Post Advisory Group LLC's Global Privacy Statement

Last updated: June 2023

Post Advisory Group and its affiliates and subsidiaries ("Post," "we," "us," or "our") respect the privacy of your personal information (i.e., information that may directly or indirectly identify you, as further described below) ("PI"). This Global Privacy Statement ("Privacy Statement") describes our practices regarding the collection, use, and disclosure of your PI, including sensitive personal information (as further described below), when you visit our Post website (the "Site"), when you communicate with us via email, when you register to attend our webinars or online events, and when you engage with us offline (collectively, the "Services").

This Privacy Statement is provided in a layered format so you can click through to the specific areas set out below. You can also download a version of the Privacy Statement (PDF).

This Privacy Statement also provides information about your rights in relation to the processing of your PI, including for residents in California and residents in the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland. Please note: The applicability of certain sections of this Privacy Statement will vary by law and jurisdiction. As a result, not all provisions of this Privacy Statement will apply to all users or all of certain users' PI.

For the purposes of European, UK, and Swiss data protection laws, when applicable, Post is the controller of your PI as further described in this Privacy Statement. A list of Post affiliates can be found in the Annex of this Privacy Statement.

References to "you" or "your" refers to individuals whose PI is processed by Post, including Site and App users, customers, and beneficial owners of an organization or entity in connection with:

  • the provision of financial services to potential or actual customers;
  • transactions to which we are party; or
  • services provided to us through a third-party vendor.

By accessing the Site and using our Services, you agree to our collection and use of your PI as described in this Privacy Statement. However, your use of the Services does not equate to consent for the processing of your PI for purposes of European, UK, and Swiss data protection laws.

Personal Information We Collect – Sources and Categories

In the 12 months preceding the date of this Privacy Statement, we may have collected your PI in a number of ways, including:

  • when you provide it to us, including in connection with a Post product or service you have purchased or are considering, such as a completed insurance or investment application form, or where you contact us in relation to a query you have;
  • if you are a representative of an organization or entity that is a client or vendor of Post, and that organization or entity provides us with your PI;
  • throughout the course of our relationship with you, including when you change your details, provide additional PI, or when the services we are providing to you change;
  • from public sources where you have manifestly chosen to make your PI public, including via public profiles on social media; and
  • from third parties such as credit reference agencies, or third parties that you direct or authorize to share information with us.

Please note that, where we receive your PI from a source other than directly from you, Post cannot ensure the accuracy of such PI.

The categories of PI we may have collected from these sources during the 12 months preceding the date of this Privacy Statement, and will continue to collect, include the following:

  • Personal identifiers: e.g., name, residential address, email address(es), social media handle, telephone number(s), government identification documentation and numbers, date of birth, nationality, gender, and signature.
  • Professional information: e.g., name of current employer, job title, work address, work telephone number(s), work email address, and professional and academic history.
  • Financial information: e.g., bank account number, account balance, income, assets, and liabilities.
  • Profile information: details about your accounts that you have with us and other details of products and services you have purchased from us, such as your account or policy number, investments, and username, password, and email address for our online services that you have access to.
  • Technical information: We may receive confirmation when you open an email from us.
  • Electronic monitoring information: to the extent permitted by law, we may record and monitor your electronic communications with us and visits to our premises via the use of CCTV recordings; and
  • Sensitive Personal Information ("SPI"): In limited circumstances, and where allowed by law, SPI about you. Please note, you are prohibited from sending us SPI, or instructing others to do so on your behalf, that we did not request or is not needed for us to perform services for you.
  • Demographic information: In some circumstances, we may collect demographic data about you (e.g., household information and marital status).

We may also collect any other PI from you to the extent that you voluntarily disclose such PI to us.

Unless we otherwise indicate that the provision of specific PI is optional, any PI we request from you, your organization, plan sponsor, or other associated entity will be related to the products and services requested by you or on your behalf. If you do not provide the PI requested, we may not be able to provide those products or services, accept or progress your submission of interest, fulfill your request, or respond to your communications more generally.

Purpose and Legal Basis for Processing Your Personal Information

We will only use your PI in accordance with applicable law and in the following circumstances:

Categories of PI Processing purposes Legal basis for processing
Personal identifiers; Professional information; Financial information; Profile information; Technical information; Electronic monitoring information; SPI; Demographic information To provide our services to you: To provide our products and services to you, including: (i) providing access to certain areas, functionalities, and features of our Services; (ii) opening an account, or entering into a relationship at your request, including performing anti-money laundering, anti-terrorism, sanction screening, fraud, and other due diligence checks; (iii) liaising with third parties (e.g., brokers for the purposes of executing transactions); and (iv) providing information about our various products and Services With your consent, if required by applicable law, to enter into/perform a contract with you; to comply with our legal or regulatory obligations; to pursue our legitimate interests in providing the requested information and/or information about our processing of your PI in an effective and efficient manner
Personal identifiers; Professional information; Financial information; Profile information; Technical information; Electronic monitoring information; SPI Communication: To contact you about your account, respond to your requests and inquiries, and manage our relationship with you, including recovery of payments, fees, and charges and notifying you about changes to our Terms of Use or our privacy practices (including this Privacy Statement) To enter into/perform a contract with you; to comply with our legal or regulatory obligations; to pursue our legitimate interest to respond to your requests and inquiries for ongoing business administration; and to manage and administer our relationship with you
Personal identifiers; Professional information; Profile information; Technical information; Electronic Monitoring Data Security: To ensure network and information security, including monitoring authorized users' access to our Services for the purpose of preventing cyber-attacks, unauthorized use of our systems and Site/App, prevention or detection of crime and protection of your PI To enter into/perform a contract with you; to pursue our legitimate interests to take measures to secure our Site and App and; and to ensure they are used in accordance with our Terms of Use
Personal identifiers; Professional information; Financial information; Profile information; Technical information; Electronic monitoring information; SPI; Demographic information Legal claims: To defend and enforce our rights, including against legal claims that involve us, and to manage regulatory matters, investigations, data breaches, and/or data subject requests To enter into/perform a contract with you; to comply with a legal obligation, e.g., to respond to an official request or data subject request; and to pursue our legitimate interests to defend and enforce our rights
SPI, including data concerning political opinions and criminal convictions and offences Investment eligibility: To verify your investment eligibility, including determining whether you are a "politically exposed person" To comply with our legal or regulatory obligations

If you are located in the EEA, the UK, or Switzerland: You have a right to object to the processing of your PI where that processing is carried out for our legitimate interests. Please note, however, that we may not be able to fulfill such requests in all instances.

Cookies and Other Technologies

A cookie is a small file on your computer's hard drive. The cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. Our cookies do not give us access to your computer.

You can configure your browser to choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Parties to Which We May Disclose Your Personal Information

The following chart describes the categories of PI that we disclosed to third parties for a business purpose in the 12 months prior to the date of this Privacy Statement:

CATEGORIES OF PI CATEGORIES OF THIRD PARTIES WITH WHICH WE SHARE PI FOR A BUSINESS PURPOSE
Personal identifiers; Professional information; Financial information; Profile information; Technical information; Electronic Monitoring Data; SPI Service providers that provide data security services and cloud-based data storage, host our Sites, and assist with other IT-related functions
Personal identifiers; Professional information; Financial information; Profile information; Technical information; SPI; Demographic information Service providers that assist us in providing or administering our products or services or in otherwise administering our business, and financial professionals (e.g., advisors, brokers, and distribution partners) that help us provide you with our products and services
Personal identifiers; Professional information; Financial information; Profile information; Technical information; SPI; Demographic information Post Advisory Group's affiliates (see the Annex of Privacy Statement)
Personal identifiers; Professional information; Financial information; Profile information; Technical information; Electronic Monitoring Data; SPI; Demographic information Professional advisors, third parties, agents, or independent contractors that provide services to any member of Post (such as IT systems providers, platform providers, financial advisors, brokers, or consultants, including lawyers and accountants)
Personal identifiers; Professional information; Financial information; Profile information; Technical information; SPI; Demographic information Organizations that provide help us to conduct anti-money laundering and anti-terrorist financing checks and to detect fraud and other potential criminal activity
Personal identifiers; Professional information; Financial information; Profile information; Technical information; SPI; Demographic information Your plan sponsor (if applicable), and third parties with whom you or your plan sponsor (if applicable) instruct or authorize us to share data

In addition to the above, we may also disclose your PI in any jurisdiction to:

  • competent authorities (including national or international regulators, law enforcement authorities, tax authorities and courts or other tribunals) or their agents, where Post is required or permitted by law or regulation to do so;
  • any person to whom disclosure is allowed or required by local or foreign law, regulation, or any other applicable instrument; and/or
  • comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property, or safety of others, including to law enforcement agencies and judicial and regulatory authorities.

International Data Transfers

Our U.S.-based Services are generally hosted in the United States, although we may work with service providers in other jurisdictions from time to time. Therefore, when you disclose PI to us, your PI may be transferred outside of the jurisdiction you reside. If you are located in the EEA, UK, or Switzerland, Post may, for the purposes listed in Section II above, transfer your PI to recipients as referred to above that are located in countries outside the EEA, the UK, or Switzerland, including to the United States, and that are not currently considered by the European Commission, UK Government, and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) to provide an adequate level of data protection. In these circumstances, Post will take steps to ensure that the PI is transferred in accordance with relevant data protection laws, including by entering into Standard Contractual Clauses or similar ("SCCs") with the recipient, seeking assurances from the recipient that they have Binding Corporate Rules in place, or otherwise relying on a derogation for the transfer (e.g., where the transfer is necessary for the defense of legal claims).

You can request further information on the data transfer solutions relied upon, including a copy of the SCCs, by using the contact details in Section XIII or the Annex below.

Submitting Data Subject Requests

In accordance with applicable law, you may have certain privacy rights based on the jurisdiction in which you reside. However, please note that the below rights are not absolute and may be subject to exceptions and/or limitations. The exceptions may relate to the types of PI we collect or the nature of our business.

Some privacy laws, such as the California Privacy Rights Act or the EU's and UK's General Data Privacy Regulation, give certain individuals the right to submit certain requests, subject to applicable exemptions or limitations.

You may submit such requests by contacting Post via email or by telephone and we will process such requests in accordance with applicable privacy law. You may submit requests by contacting us at 1-310-996-9600 (please inform our customer service representative of the type of request you wish to submit) or marketing@postadvisory.com. The types of requests provided for by applicable privacy law may include:

  • Right of access: This type of request is to confirm what data is being processed, obtain information about the processing activities, and to receive a copy of your PI;
  • Right to rectification: This type of request is to seek rectification/correction of your PI where it is inaccurate or incomplete;
  • Right to erasure: This type of request is to seek deletion of your PI;
  • Right to restriction: This type of request is to ask that we restrict or suppress the processing of your PI, which means that while we are permitted to store the PI, we cannot otherwise process it;
  • Right to data portability: This type of request is to seek the transfer of certain PI to a third party in machine-readable format;
  • Right to object: This type of request is to object to the processing of your PI, including for any direct marketing purposes; and
  • Right to Withdraw Consent: This type of request is to withdraw your consent, at any time, without hindrance or cost, to prevent further processing of your PI. Please note that withdrawing your consent does not affect the lawfulness of our processing of your PI based on such consent before the withdrawal.

In addition, you may also have the right to lodge a complaint with your local data protection authority.

To protect your privacy, we take steps to verify your identity before fulfilling your request.

California Privacy Rights Applicable to California Residents

California Privacy Rights Act

The California Privacy Rights Act (CCPA) gives California residents rights with respect to their PI. Such rights are limited to PI that is not exempt under the CCPA. The CCPA exempts, for example, non-public personal information that is subject to the Gramm-Leach-Bliley Act, a federal financial privacy law. California residents are granted the right by law to opt out of the sale of their Personal Information. We do not sell PI within the meaning of the CCPA.

CCPA: Data subject request rights

As mentioned above in Submitting Data Subject Requests, the CCPA may grant you the right to submit certain data subject requests. For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances.

If we expect your request is going to take us longer than normal to fulfill, we will let you know.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will provide you with an explanation as to why.

When we receive a data subject request, we will ask you for identifying information and attempt to match it to information that we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request. We will notify you to explain the basis of the denial.

Our commitment to allowing you to exercise your rights – Non-discrimination

If you exercise any of the rights explained in this Privacy Statement, we will continue to treat you fairly. If you exercise your rights under this Privacy Statement, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.

CCPA: Authorized agents

You may designate an agent to submit data subject requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process. Specifically, if the agent submits requests to access, know, or delete your PI, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.

California Shine the Light

California Civil Code Section 1798.83, also known as the "Shine the Light" law, permits California residents who have an established business relationship with a business to annually request, free of charge, information about certain categories of PI a business has disclosed to third parties for those parties' direct marketing purposes in the preceding calendar year. We do not share PI with third parties for their marketing purposes.

Do Not Track

Some browsers have a "do not track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browsers' do not track signals.

Data Retention

We retain PI for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, the amount, nature, and sensitivity of the PI are considered, together with the necessity and purposes for the processing (including whether such purposes can be achieved through other means) and the potential risk of harm from unauthorized use or disclosure of the PI. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your PI may need to be kept for longer periods of time.

Security Practices for Personal Information

We take reasonable steps, consistent with generally accepted industry standards, including physical, technical, organizational, operational and management controls to ensure a level of security appropriate to the risk of PI processing. For more detail, please request our Security Policy.

Children's Personal Information

The Services are not directed to children under 16 (or other age as required by local law), and we do not knowingly collect PI from children. We do not sell the PI of minors. If you learn that your child has provided us with PI without your consent, you may contact us as set forth below. If we learn that we have collected any PI in violation of applicable law, we will promptly take steps to delete such information and terminate the child's account.

Changes to Our Privacy statement

We reserve the right to modify this Privacy Statement at any time, so please review it frequently. If we make changes that materially affect our uses of PI or your privacy rights, we will announce the changes by providing a notice on this Site and/or, if deemed appropriate, by email.

Third-Party Websites

Our Services may contain links to websites and services that are owned or operated by third parties (each, a "Third-Party Service") which may include features that collect your IP address and information about which page you are visiting on our Services, and which may set up a cookie to enable the links to function properly. Any information that you provide on such websites is provided directly to the Third-Party Service, and we are not responsible for their respective content or privacy and security practices and policies. To protect your information, including PI, we recommend that you carefully review the privacy policies of all Third-Party Services that you access. Your interactions with these platforms are governed by the privacy policy of the company providing them.

Contact Us

If you have any questions about our privacy practices or this Privacy Statement, or if you wish to submit a request to exercise your rights as detailed in this Privacy Statement, please contact us at:

Post Advisory Group LLC
2049 Century Park East, Suite 3050
Los Angeles, CA 90067

310-996-9600
marketing@postadvisory.com

Annex of Privacy Statement

List of Post subsidiaries and affiliates

Name of Post affiliate Jurisdiction Contact details
Principal Financial Group's U.S. affiliates, including:

  • Principal Life Insurance Company
  • Principal National Life Insurance Company
  • Principal Funds, Inc.
  • Principal Global Investors, LLC
  • Principal Real Estate Investors, LLC
  • Principal Securities, Inc.
  • Principal Advised Services, LLC
  • Principal Trust Company
  • Principal Funds Distributor, Inc.
  • Principal Bank
 United States Enterprise Privacy Office
711 High Street
Des Moines, IA, Iowa, 50392, United States
1-800-986-3343
CorpPrivacy@exchange.principal.com
Principal Global Investors (Europe) Limited and its EU affiliates, including:

  • Principal Global Investors (Ireland) Limited
  • Principal Global Investors (Switzerland) GmbH
  • Principal Global Investors (EU) Limited
 European Union and United Kingdom Compliance Department, Principal Global Investors Europe
1 Wood Street, London, EC2V 7JB, United Kingdom
+44-20-7710-0225
DLPGIEUROPEANDATAPRIVACY@exchange.principal.com
Head of Compliance – Principal Global Investors (EU) Limited
Sobo Works, Windmill Lane, Dublin, D02 K156, Ireland
+353-1-961-9266
Principal Real Estate Europe Limited European Union and United Kingdom Compliance Department, Principal Global Investors Europe
1 Wood Street, London, EC2V 7JB, United Kingdom,
DLPGIEUROPEANDATAPRIVACY@exchange.principal.com
For the German Data Protection Officer:
Scheja und Partner Rechtsanwälte mbB (FAO Jens Heidemann)
Adenauerallee 136, D-53113 Bonn (Germany)
https://www.scheja-partner.de/en/contact/contact.html
Tel: +49 228 227226-0

If you are located in the EEA, the UK, or Switzerland: You have a right to object to the processing of your PI where that processing is carried out for our legitimate interests. Please note, however, that we may not be able to fulfill such requests in all instances.