If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. HFR is the data controller of the personal data collected and is responsible for the processing of your personal data.
Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.
1. Personal Data We Collect
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.
a. Categories of Personal Data We Collect
The types of personal data we collect about you depends on your interactions with us and your use of the Services. For example, we collect personal data when you register on our site or purchase a service including, but not limited to, identifiers such as name, e-mail address, mailing address, phone number, and organization name from information provided by you or your employer through our registration process and subsequently through other means such as, but not limited to, your use of the site, survey forms or optional contact forms.
We may collect and use the following personal data about you:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
- Characteristics of protected classifications under federal law such as race, color, religion, sexual orientation, or gender identity, national origin, age (40 or older), and disability and that you voluntarily provide us.
- Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
- Geolocation data.
- Professional or employment-related information.
- Education information.
- Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.
b. How We Use Your Personal Data
We collect and process your personal data for the following business purposes:
- Providing our services to you.
- Processing your user subscription.
- Servicing and administering your user experience.
- Providing and improving customer service.
- Processing transactions.
- Maintaining appropriate business records.
- Conducting statistical analysis and market research.
- Responding to or evaluating any queries or complaints.
- Establishing, exercising, or defending legal claims.
- Marketing our products and services to you (by us or by HFR affiliates and subject to any preferences you communicate to us).
- Site improvement and product development
- Communicating with you by email, about products, services, order status, and information tailored to your requests or inquiries.
- Enforcing our Terms of Service and other usage policies.
We may also monitor your conduct on the site for any lawful reason or purpose.
We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
c. How We Obtain Your Personal Data
We collect your personal data from the following categories of sources:
- Directly from you. We may collect and process personal data relating to you in connection with our on-going relationship with you or your company when you provide it directly, such as via correspondence and calls or online.
- Automatically or indirectly from you. For example, through logging and Google analytics tools, cookies, pixel tags, and as a result of your use of and access to the Services or through your interactions with us on social media websites X, YouTube, LinkedIn, or Weibo.
- From our Service Providers. For example, order processing and fulfillment services, commercial email providers, security consultants, and other Service Providers we engage. Salesforce
From Third Parties. Such as Google analytics.
d. Legal Bases for Processing
We process personal data for, or based on, one or more of the following legal bases:
- Your Consent. We may process your personal data where you have given your consent, such as using your business contact information for marketing purposes when you opt-in.
- Performance of a Contract. We may process personal data to enter into, or perform under, the agreement between us.
- Legitimate Interests. We may process personal data for our legitimate interests when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
- Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.
e. Who We Share Your Personal Data With
We may share your information when we have a legal basis to do so, for example in order to provide our services, to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. We may also share non-personally identifiable information to other parties for marketing, advertising, or other uses.
We disclose your personal data with the following categories of third parties:
- Our Subscribers, which include, investors, fund managers, service providers, and advisors in the alternative assets industry.
- Our Service Providers such as IT service providers, which may handle personal data confidentially on our behalf (such as Salesforce).
- HFR-affiliated companies such as HFR, Inc., subsidiaries, Fund Solutions, LLC, an affiliated back-office Administrator and HFR Asset Management L.L.C., an affiliated SEC registered Investment Adviser.
- Our partners or prospective partners to provide us and/or our affiliates and partners with information about the use of the Services and levels of engagement with the Services to allow us to enter into new business relationships, and to allow us to market products or services on their behalf.
- Auditors, government agencies or other competent regulatory authorities when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.
Other than listed above, we do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
2. Your Rights Regarding Personal Data
You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you.
Your rights vary depending on the laws that apply to you, but may include:
- The right to access the personal data that we hold about you.
- The right to be informed about the personal data we collect and/or process about you.
- The right to require us to rectify any inaccuracies in your personal data (see the “Accessing, Modifying, Rectifying, and Correcting Collected Personal Data” section below for more information).
- The right to require us to erase your personal data.
- The right to withdraw your consent, where processing of personal data is based on your consent.
- The right to object to our use of your personal data or the way in which we process it.
- Where the legal basis for processing is that it is necessary for the performance of a contract with you, the right to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to require us to transmit that data to another controller.
- The right to learn the source of personal data about you we process.
- The right to lodge a complaint with a supervisory authority located in the jurisdiction of your habitual residence, place of work, or where an alleged violation of law occurred.
- The right to know with whom we have shared your personal data with, for what purposes, and what personal data has been shared (including whether personal data was disclosed to third parties for their own direct marketing purposes).
a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
We strive to maintain the accuracy of any personal data collected from you and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review your information carefully before submitting it to us and notify us as soon as possible of any updates or corrections through our contact form.
Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.
b. Your California Privacy Rights
California’s “Shine the Light” law permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.
c. Your Nevada Privacy Rights
Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to the through the contact methods below and are free of charge.
d. Your Swiss, UK and EU GDPR Privacy Rights
In addition to the above-listed rights, individuals in Switzerland, the United Kingdom (“UK”) and individuals in the European Economic Area (“EEA”) have enhanced rights in respect of their personal data by virtue of the UK General Data Protection Regulation (“UK GDPR”) and the European Union General Data Protection Regulation (“EU GDPR”). These rights may include, depending on the circumstances surrounding the processing of personal data:
- The right to object to decisions based on profiling or automated decision making that produce legal or similarly significant effects on you;
- The right to request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest (including, but not limited to, processing for direct marketing purposes) or (ii) performance of a task in the public interest;
- In certain circumstances, the right to data portability, which means that you can request that we provide certain personal data we hold about you in a machine-readable format; and
- In certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain personal data we process about you.
Note that we may need to request additional information from you to validate your request. To exercise any of the rights above, please contact us at GDPR@hfr.com.
e. Your Canadian Privacy Rights
Residents of Canada are permitted to request and obtain from us information respecting the existence, use, and disclosure of their personal data as well as access to that information (subject to certain exceptions pursuant to applicable laws). Without limiting the above, residents of Canada will, upon request:
- Be informed of whether we hold personal data about you;
- Be provided with an account of third parties to which we have disclosed your personal data;
- Be able to challenge the accuracy and completeness of your personal data and have it amended as appropriate; and
- Be provided with information about our policies and practices with respect to the management of personal data, including: the name or title, and address, of the person who is accountable for our privacy policies and practices; the means of gaining access to personal data; a description of the type of personal data held by us, including a general account of its use; a copy of any brochures or other information that explain our policies, standards, or codes; and what personal data is made available to related organizations.
3. Your Choices
You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
- Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time through a given communications channel (such as email or telephone) by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Notice, or by informing our customer service representatives of your desire to opt out. If you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line, and include your name and the email address you used to sign up for communications in the body of the email.
Note that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).
- Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
- Cookies, Web Tracking, and Advertising. We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. Consult our Cookie Notice for more information about how to control and/or opt out of certain web tracking technologies and/or advertising providers from collecting information about you.
4. Protecting Personal Data
We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the pseudonymization and encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.
When you place an order, we implement a variety of security measures to maintain the safety of your personal information through the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems and are required to keep the information confidential. After a transaction, your private credit card information will not be stored on our servers.
While HFR has endeavored to create a secure and reliable site for its users, we cannot ensure or warrant the security or confidentiality of any information users transmit to and from the site. Unfortunately, no data transmission over wireless and wired networks is inherently secure. When disclosing any personal data, you should remain mindful that the information is potentially accessible to the public, and consequently, can be collected and used by others without your consent.
We will use all reasonable efforts to safeguard the privacy of your personal data disclosed to us; however, we assume no liability for disclosure of data due to errors in transmission or acts by unauthorized outside parties.
5. Retention of Personal Data
We retain US personal data for no longer than is necessary and Swiss, EU or UK personal data for no longer than six years, unless to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.
Your personal data will not be kept in a form that allows you to be identified for any longer than we reasonably consider necessary to accomplish the purposes for which it was collected or processed, or as permitted or required by applicable laws related to data retention. The retention period for your personal data is determined based on the purpose of processing of the particular data.
Thereafter, as a general matter, your personal data will be archived and stored to be used and otherwise processed in the event of legal or regulatory requirements, statutes of limitations, disputes, or actions, and will be stored and, if applicable, used and otherwise processed until reasonably after the end of any such requirement, limitation, dispute, or action, including any potential periods of review or appeal.
Thereafter, your personal data will be anonymized, deleted, or archived as permitted by applicable law.
6. Other Important Information About Personal Data and the Services
- Collection of Personal Data from Children. Children under 18 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older.
- Third-Party Websites and Services. This Privacy Notice does not apply to any third-party services. Occasionally, at our discretion, we may include or offer third party products or services on our website to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. We therefore have no responsibility or liability for the content and activities of these linked sites. You access these third-party services at your own risk. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites. Please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.
- Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.
- Do Not Track. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.
- International Use. Your personal data will be stored and processed in the United States. If you are using the Services from outside the United States, by your use of the Services you acknowledge that we will transfer your data to, and store your personal data in, the United States, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States. In connection with the above purposes, for individuals in the UK and EEA we may transfer your personal data outside the UK and EEA, including to a jurisdiction which is not recognized by the as providing for an equivalent level of protection for personal data as is provided for in the UK and EEA. If we transfer your personal data, and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers.
7. Modifications and Updates to this Privacy Notice
This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice
8. Applicability of this Privacy Notice
This Privacy Notice is subject to any agreements, including but not limited to the Terms of Use – HFR Indices and Index Data that govern your use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services.
This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
9. Additional Information and Assistance
If you have any questions or concerns about this Privacy Notice and/or how we process personal data, please contact us through the methods described below.
Data Privacy Manager
110 N. Wacker Drive, 25th Floor
Chicago, IL 60606
gdpr@hfr.com
+1-312-658-0955
If you are located in the United Kingdom, European Union or European Economic Area, and you wish to raise a concern regarding our use of your personal data, you have the right to do so with your lead supervisory authority https://edpb.europa.eu/about-edpb/about-edpb/members_en or your local supervisory authority.
For more information about how users with disabilities can access this Privacy Notice in an alternative format, please contact us through the above contact methods.
Want to Learn More About HFR Indices, Data and Analysis?
Get in touch with the team that helps you understand the past, present, and future of the hedge fund industry.