PRIVACY POLICY HIGHLIGHTS
Reviewed May 12, 2022
Institutional Cash Distributors, LLC, a U.S. broker-dealer registered with the SEC, member FINRA, and Institutional Cash Distributors, Ltd, a UK broker-dealer authorised and regulated by the Financial Conduct Authority (collectively “ICD”) understands your privacy is important. We have posted this notice in accordance with the laws and regulations of the jurisdictions where ICD conducts business. Relevant regulatory regimes include, but are not limited to, the European Union (“EU”) General Data Protection Regulation (“GDPR”), which regulates the use of personal data.
This notice will help you understand what types of personal data we may collect, how we use it and how we protect your privacy.
We collect personal data solely for the purpose of conducting business with, and on behalf of, customers, and to satisfy broker-dealer regulatory obligations. Customer business is conducted in accordance with agreements ICD has established with its customers. Where we collect personal data of, or relating to, our clients and website users for the purposes set out in this Notice, we are the data controller of that personal data. As a data controller we are subject to requirements under applicable data protection law and regulation, including the General Data Protection Regulation ((EU) 2016/679).
We have policies and procedures in place to protect personal data. We do not sell or otherwise furnish personal data to third parties, i.e., companies or individuals that are not affiliated with or contracted with ICD to conduct our customer’s business.
We do not disclose any personal data to anyone outside of the ICD business and regulatory environment; the business and regulatory environment includes vendors that may hold personal data (i.e. email vendor).
Please be aware that not providing the requisite personal data may preclude us from pursuing a business relationship with you, and/or from rendering our services to you.
QUESTIONS AND ANSWERS THAT DETAIL ICD’S PRIVACY POLICY
Q: What types of personal data does ICD collect?
A: ICD, its employees, representatives, agents and selected third parties may collect personal data, including:
- Information provided to us, such as on applications or other forms.
- Information about transactions with us, our affiliates or third parties.
- Information from others, such as credit reporting agencies, employers and government agencies.
- Information that may be disclosed on recorded telephone conversations, in order to facilitate our customers business.
ICD only collects the personal data required to conduct business with our customers. The personal data collected is required to open accounts introduced by ICD, and to use ICD’s website portal.
The types of personal data ICD collects include names, phone numbers, and business email addresses of the people with whom we conduct business. This information is stored in secure physical and server locations, as well as ICD’s secure, firewall-protected, back-office website. For certain customer entity accounts, additional personal detail may be required of authorizing personnel or senior officials/exectuives, including but not limited to government identifying numbers (i.e. SSN or passport numbers). This information is not stored on any ICD website, and is only retained in secure physical and server locations.
Q: What does ICD do to protect personal data?
A: ICD takes the following measures to protect personal data:
- We restrict access to personal data to those employees, agents, representatives or third parties who need to know the information to provide products and services to our customers.
- We have policies and procedures that give direction to our employees, agents and representatives acting on our behalf, regarding how to protect and use personal data.
- We maintain physical information and procedural safeguards to protect personal data.
- We have a vendor security management program that requires annual attestation of rigorous personal data protection in compliance with GDPR and other regulations.
- We conduct annual privacy policy training for ICD personnel.
Q: With whom does ICD share personal data, and why?
A: We do not share personal data about our customers with anyone, including other affiliated companies or third parties, except as permitted by law and required to conduct our customers’ business. We may disclose, as allowed by law, personal data we collect when needed, to affiliated companies, agents, employees, representatives and third parties that administer and service customer accounts on our behalf; or other financial institutions with whom we have joint agreements; or contracted auditors.
Personal data is utilized or stored within the countries where ICD conducts business, which include, but is not limited to the U.S. and UK. In today’s global market, it is necessary for us to transfer your personal data across national borders. On the most part, these transfers will involve at least one of our entities operating in the EEA and as such will apply the European standard of protections to the personal data we process. In practice, this means that all the entities agree to process your personal data in line with our high global standards. Where we transfer your personal data outside of the EEA, that data subsequently receives the same degree of protection as it would in the EEA through the implementation of EU Commission approved standard contractual clauses.
Q: How long does ICD keep personal data
A: We retain personal data in accordance with the maximum duration of country broker-dealer regulatory requirements. After the expiration of the retention period, personal data may be requested to be destroyed. Please contact compliance@icdportal.com for regulatory retention details.
Q: Does the ICD Portal use cookies?
A: This site uses cookies that enable you to move around the ICD Portal and use its features, such as accessing secure areas of the portal. Without using cookies, secure login and other features cannot be provided.
Specifically, ICD uses cookies to evaluate device fingerprints when doing multifactor authentication (the original fingerprint from device enrollment is stored in a cookie). ICD also uses cookies to track your session ID when logged in to the ICD Portal until you either log out or your session expires.
Q: Does ICD’s Privacy Policy apply to its agents and representatives?
A: ICD’s Privacy Policy applies, to the extent required by law, to its agents and representatives when they are acting on behalf of ICD.
Q: How do I request more information on ICD’s use of personal data, or exercise my rights to cease use of my personal data?
A: Requests for more information regarding how we collect and use personal data, or requests to cease use of personal data, or complaints to ICD, may be made in writing to the following contact information:
Email to:
compliance@icdportal.com
Mail to:
Institutional Cash Distributors, Ltd.
Attn: Compliance
30 Crown Place
London, EC2A 4EB
Institutional Cash Distributors, LLC
Attn: Compliance
16475 Bordeaux Drive
Reno, NV 89511
Formal complaints regarding personal data may be made to the Supervisory Authority of the requisite country/domicile in question.
With respect to GDPR, under EU law you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below:
- The right to access data relating to you (‘access right’).
- The right to rectify/correct data relating to you (‘right to rectification’).
- The right to object to processing of data relating to you (‘right to object’).
- The right to restrict the processing of data relating to you (‘right to restriction’).
- The right to erase/delete data relating to you (i.e. the “right to erasure”).
- The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’).
Even if you object to ICD’s use of personal data, we are nevertheless allowed to continue the same if the use is (i) legally mandatory, (ii) necessary for the performance of a contract to which the you or your organization are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we follow, including the establishment, exercise or defense of legal claims.
Q: Will ICD’s Privacy Policy change?
A: ICD reserves the right to change any of its privacy policies and related procedures at any time, in accordance with applicable federal and state laws. You will receive appropriate notice of our Privacy Policy changes.
Consent to this Privacy Policy and the use of personal data
Use of the Site signifies your consent on your behalf and on behalf of others you are representing and whose information you submit (if any), to this on-line Privacy Policy and the terms of use of this Site, including the collection and use of information, as described in this statement. To the extent our use of personal data presupposes that you give your prior consent thereto, our portal website will require your affirmative consent in due time.
