BEECKEN PETTY O’KEEFE & COMPANY, LLC ("BPOC") AND ITS AFFILIATES PRIVACY NOTICE
WHAT DOES BPOC DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information, which may include personally identifiable information (“Personal Data”) and non-personally identifiable information.
For US persons, federal law, notably the Gramm-Leach-Bliley Act (“GLBA”), requires that financial institutions give consumers the right to limit some but not all sharing of such Personal Data. Federal law also requires us to tell you how we collect, share and protect your Personal Data.
For individuals in the European Union (“EU”), the EU General Data Protection Regulation (the “GDPR”) governs the way we, as “controllers,” and third parties we hire to process your Personal Data (“processors”) collect, use, share and retain your Personal Data.
For individuals residing in California, the California Consumer Privacy Act (“CCPA”) governs the way businesses process and sell the Personal Data of California consumers.
If you are a corporate investor (including, for these purposes, legal arrangements such as trusts or exempted limited partnerships) that provides us with Personal Data on individuals connected to you for any reason in relation to your investment with us, this Privacy Notice will be relevant for those individuals and you should transmit this document to such individuals or otherwise advise them of its content. Please read this Privacy Notice carefully to understand what we do.
The types of Personal Data we collect and share depend on the product(s) or service(s) you have with us. This information can include, but is not necessarily limited to:
- name, date of birth, residence or citizenship;
- contact information (e.g., email address, physical address, telephone number);
- social security number or tax identification number;
- information to verify your identity (e.g., driver’s license number, passport);
- wire transfer instructions and other account details including account balances, assets and liabilities;
- source of proposed capital contribution, and if applicable, net worth, employment information, education history and annual income;
- investment experience and activity, risk tolerance and transaction history;
- technical information (e.g., IP address, the number and frequency of visits to the website, the websites accessed before and after you visit our website, the Internet browsers used by you) generated from your visits to our website (such as through the use of “cookies,” web server logs and other electronic tools, if applicable) or in relation to materials we send to you electronically;
- any other information relating to you that you provide to us; and
- identities of authorized representatives or beneficial owners of an investor.
For the avoidance of doubt, in the case of institutional investors, Personal Data includes Personal Data of individuals linked to such institution.
Following the termination of our relationship with you, we may continue to use and/or share your Personal Data as described in this Privacy Notice, subject to our record retention policies and applicable law.
In certain situations, we need to collect, process and/or share your Personal Data in the ordinary course of our business. In the section below, we list the reasons we process your Personal Data, whether (and with whom) we share such Personal Data; and whether you can limit this sharing.
Reasons we process your Personal Dataa that is collected on our website, through our marketing efforts or from information provided by you.
Reasons we process your Personal Data
We rely on various legal bases for processing your Personal Data, including, but not limited to:
- To perform our contract with you, e.g.:
- administer and manage your subscription;
- manage your investments and maintain your account(s);
- verify your information,
- make capital calls, payments or distributions;
- report investment activity and fund performance; and
- generally administer the affairs of a private fund.
- To comply with our legal obligations, e.g.:
- comply with federal securities laws;
- comply with laws applicable to investment advisers;
- fulfill our legal, regulatory and compliance obligations, including identity verification, know your client (KYC), terrorist financing, anti-money laundering and sanctions checks; and
- respond to governmental inquiries or examinations, court orders and legal investigations.
- To pursue our legitimate interests or those of a third party, except where such interests are overridden by your interests, fundamental rights or freedoms, e.g.:
- perform accounting, billing, legal or tax audits;
- comply with our internal compliance requirements;
- to maintain our books and records;
- identify and prevent fraud and other unlawful activity;
- conduct credit and financial due diligence;
- facilitate investments, including related financings;
- respond to your inquiries;
- monitor and improve our relationships with investors;
- address or investigate any complaints, claims, proceedings or disputes;
- seek professional advice, including legal, accounting and other advice;
- manage and secure access to our offices, systems and online platform;
- market our products and services to you, including in connection with products we may offer jointly with other financial companies;
- perform data analyses;
- undertake a corporate business transaction (e.g., financing, merger, joint venture, sale of assets, bankruptcy);
- report to credit bureaus; and
- manage our legal, operational, financial, commercial and investment risks.
- Consent – you have given your consent to process your Personal Data (if we are relying on this legal basis we will make this clear to you at the time we ask for your consent).
Does BPOC share?
Yes, with Affiliates, Non-Affiliates and third parties
Can you limit this sharing?
Yes, in certain instances, as required by law
Depending on your residency, it is possible that other laws will apply which could grant you additional rights to limit sharing.
If you have any questions, concerns or objections as to how your Personal Data is processed (including if you feel that any of your rights under applicable data protection laws have been breached), please contact BPOC’s Chief Compliance Officer:
Name: Gladys Cordova
Telephone: (312) 435-0300
Address: 131 S. Dearborn Street , Suite 2800
Chicago, IL 60603
BPOC is not required to have a Data Protection Officer because BPOC (i) processes Personal Data only occasionally in connection with its business and (ii) does not process any “special categories” of Personal Data; however, you may contact the Chief Compliance Officer named above who performs similar functions.
Additionally, you have the right to notify and/or make complaints to the applicable regulatory authority if you feel that we have breached our obligations or otherwise violated your rights. Please see “How do I lodge a complaint?” below.
Who we are
Who is providing this Privacy Notice?
BPOC, together with its Affiliates
What we do
How does BPOC protect my Personal Data?
To protect your Personal Data from unauthorized access and use, we use appropriate technical and organizational security measures that comply with, as applicable, federal laws, state laws and laws of foreign jurisdictions. These measures include electronic safeguards and secured files and buildings. We limit employee access to Personal Data to those who have a business reason to know or access such Personal Data and are committed, by contract or statutory obligation, to confidentiality. We educate our employees about the importance of confidentiality and privacy of Personal Data.
How does BPOC collect my Personal Data?
We collect your Personal Data, for example, when you:
- use our website;
- communicate with us or our representatives;
- complete subscription documents and investor questionnaires;
- provide account information;
- give us your contact information; or
- make a wire transfer.
We may also collect Personal Data from publicly available or accessible directories, databases and agencies.
Why can’t I limit all sharing?
The GLBA provides that consumers can limit sharing only under certain circumstances, such as:
- sharing for Affiliates’ everyday business purposes —information about your creditworthiness;
- Affiliates from using your information to market their own products or services to you; or sharing for Non-Affiliates to market their own products or services to you.
For EU Data Subjects, the GDPR gives you the right to limit the processing of Personal Data if:
- processing is no longer necessary, or
- there is no legal basis for processing such Personal Data.
State laws may create additional rights or obligations.
What happens when I limit sharing for an account I hold jointly with someone else?
Your choices will apply to everyone on your account—unless you tell us otherwise.
FOR EU DATA SUBJECTS AND CALIFORNIA CONSUMERS
What are my rights under the GDPR and CCPA?
Under the GDPR, Data Subjects have a number of rights with respect to their Personal Data (subject to applicable law), including:
- Right to be Informed – right to be informed about what Personal Data is being processed and the rationale for the processing;
- Right of Access – right to view or request copies of Personal Data that is being processed;
- Right to Rectification – right to request that we correct Personal Data if it is inaccurate or out of date;
- Right to Erasure –right to request that we delete Personal Data (the right to be “forgotten”) under certain circumstances;
- Right to Restrict Processing – right to restrict processing of Personal Data if the Data Subject contests its accuracy, the lawfulness of its processing or if we no longer need it;
- Right to Data Portability – the right of a Data Subject to request a transfer of their Personal Data to a third party in certain circumstances;
- Right to Object – right of a Data Subject to contest the processing of their Personal Data if processing is based on the data controller’s legitimate interests or for direct marketing purposes; and
- Rights in Relation to Automated Decision Making and Profiling –right to be informed about and object to the existence of automated decision making, including profiling, and about its significance and consequences on the applicable Data Subject.
Under the CCPA, Consumers have a number of rights with respect to their Personal Data (subject to applicable law), including:
- Right to be Informed – Consumers have the right to be informed about what Personal Data is being processed, the source of such Personal Data, the business or commercial purposes for such collection and/or processing and the third parties and the categories of third parties with whom the business shares such Personal Data;
- Right to be Informed of Personal Data Sold – Consumers have a right to know whether and to whom their Personal Data is sold or disclosed;
- Right to Access – Consumers have a right to view or request copies of their Personal Data that has been collected;
- Right to Deletion – Consumers have the right to request that we delete their Personal Data under certain circumstances;
- Right to Opt-Out – Consumers have a right to opt out of the selling of Personal Data to third parties
- For the avoidance of doubt, BPOC does not sell Personal Data to third parties; and
- Right to Equal Service and Price – subject to certain exceptions, Consumers have a right to not be discriminated against (charged a different price or offered a different level of service) for exercising rights under the CCPA.
How do I lodge a complaint?
If you believe that we have breached any of our obligations to you pursuant to the GDPR and you wish to lodge a complaint, you may do so by contacting the applicable supervisory authority, and a list of the EU data protection authorities is available at:
If you believe we have breached any of our obligations to you pursuant to the CCPA, and you wish to lodge a complaint with the Office of the Attorney General of California, you may do so at oag.ca.gov/report or by calling 800-952-5225.
How do I exercise my rights?
To exercise any rights that are applicable to you as set forth above, please contact BPOC’s Chief Compliance Officer (see “Contact Information” above).
With whom does BPOC share my Personal Data?
We may share Personal Data with our Affiliates and subsidiaries in the operation of our business as well as third party service providers, including:
- the general partners of our funds, officers, employees;
- your authorized associates, advisers and representatives;
- in limited circumstances, other limited partners or investors in our funds, if applicable (generally limited to the names of investors);
- other entities within our firm;
- attorneys, auditors, accountants, consultants and other professional service providers;
- custodians, third party administrators, depositaries and transfer agents;
- banks and lenders with whom we conduct business that have requested such Personal Data;
- governmental, regulatory, tax or other public authorities as required by law;
- in connection with any litigation or legal process;
- anti-fraud services, credit reference agencies, debt-collection agencies and tracing agencies;
- any relevant party in connection with our legal, regulatory and compliance obligations, including identity verification, know your client (KYC), terrorist financing, anti-money laundering and sanctions checks;
- any relevant third-party acquirer(s), in the event that we sell or transfer all or any relevant portion of the fund in which you are an investor; or cloud service providers, IT and other information security personnel.
Where we engage a third-party processor, the processor will be subject to contractual obligations to: (i) process in accordance with our prior written instructions, and (ii) use measures to protect the confidentiality and security of any Personal Data that we have collected and/or processed.
In addition, we may share anonymous or non-personally identifiable information with third parties for any purpose in accordance with this Privacy Notice.
BPOC does not sell Personal Data for value and does not anticipate selling Personal Data for value in the future. All Personal Data is transferred to the appropriate parties for legitimate business purposes as described above and BPOC does not profit from the transfer of Personal Data.
How long will BPOC store my Personal Data?
We will store Personal Data regarding Data Subjects in accordance with our records retention policy, which generally means that we will retain such Personal Data (i) throughout the duration of our business relationship and (ii) as required following the termination of the business relationship (A) to preserve Personal Data in connection with litigation, investigations or proceedings or (B) in accordance with applicable law or industry best practices.
If applicable, will BPOC transfer my Personal Data outside of the jurisdiction which provides me with these rights?
We may transfer Personal Data to our Affiliates or service providers outside of the applicable jurisdiction in the course of operating our business and to comply with our legal or contractual requirements. We have safeguards in place so that any transfer of Personal Data outside of the applicable jurisdiction is subject to an adequate level of data protection as mandated by appropriate law. Data Subjects may request a copy of such safeguards.
What are BPOC’s procedures in the event of a breach of Personal Data?
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, Personal Data, we will notify the applicable supervisory authority in the EU within 72 hours of discovering the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. We will also notify each affected Data Subject of a breach without undue delay if the breach is likely to result in a high risk to the rights and freedoms of natural persons. We are not required to notify Data Subjects of a breach if:
- the breached Personal Data is encrypted;
- if we have taken measures, such as wiping the Personal Data remotely, and such breach is unlikely to result in a material adverse effect; or
- if providing notice requires disproportionate efforts, in which case a public communication should be made, rather than notice to each affected Data Subject.
Pursuant to California’s data breach notification statute (which is separate from the CCPA), we will provide written notice to Consumers in the event their unencrypted Personal Data is breached or accessed by unauthorized parties. Such notifications will be made expediently and without unnecessary delay.
- The state must also be notified if the breach affects more than 500 Consumers.
Companies related by common ownership or control. They can be financial and nonfinancial entities.
Our Affiliates may include, but are not limited to, the BPOC funds, such funds’ general partners, special purpose vehicles and other entities.
BPOC means Beecken Petty O’Keefe & Company, LLC and may also be referred to throughout this Privacy Notice as “we,” “us” or “our.”
Under the CCPA, a “Business” means a for-profit entity which (i) collects Consumers’ Personal Data, (ii) determines the purposes for which and the means by which that Personal Data is processed, (iii) does business in California and (iv) satisfies one or more of the following thresholds: (A) has annual gross revenue in excess of $25 million; (B) alone or in combination annually buys, receives for the Business’s commercial purpose, sells or shares for commercial purposes the Personal Data of 50,000 or more consumers, households or devices; or (C) derives 50% or more of its annual revenues from selling consumers’ Personal Data.
For purposes of the CCPA means a natural person who is a California resident.
Means an individual who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes and also means the legal representative of such an individual.
Means any consumer who has a “customer relationship” with the bank. A “customer relationship,’ in turn, is defined as a continuing relationship between a bank and a consumer for the purpose of providing a financial product or service to the consumer.
Data Subject (GDPR)
Under the GDPR means “an identified or identifiable natural person.” For ease of use throughout this Privacy Notice, unless the context otherwise requires, the term Data Subject has been used to apply to Consumers (as defined under the CCPA and GLBA), Customers and Data Subject (as defined under the GDPR).
A formal agreement between non-affiliated financial companies that together market financial products or services to Data Subjects.
Companies not related by common ownership or control. They can be financial and nonfinancial companies. Non-Affiliates we share with can include fund administrators, investment advisers, custodians, brokers, dealers, counterparties, auditors and legal advisers.
Process (or “process”)
Any operation performed on Personal Data, such as collecting, recording, organizing, storing, altering, retrieving, consulting, using, disclosing, disseminating or deleting such Personal Data.
Updates to this Privacy Notice
This Privacy Notice may be amended or updated from time to time to reflect changes in our policies and procedures with respect to the processing of Personal Data or changes in applicable law. This Privacy Notice was last updated on June 15, 2020.