September 1, 2023
We may collect personal information about you from your discussions and correspondence with us, from legal documents, from information you supply about your investments or portfolio, from your incoming wire transfers or invoice payments, and from applications and other forms completed by you on our website, online platforms, or other media or provided to us by your authorized representatives and other fiduciaries. We may also collect personal information from email correspondence, telephone calls, paper communications, social media, our own websites and online platforms, or when you subscribe to our newsletter, visit our offices, enquire about or request products, goods, services, or other information from us, provide products or services to us and attend trade events such as conferences or exhibitions. This information may include contact details, biographical data, income, transaction history, assets, risk tolerance, wire transfer instructions, banking details, and tax, identification, social security, and account numbers, as well as information on your investment assets.
We may use personal information for the following purposes:
- To provide our portfolio management investment, research, and performance monitoring services;
- To respond to your inquiries, comments, feedback, or questions;
- To send administrative information to you, for example, information regarding our website or services and changes to our terms, conditions, and policies;
- To analyze how you interact with our website;
- To maintain and improve the content, functionality, and security of the website;
- To deliver and measure the effectiveness of our advertisements and marketing communications;
- To develop new products and services;
- To prevent fraud, criminal activity, or misuses of our website and services, and to ensure the security of our IT systems, architecture, and networks;
- To comply with legal obligations and legal process; and
- To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Our Basis for Processing Your Personal Data
The following are some of the ways we may lawfully process your personal data*:
- Consent: processing to which you have agreed;
- Performance of a Contract: processing necessary for the performance of a contract to which you are a party, or for the taking of steps at your request with a view to entering into a contract;
- Legal Obligation: processing necessary for us to comply with a statutory or regulatory obligation and
- Legitimate Interests: processing necessary for the purposes of legitimate interests pursued by us except where our interests are overridden by your interests, fundamental rights, or freedoms such as; marketing activities, provided the use is proportionate, has a minimal privacy impact, and you would not be surprised or likely to object, or in cases in which we have performed a legitimate interest impact assessment.
*See Article 6 with respect to GDPR.
Unless expressly agreed otherwise, we may disclose the personal information described above to custodians, fund administrators, investment managers, venture capital and private equity fund managers, and other nonaffiliated companies or individuals, such as legal, audit, and tax advisors, in the manner and to the extent permitted by you or as required by law. We may also disclose the information described above to other nonaffiliated service providers, such as providers of reporting data, data storage and fund monitoring services for our everyday business purposes in supporting our provision of services. To the extent possible, we require third parties to respect the security of your data and to treat it in accordance with the law.
International Transfer of Personal Information
Cambridge Associates may send your personal information outside the jurisdiction from which it originated or was collected. Where personal information is transferred or accessed outside of a specific jurisdiction, we require that appropriate safeguards are in place to comply with any applicable data protection regulations.
Your Choices in Relation to Personal Information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. Depending on where you live, you may also have rights and choices which you can exercise with respect to the data we hold on you. If you are a California resident, please review the Additional Information for California Residents section below for information regarding your rights. Individuals residing in the European Union and United Kingdom retain rights listed under the Rights Related to Personal Data section.
Retention and Destruction of Personal Information
We take reasonable steps to ensure the accuracy of the information we hold about you. We will not use your personal information unless it is (to our knowledge) accurate and up to date. We typically will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. When the purposes for which we have collected the data for have ended, we will retain and securely destroy your personal information in accordance with our policy, applicable laws and regulations.
Our website and services are not directed to children who are under the age of 16. We do not knowingly collect personal information from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal information to us through the website or our services, please contact us and we will endeavor to delete that information from our databases.
Links to Other Websites
Third Party Tracking and Do Not Track Signals
Unfortunately, the transmission of data over the internet is not completely secure. Although we will use our reasonable commercial efforts to protect your personal information against loss, misuse, unauthorized alterations or interception, we cannot guarantee its security. All clients who access performance data and other investment information from our website receive unique login and password identifiers, and it is your responsibility to protect your login information.
Rights Related to Personal Data
The EU GDPR, UK GDPR and the Swiss Federal Data Protection Act, respectively, provide EU, UK and Swiss residents with specific rights regarding their personal information. This section describes your rights under the GDPR and the Swiss Federal Data Protection Act (as applicable). Subject to certain exceptions and exclusions, EU, and UK and Swiss residents have the following rights in relation to the personal information we collect:
- the right to access information held about you
- the right to object to processing that is likely to cause you damage or distress
- the right to prevent processing for direct marketing purposes
- the right to request restriction of processing of personal data concerning you or to object to such processing
- the right to have information about you rectified, erased, or destroyed
- the right to claim compensation for damages to you caused by a breach of law
- the right to have your personal data transferred to another entity
- the right to revoke the declaration of consent under data protection law
- the right to information on safeguards, enforceable rights and effective legal remedies which are available regarding the transfer of personal data outside the EU
- the right to complain to a data protection authority
Our privacy practices are designed to comply with the following privacy laws and regulations:
Please note that this list is not exhaustive and may not cover all the laws that could apply to your personal data. The applicability of these laws depends on various factors, including your location. We are committed to complying with all applicable laws protecting your privacy rights.
In accordance with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act of 2023 (“CPRA”), this section is intended to inform California residents of (1) the personal information that we collect and how we disclose that information, and (2) the privacy rights California residents may have relating to their personal information and how those rights can be exercised.
Personal Information Collection and Disclosure
- Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of personal information, as described in greater detail in the “What Personal Information We Collect and From Where We Get It” section above:
- Identification Information, such as your name, email address, phone number, physical address, zip code, biographical information, social security and other identification numbers, and online account information (e.g., username and password).
- Online Activity Information, such your device identifier or IP address, the type of browser and device you are using, information about your device’s operating system, the actions you take on our website, and the names of referring and exit webpages. For more information on our collection of Online Activity Information, see our Cookies Policy.
- Commercial and Financial Information, such as your transaction history, wire transfer instructions, banking details, account numbers, and information on your income, assets, and risk tolerance.
- Sources of Personal Information: We collect the above categories of personal information from you, your authorized representatives and fiduciaries, our analytics providers and other service providers, and as otherwise described in the “What Personal Information We Collect and From Where We Get It” section above.
- Purposes of Collection and Disclosure: We collect and disclose the above categories of Personal Information for the business and commercial purposes described in the “How We Use Personal Information” and “Sharing and Disclosure of Personal Information” sections above.
- Categories of Personal Information Disclosed for a Business Purpose: In the past 12 months, we have disclosed for a business purpose all of the above categories of personal information to affiliates, service providers, custodians, fund administrators, investment managers, and other nonaffiliated companies or individuals as described in the “Sharing and Disclosure of Personal Information” section above.
- Categories of Personal Information Sold: Cambridge Associates does not sell personal information.
The CCPA and CPRA provide California residents with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights. Subject to certain exceptions and exclusions, California consumers have the following rights in relation to the personal information we collect:
- The right to request that we delete and direct any service providers that have received that personal information to delete, the personal information that we have collected and retained.
- The right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
- The right to opt-out of the sales of your personal information. (Cambridge Associates does not sell your personal information.)
- The right to correct inaccurate personal information.
- The right to limit the use and disclosure of sensitive personal information.
- The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA or CPRA.
Exercising Your Rights: California residents can exercise the above privacy rights by calling 1-888-834-5222 x2823 or emailing us at firstname.lastname@example.org.
Additional Privacy Rights*
Our privacy practices are designed to comply with all applicable privacy laws and regulations including, but not limited to, the following:
United States: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA)
European Union, UK, and Switzerland: General Data Protection Regulation (GDPR), German Federal Data Protection Act, UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Swiss Federal Data Protection Act
Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
Australia: Privacy Act 1988 (Privacy Act)
Singapore: Personal Data Protection Act (PDPA)
China: Personal Information Protection Law (PIPL)
*Please note that this list is not exhaustive and may not cover all the laws that could apply to your personal data. The applicability of these laws depends on various factors, including your location. We are committed to complying with all applicable laws protecting your privacy rights.
Verification: In order to protect your personal information from unauthorized access or deletion, we may require you to verify your credentials when you submit a request to know or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional personal information for verification. If we cannot verify your identity, we will not provide or delete your personal information.
Authorized Agents: You may submit a request to know or a request to delete your personal information through an authorized agent. If you do so, we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
Sean F. Hanna
Chief Compliance Officer and Senior Counsel
115 Federal Street
Boston, MA 02110