Farrow Financial, Inc. is incorporated under the laws of Vermont, with its registered address at 33 Sunset Hill Rd., Randolph, VT 05060, United States (hereafter referred to as “FFI” or “we” or “our”). FFI has a global client base, including in the European Union, and collects and processes Personal Information as part of its day-to-day business operations.
The Policy covers all Personal Information collected, processed, shared, or otherwise used by FFI. It applies to all directors, officers, managers and employees (current and former, including candidates) of FFI, and to third parties who may collect and process Personal Information on behalf of FFI. The Policy is effective as of September 1, 2018.
Purposes of the Data Processing
FFI collects and processes financial and Personal Information on the clients it serves. We protect the information you provide in compliance with applicable data protection law, including the EU General Data Protection Regulation (GDPR). FFI and its employees are committed to protecting your privacy and to safeguarding that information. This Policy sets out how we collect, handle, store and protect information about you when we process it for the following purposes:
Providing services to you as part of our contractual relationship for investment management, financial services or consulting services.
For regulatory or other legal reporting or administrative requirements mandated by law such as anti-money laundering obligations.
Preventing fraud or criminal activity, misuses of our services.
Providing business updates to clients and potential clients as part of our business development.
This Policy also contains information about when we share your personal information with third parties (for example: our service providers).
What Information We Collect
The Personal Information we collect may include: your name; age; date of birth; gender; home address; email address; telephone number; other contact details; country of residence; passport number and other national ID numbers; employment details; family member information; financial and investment account information; bank account information; tax related information; estate planning information; insurance information. In some cases, with your consent, we may also collect Personal Information about you from third parties.
We do not collect or process Sensitive Personal Information as defined by the GDPR.
The Legal Grounds for Processing Personal Information
We use your Personal Information based on the following legal grounds:
(a) to perform contractual obligations that we owe towards you, or to take pre-contractual steps at the request of you as part of our investment management, financial services or consulting services;
(b) for legal and/or regulatory obligations based on legitimate interest or requests that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
(c) to prevent fraud or criminal activity, misuses of our services, as well as the security of our IT systems, architecture and networks; or
(d) in some cases, such as marketing, we have obtained your prior explicit consent.
Sharing Personal Information
Personal Information may be shared with third parties or government agencies for legitimate business reasons or as otherwise allowed or required by law. Examples include:
When necessary to complete a transaction in your account, such as with the clearing firm or account custodians.
When required to maintain or service your account.
To resolve a dispute or inquiry.
With persons acting in a fiduciary or representative capacity on your behalf.
With rating agencies, persons assessing compliance with industry standards, or to the attorneys, accountants and auditors of the firm.
In connection with a sale or merger of FFI’s business.
To protect against or prevent actual or potential fraud, identity theft, unauthorized transactions, claims or other liability.
To comply with European Union or US federal, state or local laws, rules and other applicable legal requirements.
In connection with a written agreement to provide investment management or advisory services when the information
is released for the sole purpose of providing the products or services covered by the agreement.
In any circumstances with your instruction or consent.
In regards to Personal Information transferred from the European Union to the United States, FFI will ensure that explicit consent is obtained from the data subject and that the principles of the Policy are fully applicable in compliance with the GDPR.
In the case of transfers of Personal Information to third parties, FFI will, where applicable,
Determine if there is a legitimate justification for the transfer of Personal Information (e.g., valid business reason).
Follow local legal requirements (e.g., notice to the individual, notification to data protection authorities, use of
contractual safeguards such as, e.g., EU model clauses).
How Long We Keep Your Personal Information
We will retain your Personal Information for only as long as strictly necessary to fulfil the purpose for which it was collected or as may be required to comply with legal and regulatory requirements.
Protection of your personal information
We use a range of technical and organization measures to ensure that we keep your Personal Information secure, accurate and up-to-date. These measures serve to mitigate the risks of accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other unlawful or unauthorized forms of processing. These measures include:
During regular business hours access to client records is monitored so that only those with approval may access files.
During hours in which the company is not in operation, the office where the client records are stored is locked and a
security system is utilized.
All electronic or computer files are password secured and firewall protected from access by unauthorized persons.
Utilization of an outside provider who conducts periodic monitoring of the firm’s network to detect actual and attempted
attacks on or intrusions into customer information systems.
Utilization of encrypted email.
Subscription to an anti-malware software for real time malware protection.
Training to employees to ensure they are aware of our privacy obligations and information on security risks.
Backup and recovery systems in place to restore data in case of system failure.
A Personal Data Breach occurs when there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed. “Unauthorized” means that it occurs in contravention of applicable privacy legislation or applicable privacy policies.
If a data breach is suspected as having occurred, then it is imperative to immediately notify FFI management to take appropriate steps as required by applicable data protection law.
Your Rights and How to Contact Us
As may be applicable according to relevant data protection law, you have various rights in relation to your Personal Information. In particular, you have a right to the following, notwithstanding the limitations as stipulated in the GDPR:
Object to or restrict the processing of your Personal Information.
Erase the Personal Information we hold about you.
Access Personal Information we hold about you.
Rectify the Personal Information we hold about you, or correct information that is incorrect or incomplete. Withdraw consent to our processing of your Personal Information.
In some jurisdictions to provide directives of how to manage your Personal Information posthumously.
You may exercise your rights by contacting firstname.lastname@example.org or writing to Farrow Financial, Inc., 33 Sunset Hill Road, Randolph, VT 05060, USA.
You also have a right to complain to a local Supervisory Authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen. A list of national data protection regulators can be found here: http:// ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm.
Changes to This Privacy Statement
We may modify or amend this privacy statement from time to time.
Any future changes or additions to the processing of your Personal Information as described in this notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you.