Modera Wealth Management, LLC (“Modera” or “we”) is providing you with this notice as required by the European Union’s General Data Protection Regulation (“GDPR”).
What Information We Collect
Modera gathers certain information from and about you, the data subject.
Modera is a “Controller” as defined in the GDPR and in certain circumstances may be a Processor of this data, meaning Modera directs the processing of the data and processes the data, which may include the following:
- Contact information including phone numbers, addresses and email addresses
- Information to verify your identity, which can include your Social Security number, passport number, tax ID number and account identification numbers
- Biographical information, which can include age, sex, date of birth, marital status and the same about members of your immediate family
- Economic information, which can include employment status, compensation, assets and liabilities and information about your bank accounts and investment holdings
- Information to track your interactions with our website and client portal, which may include cookies, IP address, browser details, usernames and passwords
Modera does not process Special Categories of Personal Data under the GDPR, which include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Why We Collect It
We gather your personal information to provide investment advisory services to you and to provide you with invoices, reports and notifications relating to your account(s) with us and about our firm and our services to you.
What We Do With It
We process your personal information at our offices in the United States located at Boston, MA, Westwood, NJ, Wayne, PA, Charlotte, NC, Atlanta, GA, and Inverness, FL.
We store your personal information on the servers of our cloud provider in the United States in the State of South Carolina.
One or more of the following third parties located in the United States maintains the personal information of our clients on its servers.
|Third Party Recipient||Purpose||Safeguards|
|Tamarac, Inc., d/b/a Envestnet/Tamarac||Customer relationship management software to maintain contact information and information about your accounts||Binding and enforceable contracts
|[Your Custodian]||Brokerage and custodial services||Binding and enforceable contracts
|Global Relay||Email archiving||Binding and enforceable contract
|Tamarac, Inc., d/b/a Envestnet/Tamarac||Portfolio management services||Binding and enforceable contract
|eMoney||Financial planning software service||Binding and enforceable contract
We also back up your data to servers located in the United States.
We do not share your personal information with third parties unless necessary in furtherance of our services to you or as required by law. We do not sell your personal data to any third parties.
How Long We Maintain It
We are subject to record retention requirements set forth by our regulator, the United States Securities and Exchange Commission (“SEC”). We retain your personal data in compliance with applicable laws and regulations in the United States, primarily Rule 275.204-2 under the Investment Advisers Act of 1940 (the “Books and Records Rule”). This means we are obligated to keep your personal data for a period of at least five years from the end of the fiscal year during which we last updated the record.
As a matter of practice, we retain your personal data throughout the course of our relationship with you. After the expiration of the period for which the SEC obligates us to retain your data, your personal data will be evaluated for deletion according to our data destruction policy.
What You Can Do
Under the GDPR, you have certain rights about the personal data we gather and use about you:
- If you think any personal information we have about you is inaccurate or incomplete, you have the right to ask us to see the information, ask us to change it or ask us to delete it (subject to the Books and Records Rule requirements above.) You can make any of these requests by contacting our Chief Compliance Officer Terry Days at (617) 247-0518 or firstname.lastname@example.org.
- If you wish to opt out of our collecting certain personal information from you, you can contact our Chief Compliance Officer Terry Days at (617) 247-0518 or email@example.com. In the case of marketing, where Modera collects and stores personal data based on consent, you have a right to withdraw consent at any time. To withdraw consent from receiving marketing communications, follow the ‘Unsubscribe’ link at the bottom of any e-mail, and you will be removed within 72 hours. Please note that opting out of providing certain information may impact our ability to provide services in connection with your account. Opting out of interaction with one or more of our websites will require us to provide documents to you by email or through other means as agreed upon with you.
- If you have a concern or complaint about our processing of your personal data, you have the right to notify the Data Protection Authority for your EU country of residence listed here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.