Last modified: January 25, 2023
We believe that protecting the privacy of your personal information is of the utmost importance, and we are committed to maintaining the privacy of your personal information in our possession. It is important for you to understand what information Qdeck collects about you and how we will use, protect and disclose this information once it is collected, as well as how you can opt-out of some of our uses and disclosures of your information. Therefore, we are providing you with the following notice about the information we collect, how we use that information and how we protect that information.
If you have any questions or concerns about your privacy or anything in this notice, we encourage you to contact us at firstname.lastname@example.org
Information We Collect
- We collect information we receive from you from managed account or other service agreements and forms. This information may include personal details such as name, title, addresses, telephone numbers, email addresses, date of birth, gender, citizenship, signature, photographs and details about your employment. This information may also include financial details such as your investment experience, income, assets, bank accounts, tax residency and tax id. We may also collect information provided by you and/or an authorized representative via email, telephone or at a meeting. Information may also be obtained from public sources such as websites or regulatory filings.
- We collect information about your transactions with our firm. This may include account activity, transactions and balances.
- We collect information from our website and applications we operate using cookies and other technologies. Further information about this is set out in our Cookie Notice.
How We Use This Information
We do not sell your personal information.
That said, information is collected from you in the ordinary course of business in order to offer or provide services, process transactions, and to fulfill contractual and legal obligations. We may use this information (i) to communicate with you and/or an authorized representative; (ii) to provide services to and process transactions for you; (iii) to conduct business development activities, including providing information about our services; (iv) to comply with legal and regulatory requirements, including the prevention of money laundering and “know your customer” procedures, as well as any other obligations that apply to our business; (v) to evaluate suitability for our services; (vi) to perform due diligence and ongoing monitoring of service providers and counterparties; (vii) to fulfill contractual obligations; (vii) to maintain our website and applications; (ix) to engage with any party regarding complaints, litigation, and regulatory or government investigations in connection with Qdeck, its clients or its services; and (x) for other legitimate business purposes.
We may use your personal information to communicate with you about our services. Where required by applicable law, we obtain consent to process personal information and communicate with you for marketing purposes and to provide information about your investments. Where you have provided consent to receive these communications, you also have the right to unsubscribe by clicking on the link to unsubscribe on any of these communications or by emailing us at email@example.com.
How We Store and Retain Your Information
Your personal information is stored securely and access to it is limited in accordance with our Information Systems Security Policy (“ISSP”) and its procedures. We maintain electronic and physical safeguards, including limited access controls, to protect your personal information. All Qdeck employees are subject to the requirements of our policies and procedures, as well as the specific safeguards set forth in our ISSP. We will take reasonable steps to protect your personal information against loss, theft and misappropriation, as well as from unauthorized access, copying or modification. In addition, if personal information is processed outside your country of residence, we have established safeguards to protect that information in accordance with applicable law. However, no method of storage on or transmission over the internet is 100% secure, and so we cannot guarantee the absolute security of your personal information.
The length of time we hold your personal information will vary. We retain your personal information for a minimum of five years from the date the relevant business relationship has ended. To the extent permitted by applicable law, we will retain personal information as long as it is needed for the business purpose for which it was provided, or we have another lawful basis to retain the information.
Information Transfer and Disclosure
To service your account and process your transactions, we may provide your information to related third parties, such as firms that assist us in servicing your account and require such information. These services include payment processors, financial services and cloud storage providers. We require these service providers to protect the confidentiality of your information and use it only for the purpose of providing these services. If these services are provided outside the UK/European Economic Area (“EEA”), we will ensure safeguards are in place to protect your information, as required by applicable law.
We may also share your personal data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing or acquisition of all or a portion of our business by or into another company.
Qdeck may share your personal data other than as described in this notice if we notify you and you consent to the sharing.
Important Information for European Union and United Kingdom Users
If you are a user from the European Union or United Kingdom, you should be aware that Qdeck is the controller of your personal data (Data Controller) under the EU General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”).
You may have certain additional rights regarding your Personal Data (as defined in the GDPR and UK GDPR), including the right to:
- access your information;
- rectify your information if it is incorrect or incomplete;
- have your information erased (“right to be forgotten”) if certain grounds are met;
- withdraw your consent to our processing of your information at any time, if our processing is based on consent;
- object to our processing of your information, if our processing is based on legitimate interests;
- object to our processing of your information for direct marketing purpose;
- receive your information from us in a structured, commonly used, and machine-readable format; and
- the right to transmit your information to another controller without hindrance from us (data portability).
There is no charge for any of these requests. To make a request, please contact us at firstname.lastname@example.org. We try to respond to such requests in a timely manner, but in no event longer than one month.
When we collect your Personal Data, we maintain and store it for as long as we determine reasonably necessary to provide our services to you, unless you exercise your right to erasure described above, or to comply with applicable legal requirements.
If you are a citizen of the European Union or United Kingdom, when we process your Personal Data, we will only do so in the following situations:
- We have a contractual obligation.
- You have provided your consent. You are able to remove your consent at any time, and you may do this by contacting us at email@example.com
- We have a legal obligation
- We have a legitimate interest in processing your Personal Data. For example, we may process your Personal Data to send you marketing communications, relevant content, products or events invitations, or to communicate with you about changes to our services, and to provide, secure, and improve our services.
If you are a user in the European Union or United Kingdom and have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Qdeck is not directed to children, and we don’t knowingly collect personal information from children under the age of 18. If you believe that a child under the age of 18 has given us personal information, please contact us at firstname.lastname@example.org
Information for California, Colorado, Connecticut, Utah and Virginia Residents
The California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), plus the Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CDPA”), Utah Consumer Privacy Act (“UCPA”) and Virginia Consumer Data Protection Act (“VCDPA”) allow consumers in these states to opt out of certain sharing of their data.
We do not track users over time and across apps or websites, and our website therefore does not respond to Do Not Track signals.
California, Colorado, Connecticut, Utah and Virginia residents may request that Qdeck:
- Disclose the sources, categories, and specific pieces of personal information we have collected about them, how that information is used, and with whom Qdeck shares it
- Disclose the purpose for collecting personal information
- Disclose the categories of third parties with whom Qdeck shares personal information
- Delete/rectify/restrict their personal information, subject to certain exceptions (right of rectification not applicable to Utah residents)
- Disclose, for any “sales” of personal information, the categories of personal information collected and sold and to what categories of third parties it was sold
- Opt them out of sales of their personal information (if any) or subject certain personal information to automated decision-making algorithms (the latter not applicable to Utah residents)
- Provide a copy of their personal information in a readily usable format that allows the information to be transmitted to others
- Residents in these states may not be discriminated against for exercising any of the rights described above.
California, Colorado, Connecticut, Utah and Virginia residents may exercise these rights by contacting Qdeck at email@example.com
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. PI categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some PI included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO|
|E. Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with websites, services, or advertisement.||YES|
|G. Geolocation data||Physical location or movements.||NO|
|H. Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other PI||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
Sharing Your Personal Information for a Business Purpose
In the preceding twelve (12) months, Qdeck has disclosed the following categories of personal information for a business purpose with related third parties, defined under Information Transfer and Disclosure below:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category F: Internet or other similar network activity.
Address: 800 Bellevue Way NE, Suite 200, Bellevue, WA 98004 USA