Privacy and cookies policy
Prospective and Existing Clients, Vendors, Agents, Third-Parties and their employees or representatives (as applicable)
January 2023
Data Protection Privacy Notice
As a financial company with a global presence, Mesirow Financial Holdings, Inc., and its affiliates and subsidiaries (collectively, “Mesirow” or “we”), is subject to various data privacy laws and regulations depending on the type of information and jurisdiction. As such, not all sections of this Privacy Notice are applicable to every individual. The privacy of the information you provide to us is important, and we want to assure you that we are committed to protecting your privacy. Mesirow is the controller of the personal data and this Privacy Notice outlines the types of information we may gather about you, how we use it, and with whom we might share it. We urge you to read this Privacy Notice, so that you will understand our commitment to you and to your privacy.
WHAT IS PERSONAL INFORMATION?
Definitions of personal information can vary depending on the jurisdiction; however, personal information generally means any information about you from which you can be identified. Examples of personal information include your name, home address, social security number, date of birth, telephone number, and e-mail address, but it also includes other pieces of information which can be used to identify you, either directly or indirectly, such as a computer cookie.
THE TYPES OF INFORMATION WE COLLECT
In order to provide services to customers and develop new customer relationships, we may collect the following:
- Information contained in applications and other forms including, but not limited to, your name, alias, address, social security number, family member information, beneficiaries, occupation, education, birth date, email addresses, telephone numbers, bank account numbers, driver’s license, passport, assets, and income;
- Information concerning your relationships with us such as products or services purchased from us, account balances and transactions and payment history;
- Information from consumer reporting agencies such as credit bureau reports and related history;
- Information from visits to our website such as site visitorship data, and online data collection devices known as "cookies";
- Business contact information such as name, email address, and telephone number;
- Information required for us to meet legal and regulatory requirements including, without limitation, information with respect to anti-money laundering regulations, such as the source of funds; and
- Any other information you may provide to us.
When you are no longer our customer, we may continue to share your information as described in this notice.
We do not collect any special categories of personal data. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic or biometric data.
Our products and services are not intended for children, and we will not knowingly collect any data related to children unless they are a beneficiary in which case we will only collect and use the information as required to perform our obligations to the associated client.
Consequences of not providing some types of information
Where we need to collect your personal information by law, or under the terms of a contract we have with you, and you fail to provide that information when asked, we may not be able to provide the goods or services you requested. In this case we may have to cancel the product or services but we will tell you if this is the case.
How do we collect information about you?
Typically, we will collect information from you when you contact us directly or provide information in order for us to provide our products and services and we use your information in ways that are compatible with the purposes for which we originally requested it. We collect information from and about you in the following ways:
Through direct interactions when you give us your personal information by filling in forms or during correspondence with us. This includes when you:
- Apply for our products and services;
- Subscribe to our services;
- Create an account;
- Meet with us in person or talk to us face to face;
- Complete questionnaires, for example to give us feedback;
- Engage with us in connection with your employment at one of our vendors, contractors or counterparty banks;
Through using our website when we collect information using cookies or similar technologies which tell us about your equipment, browsing actions and patterns.
Through third parties such as credit reference agencies and fraud prevention agencies.
How we will use your personal information
We use personal information in ways that are compatible with the purposes for which we originally requested and obtained it. Mesirow does not share your personal information with unaffiliated companies except as provided in this Privacy Notice. Mesirow will only grant access to your personal information to those employees who have a business purpose for accessing such information.
We set out in the table below the ways in which we plan to use your personal information. Most commonly, we will use your information in the following ways:
- We have a contract with you. For example, we have agreed to provide financial advice or to manage investments for you and have a contractual agreement to do this.
- We have a legal obligation. We need to use your personal information to comply with laws that assist in the prevention of financial crime and to comply with regulatory obligations. For example, this might include confirming your identity and source of wealth, as well as ensuring we provide you with necessary information so you understand the risk of the financial services we can provide.
- We have asked for, and you have provided, consent to use your information. Please note that you can withdraw your consent at any time – this is part of how the law protects your interests.
- We, or a third party, have a legitimate interest in processing the information and your interests and fundamental right do not override those interests. For example, processing your information to prevent fraud.
We set out in the table below all the ways in which we plan to use your personal information and the legal bases we rely on to do so. We also explain what our legitimate interests are where appropriate:
Purpose | Lawful basis for processing including our legitimate interests |
To on-board you (or your employer) as a new customer, service provider, or counterparty | To fulfill our contract with you (or your employer) To fulfill our legal obligations to prevent financial crime |
To manage your account | Necessary for our legitimate interests – to recover debts due to us |
To provide services to you (or your employer) | To fulfill our contract with you (or your employer) |
To monitor your investment on an on-going basis | To fulfill our contract with you |
To meet our legal or regulatory obligations to provide you with regular information about your investment | To fulfill our regulatory obligations |
To meet our legal or regulatory obligations to provide information to regulators, law enforcement agencies, courts | To fulfill our regulatory obligations |
To correspond with you as an employee of one of our customers, service providers or counterparties in connection with performing contractual obligations with your employer | To fulfill contractual obligations Necessary for our legitimate interests – to communicate with representatives of our customers, service providers and counterparties |
To contact you about other products and services we think you (or your employer) may be interested in | Necessary for our legitimate interests – to develop our products and services and grow our business. |
To communicate with employees of service providers, agents or counterparty banks to establish relationships that are necessary to operate our business and service our clients | To fulfill client contracts Necessary for our legitimate interests – to access business relationships required to operate our business |
To verify your identity as a visitor on our premises or for general security monitoring at our office locations. | Necessary for our legitimate interests – to ensure the security of our systems, staff and premises. |
Opting out
You are free to change your mind at any time pursuant to the above by contacting the Mesirow Compliance Department and sending a written request to:
Compliance Department #10
353 North Clark Street
Chicago, Illinois 60654
The request should provide the following information:
- Your name,
- address,
- social security number or equivalent,
- birth date,
- and list of all accounts and services you have with us, so that we can identify all of our relationships with you.
You cannot opt out on behalf of another customer, unless you are a joint account holder with that person. To opt out for another joint account holder, you must provide the joint account holder’s name address, social security number, and birth date.
Marketing
We will use your personal information for marketing activities in accordance with applicable laws.
Where applicable under the EU General Data Protection Regulation (GDPR), we can use your personal information to send you communications if we believe we have a ‘legitimate interest’. We are required to make an assessment with regards to the benefits for us weighed against how appropriate it is to contact you in this way and whether it would be unfair to you. We believe that as a commercial enterprise we do have a legitimate interest in contacting you about our products or services and we will only do so if we decide it would be of interest or beneficial for you.
You are free to change your mind at any time pursuant to the above by contacting the Mesirow Compliance Department and sending a written request to:
Compliance Department #10
353 North Clark Street
Chicago, Illinois 60654
Third-Party marketing
The Mesirow website and its communications to clients may contain links to other websites that are not affiliated or controlled by Mesirow. Mesirow does not endorse any products or services that may be referenced in these websites and is not responsible for the security or privacy practices of such sites. Further, Mesirow cannot provide assurances that any Internet communications utilized with clients have not been compromised or misused.
Cookies
Cookies are small text files placed on your computer (or other device where you access the internet) used to collect information on your activities online. They can also be used as part of website functionality so you should be careful about accepting, deleting, or removing them. We can collect information about the device you are using to access the internet, your IP address and website browser (for example). Cookies can tell us what information you were looking at and for how long. Which internet sites interest you are useful for us, particularly for marketing our products and to ensure we are delivering the right service to clients.
If you have concerns about cookies this web site explains how you can delete and control the cookies that are stored on your computer: aboutcookies.org
To whom we disclose your information
Be assured that Mesirow does not sell personal information to anyone. In addition, we treat the personal information of our former clients and business contacts in the same manner as we treat the personal information of our current clients and business contacts. We also reserve the right to disclose your personal information in certain circumstances where we feel that disclosure is required or permitted by law such as to the Internal Revenue Service, courts, government request, parties to lawsuits, credit bureaus, etc. to assist law enforcement officials or officials of regulatory agencies, to perform credit checks or collect monies owed to us, and to protect our rights and property. State and international laws and individual companies may give you additional rights to limit sharing.
Mesirow reserves the right to change this Privacy Notice at any time without notice.
Please refer to the table in the section ‘How we will use your personal information’ which explains how we use your data. The third parties we disclose your information with are as follows below. The personal information that is disclosed to these third parties will depend upon the services provided by such third party.
- Financial service institutions, such as mutual fund companies, securities brokers, joint ventures, and banks, with which we have joint marketing agreements.
- Financial service institutions with which we have trading relationships.
- Companies and their agents that are under contract to perform services for us or on our behalf such as vendors providing data processing, computer software maintenance, web portal services, contact relationship management systems, auditors, administrators, development, transaction processing, and marketing services.
Storing your information
We will retain your personal information in accordance with applicable laws and internal record retention policies for so long as it is needed.
When we decide how long we will retain your personal information, we will take into account the amount, nature, sensitivity of your information and how we want to use it as well as the potential risk of harm being caused from unauthorized use or disclosure. Subject to legal and record retention requirements, we will not retain your personal information for longer than is reasonably necessary for the purpose for which it was collected.
Information we receive from third-parties
While providing services to its clients, in order to provide such services, Mesirow may receive sensitive personal information from third party clients. Unless Mesirow receives information otherwise, Mesirow will treat any information as if the owner of such information approves of Mesirow having access to it.
Sending your information outside of the EEA
Certain regulations have been put in place throughout the European Economic Area (EEA) to protect the privacy of the personal information of EU residents. With respect to individuals covered by such regulations, we may send your information to third parties who are based outside of the EEA, however we will only share your information with them because the following safeguards have been put in place:
- The country we send your information to is deemed to provide an adequate level of protection by the European Commission;
- The information is being transferred between organizations which are engaged in the same economic enterprise, or within our corporate group, and we have an agreement in place which sets out how your privacy will be protected and embedded processes to protect your privacy, including data encryption; or
- The United Kingdom left the European Union on December 31, 2020 as a result the UK will now be subject to the UK GDPR, therefore we will ensure that that transfers between the UK and US will be assessed and we will not transfer your data unless we are satisfied that equal protections ensue. This will also apply to countries subject to EU GDPR.
You can obtain further information on the specific mechanism used by us when transferring your personal information outside of the EEA by contacting the Mesirow IT Department at ITGovernance@mesirow.com.
Your rights – GDPR
Your data protection is important to us, and we strive to comply with applicable rules in the jurisdiction you are employed in as well as those of the countries we may store or send your information. If applicable, you are provided with a number of different rights under the GDPR in relation to your personal information. These allow you:
- To access your information;
- To request we correct your information;
- To request that we erase your information;
- To object to the processing of your information;
- To request a restriction in the processing of your information;
- To request a transfer of your information; and
- To withdraw your consent.
If the GDPR applies to you and you wish to exercise any of these rights please contact the Compliance Department at Compliance4@mesirow.com. Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or we may refuse to deal with your request. We may also need to seek further information from you to confirm your identity before we release any personal information. This does not affect your right to make a complaint.
Your rights – California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Under the CCPA and the CPRA, California residents are granted certain rights related to the personal information held by a business. These rights also apply to certain categories of sensitive personal information, such as your social security number, driver’s license number and financial account information, including account log-in information, that Mesirow collects and retains in connection with the services that it provides. If applicable, these rights include:
- To request that we disclose personal information we have collected about you and sources;
- To request that we delete your personal information;
- To request that we correct your personal information;
- To request to limit the disclosure or use your personal information;
- To request that we disclose the business purpose for collecting your personal information; and
- To request that we disclose the categories of your personal information we shared with third parties and the categories of third-parties with whom we share your information.
If the CCPA/CPRA applies to you and you wish to exercise any of these rights please contact the Compliance Department using the contact information provided below. We may need to seek further information from you to confirm your identity before we release any personal information. This does not affect your right to make a complaint. We do not discriminate against consumers because they have exercised any of the consumer rights in the CCPA/CPRA. We do not “sell” or “share” your personal information as these terms are defined in the CCPA/CPRA.
Even if you request to opt out or limit the disclosure or use of your personal information, Mesirow may continue to retain and use such information as necessary to perform the services reasonably expected by an average consumer who requests those services.
Security and business continuity planning
We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We have implemented certain physical, electronic, and procedural safeguards to ensure that access to personal information is limited to the appropriate employees. Moreover, Mesirow requires its employees to protect your personal information and keep it confidential. We also have a procedure to deal with any suspected personal data breach and will notify you, and other regulators, where we are legally required to do so.
Mesirow has also developed a business continuity plan to protect clients and employees in the event of an emergency or significant business disruption. The plan is designed to help prepare for securing employees’ safety and Mesirow property, making financial and operational assessments, promptly recovering and resuming operations, protecting books and records, and allowing clients access to funds and securities. The plan also addresses the regulatory, compliance, legal, and operational risks posed to the company in the event of a significant disruption or catastrophic incident.
The business continuity plan considers various scenarios that range in severity from a firm or building only disruption to a broad emergency situation on a local or regional level. For example, the in the event any Mesirow office locations are inaccessible, alternative locations are established and prepared to facilitate business operations. Mesirow has redundancies in place for business-critical systems and believes that it can usually be able to resume business with the same day as the disruption. Mesirow’s goal in all situations is to return to normal business conditions as soon as possible with minimal impact on our clients and employees.
Mesirow conducts annual Disaster Recovery and Business Continuity tests during the year to validate technical procedures documentation, service provider capabilities, and the readiness of their execution should a catastrophic event render Mesirow’s systems and operations environment inoperable.
Mesirow’s business continuity plan is subject to change at any time without notice. However, notwithstanding the above, Mesirow does not guarantee that for every disaster or business disruption, such plans will be successfully implemented or that such plans will be sufficient and appropriate to avoid, deter, or mitigate the disaster or business disruption.
Contact us1
Updates to this Privacy Notice will be made available on our website at mesirow.com
If you have any questions about this Privacy Notice, the information we hold about you, or would like to submit a request in connection with this Policy, please contact our Compliance Department using the details set out below:
Mesirow
Attn: Compliance Department
353 North Clark Street
Chicago, Illinois 60654
Toll-Free: 1.800.453.0600
Phone: 312.595.6000
Email: Compliance4@mesirow.com
1. If you are covered by the EU General Data Protection Regulation (GDPR), you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would however appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.