%20(1).png?width=600&height=338&name=menu_thumbnail%20(4)%20(1).png)
%201.svg){kind=small}
Privacy Policy
Guiding principles
Opto Investments, Inc. and its affiliates and subsidiaries (“Opto”) seek to limit its collection of nonpublic personal information to that which is reasonably necessary for legitimate business purposes. Opto will not disclose nonpublic personal information except in accordance with our policies and procedures, as permitted or required by law, or as affirmatively authorized in writing by the applicable Opto investment fund, Investor, platform user or authorized party.
With respect to nonpublic personal information, Opto strives to: (a) protect the security and confidentiality of the information; (b) anticipate and guard against anticipated threats and hazards to the security and integrity of the information; and (c) protect against unauthorized access to, or improper use of, the information. Currently, Opto’s Legal and Security teams, in conjunction with the CCO of our affiliated SEC-registered investment advisor (“CCO”), are responsible for administering these privacy policies and procedures.
Although these principles and procedures principally apply to nonpublic personal information, Opto representatives are obligated to and will be careful to protect all of Opto’s proprietary information.
Protecting confidential information
Opto representatives will maintain the confidentiality of sensitive information acquired, with particular care being taken regarding nonpublic personal information.
Nonpublic personal information will generally be restricted to Opto representatives who have a need to know such information or are otherwise authorized to access such information.
All requests by third-parties to review privacy or compliance-related documentation should be forwarded to legal@optoinvest.com and security@optoinvest.com.
Disclosure of nonpublic personal information
Nonpublic personal information shall only be provided to third parties under the following circumstances:
- To broker-dealers opening brokerage accounts;
- To accountants, lawyers, and others as directed in writing by Clients or Investors;
- To specified family members as directed in writing by Clients or Investors, or as authorized by law;
- To third-party service providers, as necessary to service Opto investment funds, Investor accounts or platform user or authorized party services, assess Opto’s compliance with industry standards, protect the confidentiality and security of Opto’s records, and protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; and
- To regulators and others, as required by law.
Opto representatives should and will take reasonable precautions to confirm the identity of individuals requesting nonpublic personal information.
Nonpublic personal information may be reviewed by Opto’s outside service providers, such as accountants, lawyers, consultants, and administrators. Opto will review such service providers’ privacy policies to assess whether nonpublic personal information is not being used or otherwise treated appropriately.
Access to Opto’s premises
Opto’s premises will be locked outside of normal regular business hours with additional security controls in place during business hours.
Information stored in hard copy formats
Opto has implemented the following procedures to protect nonpublic personal information stored in hard copy formats:
- To the extent practicable, nonpublic personal information will be kept in lockable filing cabinets;
- All nonpublic personal information, as well as Opto’s proprietary information, should and will be locked up at the end of each workday;
- Opto representatives will exercise due caution when mailing or faxing documents containing nonpublic personal information to ensure that the documents are sent to the intended recipients; and
- Opto representatives may only remove documents containing nonpublic personal information from Opto’s premises for legitimate business purposes. Any documents taken off premises must be handled with appropriate care and returned as soon as practicable.
Cybersecurity practices for all employees
Opto has implemented the following procedures, among others, to protect proprietary and nonpublic personal information stored on electronic systems:
- Opto representatives must never share their account passwords or store their account passwords in a place that is accessible to others;
- Opto representatives should avoid using the same password for different programs;
- Opto representatives should not use the same password for Company accounts as for non-Company accounts;
- Employee passwords should be changed at least every 180 days;
- Opto representatives must shut down or lock their computers when they leave the office for any extended period of time;
- Opto representatives must not include nonpublic personal information in unencrypted emails sent outside of Opto’s network;
- Opto representatives should send sensitive communications in a manner that enables encryption and proper authentication;
- Any computers not issued by the Company that Opto representatives use for business purposes should be configured to comply with Opto’s information security policies;
- Opto representatives, affiliates, and vendors with authorized remote access must ensure that unauthorized users are not allowed remote access to the Company’s systems;
- Any theft or loss of electronic storage media must immediately be reported to Security;
- Opto representatives must consult with Security before using any removable or mobile media to store sensitive Opto data, including nonpublic personal information;
- Any inquiries or requests for representations about Opto’s cybersecurity controls from third parties, such as Opto investment funds, Investors, platform users, authorized parties, vendors, or government officials, must be forwarded to Legal at legal@optoinvest.com;
- Any requests from third parties for access to Opto’s systems or proprietary data must be forwarded to Legal at legal@optoinvest.com; and
- Security is responsible for setting Opto representatives’ access permissions on the Company’s systems.
Discarding information
Opto representatives may only discard or destroy nonpublic personal information in accordance with the Document Destruction policy contained in its policies and procedures. Opto representatives are reminded that electronic and hard copy media containing nonpublic personal information must be destroyed or permanently erased before being discarded, subject to any applicable retention or recordkeeping requirements.
Privacy Policy notices
Opto will provide a Privacy Notice to all Clients and Investors upon establishment of an advisory relationship or investment in an Opto investment fund.
Please note that Clients and Investors acknowledge receipt of the initial Privacy Notice when signing advisory contracts or completing subscription agreements.
Opto provides Clients and Investors with prompt notice of any change to the Company’s privacy policies. To that end, on a periodic basis, typically annually, Legal and Security review the Company’s privacy policies and confirm that the Company (i) only shares nonpublic personal information with nonaffiliated third-parties in a manner that aligns and complies with its security commitments to Clients and Investors; and (ii) has not changed its privacy policies with regard to disclosing nonpublic personal information since it last provided a Privacy Notice to the Company’s Clients and Investors. Legal maintains copies of the distributed Privacy Notices.
Responding to privacy incidents
If any Opto representative becomes aware of an actual or suspected privacy incident or breach, including any improper disclosure of nonpublic personal information, that Opto representative must promptly notify Legal and Security. Upon becoming aware of an actual or suspected breach, Legal and Security, in conjunction with the CCO, will investigate the situation and take the following actions, as appropriate:
- To the extent possible, identify the information that was disclosed and the improper recipients;
- Notify Opto Senior Management;
- Take any actions necessary to prevent further disclosure;
- Take any actions necessary to reduce the potential harm from disclosure that has already occurred;
- Discuss the issue with legal counsel, and consider discussing the issue with regulatory authorities and/or law enforcement officials, if necessary or otherwise warranted;
- Assess notification requirements imposed by applicable state and national regulatory authorities and/or law enforcement officials;
- Evaluate the need to notify affected Clients or Investors, and make any such notifications;
- Collect, prepare, and retain documentation associated with the relevant disclosure and Opto’s response(s); and
- Evaluate the need for changes to Opto’s privacy policies and procedures in light of the incident.
Privacy protection training
Legal and Security, in conjunction with the CCO, will take action so that all new employees and representatives have received, reviewed, and understand their obligations to protect nonpublic personal information. The CCO conducts annual training that reminds all employees and impacted representatives of their privacy protection obligations. Opto continuously assesses if the privacy program is functioning well and whether material changes are warranted. Legal, Security and/or the CCO may provide training more frequently and/or in person to individuals or groups if:
- Opto’s policies and procedures, or the threats to nonpublic personal information, change in a material way;
- Opto experiences a material privacy incident; and/or
- It appears that one or more employees or representatives do not understand or appreciate their obligations regarding privacy protection and broader or targeted training is warranted.
Oversight of service providers
When a service provider is engaged to perform an activity or service, Opto will take steps to assess such service provider, including its privacy and security controls, to evaluate whether the activity of the service provider is conducted in accordance with policies and procedures designed to detect, prevent, and mitigate the risk of security incidents, including identity theft. Opto will perform such an evaluation and take ongoing steps, as warranted, to monitor the service provider and any material changes to its policies and procedures in order to detect relevant Red Flags that may arise in the performance of the service provider’s activities, and take appropriate steps to manage threats and risks associated with that service providers activities and Opto sensitive data.