Global Trade Alliance of America, Inc. and its subsidiaries (collectively “GTAA”) are committed to safeguarding Personal Information (“PI”) and processing PI in line with applicable privacy and data protection laws.
Our privacy notices set out the PI collected by GTAA, the purposes for which PI is collected and processed, to who it may be disclosed to as well as Individuals’ Rights. For further information please click on the notice that is relevant to your relationship with GTAA. In addition, our Cookie Notice applies to any person visiting any of the Global Trade Alliance of America websites.
Global Trade Alliance of America Inc., Client and Vendor Privacy Notice
Last revised: April 1, 2021
Global Trade Alliance of America is committed to processing personal information (“PI”), including sensitive personal information (“SPI”), in line with all applicable privacy and data protection laws. Most of our offices are located in countries with laws governing the processing of PI. “GTAA”, “we”, “us” or “our” means Global Trade Alliance of America Inc., and each of the direct or indirect subsidiaries of Global Trade Alliance of America, Inc. (the “GTAA Group”). Global Trade Alliance of America, Inc., GTAA Group functions and the entity you contract with are the controllers of your PI. If your contract with the GTAA Group is in connection with an investment in a BlackRock managed vehicle, the management company of the fund, together with the fund entity and, in circumstances where the investment manager is part of the GTAA Group, that investment manager, will be the controller.
References to “you” or “your” refer to individuals whose PI is processed by GTAA, including clients with direct or indirect relationships (such as those who invest through an intermediary); employees, contingent workers, officers, agents (together “Representatives”); and beneficial owners of an organization or entity in connection with:
· the provision of services to potential and actual clients;
· transactions to which we are a party (including those which we effect on behalf of clients); or
· services provided to us by a third-party vendor.
This Privacy Notice sets out the purposes for which we collect, use and disclose (collectively “processing”) PI and how it is protected. It also sets out individuals’ rights in relation to the processing of their PI.
There may be additional terms, conditions, and commitments that also govern how we collect, use and disclose your PI, which should be read in conjunction with this Privacy Notice.
To whom we disclose your PI
In connection with one or more of the purposes outlined in the section ‘Purpose and Legal basis for processing your PI’ above, we may disclose PI in any jurisdiction to:
· other councils of the GTAA Group;
· professional advisors, third parties, agents or independent contractors that provide services to any member of the GTAA Group (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants);
· goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them); intermediaries, brokers, and other individuals and entities that partner with us;
· competent authorities (including any national and/or international regulatory or enforcement body, agency, court or another form of tribunal or tax authority) or their agents where GTAA is required or allowed to do so under applicable law or regulation;
· a potential buyer, transferee, merger partner or seller and their advisers in connection with any actual or potential transfer or merger of part or all of GTAA’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
· credit reference agencies or other organizations that help us to conduct anti-money laundering and anti-terrorism financing checks and to detect fraud and other potential criminal activity; or
· any person to whom disclosure is allowed or required by local or foreign law, regulation, or any other applicable instrument.
International transfers and transfers to service providers
To provide global services and in the course of running our business, we may transfer PI to a location outside of the country where you reside or where services are provided to you or the organization or entity you work for, including GTAA processing centers in the USA, Hungary, India, and Singapore. Although the country to which PI may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of PI wherever it is processed. We require by contract that our third-party service providers processing PI on our behalf to comply with GTAA’s criteria for PI processing.
If we transfer PI out of the EEA, we ensure a similar level of protection for your PI by ensuring the country to which the PI is transferred is considered by the EU Commission to provide an adequate level of protection, putting in place contractual clauses the EU Commission consider to provide the same level of protection.
Marketing and exercising your right to opt-out of marketing
We will not process your PI for marketing purposes if you have informed us you do not wish to receive marketing materials. You can request that we stop processing your PI for marketing purposes at any time by clicking on marketing opt-out links in any electronic marketing materials we send you, by making a request to your usual GTAA contact, or by using the contact details set out in the “Contacting Us” section of this Privacy Notice.
Third-party marketing/sale of PI
We do not share or sell your PI to third parties for the third party to use for their own marketing or other purposes.
We will process your PI for as long as is necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements, or for the establishment or defense of legal claims.
We use a range of physical, electronic, and managerial measures to ensure a level of security appropriate to the risk of PI processing. These measures include:
· education and training of relevant staff to ensure they are aware of our privacy obligations when processing PI as well as training around social engineering, phishing, spear phishing, and password risks;
· the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
· the ability to restore the availability and access to PI in a timely manner in the event of a physical or technical incident;
· administrative and technical controls to restrict access to PI;
· technological security measures, including firewalls, encryption (industry-standard SSL encryption with 128-bit key lengths), and anti-virus software;
· physical security measures, such as building access controls;
· external technical assessments, security audits, and vendor due diligence;
· perimeter security;
· segregation of networks;
· application security;
· endpoint security;
· real-time monitoring of data leakage controls;
· layered and comprehensive cybersecurity defenses; and
· security incident reporting and management.
The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any PI by open/unsecured channels over the internet. We endeavor to protect personal information but cannot guarantee the security of data transmitted to us or by us.
In certain circumstances you may have the following rights in relation to the processing of your PI:
To request a copy of the PI we process in relation to you and to be informed about how we use and share your PI.
To object to the processing of your PI if (i) we are processing your PI on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your PI for direct marketing purposes
To request that we update the PI we process in relation to you, or to correct PI that you think is incorrect or incomplete.
To ask that we delete PI that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it.
To request that we restrict the way in which we process your PI, for example, if you dispute the accuracy of your PI or have raised an objection that is under consideration.
To request a copy of your PI that you have provided to us in a commonly used electronic format such as through the completion of an application form.
· Automated decision making
To request manual intervention if you are subject to automated decisions where the decision results in a legal or similar effect to you.
You may exercise your rights at any time by using the details set out in the Contacting us section. To the extent permitted by applicable law or regulation, we reserve the right to charge an appropriate fee in connection with you exercising your rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access to the PI requested or to exercise any of your other rights. This is to ensure that PI is not disclosed to any person who does not have the authority to receive it. We may also request further information in relation to your request to help us to locate the PI processed in relation to you, including, for example, the nature and location of your relationship with us.
We aim to respond to all legitimate requests within one calendar month. If we think it may take us longer than one calendar month, (such as where your request is particularly complex or you have made a number of requests), we will notify you and keep you updated.
You will not be disadvantaged in any way by exercising your rights in relation to the processing of your PI.
The Global Head of Privacy and Data Protection oversees compliance with privacy and data protection at GTAA. If you wish to exercise any of your rights or have questions concerning this notice, please contact:
The Global Head of Privacy and Data Protection
Global Trade Alliance of America, Inc.
H| 1605 Connecticut Avenue NW.
Washington, DC 20009
O| 5 West 37th Street, 12 FL, New York, NY 10018
If you are a California resident, you may also call us on +1-202-615-9922
If you have any concerns or complaints about the way your PI is processed, please contact the Global Head of Privacy and Data Protection at firstname.lastname@example.org
You also have a right to complain to a data protection or other competent authority with jurisdiction over privacy and data protection law in the country you live or work, or in the country where you believe an issue in relation to the processing of your PI has arisen. Please contact: email@example.com for further details.
This Privacy Notice is not applicable to third-party websites that we do not own or control, or to any third-party website where GTAA advertisements are displayed.
Changes to this Privacy Notice
We may modify or amend this Privacy Notice from time to time and you are advised to visit our website regularly to check for any amendments. Any material changes will be communicated to you through an appropriate channel, depending on how we normally communicate with you.
© 2021 Global Trade Alliance of America, Inc.
All rights reserved. Global Trade Alliance of America, (GTAA) are registered and unregistered trademarks of Global Trade Alliance of America Inc. or its subsidiaries in the United States and elsewhere. All other trademarks are those of their respective owners.