CONTACTING OUR PRIVACY OFFICE
Note you must share your email address for all requests. By emailing us below you give us permission to contact regarding your privacy request.
Please do not share other personal information such as tax identities and other associations.
Our privacy team will contact you separately to arrange for exchange of other details needed to satisfy your requests. No actions will be taken without a second form of confirmation of your identity.
Confirm how my data is managed by PCR
Confirm how PCR is authorized to manage your data
Request copies of your data
Request that your data be eliminated or anonymized
OUR COMMITMENT TO PROTECT YOUR PERSONAL INFORMATION
Who is PCR?
PCR is a financial services technology company that aggregates the investment data of individuals to provide a consolidated view of their investments. We provide the service to banks, registered investment advisors, family offices and technology companies (“Providers”) who have a trust relationship with their clients. Each client in turn provides written authorization for PCR to receive their data for this purpose (“Intended Purpose”).
FOR INDIVIDUALS THAT USE OUR AGGREGATION SERVICES ...
How did we obtain your data?
You or your investment advisor authorized us to register your investment accounts in our enrollment system and to produce “letters of authorization” that you signed and that were then forwarded to the custodians and investment managers of those accounts (“Data Controllers”). These authorizations direct those firms to send PCR copies of your investment data.
What personal data do we gather and manage?
Generally, the data we aggregate includes your investment transactions such as buying and selling stocks. It also includes related information on the securities you invest in including the security name. The accounts ask us to aggregate can also include bank accounts, mutual funds and your business interests. To prepare and submit letters of authorization which authorize third-parties to send us your data, we capture your name and the names of other account holders such as spouses. We endeavor to keep the amount of information we gather to the minimum required for Intended Purposes. By category:
Account Holder Identity and Contact Information including Name and Email address
Investment Account details including name of custodian or fund manager and related account numbers.
Investment Data including the specific quantities, values and transactions related to investments in securities.
Who can access your personal data?
Access to your personal data is restricted to those of our employees and service providers as required to deliver the Intended Purpose.
What DO we do with your data?
We collect your data which is sent to us as files or as copies of your statements into a secure data center where it is processed for accuracy. Most information is processed without human intervention, however when exceptions occur there are processes that require employees to review the information, communicate with custodians/managers to correct errors and enter the information into our systems. Once the data is ready it is (a) used to produce reports that you receive; or (b) delivered to other data processes you have directed us to share with (e.g. your advisor) as files that they in turn load into their systems to provide some reporting, analytic or other service on your behalf.
What DON’T we do with your data?
We do not analyze your data in ways that result in decisions that affect your credit history or in any other way make judgements based on this data. We do not sell data derived from your personal data.
Where and when do we share your data?
To those you direct us to share data with (e.g. your financial advisor)
To our hosting service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
To comply with any court order, law or legal process, including to respond to any government or regulatory request.
How do we protect your data?
PCR implements security management processes based on SOC-2 and ISO-27001 standards to ensure the confidentiality, integrity and availability of your personal data. Data is encrypted throughout transmission and storage to reduce possibility of unintended disclosure. Additionally, certain of our products provide for the pseudonymization of the data in a way that separates your personal information from your financial information making it more difficult to use if either is revealed. However, the transmission of information via the internet is not completely secure and we cannot guarantee that all your private communications and other personally identifiable information will never be disclosed once it leaves our network. We are continuously improving our information security posture.
What countries is your data transferred to?
Personal data is consolidated and processed in a data centers in the USA. Transfer to other domiciles is undertaken with only with your consent with safeguards in place such as Standard Contractual Clauses that protect your data.
How long is your data kept?
Your personal details will be kept for the duration required to fulfil the Intended Purpose and any further regulatory or legal retention requirements or until such time as you direct this information to be deleted.
PCR from time to time will make changes to this policy to reflect changes in our process or as required by relevant regulatory or other bodies. Changes will be posted to our website.
FOR OTHER INDIVIDUALS
We manage customer and contact information in a secure system with limited access to sales, marketing and executive employees. This information is obtained during our normal course of business interactions and could include your name, phone number, email, employer and position in the company. We use this information exclusively for legitimate business communications via email and voice and provide an opt-out option in all such communications. We use the same protections described above to protect your contact details.
YOUR RIGHTS AS IT RELATES TO YOUR DATA
Access to your personal data
You have a right to access the personal data we process on you. We will endeavor to give you as complete of a list as possible. If there is any specific information you are looking for please outline this in your request.
Correct your personal data and object or restrict the processing
If any of the personal data we hold on you is incorrect, incomplete or out of date you have a right to have this updated. You have the right to object to processing of your personal details where the processing is based on legitimate interest. Where you exercise this right we will outline the reasons for processing the data and stop processing your personal details while we work through the objection. You can request that processing is restricted while we review your personal data, where you dispute the accuracy of it.
Erase your personal data
Where you suspect that your personal data is processed without a legitimate reason or where you believe we no longer have grounds to process your personal data you can request it to be erased. Please note that we are under no obligation to rectify or delete your personal data where to do so would prevent us from meeting our legal or regulatory obligations.
Rights relating to automated decision making and profiling
PCR does not engage in any automated decision making or profiling which could in any way adversely affect you.
Have your personal data ported
This allows you to reuse your personal data by having it electronically transmitted to or from another service provider or to yourself. The format of this transmission will be determined by PCR.
Complain to the supervisory authorities
You have a right to complain to the relevant supervisory authority, which varies by country and by State in United States.
SPECIAL NOTICE TO US CITIZENS
PCR respects children's privacy and complies with the practices established under the Children's Online Privacy Protection Act. PCR does not knowingly collect or retain personal information from anybody under the age of thirteen.
PCR complies with all State regulations regarding who your data is protected and used as well as procedures to notify if you information has been breached.
RESIDENTS OF THE EUROPEAN ECONOMIC AREA
If you are a resident of the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your personal data.
Legal Basis for Processing
If you are a resident of the EEA, when we process your personal data we will only do so in the following situations:
You have given your consent to the processing of your personal data for the Intended Purpose
We will only collect the data needed to perform our responsibilities under our contract with you.
Hosting your data and the Privacy Shield Framework
Our data center provider hosts the servers that store your information. They have committed to the EU Privacy Shield Principals of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. This service provider complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. To learn more about the Privacy Shield program, and to view our certification page, you may visit https://www.privacyshield.gov/.
For security reasons we do not identify the hosting provider in this public document, however, existing clients can inquire for more information at email@example.com
Data Subject Requests
If you are a resident of the EEA, you have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us at firstname.lastname@example.org.
Questions or Complaints
If you are a resident of the EEA and have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.