U.S.-Swiss Safe Harbor
Collection and Use of Visitor Information
Promontory also collects information you provide to us. As a visitor to the Promontory Website, or as one who has otherwise requested information about Promontory, you may choose to provide us with your name, email address, and other contact information, such as your mailing address and telephone number. We will use the information you provide us for the purpose of responding to your request and to provide you with services.
Third Party Applications
When you visit our Website, we collect and temporarily store information about the Internet connection and the date and time of the visit through the use of tracking technologies. We use technologies such as cookies, beacons, tags and scripts, which are used by Promontory and Google Analytics.
Disclosure of Information
Promontory will not sell your personal information to third parties. If you have voluntarily submitted information to us through an email, by telephone, or otherwise, Promontory maintains your privacy by ensuring that the information is distributed only within Promontory or to third party agents who help us provide services to you. This enables us to respond to your requests about our services and our company.
We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
If Promontory is involved in a merger, acquisition, or sale of all or a significant portion of its assets, you will be notified via a prominent notice on our Website of any material change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
User Access and Choice
We will retain your information for as long as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Our Website includes links to our newsletters and other marketing materials. If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us at email@example.com.
The security of your personal information is important to us. We follow generally accepted standards, such as secure socket layer (SSL) to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Links to 3rd Party Sites
Social Media Widgets
Notifications of Changes
Promontory Privacy Office
801 17th Street, Suite 1100
Washington, DC 20006
This document was last updated on September 29, 2016.
Privacy Shield and Safe Harbor
The EU-US Privacy Shield Framework, as adopted by the U.S. Department of Commerce at www.privacyshield.gov, sets forth certain principles regarding the collection, use and retention of Personal Information collected in the EEA and transferred to the United States (the “Privacy Shield Privacy Principles”). With respect to such Personal Information, the Privacy Shield Privacy Principles specifically address requirements for notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. Promontory’s compliance with the Privacy Shield Privacy Principles under this Policy are designed to also comply with the U.S.-Swiss Safe Harbor (the “Safe Harbor Principles”). Promontory’s compliance with the Privacy Shield Privacy Principles and Safe Harbor Principles is subject to the enforcement powers of the United States Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view Promontory's certification, please visit https://www.privacyshield.gov/list. To learn more about the U.S.-Swiss Safe Harbor program, and to view Promontory’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.
This Policy applies to all Personal Information received by Promontory in the United States from the EEA or Switzerland regardless of format, including electronic, paper or verbal, that has been received from (i) the Promontory website at www.promontory.com (the “Website”) or (ii) a Promontory Client. Promontory participates in Privacy Shield and Safe Harbor and, as set forth in this Policy, applies the Privacy Shield Privacy Principles and Safe Harbor Principles to its treatment of all such Personal Information.
For purposes of this Policy, the following definitions shall apply:
- "Agent" means any third party that collects or uses Personal Information under the instructions of, and solely for, Promontory or to which Promontory discloses Personal Information for use on Promontory's behalf.
- "Client" means any third party that retains Promontory to perform professional services on behalf of such third party.
- “Promontory” means Promontory Financial Group, LLC, its successor organizations, and Promontory Risk Review, LLC, Promontory Compliance Solutions, LLC, Promontory Financial Group Puerto Rico, LLC, Promontory Forensics Solutions, LLC, Promontory Growth and Innovation, LLC and other U.S. affiliates of Promontory Financial Group, LLC that collect Personal Information subject to this Policy.
- "Personal Information" means any information or set of information in any format, including electronic, paper or verbal, that identifies or could be used by or on behalf of Promontory to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.
Promontory has no direct relationship with the individuals whose Personal Information it processes under the direction of its Clients in the role of a data processor; however, Promontory's contracts with such Clients require that such Clients comply with data protection laws, which includes providing appropriate notice to data subjects regarding the purposes for which their Personal Information is being collected.
Purpose Limitation and Use
Promontory will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Promontory will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.
To the extent permitted by the Privacy Shield Privacy Principles and Safe Harbor Principles, Promontory reserves the right to process Personal Information provided by a Client in the course of providing professional services to such Client without the knowledge of individuals involved, including any supplementation of the information through publicly available sources as Promontory may deem necessary to fulfill its obligations to its Client.
Promontory will retain Personal Information we process on behalf of our Clients for as long as needed to provide services to our Client. As for Personal Information collected on our Website, we will retain the information for as long as needed to provide the services to the Client. Promontory will also retain and use any such Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Transfers and Disclosures to Third Parties
Promontory may also transfer Personal Information that we process on behalf of our Clients to companies and individuals acting as Agents for the purposes of helping us provide our services to Clients.
Promontory obtains assurances from its Agents that they will safeguard Personal Information consistent with this Policy. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant Privacy Shield Privacy Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), being subject to Swiss Federal Act on Data Protection, Privacy Shield certification by the Agent, or being subject to another European Commission or Swiss FDPIC adequacy finding (e.g., companies located in Canada). Where Promontory has actual knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Policy, Promontory will take reasonable steps to prevent or stop the use or disclosure. As further described in the Privacy Shield Privacy Principles, Promontory shall be liable to data subjects for the usage of Personal Information in a manner inconsistent with the Privacy Shield Privacy Principles by any Agents or other third parties to whom Promontory transfers such data.
We may also disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Promontory will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
Access and Correction
When acting as a data processor, Promontory has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access to or who seeks to correct, amend, or delete inaccurate data should direct his or her query to Promontory's Client (the data controller). To the extent permitted by law, rule or regulation, if the Client requests Promontory to remove the data, we will respond to the request within 30 days.
Recourse, Enforcement and Liability
Any questions or concerns regarding the use or disclosure of Personal Information subject to this Policy should be directed to the Promontory Privacy Office as set forth below. Promontory will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information by reference to the principles contained in this Policy. Promontory will respond to any such questions or concerns within 45 days or receipt.
Individuals who submit a question or concern to Promontory and who do not receive acknowledgment from Promontory of the inquiry or who think their question or concern has not been satisfactorily addressed may then contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
In certain circumstances, as more fully set forth on the Privacy Shield website (https://www.privacyshield.gov), individuals can invoke binding arbitration when all of the above remedies have been exhausted.
Limitation On Application Of Principles
Adherence by Promontory to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Questions or comments regarding this Policy should be submitted to the Promontory Privacy Office by mail to:
Promontory Financial Group, LLC
801 17th Street, Suite 1100
Washington, DC 20006
Or by email to the Promontory Privacy Officer at firstname.lastname@example.org.
EFFECTIVE DATE: September 29, 2016