IRONWOOD CAPITAL MANAGEMENT PRIVACY POLICY
Ironwood Capital Management
General Partner, Investment Manager or Investment Adviser to:
Ironwood Partners L.P.
Ironwood International Ltd.
Ironwood Institutional Ltd.
Ironwood Non-Dollar Fund SPC
Ironwood Institutional Multi-Strategy Fund LLC
Ironwood Multi-Strategy Fund LLC
Ironwood Multi-Strategy Fund Ltd.
(the “Advisory Clients”)
Effective Date: June 1, 2021
Ironwood Capital Management Corporation (“Ironwood”) respects your privacy and strives to protect your personal information. This Privacy Policy describes the kinds of information Ironwood may collect during your visit to our website (http://ironwoodpartners.com) (the “Site”), when you communicate with Ironwood, use our products and services (“Services”), how we use your information, how we protect your information, and how you can exercise options regarding your information.
If you are a client of Ironwood, we will use and share any information that we collect from or about you in accordance with this Privacy Policy (https://www.ironwoodpartners.com/pages/2043), which offers you certain choices with respect to the use and sharing of your personal information. Unless authorized by the specific client or former client, or as permitted by law, Ironwood will not disclose non-public personal information (such as name, address, social security number, tax identification number, net worth, total assets, income and other financial information necessary to determine required accreditation standards) about its clients or former clients to third parties other than affiliates and/or other third party firms that assist Ironwood in providing advisory services and/or effecting client transactions (such as brokers, fund administrators and compliance/operational support service providers). Instances in which Ironwood may, as authorized and as disclosed in its Privacy Policy, share its customers’ information with non-affiliated third parties include:
1. disclosure to companies that provide services necessary to effect a transaction that you request or to service your account such as administrators, accountants, or mailing services.
2. disclosure to government agencies, courts, parties to lawsuits, or regulators in response to subpoenas. In such cases, we share only the information that we are required or authorized to share.
This Privacy Policy forms part of our Terms of Use, which is available here (https://www.ironwoodpartners.com/pages/2042). By visiting our Site, and using our Services, you consent to our collecting and storing personal information as described in this Privacy Policy and in the Terms of Use. Please read these documents carefully.
We may revise this Privacy Policy at our discretion. Ironwood will inform investors of any changes as required by law, and will post any changes on this page and update the “Last Updated” date. Your continued use of our Site and Services after changes have been posted will constitute your acceptance of this Privacy Policy and any changes.
The sections of this Privacy Policy are as follows:
I. Types of Personal Information We Collect and How We Use and Share the Information
II. Security and Data Retention
III. International Data Transfers
IV. Your Privacy Rights
V. How to Contact Us and Exercise Your Privacy Rights
I. Types of Personal Information We Collect and How We Use and Share the Information
When you interact with Ironwood, Ironwood may collect personal information about you. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include deidentified or aggregate information or public information lawfully available from governmental records.
The following table categorizes the types of such information we have collected in the last 12 months and, for each category, provides the sources from which that information was collected, why we collected the information, and with whom we shared the information. We anticipate continuing to collect the information discussed in the table from the same sources, as well as continuing to use and share it as described in the table.
Category of Personal Information (PI) |
Sources from which PI was collected |
Purpose of collection |
Categories of entities with which PI was shared |
Identifiers, such as name, email address, address, phone number, tax identification number, facsimile number, social security number or other similar identifiers |
From our interactions with individuals seeking to obtain or obtaining our products and services or otherwise interacting with or contacting us (“You”)
From your agents, representatives, consultants and advisers (“Agents and Representatives”)
From government sources and records and other publicly-available information (“Public Information”)
|
Providing advisory services necessary and effecting client transactions, including: onboarding new investors and opening accounts, servicing existing accounts, including processing subscriptions, redemptions and transfers, responding to investor requests and concerns (“Advisory Services”)
Carrying out our obligations arising under our contract with you and to enforce the same (“Contractual Obligations”)
Verifying or authenticating your identity, including for access to our systems (“Identity Verification”)
Protecting our facilities, systems, and personnel; preventing fraud, abuse and crime; responding to emergencies (“Protection and Defense”)
Managing and fulfilling legal and regulatory requirements, responding to valid legal requests (“Regulatory and Legal”) |
Service providers, e.g., cloud storage provider, anti-money laundering screening provider, fund administrator, transfer agent, custodian or broker-dealer (“Service Providers”)
Advisors and consultants including accountants, prime brokers, accountants, banks, attorneys, or other administrators (“Advisors”)
Fraud prevention agencies and law enforcement agencies; courts, governmental and non-governmental regulators and ombudsmen (including, without limitation, to report tax related information to tax authorities in order to comply with a legal obligation); parties to lawsuits; other competent authorities (including tax authorities), courts and bodies as required by law or requested (“Competent Authorities”)
Affiliates |
Characteristics of protected classes and demographic information, such as age, sex, marital status |
You
Agents and Representatives
Public Information
|
Investor Services
Identity Verification
Protection and Defense
Regulatory and Compliance |
Service Providers
Advisors
Competent Authorities
Affiliates |
Commercial and financial information, such as records of personal property, products or services purchased, obtained, or considered, information on investments, assets, net worth, tax status, holdings, account balances, transaction history, bank account details, wire transfer instructions |
You
Agents and Representatives
Public Information
|
Investor Services
Identity Verification
Contractual Obligations
Regulatory and Compliance |
Service Providers
Advisors
Competent Authorities
Affiliates |
Internet or other electronic activity information, including information regarding an individual’s interaction with the Site, emails sent and received |
e-Traffic
From emails sent and received by Ironwood employees |
Investor Services
Identity Verification
Protection and Defense
Regulatory and Compliance |
Service Providers
Advisors
Competent Authorities
Affiliates |
Electronic, or visual information, such as copies of drivers’ license, passport or other photograph identification |
You
Agents and Representatives
Public Information |
Investor Services
Identity Verification
Protection and Defense
Regulatory and Compliance |
Service Providers
Advisors
Competent Authorities
Affiliates |
Associations and affiliations, such as whether an investor or its personnel are related to someone who is employed in the securities industry, information about related parties to an account, and beneficiaries |
You
Agents and Representatives
Public Information |
Investor Services
Identity Verification
Regulatory and Compliance |
Service Providers
Advisors
Competent Authorities
Affiliates |
In addition to the categories of third parties to whom we share information identified above, we will also disclose your personal information if you direct us to do so. Beyond that, we do not grant access to your personal information to any other categories of third parties unless we say so in this Privacy Policy, which we may amend from time to time, or unless we in good faith believe the law requires it or we have a legitimate interest in making a disclosure, such as where necessary to protect our rights and property.
In the last 12 months we have not sold any Personal Information. Ironwood does not and will not sell Personal Information to third parties.
II. Security and Data Retention
Ironwood has established and maintains reasonable security measures that cover its use of computers and other technologies and are intended to maintain the confidentiality of personal information. Ironwood has adopted internal procedures to (i) secure user authentication protocols, (ii) ensure there is the proper encryption of transmitted records and files containing investor information, (iii) ensure there is the proper encryption of all investors’ information stored on laptops and other portable devices, (iv) require periodic updates of firewall protection and operating system patches on systems connected to the internet, and (v) ensure that any cleared, purged, declassified, overwritten or encrypted electronic media is not backed-up or saved on a hard drive, recycle bin or other memories.
In order to facilitate compliance with applicable requirements relating to non-public personal information, Ironwood has adopted the following internal privacy policy:
-
-
- access to Ironwood’s locked office requires a security pass (which is generally only provided to Ironwood’s employees);
- access to clients’ non-public personal information is restricted to an identified group of employees and service providers;
- access to clients’ electronic-based non-public personal information is restricted (through passwords or similar securitization) to an enumerated group of Ironwood employees; and,
- employees are strictly prohibited from keeping or transporting clients’ non-public personal information outside of Ironwood’s business premises.
-
In order to protect clients against the risks of fraud and fraud-related crimes, including identity theft, Ironwood has also adopted the following internal procedures relating to the secured disposal of non-public personal information (although this list may not be exhaustive):
-
-
-
- to the extent not covered under Rule 204-2 of the Advisers Act, hard-copies of clients’ and investors’ non-public personal information (or any extra hard-copies of such non-public personal information, whether or not covered by Rule 204-2) shall be shredded or otherwise destroyed in a manner so that such information cannot be practicably read or reconstructed;
- to the extent not covered under Rule 204-2 of the Advisers Act, the clients’ and investors’ non-public personal information which is stored on disk, CD, tape or other electronic media (or any extra disks, CDs, tapes or other electronic media which contains of such non-public personal information, whether or not covered by Rule 204-2) shall be cleared, purged, declassified, overwritten and/or encrypted in such a manner so that any information contained therein cannot be restored or decrypted; and,
- after the electronic media is cleared, purged, declassified, overwritten or encrypted, Ironwood’s Chief Compliance Officer, or her designee, shall check that the original information is not backed-up or saved on a hard drive, recycle bin or other memories.
-
-
Please note that although we take the aforementioned steps to protect the confidentiality of your personal information, no security measures are infallible and we cannot and do not guarantee that our safeguards will always work. Please use caution when transmitting information over the Internet, use strong and unique passwords that you do not also use on other online services, and notify us immediately of any concerns with your account or passwords.
III. International Data Transfers
We are based in the United States. The information you submit to us and that we collect as a result of using our Site or Services will be transferred to the United States. By using our Site or Services, you consent to the collection, international transfer, storage, and processing of your information. If it is illegal to access our Site or Services or transfer your data to the United States, please do not use our Site or Services.
VI. Your Privacy Rights
A. Rights Under Federal Law
Federal law gives consumers and customers, as those terms are defined in the Gramm-Leach-Bliley Act (“GLBA”), the right to limit some but not all sharing of their information by financial institutions. Federal law also requires us to tell you how we collect, share, and protect your personal information. For information on the manner in which we may share your information if you are a client of Ironwood, please refer to privacy notices provided in connection with your investment in Ironwood funds or other Services under GLBA.
B. Rights Under State Law (California)
If you are a resident of California, you may have rights under the California Consumer Privacy Act of 2018 (“CCPA”), as described in this section. These provisions of the CCPA do not, however, apply to personal information collected, processed, sold, or disclosed pursuant to the federal GLBA and its implementing regulations or the California Financial Information Privacy Act. This section of our policy therefore does not apply to personal information that is exempted from the privacy policy notification requirements of the CCPA, including information about clients that is covered by the GLBA and certain information processed exclusively in the business-to-business context (e.g., information about an individual acting in his or her capacity as a representative of a company).
If you are a California resident, you may have the following rights under the CCPA regarding your Personal Information, as described in this section.
Right to request disclosure of information we collect and share about you. You can submit a request to us for the following personal information we have collected:
-
-
-
- The categories of personal information we’ve collected about you
- The categories of sources from which we collected the personal information.
- The business or commercial purposes for which we collected the personal information.
- The categories of third parties with which we shared the personal information.
- The specific pieces of personal information we collected.
-
-
You can also submit a request to us for the categories of Personal Information that we have disclosed for a business purpose.
Our responses to any of these requests will cover the 12-month period preceding our receipt of the request.
Right to request the deletion of personal information we have collected from you. Upon request, we will delete the personal information we have collected about you that is covered by the CCPA, except for situations where specific information is necessary for us to: provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by applicable laws, rules or regulations. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.
Non-Discrimination. You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
We are committed to honoring your rights. We are committed to complying with the law. If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly.
V. How to Contact Us and Exercise Your Privacy Rights
To exercise any of the rights above, or to ask a question about our use of your personal information, please contact us at 1-833-990-2394 or investorservices@ironwoodpartners.com. Alternatively, inquiries may be mailed to the following address:
Ironwood Capital Management
One Market Plaza
Steuart Tower, Suite 2500
San Francisco, CA 94105
Note that we are committed to ensuring that our communications are accessible to people with disabilities and welcome accessibility-related requests or reports of barriers in respect thereof.
A. How we will handle a request to exercise your rights.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we’ll let you know.
B. How We Will Verify Your Identity When You Submit an Access or Deletion Request.
We will verify your requests under CCPA or other applicable law as follows:
Requests for specific pieces of Personal Information. We will verify your identity through our standard authentication practices, which may include asking you for multiple pieces of personal information and endeavoring to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.
Requests for categories of Personal Information collected about you. We will verify your identity through our standard authentication practices, which may include asking you for multiple pieces of Personal Information and endeavoring to match those to information we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
Requests for deletion of Personal Information we have collected from you. We will verify your identity through our standard authentication practices, which may include asking you for multiple pieces of Personal Information and endeavoring to match those to information we maintain about you.
If we are unable to verify your identity with the degree of certainty required before providing you with the information requested, we will notify you to explain the basis of our denial.
Authorized agents – additional verification required. You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity that is registered with the appropriate authorities.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain personal information as described above, depending on the nature of the information you require, which we will endeavor to match to information we maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, we may also require it to submit evidence that it is registered and in good standing with appropriate authorities. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity.
If you would like to download a copy of this report, please click here.