ICDPortal

Privacy Notice

Updated October 18, 2024

Institutional Cash Distributors, LLC, a U.S. broker-dealer registered with the SEC, member FINRA, Institutional Cash Distributors, Ltd, a UK broker-dealer authorised and regulated by the Financial Conduct Authority, ICD Europa – Empresa de Investimento, S.A., a Portugal broker-dealer regulated by Comissão do Mercado de Valores Mobiliários (CMVM), and Institutional Cash Distributors Technology, LLC, a Delaware limited liability company (collectively “ICD”, “we”, “our” or “us”) understands your privacy is important. We have posted this Privacy Notice (as defined below) to provide information about how and why we use your personal data, where we collect it from, and your rights in relation to your personal data, and we are required to do this by data protection and privacy laws and regulations of the jurisdictions where ICD conducts business. Applicable legal and regulatory regimes include, but are not limited to, the European Union (“EU”) General Data Protection Regulation ((EU) 2016/679 (“EU GDPR”) and its UK equivalent, the (“UK GDPR” and together with the EU GDPR, the “GDPR”).

WHO DOES THIS PRIVACY NOTICE APPLY TO?

This notice (the “Privacy Notice”) provides information about our collection and processing of personal data as a “controller” in relation to the following individuals (i) ICD Portal and ICD Portfolio Analytics users whose access is directly managed by us, (ii) business contacts at our customer organisations and (iii) website users (“you” and “your”) and should be read together with the applicable parts of our Data Usage Details webpage.  

This Privacy Notice should be read together with any other privacy notice or statement that we provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why we are using your personal data. This Privacy Notice supplements the other notices, but does not override them.   

When we collect and process personal data of users whose access to the ICD Portal or ICD Portfolio Analytics is managed and controlled by designated individuals in the customer organisation, ICD acts as a “processor” and the customer organisation is the “controller”, and the applicable parts of our Data Usage Details webpage provides more information about how we handle your personal data when acting in this “processor” role. We have policies and procedures in place to protect personal data. We do not sell personal data.

Please be aware that not providing the requisite personal data may preclude us from pursuing a business relationship with you, and/or from rendering our services to you.

QUESTIONS AND ANSWERS THAT DETAIL ICD’S PRIVACY POLICY

Q: Where does ICD collect my personal data from?

A: ICD collects personal data from one or more of the below sources:

  1. Information provided to us directly from you throughout our relationship, such as on financial account applications or other forms (including when administering, setting up or managing customer accounts) when you sign up and/or use the ICD products, services and website.
  2. Information provided from out parent entities, affiliates, subsidiaries, and partners.
  3. Information about transactions with us, our affiliates or third parties.
  4. Information from others (including publicly available sources), such as intermediaries, broker dealers, clients, service providers, credit reporting agencies, employers and government agencies.
  5. Information that may be disclosed on telephone conversations, voicemails, through written correspondence, or via email in order to facilitate our customers business.
  6. Information provided to us through use of ICD’s website (including through the use of cookies) and website portal.
  7. Information provided to us through use of the ICD Portal, ICD Portfolio Analytics, ICD Mobile Application and ICD Trade Desk and interaction with associated systems as further detailed in the Data Usage Details.
  8. Information provided to us indirectly from you, such as observing your actions on our website.

Q: What types of personal data does ICD collect about me?

A: The types of personal data that ICD (and our third party vendors in providing services to us) collect includes names, phone numbers, and business email addresses of the people with whom we conduct business, internet identifiers, product or subscription usage data, referrals, and personal data collected from third parties.  For certain customer entity accounts, additional personal detail may be required of authorizing personnel or senior officials/executives, including but not limited to government identifying numbers (i.e. SSN or passport numbers).  Further details are provided in the Data Usage Details.  

We process personal data on one or more lawful grounds depending on the type of personal data being collected, including, where it is necessary for us to comply with a legal obligation, where it is necessary to perform our contract with you or for our legitimate business interests, or where we have obtained your consent.

Q: What purposes does ICD process my personal data for?

A: The personal data collected by ICD is processed for the following purposes:

  • to open accounts introduced by ICD, and to use ICD’s website and website portal,
  •  to perform our contractual obligations and to provide you with our products and services and assist you with any necessary support and training,
  •  to comply with our regulatory record-keeping obligations, to conduct our know-your-client (“KYC”) and other compliance checks on our clients, and to conduct system monitoring which we are required by law to carry out, and
  •  to contact you by e-mail, post or telephone with information about us, the products and services that you use, other products and services similar to those you use and events that might be of interest to your organisation.  You may ask us to refrain from sending you marketing messages at any time using the contact details provided in this Privacy Notice.

Q: What does ICD do to protect my personal data?

A: ICD takes the following measures to protect your personal data:

We restrict access to personal data to those employees, agents, representatives or third parties who need to know the information to provide products and services to our customers.

We have policies and procedures in place to protect personal data that give direction to our employees, agents and representatives acting on our behalf, regarding how to protect and use personal data.

We maintain physical information and procedural safeguards to protect personal data. This includes storage of personal data in secure physical and server locations, as well as ICD’s secure, firewall-protected, back-office website. For certain customer entity accounts, additional personal detail may be required of authorizing personnel or senior officials/executives, including but not limited to government identifying numbers (i.e. SSN or passport numbers). This personal data is not stored on any ICD website, and is only retained in secure physical and server locations.

We have a vendor security management program that requires annual attestation of rigorous personal data protection in compliance with GDPR and other laws and regulations.

We conduct annual privacy policy training for ICD personnel.

Q: With whom does ICD share my personal data, and why?

1. Group companies: We share personal data with other companies within the ICD group of companies, and with our parent group company, acting as joint controllers, who are based in the United States, Europe, Australia and those countries within Asia where the applicable controller has a physical presence in order to provide operational and system administration services or for legal or compliance purposes.

2. Your employer:  We may provide your employer with reports containing the product usage data of its employees.

3. Content Providers:  We will disclose personal data with content providers that you have subscribed to where it is necessary for them to confirm that a user is entitled to access their content and to evaluate and manage how that content is used in our services. 

4. Vendors:  We use other companies as data processors to process certain personal data on our behalf, including service providers who have access to your personal data in order to assist us in our administration of the services or provide other operational or system administration services. For example, we may use:

  • Customer relationship management software providers in order to assist with the provision of our services and to contact you;
  • Marketing services including joint webinars where we disclose contact information with the sponsor/presenter;
  •  KYC and regulatory screening providers who assist us with meeting our compliance obligations;
  • Providers who provide system administration support services.

Where appropriate, we may also provide certain personal data to other vendors to process on your behalf, such as clearing houses.  These parties that have access to personal data are required by us and by applicable law to protect it in a manner consistent with this Privacy Policy.

5. Professional Advisors: Our professional advisers including lawyers, auditors and insurers could have access to your personal data during the course of performance of their professional services to us.

6. Disclosure for Legal Purposes:  Where required by law, we will provide access to your personal data, including without limitation, to cooperate with regulatory and other government investigations or other legal proceedings.

Q. Does ICD Transfer Personal Data to Other Countries?

A:   Personal data is utilized or stored within the countries where ICD or its parent group company conducts business, which include, but is not limited to the U.S., Europe, Australia and those countries in Asia where the appliable group entity has a physical presence. Personal data may also be held on servers globally by some of our service providers. In today’s global market, it is necessary for us to transfer your personal data across national borders. On the most part, these transfers will involve at least one of our entities operating in the EEA and as such will take place in accordance with European standard of protections for personal data. In practice, this means that all the ICD entities and relevant third parties agree to process your personal data in line with our high global standards. Where we transfer your personal data outside of the EEA or the UK, that personal data subsequently receives the same degree of protection as it would in the EEA or the UK through the implementation of EU Commission approved standard contractual clauses which contain legally binding obligations to safeguard your personal data.

Q:  How long does ICD keep personal data

A: We retain personal data for as long as required for the purpose for which it was collected an in compliance with our legal and regulatory obligations, and necessary technical requirements.  After the expiration of the retention period, personal data may be requested to be destroyed. Please contact compliance@icdportal.com for regulatory retention details. (Please use RGPD@icdportal.com for ICD Europa).

Q: Does the ICD Portal use cookies?

A: Yes, we do. To learn more about how and why we use cookies, please see our Cookie Policy.

Q: Does this Privacy Notice apply to its agents and representatives?

A: This Privacy Notice applies, to the extent required by law, to its agents and representatives when they are acting on behalf of ICD. However, please note that such third parties may have their own privacy notices which may apply.

Q:  How do I request more information on ICD’s use of personal data, or exercise my rights regarding the processing of  my personal data?

A: Requests for more information regarding how we collect and use personal data, or requests to update, correct or delete your personal data, or complaints to ICD, may be made in writing to the following contact information:

Email to:

compliance@icdportal.com (RGPD@icdportal.com for ICD Europa)

Mail to:

Institutional Cash Distributors, Ltd.
Attn:  Compliance
1 Fore Street Avenue
London, EC2Y 9DT

Institutional Cash Distributors, LLC
Attn:  Compliance
16475 Bordeaux Drive
Reno, NV 89511

ICD Europa – Empresa de Investimento, S.A.
Attn:  Compliance
Praça Marquês de Pombal 14
Lisbon 1250-162

Formal complaints regarding personal data may be made to the applicable data protection supervisory authority of the requisite country/domicile in question.

You may also request that we cease using your personal data for marketing purposes.  If you do not wish to receive marketing emails and/or marketing materials from ICD about its products and services, please contact ICD by email at the above email address.

If you are based in the EU or the UK,  you have certain rights under European and UK data protection laws in relation to our processing of your personal data:

  • The right to access data relating to you (‘access right’).
  • The right to rectify/correct data relating to you (‘right to rectification’).
  • The right to object to processing of data relating to you (‘right to object’).
  • The right to restrict the processing of data relating to you (‘right to restriction’).
  • The right to erase/delete data relating to you (i.e. the ‘right to erasure’). Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation.
  • The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’). The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you (i.e. ‘the right not to be subject to automated decision-making’).
  • The right to withdraw consent for processing of data relating to you (i.e. ‘right to withdraw consent’). Where we are processing your personal data on the basis of your consent and you withdraw your consent, we may rely on alternative legal grounds to process your personal data where such processing is: (i) legally mandatory, (ii) necessary for the performance of a contract to which you or your organization are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we follow, including the establishment, exercise or defence of legal claims.
  • The right to report a concern about the processing of data related to you to the data protection authority that is authorised to hear those concerns (i.e. ‘the right to lodge a complaint with the data protection authority’).

Q: Will ICD’s Privacy Notice change?

A: ICD reserves the right to change any of its privacy policies, including this Privacy Notice and related procedures at any time, in accordance with applicable laws. You will receive appropriate notice of any such changes.