We want our customers to understand what information we collect and how we use it. We will continue to adhere to the privacy policies and practices described in this notice even after your account is closed or becomes inactive.
We collect personal information from clients and prospective clients in order to open accounts and to provide them with Record-keeping Services, Custodial Services, and Investment Advisory Services (the “Services”) in our online software (the “Platform”). In addition, we may collect limited personal information from consumers visiting our website in order to allow us to provide them with additional information about the services that we offer. We do not sell personal information to anyone. We use reasonable efforts to protect the security and confidentiality of the personal information we collect. We do not share your information for marketing purposes.
In order to conduct our regular business and/or to market our products and services, we may collect NPI such as:
- Your name, alias, date of birth, Tax ID number, citizenship and passport number, visa information, home address, telephone number, email address, social security number, bank account number, bank routing number, bank account login credentials, bank name, employer name, employment status, and job position.
- Whether you are a “politically exposed person,” whether you are a “control person” (pursuant to FINRA Rule 3210), annual income range, total net worth range, and other information as appropriate for our legitimate business needs.
- We may collect information derived or resulting from voluntary surveys.
- We may record any customer service calls or correspondence and maintain such recordings to better improve our Services.
- We may also collect Personal Information when you voluntarily provide us with Personal Information as a Visitor.
As a registered investment adviser, we must comply with SEC Regulation S-P, which requires registered advisers to adopt policies and procedures to protect the “non-public personal information” of natural person consumers and customers and to disclose to such persons policies and procedures for protecting that information. The purpose of these regulatory requirements and privacy policies and procedures is to provide administrative, technical, and physical safeguards which assist our employees in maintaining the confidentiality of NPI collected from clients of the Icon.
All NPI, whether relating to our current or former clients, is subject to these privacy policies and procedures. Any doubts about the confidentiality of client information must be resolved in favor of confidentiality. For these purposes, NPI includes non-public “personally identifiable financial information” plus any list, description or grouping of clients that is derived from non-public personally identifiable financial information. Such information may include personal financial and account information, information relating to services performed for or transactions entered into on behalf of clients, advice provided by Icon to clients, and data or analyses derived from such NPI.
We will not disclose any NPI about a client or prospective client to any third parties, other than its service providers, agents, representatives, and/or affiliates, or as permitted or required by law. We may disclose client or prospective client information for our everyday business purposes such as those listed below, and to process transactions, maintain accounts, respond to court orders and legal investigations, or as otherwise permitted by law.
Among other things, the law permits us as it may be necessary in the course of managing client accounts, to disclose such information for purposes of engaging in securities transactions or account maintenance on behalf of clients, complying with anti-money laundering laws, preparing statements and reports for clients, and determining whether a client meets the regulatory, suitability, or other requirements to make a particular investment. We will only give client or prospective client NPI to third parties as permitted by law, such as, for example:
- To retirement and investment product administrators, custodians, and other service providers as needed to engage in securities transactions in client accounts;
- To other service providers as directed by clients or prospective clients, such as accountants, lawyers, etc.;
- To service providers who may operate on our behalf, or assist us in the technical operation of, information technology systems, including our website, network, or databases;
- To specified family members and/or representatives (as authorized by law and/or the client); and
- To third-party software providers, consultants or other service providers as needed to provide requested services.
- Online Information and Collection: You can visit our public website without telling us who you are and without revealing anything about yourself, including your email address. However, web servers collect the name of the domain you used to access the Internet. We also collect the web site you came from and measure the number of visits, average time spent and other data about visitors to our web site. We use this data to monitor site performance and to make the site easier and more convenient to use.
- Session cookies are stored temporarily on the memory of your devices while you are visiting the website and are erased once you close your browser.
- Persistent cookies are stored for a predetermined amount of time, which varies from cookie to cookie. It is longer than the session cookies; however they also expire after some months. They aid us to understand whether you have previously visited our website or similar sites in the past.
- First Party cookies are set directly by the website or by any of the subdomains of the website.
- Third Party cookies are set by websites not managed by us, such as our subprocessores or other technology partners.
- You have the right to accept or reject cookies when you use the website. You may exercise your cookie rights by setting your preferences in the Cookie Consent Manager, which can also be found linked on the notification banner on the website. While you cannot reject essential cookies because they are necessary to provide you with access to the website, you may select other categories of cookies (i.e., analytics cookies, and marketing cookies) that you wish to accept or reject. You may still use the website if you choose to reject any or all these categories of cookies, but access to certain website services or functionality may be restricted.
- Email Communications: If you provide your email address to us on our site, we may send you email communications that may be useful to you, including information about our products, services or third parties. You will be given the option to not receive such email messages.
- Security: The security of your Personal Information is of utmost importance to us. Icon handles sensitive financial customer data, so we’ve taken steps to secure critical systems and information. For example, we use encryption to protect and secure all of your information, from personal data (like your social security number) to your transaction history. We take commercially reasonable technical, administrative, and physical safeguards to protect information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. You can read more about our security program at https://iconsavingsplan.com/security
- Visitors and Registered Users: As a visitor to our website, you may have access to certain features without telling us who you are or revealing any information about yourself. Our website includes the option to provide your contact information to us. If you provide personal information to us, it will be used to provide communication to you regarding our services. We may require you to become a registered user in order to gain access to and use features of our websites. Once you become a registered user, we may collect personal information when you use our website.
Client records will be retained by us for at least 5 years after the year in which the record was produced, or longer as otherwise required by law. With respect to disposal of non-public personal information, we will take reasonable measures to protect against unauthorized access to or use of such information in connection with its disposal.
We take the privacy and confidentiality of all clients and personnel very seriously. Icon will continue to make, and document, any changes needed to promote the security of non-public information.
Global Data Protection Regulation (GDPR)
If you reside in the EU/EEA, you may have the following rights with regard to your personal information:
- Right of information and access – You have the right to access your Personal Information we have about you and to be provided with a copy of your Personal Information.
- Right to rectification – You have the right to correct or update your inaccurate or out of date Personal Information.
- Right of erasure – You have the right to request that your Personal Information be permanently erased/deleted.
- Right to restrict processing – You have the right to restrict the processing of your Personal Information.
- Right to object to processing – You have the right to object to specific types of processing of your Personal Information.
- Right to portability – You may ask to receive a portable copy of your personal information in a format that may be transferred to another organization.
- Right not to be subject to decisions based solely on Automated Decision Making – You have the right not to be subject to decisions based solely on automated processing.
- Right to complain to a data protection authority – You have the right to complain to a supervisory authority in the country in which you reside, details of which can be provided upon request.
- Right to withdraw consent – If you have given us consent to collect or process your Personal Information, you may withdraw that consent at any time.
- The Right to Non-Discrimination – We may not discriminate against you if you exercise your privacy rights.
If you wish to exercise any of these rights please submit a request using the “Contact Us” section below.
We may charge a reasonable fee if your request is not valid under applicable law, repetitive or excessive. We may also request additional information from you in order to verify your identity before processing your request.
Personal Information may be transferred from users residing in the European Union to our servers, partners, or vendors located in the United States and other non-EU countries where there may not be an adequacy opinion issued with respect to that country. We have taken appropriate safeguards to ensure that Personal Information remains protected wherever it is transferred.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) allows California residents, upon a verifiable consumer request and subject to applicable exemptions, to request that we give you access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that we have collected about you, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared.
California residents also have the right to submit a request for the deletion of the information under certain circumstances. Consistent with California law, Icon will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services. To submit a data request, please contact us by following the instructions in the “Contact Us” section below. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required.
Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification.
California law permits consumers who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those third parties. Icon does not share Personal Information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your Personal Information to third parties for their direct marketing purposes by withholding consent.
Children’s Online Privacy Protection Act
The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children who are under thirteen (13) years of age. We do not knowingly collect or solicit personally identifiable information from children under eighteen (18) years of age; if you are a child under eighteen (18) years of age, please do not attempt to register for or otherwise use the Services or send us any personal information. If we learn we have collected personal information from a child under eighteen (18) years of age, we will delete that information as quickly as possible. If you believe that a child under eighteen (18) years of age may have provided us personal information, please contact us using the instructions below.
Or in writing at:
Icon Savings Plan
1631 NE Broadway St., #815
Portland, OR 97232