Last Updated [11.15.2021]

Welcome!

This Privacy Policy is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process your personal data. Please read this policy carefully.

Your use of any of our Services indicates your acknowledgement of the practices described in this Policy.

Who We Are

This is the Privacy Policy of Ark PES, Inc. (“Ark,” “us,” “our,” or “we”). You can contact us at support@arkpes.com.

Applicability

This Privacy Policy applies to our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”), and our online portals, platforms and related SaaS services (together with the Site, the “Services”). You can contact us using the information below.

This policy is incorporated into the Terms of Use governing your use of any of our Sites. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use.

Clients and third parties

Ark is a service provider for funds and fund administrators (our “Clients”). This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to Clients’ own uses of your Personal Data. Similarly, this Policy does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services unless we process information from those parties. Please review the appropriate Client or other third party privacy policy for information on third-party privacy practices.

Processing of Personal Data

Personal Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We may collect and process the following categories of Personal Data through our Services (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data:             Personal Data about you and your identity, such as your name, company, IP address, ID or account number, username and password, and other Personal Data you may provide on various forms or in an account profile (e.g. biographical information).

Contact Data:            Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications platform usernames/handles, as well as a name or other salutation.

Commercial Data        Personal Data relating to your use of the Services, such as consumption of Services, price paid, or other related data.

Financial Data:          Personal Data relating to financial accounts or services, e.g. a credit card or other financial or billing account number, and other relevant information you provide in connection with a financial transaction.

Device/Network Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Professional Data:       Data relating to professional and employment history, qualifications, and similar biographic information.

User Content:             Personal Data included in content provided by users of the Services in any free-form or unstructured format, such as in a “contact us” box, free text field, in a file or document, or messages to us.

Sensitive Data:           Includes data categorized as “Special Categories of Personal Data under the EU General Data Protection Regulation and “Personal Information” as defined in Cal Civil Code §1798.80(e).

Sources of Personal Data

We collect Personal Data from various sources based on the context in which the Personal Data will be processed:

You:                              We collect Personal Data from you directly, for example, when you input information into an online form, sign up for a list, or contact us directly.

Your Devices:                   We may collect certain Personal Data automatically from your devices. For example, we collect Device/Network Data automatically using cookies and similar technologies when you use access our Services or when you open our marketing communications.

Clients:                           We collect Personal Data from our Clients with whom we have a relationship, and who may provide us, or grant us access to systems providing, information about users, personnel, account information, etc.

Service Providers:               We receive Personal Data from third parties with whom we have a relationship in connection with their performance of services or processing of transactions on our behalf.

Data we create:                 We (or third parties operating on our behalf) create and infer Personal Data based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.

How we Process Personal Data

Subscription and Account Registration

If you subscribe to or contract for our Services, we collect Identity Data, Financial Data, and Commercial Data in connection with that transaction. This data is used in order to fulfill the transaction and complete the subscription or contracting process. We may share certain information with our service providers in order to complete the transaction.

Additionally, Clients’ users may be able to register and create an account on our Services. When users register, we will process Identity Data and Contact Data. We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Subject to your rights and choices, we may also use the Identity Data as part of our efforts to improve our Services, and we may process the Identity Data and Contact Data in connection with marketing communications.

SaaS Services

We may process Identity Data, Contact Data, Financial Data, and certain Sensitive Data (if provided by the Client) in connection with our Clients use of our SaaS Services in connection with fund administration services.

We process the Identity Data, Contact Data, Financial Data, and Sensitive Data on behalf of our Clients when our Clients use our Services. For example, our Clients may use our Services to generate financial reports, request payments and distributions to Clients’ limited partners, or provide other similar services. In addition, and subject to your rights and choices and the limitations of any Services Agreement, we may also use this information (excluding Financial Data and Sensitive Data) as part of our legitimate interests in improving the design and functionality of the Services, for security purposes, and for other business purposes described below.

Contact Us Forms

We process Identity Data, Contact Data, and User Content if you choose to contact us through our Site. We may receive that data from a third party if and to the extent provided to us by a third party (e.g. contact or communications platforms). We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matters. Subject to your rights and choices, we may also use Identity Data and Contact Data to in connection with Marketing Communications, if relevant to your request, such as when you request more information about our Services.

Marketing Communications

We may process Identity Data, Device/Network Data, and Contact Data when you are enrolled to receive, and when you open or interact with, our electronic marketing communications. Note, you may be enrolled with your consent or, where allowed, in connection with an information request or other interaction with our Services and services. Subject to your rights and choices, we may use the Identity Data, Device/Network Data, and Contact Data to improve our services and in connection with marketing communications.

Internal Employment Applications

We may process Identity Data, Contact Data, Professional Data, and User Content in connection with your application to be an employee, contractor, or otherwise join our team. We process this Personal Data primarily in connection with the assessment and creation of the personnel relationship, and to the extent permitted by applicable law, or with your consent or where authorized by law, and subject to your rights and choices, we may process Personal Data in accordance with our legitimate business interests, as follows:

• We may use your Contact Data as necessary to process your application, contact you regarding this or other future application/vendor/work opportunities, or similar matters.
• The assessment of your application may involve the creation and processing of data we create in order to evaluate your prospective engagement, assess skills alignment, qualifications, and similar matters.
• To the extent permitted under applicable law, the processing of your Personal Data in connection with application evaluation may involve the use of automated technologies that may extract relevant information and rate applications based on their conformity with our requirements. In some cases, automated processing may reject or place a low rating on applications that are found to not meet requirements of a given engagement.

Please Note: Once you are engaged or employed, your Personal Data may be subject to applicable internal privacy policies.

Cookies and Similar Tracking Technologies

We, and certain third parties, may automatically collect and process Identity Data, Contact Data, and Device/Network Data when you interact with cookies and similar technologies on our Services. We may receive this data from third parties to the extent allowed by that party. Please note that the privacy policies of third parties may also apply to these technologies and the Personal Data collected through them.

Subject to your rights & choices, we may use this information as follows:

• for “essential” or “functional” purposes, such as to enable certain features of the Services, or keeping you logged in during your session;
• for “analytics” and “personalization” purposes, consistent with our business interest in how the Services are used or perform, how users engage with and navigate through our Services, what sites users visit before visiting the Services, how often they visit the Services, and other similar information, as well as to greet users by name and modify the appearance of the Services to usage history, tailor the Services based on geographic location or Client, and understand characteristics of users in various technical and geographic contexts; and
• for “retargeting” or similar advertising purposes on our Site, so that you can see advertisements from us on other websites. These technologies and the data they collect, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Sites. These tracking technologies may also help prevent you from seeing the same advertisements too many times, and help us understand whether you have interacted with or viewed ads we’ve delivered to you. This data collection may take place both on our Sites, as well as and on third-party websites that participate in the ad network (e.g. including as part of advertisements delivered by that ad network on a third party website).

Note:     Some of these technologies can be used to identify you across platforms, devices, sites, and services.

Business Purposes of Processing

In addition to the processing described above, we generally process Personal Data for several common purposes in connection with certain business purposes, and in accordance with our legitimate interests, as described below.

Service Provision and Contractual Obligations

We process any Personal Data as is necessary to provide the Services, and as otherwise necessary to fulfill our obligations to you, e.g. to provide you with the information, features, and services you request. We may also use Personal Data to fulfill any contracts we have with you.

Internal Processes and Services Improvement

We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interest in improving the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to Services use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Data to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Users. This processing is subject to users’ rights and choices.

Personalization

We process certain Personal Data as necessary in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Services may be customized to you so that it displays your or a Client’s name, to reflect appearance or display preferences, display recent or commonly used features or data, or other similar functionality.

Aggregate Analytics

We process Personal Data as necessary in connection with our legitimate business interest in the creation of aggregate analytics relating to how our Services are used, the products and services our users purchase, to create service delivery metrics, and to create other reports regarding the use of our Services, and other similar information and metrics. The resulting aggregate data will not contain information from which an individual may be readily identified.

Security and Incident Detection

Whether online or off, we work to ensure that our Services are secure, and we work to prevent fraud on our Services. We may process any Personal Data we collect in connection with our legitimate business interest in ensuring that our properties and locations are secure, to identify and prevent crime, security events, and ensure the security of our users, Client Data, and our IT systems. Similarly, we process Personal Data on our Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information and physical security activities.

Compliance, Health, Safety & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data subject to this Privacy Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Other Processing of Personal Data

If we process Personal Data in connection with our Services in a way not described in this Privacy Policy, this Privacy Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Clients

We process data on behalf of Clients, and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, any communications sent using our and all other Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.

Partners

In limited cases, we may share your Personal Data, such as Identity Data or Contact Data with business or marketing partners in connection with promotions, events, products, and services that are promoted, managed, supported, or otherwise undertaken with that third party. If appropriate, these parties may engage in marketing communications.

Service Providers

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc.).

Corporate Events

Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Affiliates

In order to streamline certain business operations, marketing activities, services, offers, and other content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use or a customer agreement, or in the vital interests of us or any person. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Your Rights & Choices

Your Rights

Applicable law may grant you rights in your Personal Data. These rights vary based on your location, state/country of residence, and may be limited by or subject to our or our Clients’ rights in your Personal Data. In cases where we process Personal Data on our own behalf, you may exercise rights you have by contacting us at 535 Boylston St, 6th Floor, Boston, MA 02116 (attn: Rights Request) or support@arkpes.com (subject line: Rights Request).

All rights requests we receive directly must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you log in to your account or verify that you have access to your account or the email on file in order to verify your identity.

While we may notify Clients of your request, we are unable to directly fulfill rights requests regarding Personal Data we control or for which we have the necessary rights of access, and we may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request.

For information regarding your California Privacy Rights, please see below. Residents of the EU/EEA/UK/Cayman Islands may wish to review the “Additional Information for EEA/UK/Switzerland/Cayman Islands” section below.

Your Choices

It is possible for you to use some of our Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process, which you may exercise by contacting us as described above.

Consent:                         If you consent to processing, you may withdraw consent any time, to the extent required by law.

Marketing communications:  You have the choice to opt-out of processing related to marketing communications or to withdraw your consent if marketing communication was initiated through consent. You may exercise your choice via the “unsubscribe” links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech:    If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Privacy Policy, or Google Analytics Opt-out. Our Site does not respond to your browser’s do-not-track request.

Other Processing:               You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. Note that we may not be required to cease processing based solely on an objection.

Security

We follow and implement reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

Data Retention

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate and requested.

Minors

Our Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.

International Transfers

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. may not provide the same legal protections guaranteed to Personal Data in foreign countries. Contact us for more information regarding transfers of data to the U.S.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of our Services following notice of any changes indicates acceptance of any changes.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

General inquires:               support@arkpes.com

Physical address:               Ark PES, Inc.

535 Boylston St, 6th Floor

Boston, MA 02116

Additional Information – EU, UK, SWITZERLAND, CayMAn ISLANDs

Legal Basis for Processing:

Our processing of your Personal Data is based on one of a number of legal conditions. Generally, these will be: (i) your consent (for example, to place cookies which process Personal Data, or for marketing from our third-party partners); (ii) the performance of our contract with you (e.g. to process a payment from you or deliver requested services); (iii) compliance with a legal obligation (e.g., where we are required to disclose information to a court or a tax authority); and (iv) our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., where we carry out our own direct marketing to existing subscribers, subject to your right to opt-out of this at any time).

Your Rights

Subject to applicable law, as a resident of the EEA/UK/Switzerland/Cayman Islands, you may have some or all the following rights regarding your Personal Data. You may submit requests to support@arkpes.com (subject line: Rights Request).

Access:                           You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law.

Rectification:                    You may correct any Personal Data that we hold about you to the extent required and permitted by law.

Delete:                            To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Contact us as part of your request to determine how your Personal Data will be erased in connection with your request.

Data Export:                   To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Right to Object:                 Where we process Personal Data on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim.

Right to Restrict:               You may have the right to restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.

Automated Processing:        To the extent we process Personal Data using automated means (if any), or where otherwise required by law, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.

Regulator Contact              You may have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

Transfers to the United States

EEA/UK/Swiss/Cayman Island residents should be aware that we are a US headquartered company and your Personal Data will routinely be transferred to and stored in the United States for processing. In relation to both internal transfers and the use of affiliates, service providers, or suppliers, if Personal Data is transferred to third countries, we will take steps to ensure that the information receives an adequate level of protection, including by entering into data transfer agreements, using the “Standard Contractual Clauses,” other recognized “adequacy” decision, or relevant derogations under applicable data protection law. You have the right to details of the mechanisms under which your data is transferred outside the EEA/UK/Switzerland/Cayman Islands, and may contact us for additional information regarding the applicable to the processing of your personal data.

EU-U.S./Swiss-US Privacy Shield

We comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries, the UK, and Switzerland. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU/Swiss/UK residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU/Swiss/UK residents’ data to the extent required by law. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the certification page, please visit https://www.privacyshield.gov. You may view the list of Privacy Shield companies here. We encourage users to contact us if you have any concerns about our compliance with this Privacy Policy and the Privacy Shield Framework. In compliance with the EU-U.S./Swiss-U.S. Privacy Shield Principles, we commit to resolving complaints about your privacy and our collection or use of your Personal Data. EU/Swiss/UK residents with inquiries or complaints regarding this Privacy Policy should first contact us at the address below. We will respond to complaints from EU/Swiss/UK residents within 45 days. If any complaints by EU/Swiss/UK residents cannot be resolved informally, we have agreed to participate in the JAMS dispute resolution procedures pursuant to EU-U.S./Swiss-U.S. Privacy Shield principles. EU/Swiss residents with unresolved complaints may refer them to may refer them to JAMS here. Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. As a U.S. company, we are also subject to the investigatory and enforcement power of the FTC regarding our compliance with the Privacy Shield Framework and this Privacy Policy, and users may direct complaints to the FTC in the event the dispute resolution processes described above is unsatisfactory.

Your California Privacy Rights

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights, subject to your submission of an appropriately verified request (see below for verification requirements). Please note, as a B2B provider and employer, we may not be obligated under CCPA to fulfill these rights in some contexts, and we reserve the right to deny requests to the extent allowed by applicable law.

Privacy Rights

Right to Know

You may have the right to request any of following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Right to Delete

You may have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.

Right to Non-Discrimination  

You may have the right to not to receive discriminatory treatment as a result of your exercise of any rights conferred by the CCPA.

Direct Marketing        

You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year.

Opt-Out of Sale

If we engage in sales of Personal Data (as defined by applicable law), you may direct us to stop selling or disclosing Personal Data to third parties for commercial purposes. At this time, we do not sell (as defined by the CCPA) Personal Data.

Submission of Rights Requests

You may submit requests to support@arkpes.com (subject line: Rights Request) (see below for summary of required verification information).

Verification of Rights Requests

All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity.

Agent Requests

Agents should submit requests to the email above, along with information supporting their authorization to act on the consumer’s behalf. We may contact individuals to validate the agent’s authority to act on their behalf, and may require that individuals to validate their identity directly if the agent does not have property authority or for any appropriate security or compliance purposes.

Supplemental Data Processing Disclosures

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data, Contact Data, Transaction Data, Device/Network Data, Professional Data, and User Content.

Data Sale

For purposes of the CCPA, we do not “sell” your Personal Data.

Right to Know