Mediant is committed to maintaining your privacy. The following describes the information that we collect, how we obtain the information, and how we may use that information.
Personal information includes your name, account number, address, e-mail address, the number of shares that you own, and other information that can be used to identify you. Personally identifiable data provided to Mediant by you or by third parties will be kept confidential. Mediant will only directly collect a limited amount of personal information from you as necessary for you to complete a transaction using our services. For example, if you use a Mediant or Mediant-hosted web site to process your proxy vote or request a prospectus, we will collect your e-mail address to confirm your proxy vote. However, in order to provide our services, we may be provided with personal information by a third party with whom you shared that information, such as a securities broker or transfer agent. Mediant is not responsible for the privacy practices employed by third parties with whom you shared your personal information.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU) and establishes the rights of individuals. GDPR covers all companies that deal with data of EU citizens and went into effect on May 25, 2018.
Under GDPR, a controller is an organization or legal entity which collects and determines the purposes and means of the processing of Personal Information and a processor is an organization that processes Personal Information on behalf of a controller. Mediant is a controller for data collected and used for marketing purposes and a processor for all services that we provide to our clients.
Disclosure of Your Personal Information
We will not sell or transfer your data to third parties for purposes of development and marketing of products or services to you. Mediant may share any personal information, with our vendors and other third parties who perform services for us. Third parties and/or vendors who are given access to personal data are required to keep this information confidential and not use it for any other purpose other than to carry out the services they are providing for us. Mediant requires third party vendors sign a formal confidentiality agreement and comply with our confidentiality policies and procedures. Mediant operates within the United States and Canada and will not transfer your Personal Information to any other country.
Mediant may otherwise disclose personal information as necessary to meet legal, regulatory, insurance, audit and security requirements, or as permitted or required by law, including the laws of the United States and Canada. Our policy is to release information only to the extent we have to in order to fulfill these requirements and meet best practices.
Purpose and Legal Basis for Processing
Mediant uses personal information provided to us by our clients to fulfill the legal and regulatory compliance obligations of our clients to communicate regulatory material with investors. We may also use personal information collected by us for internal marketing purposes as documented further below.
Mediant is a business to business service provider and does not market its services to individual consumers. However, we may use your personal information collected via Mediant web sites to contact you to respond to your inquiries or to contact your business about information relating to products and services from time to time. Please e-mail us at email@example.com, if you do not want your information used for further marketing contact. Mediant does not send marketing communications to individuals providing personal information to complete a transaction using a Mediant or Mediant-hosted web site, such as processing a proxy vote.
Mediant maintains physical, electronic and procedural safeguards in accordance with laws and regulations governing confidentiality and security of information. Access to personal information is limited to only those workers and third parties who need access to the information to perform necessary activities for Mediant. We also provide security for your information by maintaining servers that are secure and dedicated solely to the services that we provide to protect against loss, misuse, or alteration of your information. You should never give your password or PIN to anyone else. Mediant will never request your password or PIN in an unsolicited e-mail or phone call.
Mediant sites may contain links to other sites, including those of our business partners. While we seek to link only to sites that share our high standards and respect for privacy, we are not responsible for the privacy practices employed by other sites.
Your Rights Related to Your Personal Information
You have the right to access, correct, and request erasure of personal information that we may store about you. Please contact us via email at firstname.lastname@example.org to request any action related to your personal information.
You can request Mediant to share with you your personal information that Mediant has collected in order to verify, update and correct it, and to have obsolete information removed. We will ask for the request in writing and will respond within 30 days of your request. If Mediant is the controller we will process your request and respond directly to you. If Mediant received the information from a third party data controller, we will forward your request to the data controller and follow their instructions. Your right to access your personal information is subject to applicable legal restrictions and verification of your identity. There is no charge for verifying or correcting your information. Also, you can request the names of outside companies or organizations we have shared your personal information with, if known. The list will not include disclosures where we are prohibited by law from advising the individual of the disclosure or where the law otherwise restricts your right to obtain this information.
As noted above, Mediant generally is provided with your personal information by third parties, such as organizations in which you hold a securities position or with which you are otherwise connected. Mediant will only collect a very limited amount of personal information directly from you in connection with a transaction performed by you. Generally, by holding a position in, or otherwise being materially connected with, an organization that has appointed us to perform services on your behalf you consent to Mediant’s collection, use and disclosure of your personal information as described in this Privacy Statement. Consent can be express or implied. Express consent can be verbal or written. For example, you may have expressly provided consent for the third party to share information with us when you completed an application for brokerage services. Or it may be concluded that you provided implied consent by an action you have taken or not taken, or where the context reasonably requires that we have and use information to carry out what you have asked us to do, such as when you process a transaction on a Mediant or Mediant-hosted web site. You can withdraw your consent any time after you have given it to us by contacting email@example.com, provided there are no legal or contractual requirements to prevent this and on reasonable notice. If you do not consent to certain uses of information or if you withdraw your consent, we may not be able to provide a particular product or service.
Also, if we were provided with your personal information by a third party, as described above, you may need to contact that third party to withdraw your consent. There are limited circumstances where Mediant may be permitted or required by law to collect, use or disclose personal information without consent when providing services on behalf of its corporate or business clients. We may be required or permitted under statute or regulation to collect, use or disclose personal information without your consent, for example to comply with a court order, to comply with local, federal or foreign regulations or a legally permitted inquiry by a government agency, or to collect a debt owed to us. As a service provider in the regulated securities and financial industry, we are required to collect, use and disclose personal information to meet applicable legal and regulatory requirements in applicable jurisdictions.
Retention of Information
We keep your information only so long as we need it for the products and services we have been hired to deliver, subject to reasonable business record retention policies and legal requirements. We have standards that meet these requirements. We either destroy information or render it anonymous when it is no longer needed.
You may request that we delete your Personal Information by contacting us via email at firstname.lastname@example.org. If we are the data controller and use your information for marketing purposes we will process your request directly. For all other cases where Mediant is the data processor we are generally required by law to retain your information. However, we will forward your request to the appropriate data controller and follow the instructions of the data controller.
Effective Date: May 25, 2018