What does Related Financial Services, LLC do with your personal information?
Financial companies choose how they share your personal information. Federal law gives you the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
Related Financial Services, LLC (“RFS” “us” “we” “our”) collects various types of personal information via its website, http://www.relatedeb5.com. This information can include, for all members of the household:
- Contact Information (such as name, postal address, email address, and phone number)
- Income information
- IP Address
All financial companies need to share investors’ personal information to run their everyday business. In the sections below, we list the reasons financial companies can share their investors’ personal information; the reasons RFS chooses to share; and whether you can limit this sharing.
We will seek to ensure any third party that acts as a data processor on our behalf: (i) enters into an agreement with us and meets our standards for data security; (ii) does not use your personal information for any purpose other than the clearly defined purpose relating to the service that such party is providing; (iii) treats your personal information as confidential; and (iv) holds your personal information securely and retains it only for such period of time as necessary.
Pursuant to the Securities and Exchange Commission’s Regulation S-P, RFS is required to adopt privacy policies to protect the non-public personal information of its investors. In summary, Regulation S-P requires RFS to disclose to individual investors its policies on the use of non-public personal information and to enable investors to opt-out of the transmission of their non-public personal information to non-affiliates.
Regulation S-P also requires RFS to send opt-out notices to “customers” and “consumers,” (as defined by the regulation i.e., investors) informing them that they have the right to opt out of any disclosures of non-public personal information made to non-affiliated third-parties contemplated by this policy. Notwithstanding this limitation, Regulation S-P provides that RFS may share such information with a non-affiliated third-party that is to perform services for RFS and its projects without giving consumers or customers the right to opt-out (provided such third-parties agree to keep all information confidential).
For our everyday business purposes—
Such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or make distributions.
To limit our sharing –
Please contact Yuan Tang at YT@relatedfinancial.com.
How does RFS protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. RFS uses physical, logical, and procedural security measures to protect the information you provide to RFS. These measures include computer safeguards and secured files and buildings as well as communications via Opportunistic TSL encrypted email servers.
How does RFS collect my personal information?
We collect your personal information, for example, when you subscribe as an investor to any of our projects. We also may collect personal and financial information you may provide RFS through www.relatedeb5.com or through other means. When you access www.relatedeb5.com, opt to fill out an information submission form, or otherwise provide RFS with your personal information, such as your name, address, email address, or phone number. This includes but is not limited to, those forms requesting information about RFS or any of our or our parent company’s properties, or requests for someone at RFS to contact you. The submission forms may require you to provide contact information (such as name and e-mail address), and in some cases ask for other optional information (such as your phone number, home address and contact preferences).
RFS uses your Internet protocol (IP) address to help diagnose problems with our server, as well as to administer the RFS Web sites. Your IP address is used to help identify you and to gather broad demographic information. RFS may use your IP address to help protect ourselves and our partners from fraud. For system administration purposes, RFS also logs IP server addresses and catalogues traffic patterns through the RFS Web sites. However, RFS does not link this information to users’ personal information.
Use of Personal Information
RFS employs other companies and individuals to perform functions on our behalf (e.g., creating and maintaining the RFS Web sites, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance and providing customer service) (“Agents”). Our Agents will have access to personally identifiable information solely to perform their functions and provide their services to RFS, and for no other purpose.
As RFS continues to develop our business, RFS or our parent company may sell or buy assets. In such transactions, customer information generally is one of the transferred business assets. Thus, if our parent company or a subsidiary our parent company controls, sells substantially all of its assets, or is acquired by another entity, customer information may be one of the transferred assets and you agree that you consent to such transfer.
Protection of Related and Others
Use of Non-Personal Information
“Non-Personal Information” contains nothing that could identify you personally. RFS may collect such Non-Personal Information, such as demographic and profile data, through RFS Web sites. RFS may aggregate Non-Personal Information and share it with our affiliated companies and other third parties.
Why can’t I limit all sharing?
Federal law gives you the right to limit only:
- sharing for affiliates’ everyday business purposes—information about your creditworthiness
- affiliates from using your information to market to you
- sharing for non-affiliates to market to you
State laws and individual companies may give you additional rights to limit sharing.
Privacy Notice to Investors
By becoming an investor, the investor expressly consents to the collection and processing of the investor’s personal data contained in a Subscription Agreement or otherwise provided to RFS. RFS is authorized to collect and process such personal data, and to transfer such personal data to affiliates and third party service providers of RFS, in connection with (i) the acceptance of the investor’s subscription for Units, (ii) the issuance of Units to the investor, (iii) the management of the relationship between the investor and the Partnership, including processing payments and distributions, accounting, auditing, reporting to the investor as well as to third-parties, including tax authorities and other governmental and regulatory agencies, (iv) acting in compliance with the legal obligations of RFS, including with respect to anti-money laundering and sanctions checks, (v) complying with court orders and other legal and regulatory requirements, (vi) processing that is necessary for purposes of the legitimate interest of RFS’s affiliates and unaffiliated third-parties, provided that such interests are not overridden by the investor’s interests or the investor’s fundamental rights and freedoms, (vii) any other purpose related to the foregoing or for any purpose for which investor provided the personal data to RFS.
The investor acknowledges and agrees that the investor may withdraw such consent at any time, to the extent the investor’s personal data is not required in connection with the investor’s investment in the Units. For purposes of this paragraph, processing means and includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. RFS will take appropriate technical and organizational measures against unauthorized or unlawful processing of the investor’s personal data and against accidental loss or destruction of, or damage to, the investor’s personal data in accordance with RFS’s internal security procedures covering its storage, access and destruction. The investor acknowledges that personal data may be stored in RFS’s technology systems or those of RFS’s vendors or in paper files. RFS works with third-party service providers to provide certain services, which may require them to access or use the investor’s personal data. If a service provider needs to access an investor’s personal data to perform services on RFS’s behalf, they do so under instruction from RFS, including abiding by policies and procedures designed to protect the investor’s information.
RFS will delete the investor’s personal data when it is no longer reasonably required for the uses described in this paragraph or when the investor withdraws its consent, provided that RFS is not legally required or otherwise permitted to continue to hold such data. RFS may retain the investor’s personal data for an additional period to the extent deletion would require RFS to overwrite RFS’s automated disaster recovery backup systems or to the extent RFS deems it necessary to assert or defend legal claims during any relevant retention period. RFS will, where permitted or required by applicable law and regulation, provide the investor, upon request, with a copy of the investor’s personal data and will correct any errors identified by the investor. RFS will refrain from sending the investor marketing materials without the investor’s express consent and will comply with the investor’s request to stop sending any such further communications. All such requests, or any questions or comments regarding RFS’s handling of personal data, or updates to such data, should be addressed to Yuan Tang at YT@relatedfinancial.com.
California Privacy Rights
California Civil Code Section 1798.83 permits investors of RFS who are California residents to request certain information regarding its disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to CaliforniaPrivacy@related.com. Please note that RFS is only required to respond to one request per customer each year, and RFS is not required to respond to requests made by means other than through this e-mail address.
Regarding the European Union’s General Data Protection Regulation
RFS and its affiliates act as “data controllers” as such term is defined in Regulation (EU) 2016/679 (the General Data Protection Regulation). In simple terms, this means that we:
- “control” the personal information that you provide, including making sure that it is kept secure; and
- make certain decisions on how to use and protect such personal information, but only to the extent that we have informed you about the use or are otherwise permitted by law.
Certain policies and procedures have been enacted by RFS in order to comply with the European Union’s (“EU”) General Data Protection Regulation (“GDPR”) whose main provisions are:
- Data must be portable (from company to company)
- Data must be erased upon request
- Must have individual’s consent to collect data
- Must not keep data “longer than necessary”
- EU citizens “right to be forgotten”
- Provide a “reasonable” level of protection
- Must report breach within 72 hours of detection
- Must perform impact assessments
- Identifying vulnerabilities and how to address them
Upon receipt of any EU investor’s information, this information is only maintained in Box, a secure and GDPR-compliant cloud storage system. This central system is in compliance with provisions 1, 2, 5, and 6 above. When a request for deletion is received, we will make all reasonable efforts to purge that data from our systems. Some information may not be fully removed due to backups or archived copies; however, such information will only be used for the purpose of performing the agreement that the investor has entered into with us. A breach is defined by the GDPR as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data”. Box reports any breach within 48 hours, compliant with provision 7 and the firm’s Data Protection Officer (“DPO”) will share that information with the Chief Compliance Officer (“CCO”) to be distributed to any investor whose data may be compromised. In addition, the DPO and CCO will report the breach to RFS’s supervisory authority, the Financial Industry Regulatory Authority (“FINRA”). Impact assessments are completed annually by RFS’s parent company which covers provision 8. EU investor data is only maintained in order to facilitate an investment and is held for a minimum of 6 years compliant with the regulations imposed on broker-dealers (covering section 4). Investors previous to the enacting of the GDPR have provided consent, and new investors from the EU have consented via updated subscription documents (covering section 3).
EU investor data may also be shared with RFS’s escrow administrator, NES Financial in order to facilitate the EB-5 investment process. The transmission of said data is only made via NES Financial’s secure file transfer system. EU investor information may also be utilized for NES to maintain its daily reporting which is also kept in its secure file transfer system and is only accessed upon request.
If you reside in the European Union, or EU data privacy legislation applies to you, and you wish to lodge a complaint with regards to how your personal information has been processed by RFS, please contact your local supervisory authority. In the UK, this is the Information Commissioner (https://ico.org.uk/).