations in any country; and
  • For any other purpose for which your Personal Information was provided to us.

Depending on which of the above Permitted Purposes we use your Personal Information for, we may process your Personal Information on one or more of the following legal grounds:

  • Because processing is necessary for the performance of a client instruction or other contract with you or your organization;
  • To comply with our legal obligations (for example, to communicate with State or Federal regulators);
  • Because processing is necessary for the purposes of our legitimate interest or those of any third-party recipients that receive your Personal Information, provided that such interests are not overridden by your interests or fundamental rights and freedoms; and
  • Because processing is useful or necessary in our discretion and is not prohibited under the law of the relevant jurisdiction.

In addition, the processing may be based on your consent where you have expressly given that to us.


Who we share your Personal Information with, and in what circumstances?

We may share your Personal Information in the following circumstances:

  • We may share your Personal Information between GACS and the IBG Entities on a confidential basis as allowed by applicable law or where required for the purpose of providing products or services and for administrative, billing and other business purposes.
  • Consistent with applicable law, we may share your Personal Information with courts, law enforcement authorities, regulators or attorneys or other parties for the establishment, exercise or defense of a legal or equitable claim or for the purposes of a confidential alternative dispute resolution process; and
  • We may also use aggregated Personal Information and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.

Otherwise, we will only disclose your Personal Information when you direct us or give us permission to do so, when we are allowed or required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.


Personal Information about other people that you provide to us

If you provide Personal Information to us about someone else (such as one of your directors or employees or someone with whom you have business dealings), you must ensure that you are entitled to disclose that Personal Information to us and that, without our taking any further steps, we may collect, use and disclose that Personal Information as described in this Privacy Policy. In particular, you must ensure that the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our Personal Information disclosure practices (including disclosure to overseas recipients), any right the individual may have to obtain access to the Personal Information and make complaints about the handling of the Personal Information and the consequences if the Personal Information is not provided (such as our inability to provide services).


Keeping Personal Information about you secure

To the extent required by law, we will take appropriate technical and organizational measures to keep your Personal Information confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to Personal Information. Personal Information may be kept on our Information Technology systems, those of our contractors or in paper files.


Transferring your Personal Information outside the European Economic Area (“EEA”) (if GDPR applies)

For Personal Information subject to the EU General Data Protection Regulation (“GDPR”) we may transfer your Personal Information outside the EEA for the Permitted Purposes as described above. This may include countries that do not provide the same level of protection as the laws of your home country (for example, the laws within the EEA or the United States). We will ensure that any such international transfers are made subject to appropriate or suitable safeguards if required by the GDPR or other relevant laws. You may contact us at any time using the contact details below if you would like further information on such safeguards.

With respect to persons covered by GDPR, in case Personal Information is transferred to countries or territories outside of the EEA that are not recognized by the European Commission as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms to ensure Personal Information is protected.


Updating your Personal Information

If any of the Personal Information that you have provided to us changes, for example if you change your email address or if you wish to cancel any request that you have made of us, please let us know by contacting GACS Customer Service at contactGC@greenwichcompliance.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Information that you provide to us.


How long do we retain your Personal Information?

We retain your Personal Information in an identifiable form in accordance with our internal policies which establish general standards and procedures regarding the retention, handling and disposition of your Personal Information. Personal Information is retained for as long as necessary to meet legal, regulatory and business requirements. Retention periods may be extended if we are required to preserve your Personal Information in connection with litigation, investigations and proceedings.


Further rights for persons or information covered by GDPR

With respect to EEA residents and where your Personal Information is processed by GACS established in the EEA (“Covered Individuals”), you have a number of legal rights under GDPR in relation to the Personal Information that we hold about you.


These rights include:

  • Obtaining information regarding the processing of your personal information and access to the personal information that we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information, (in particular, information that is subject to legal professional privilege);
  • Requesting that we correct your personal information if it is inaccurate or incomplete;
  • Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled to retain it;
  • Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request; and
  • Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.

If you wish to do any of the above, please contact GACS Customer Service at contactGC@greenwichcompliance.com. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Information you request from us.

We will consider any requests or complaints that we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator. We will provide you with details of your relevant regulator upon request.


Transferring Your Personal Information out of California (if CCPA applies)

GACS is in compliance with the California Consumer Privacy Act of 2018 (“CCPA”). You have four basic rights in relation to your Personal Information under the CCPA:

  • the right to know, though a general privacy policy and with more specifics available upon request, what personal information GACS has collected about you, from where it was sourced, for what it is being used, whether it is being disclosed or sold, and to whom it is being disclosed or sold;
  • the right to opt out of allowing GACS to sell your Personal Information to third parties. Please note that GACS does not sell your Personal Information to third parties;
  • the right to have GACS delete your Personal Information, with some exception provide by applicable law; and
  • the right to receive equal service and pricing from GACS, even if you exercise your privacy rights under the CCPA.

If you wish to do any of the above, please contact GACS Customer Service at contactGC@greenwichcompliance.com. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorized disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data and for any additional copies of the Personal Information you request from us.

We will consider any requests or complaints that we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator. We will provide you with details of your relevant regulator upon request.


Updates to this Privacy Policy

This Privacy Policy was last updated on January 30, 2020. We reserve the right to update and change this Privacy Policy from time to time, for example, in order to reflect any changes to the way in which we process your Personal Information or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on our website.


How to contact us

We welcome your views about our website and our Privacy Policy. If you have any questions about this Policy, please contact GACS Customer Service at contactGC@greenwichcompliance.com.