Skip to Main Content

Supplemental Privacy Policy

For Residents of California, Virginia, Colorado, Connecticut, Utah

Last Revised: October 31, 2023

This Supplemental Privacy Policy (“Supplemental Policy”) applies only to information collected about consumers residing in California, Colorado, Connecticut, Utah, or Virginia (“consumers,” “you,” “your”) and supplements the information contained in the Privacy Policy. It provides information required under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Connecticut Data Privacy Act of 2022 (the “CDPA”), the Utah Consumer Privacy Act of 2022 (the “UCPA”), Virginia Consumer Data Protection Act of 2021 (the “VCDPA”), and any and all regulations arising therefrom.

This Supplemental Policy describes the practices of Arete Advisors, LLC (“Arete,” “our,” “us,” “we”) regarding the collection, use, and disclosure of Personal Information and provides instructions for submitting data subject requests. Some portions of this Supplemental Policy apply only to consumers of particular states, and we have indicated where those portions are state-specific.

If you are unable to review or access this Supplemental Policy due to a disability, you may contact Arete at [email protected] to access this Supplemental Policy in an alternative format.

1. Definitions Specific to This Policy

  • “Consumer” means a natural person who resides in California, Colorado, Connecticut, Utah, or Virginia, and to whom we offer information, goods, or services. For purposes of this Supplemental Policy, this term includes natural persons who reside in California and engage with us as part of business-to-business transactions.
  • “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. Personal Information includes “personal data” as that term is defined in the CPA, CDPA, UCPA, and VCDPA Personal Information also includes “Sensitive Personal Information,” as defined below.
  • “Sensitive Personal Information” means Personal Information that reveals a Consumer’s: (1) Social security, driver’s license, state identification card, or passport number; (2) Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to the individual’s account; (3) Precise geolocation; (4) Racial or ethnic origin; (5) Religious beliefs; (6) Union membership; (7) Contents of email or text messages, unless we are the intended recipient; (8) Genetic data; (9) Biometric information used to uniquely identify the Consumer, and (10) Health, sex life, or sexual orientation. Sensitive Personal Information includes “sensitive data” as that term is defined in the CPA, CDPA, UCPA, and VCDPA.
  • “Sell,” “Sale,” or “Sold” means renting, releasing, or transferring an individual’s Personal Information to a Third Party for money or other valuable consideration.
  • “Share,” “Shared,” or “Sharing” means transferring an individual’s Personal Information to a Third Party for behavioral advertising purposes, whether or not for money or other valuable consideration.
  • Third Party” means a person or organization which is not a Consumer, Vendor, or an entity owned or controlled by us and as defined by the CPA, CDPA, UCPA, and VCDPA.
  • “Vendor” means a “service provider,” “contractor,” or “processor” which collects, stores, or otherwise handles data for us, as those terms are defined in the CCPA, CPA, CDPA, UCPA, and VCDPA.

2. Personal Information We Collect and Disclose

The chart below shows the categories of Personal Information we may collect; examples of Personal Information in each category; types of sources from which each category of Personal Information is collected; the business purposes for which each category of Personal Information is collected; and the types of Vendors or Third Parties with whom that category of Personal Information is shared. As this chart shows, we may disclose certain Personal Information to Vendors for business purposes.

Category
of Personal Information

Examples

Sources
from Which This Personal Information is Collected

Business
Purposes for Collection

Types of Vendors or Third Parties with Whom This Personal Information is Shared, Sold or Disclosed

Unique Identifiers

Real name, signature, alias, address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number.

-Direct communication with you

-Third party employment services
with whom Arete contracts

-Provide you with goods and services
-Provide you with marketing
materials
-Managing your preferences
-Customer Service

Communications
-Employment purposes

Disclosed:
-Web site hosters
-Event planners
-Service providers

Shared or Sold:
-None

Contact and Financial Information

Name, address, telephone, email, credit card number, debit card number, or any other financial information

-Directly from you via a third-party website that operates the Arete company store

-Complete transactions
-Other services and discounts
-Process claims
-Prevent fraud

Disclosed:

– Payment processors
– Company store operator

Shared or Sold:
-None

Medical Information or Health
Insurance Information

-Injury information for workers compensation claim

-Provision of health benefits to employees

-Directly from you.

-Provide health care benefits to employees

Disclosed:
-Employee benefits providers

Characteristics of Protected Classifications

Age, gender, race, physical or mental health conditions, marital status

-Directly from you via our website or sign-up

-Comply with legal requirements
(i.e. government contracts)

-Accommodate special needs (e.g. disability)

-Provide employment benefits

Disclosed:
-Service coordinators
-Government
-Benefit providers

Shared or Sold:
-None

Internet or Other Electronic
Activity

Browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement

-Directly from you via our website

-Direct communication with you

-Social media interaction with you

-Marketing agencies

-Provide you with goods and services

-Invite participation in surveys and feedback

-Customer service communications

-Improve promotions

Disclosed:
-Web hosters
-Payment processors
-Contractors

Shared or Sold:
– Google Analytics

Audio, Electronic, Visual, Thermal,
Olfactory, Or Similar Information

Call and video recordings

-Direct communication with you

-Provide you with goods and services

-Customer service communications

Disclosed:
-Service providers

Shared or Sold:
-None

Professional or Employment-Related
Information

Work history, prior employer

-Directly from you via our
third-party employment website

-Direct communication with you

-Employment related purposes

Disclosed:
-Service providers

Shared or Sold:
-None

3. Sensitive Personal Information We Collect and Disclose

Category of Sensitive Personal Information

Sources From Which This Sensitive Personal Information is Collected

Business Purposes for Collection

Types of Vendors or Third Parties with Whom This Sensitive Personal Information is Shared, Sold or Disclosed

Social security, driver’s license, state identification card, or passport number

-Directly from you

-Employment related purposes

Disclosed:
-Service providers

Shared or sold:
-None

Account log-in, financial account, debit card number, plus an access code

-Directly from you via a third party website

-Complete transactions
-Offer services and discounts to
employees
-Prevent fraud

Disclosed:
-Web host
-Payment processor
-Service Providers

Shared or Sold:
-None

Racial or Ethnic Origin

-Directly from you

you

-Comply with legal requirements

Disclosed:
-Government

Shared or Sold:
-None

Health Information

-Directly from you

you

-Provision of health benefits to
employees

Disclosed:
-Service providers

Shared or Sold:
-None

4. Retention of Data

We intend to retain each category of Personal Information described above only for as long as necessary to fulfill the purpose for which it was collected, or a related and compatible purpose consistent with the average consumer’s expectation, and to comply with applicable laws and regulations. We consider the following criteria when determining how long to retain Personal Information: why we collected the Personal Information; the nature of the Personal Information; the sensitivity of the Personal Information; our legal obligations related to the Personal Information, and risks associated with retaining the Personal Information.

 

5. Your Rights to Your Personal Information

California, Colorado, Connecticut, Utah, and Virginia consumers have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. As required by the CCPA, we provide detailed information below regarding the data subject rights available to California consumers. Consumers in Colorado, Connecticut, Utah, and Virginia have similar rights and can find more detail by referencing the CPA, CDPA, UCPA, or VCDPA, as applicable.

You have the right to submit requests related to the Personal Information we have collected about you. You may make such a request twice in a 12-month span. Please note, there are circumstances when we may not be able to comply with your request. For example, we may not be able to verify your request or we may find that providing a full response conflicts with other legal obligations or regulatory requirements. We will notify you if this is the case.

 

Right to Receive Information on Privacy Practices

You have the right to receive the following information at or before the point of collection:

  • The categories of Personal Information to be collected;
  • The purposes for which the categories of Personal Information are collected or used;
  • Whether or not that Personal Information is sold or shared with Third Parties or disclosed to Vendors;
  • If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is sold or shared; and
  • The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.

We have provided such information in this Supplemental Policy, and you may request further information about our privacy practices by using the contact information provided below.

Right to Know and Right to Access

You have the right to request certain information we have collected about you. You have the right to request:

  • Specific pieces and categories of Personal Information we collected about you;
  • The categories of sources from which Personal Information was collected;
  • The purposes for which Personal Information was collected, shared, sold, or processed;
  • The categories of Personal Information we shared, sold or disclosed; and
  • The categories of Vendors or Third Parties with whom we shared, sold or disclosed Personal Information.

Right to Delete

You have the right to request that we delete certain Personal Information that we have collected.

Right to Correct

You have a right to request that we correct any inaccurate Personal Information we may retain about you.

Right to Opt-Out of the Sale and Sharing of Your Personal Information

You have the right to opt-out of the sale and sharing of your Personal Information with Third Parties, and the right to opt out of the processing of Personal Information for targeted advertising purposes, as defined in the CCPA, CPA, CDPA, UCPA, and VCDPA.

We do not sell or share Personal Information or process Personal Information for targeted advertising purposes. We also do not knowingly sell or share Personal Information of consumers under 16 years of age.

Right to Consent to or Limit the Use of Your Sensitive Personal Information

You have the right to consent to the use of your Sensitive Personal Information in CO, CT, UT, and VA. Separately, you have the right in CA to instruct us to limit the use and disclosure of your Sensitive Personal Information to only that which is necessary to perform the services or provide the goods reasonably expected by an average consumer or for specific business purposes defined by law.

We do not use Sensitive Personal Information for purposes beyond those authorized by the CCPA, or beyond your consent.

Right to Non-discrimination

You have a right to exercise the above rights, and we will not discriminate against you for exercising these rights. Please note that a legitimate denial of a request to access, delete, or opt-out is not discriminatory, nor is charging a fee for excessive or repetitive requests.

Instructions to Exercise your Rights

If you would like to make any of the data requests listed above, please click here. This will take you to a form which you may mail or email to us. You may also submit a request by emailing us directly at [email protected].

You may designate an authorized agent to exercise your rights under the CCPA on your behalf. Such individual must have power of attorney, or be an authorized agent registered with the relevant Secretary of State.

Right to Appeal

You have the right to appeal our decisions about your data subject requests. If you choose to appeal, your request will move from the Privacy Office to General Counsel for review. If you would like to appeal a decision regarding your data request, call 866-210-0955. Please state that your request is an “Appeal,” and describe the date and nature of your original request.

6. Verification Process

When you submit a request to exercise your data subject rights, we may ask you to provide information that will enable us to verify
your identity.

If you designate an authorized agent to exercise your rights on your behalf, we may require that you or the authorized agent do the following:

  • Verify your identity with us directly.
  • Provide proof of your signed written permission for the authorized agent to submit a request on your behalf.

We may deny a request from an agent purportedly acting on your behalf if we request, and the agent does not submit, proof that he, she, or it has been authorized by you to act on your behalf.

7. Personal Information of Minors

Our online content is not intended for children or minors under the age of sixteen years. Accordingly, we do not knowingly store information from minors under the age of sixteen years, except as required by applicable law. If you believe that a child has submitted Personal Information to us, please contact us at [email protected] and we will delete the information.

8. Additional California Privacy Rights

Shine the Light Request. California Civil Code § 1798.83 permits users of our website who are California residents to request information about our disclosure of Personal Information to other parties for their direct marketing purposes. To make such a request, please send an email to [email protected] with the subject “Shine the Light Request.”

9. Changes to Our Supplemental Policy

Arete reserves the right to amend this Supplemental Policy at our discretion and at any time. When we make changes to this Supplemental Policy, we will post an updated policy on our website with the effective date.

10. Additional Information

If you would like additional information regarding our Supplemental Policy, please contact us at by visiting https://areteir.com/contact-us/ or

Arete Advisors, LLC
Attn: Legal Department
5000 T-Rex Ave #325
Boca Raton, FL 33431