PRIVACY POLICY (“POLICY’)

Last updated: March 23, 2021

Introduction

TresVista Financial Services Private Limited, (its holding entity and all affiliates and subsidiaries, both foreign and domestic, collectively, “TresVista,” or “we,” “us,” “our”) respect your concerns about personal data protection and value our relationship with you, (“user” or “you”, “your”).

TresVista is committed to complying with the applicable data privacy and security requirements in the countries in which it operates.  TresVista complies with internationally recognized standards of privacy protection, and with various privacy laws globally including, but not limited to, the EU General Data Protection Regulation 2016/679 (GDPR), California Consumer Privacy Act AB-375 (CCPA) . This Policy applies when providing valuation, research, financial modeling, portfolio management, business development, data analytics, real estate advisory, or other services (the “Services”) to its clients or collection and use of personal information you may supply to us through your conduct on the Website.

Collecting Data

Data will be collected by TresVista. TresVista collects personal data to offer and administer our Services and products. TresVista collects the following categories of personal data:

1. Contact Data: We may collect information about data subjects such as name and contact details (email, phone number, etc.) in order to communicate and facilitate the provision of our Services with our clients or potential clients. For example, contact details of individuals who work for or on behalf of the clients, in order to carry out the client’s engagement with TresVista.
2. Services Data: Personal data may be provided to us by clients to the extent required to perform the Services. TresVista may also acquire personal data from a third party at the direction of our client as required to perform the Services.
3. Marketing Information: We may collect information to respond to inquiries regarding our products and Services or to provide you with information, reports, or updates.
4. Website Visitor Information: When you visit our website (www.tresvista.com; “Website”), we may collect information about your visit such as your IP address and the pages you visited and when you use our services, we may collect information on how you use those services. An IP address is a unique number that is automatically assigned to your computer when connected to a network. Web servers automatically identify your computer by its IP address. When you visit the Website, our servers and content management system log your IP address. Please see our Terms of Use and Cookie Policy for additional information. Such information is typically considered non-personal information.

We also collect the following:

Cookies

Our Website may use “Cookies” to identify the areas of our Website that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We may use Cookies to personalize the content that you see on our Website. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our Website correctly or at all.

Log Information

We may automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our Website, if any, as well as the name of the website to which you’re headed when you leave our Website. This information also includes the IP address of your computer/proxy server that you use to access the internet, your internet website provider name, web browser type, type of mobile device, and computer operating system. We may use all this information to analyze trends among our users to help improve our Website.

Clients and other third parties who provide personal information to TresVista must do so in compliance with applicable data privacy regulations.

Cookie Policy (“Cookie Policy”)

A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We may use Cookies to personalize the content that you see on our Website.

Types of cookies TresVista uses include:

Essential Cookies

These cookies enable the Website to function. Certain functional cookies also allow us to respond to service or other inquiries received through a form.

Functional Cookies

These cookies enable the Website to function. Certain functional cookies also allow us to respond to service or other inquiries received through a form.

Analytics Cookies

Analytics cookies track aggregate Website performance, web speed, traffic sources, video plays and other aggregate data across the Website. These cookies allow us to personalize web experience by type of visitor and, upon certain circumstances, by individual user. Individual user information is recognized through form completions or response to certain email marketing campaigns.

Advertising Cookies

Upon occasion, TresVista may advertise on certain media sites. In order to track ad performance, we may place third party cookies from the ad partners. The ad partners may track anonymous site usage behavior on the Website and link it to other information they have associated with your IP address.

In addition to cookies, some information may automatically be collected as you browse our Website, such as type of browser, operating system, domain name or IP address.

Processing of Personal Data

TresVista follows the following principles with respect to the processing of personal data:

1. personal data to be processed fairly and lawfully;
2. personal data to be collected for specified, explicit, and legitimate purposes and not further processed for incompatible purposes;
3. personal data collected by TresVista to be adequate, relevant, and not excessive in relation to the purposes for which it is collected;
4. personal data collected by TresVista to be accurate and, where necessary, kept up to date to the best of our ability, and
5. personal data collected by TresVista to be retained as identifiable data for no longer than necessary to serve the purposes for which the personal data was collected.

If TresVista engages in the processing of personal data for purposes other than those specified in this Policy, TresVista will provide notice of these changes, the purposes for which the personal data will be used, and the recipients of personal data.

The data you provide to us will be processed in accordance with the purposes specified in this Policy, namely:

1. To provide the products or perform the Services requested by clients and individuals pursuant to a letter of engagement, statement of work, or similar (where the processing is necessary for our legitimate business interests in conducting and managing our business);
2. To provide the products or perform the Services requested by clients and individuals using our Website or web applications (where the processing is necessary for our legitimate business interests in conducting and managing our business);
3. For complying with obligations provided by laws and current regulations;
4. For legitimate business purposes to advise you through e-mail, phone call, or post, in the framework of our ordinary relationship, about other products or services similar to the products or Services we have provided to you and that we think will be of interest to you (where the processing is necessary for our legitimate business interests)
5. For marketing purposes: For example, we may use your information to further discuss your interest in the Services and to send you information regarding TresVista such as information about promotions, events, products or Services;
6. You can manage your receipt of marketing and non-transactional communications by clicking on the «unsubscribe» link located on the bottom of TresVista marketing communications. Additionally, you may contact us.
7. For improving TresVista’s communications with you: Emails sent to you by TresVista may include standard tracking, including open and click activities. TresVista may collect information about your activity as you interact with our email messages and related content.
8. For operating and improving our Website and your business experience: For example, we may collect and analyze data on your use of our Website and process it for the purpose of improving your online experience. Please see our Please see our Terms of Use and Cookie Policy for additional information.
9. For security purposes: For example, we may use your data to protect TresVista and its third parties against security breaches and to prevent fraud and violation of TresVista’s applicable agreements (where the processing is necessary for our legitimate business interests).

Whenever we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing, if you may prefer.

How data is processed

Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We permit only authorized TresVista employees and authorized representatives to have access to your information. Such employees and representatives are appropriately designated and trained to process data only in accordance with the instructions we provide them.

Accuracy

It is your responsibility to provide TresVista with accurate personal data. Except as otherwise set forth in this Policy, TresVista shall only use personal data in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. To the extent necessary for these purposes, TresVista shall take reasonable steps to ensure that personal data is accurate, complete, current and relevant to its intended use.

Storage of Personal Data

TresVista will retain personal data for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with TresVista’s document retention policy.

Disclosure/Sharing of Personal Data

We only share your personal data with your consent or in accordance with this Policy. We will not otherwise share, sell or distribute any of the information you provide to us except as described in this Policy.

We share personal data among TresVista entities who act for TresVista for the purposes set out in this Policy.

TresVista may share your information with its representatives and other service providers who are performing certain services on behalf of TresVista. Such third parties have access to personal data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. TresVista requires these third parties to undertake security measures consistent with the protections specified in this Policy.

TresVista may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

If TresVista’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.

Cross-Border Transfers of Personal Data

TresVista is a global firm with operations in several countries. Personal information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this Policy, and in compliance with local regulations.

Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA), some of which have not been determined by the European Commission to have an adequate level of data protection. In that case, for personal data subject to European data protection laws, we take measures designed to provide the level of data protection required in the EU, including ensuring transfers governed by the requirements of the Standard Contractual Clauses adopted by the European Commission, or another adequate transfer mechanism.

Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so, before any personal data is disclosed.

Your Rights

Depending on the laws of the jurisdiction governing the processing of your personal data, you may have certain rights under applicable data protection laws including:

1. Access: You have the right to access personal information that TresVista holds about you;
2. Rectification: You have the right to ask us to rectify information TresVista holds about you if it is inaccurate or not complete;
3. Erasure: You can request that TresVista erase your personal data. We will keep basic data to identify you and retain it solely for preventing further unwanted processing;
4. Restrict Processing: You have the right to ask TresVista to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future;
5. Object to processing: Where processing is based on legitimate interests, you have the right to object to TresVista processing your data. TresVista will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for the processing.  We will keep your basic data to identify you and retain it solely for preventing further unwanted processing;
6. Portability: Where processing is based on consent or performance of a contract, you have the right to data portability. TresVista must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this effecting the usability of your data. This right only applies to personal data that you have provided to TresVista as the data controller.

Please contact us to request access, rectification, or erasure, or to restrict processing, to object to processing, to request data portability. Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Please contact us by email to ensure your request is received in a timely manner.

Automated Decision Making

Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.

TresVista does not make automated decisions using personal data. If automated decisions are to be made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.

Providing Information to TresVista

If you choose not to provide certain personal information, it may be an impediment to the exchange of information necessary for the execution of the contract or provision of Services, and we may not be able to provide you with some services and you may not be able to participate in some of the activities on our Website.

User Registration and Password

Ultimately, you are solely responsible for maintaining the secrecy of your password and/or account information. To ensure effectiveness of your password, we recommend that you do not disclose your user identification or password to anyone. Please be careful and responsible whenever you are online.

Third Party Websites or Other Services

We are not responsible for the privacy practices of any non-TresVista operated websites, mobile apps or other digital services, including those that may be linked through our Website or services, and we encourage you to review the privacy policies or notices published thereon.

Miscellaneous Privacy Issues

Tresvista is committed to protecting the privacy of children. Our policy is that we do not knowingly collect, use or disclose personal data about visitors that we know are under 13 years of age. This Website is not directed in any respect to children under the age of 13.

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We employ third party companies and individuals to facilitate our Website (“Service Providers”), to provide our Website on our behalf, to perform Website-related services or to assist us in analyzing how our Website is used. These third-parties may have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

California Consumer Privacy Act (CCPA)

TresVista may collect and use consumer personal information for its business purposes and related operational purposes. With respect to these activities, TresVista may have direct responsibilities as a business subject to the CCPA. For example, for certain activities related to interacting with prospective/current clients, marketing, website and web application use, engaging vendors, and interacting with visitors/users of our Website. In these cases, this Policy is applicable.

TresVista also collects information in its capacity as a service provider to our clients, providing Services. In that case, TresVista receives personal information from our clients where we have no direct relationship with the individuals whose personal information we process, and information is provided to us solely for the business purpose of providing those Services. If you are a customer or other user associated with one of our clients on whose behalf we have collected or processed your information, this Policy does not apply to you, and if you have questions or wish to exercise your rights relating to your personal information (such as information, access or deletion), please contact that client directly.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	NO
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO

Personal information does not include:

1. Publicly available information from government records;
2. De-identified or aggregated consumer information;
3. Information excluded from the CCPA’s scope, like:
   1. Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
   2. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (CalFIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

1. Directly from our clients or their agents. For example, from documents that our clients provide to us related to the Services for which they engage us;
2. Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing Services to them;
3. Directly and indirectly from activity on our Website. For example, from submissions through our Website portal or Website usage details collected automatically;
4. From third-parties that interact with us in connection with the Services we perform.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

1. To fulfill or meet the reason for which the information is provided;
2. To provide you with information, products or services that you request from us;
3. To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you;
4. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
5. To improve our Website and present its contents to you;
6. For testing, research, analysis and product development;
7. As necessary or appropriate to protect the rights, property or safety of us, our clients or others;
8. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
9. As described to you when collecting your personal information or as otherwise set forth in the CCPA;
10. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose.  When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A:             Identifiers

Category B:             California Customer Records personal information categories

Category C:             Protected classification characteristics under California or federal law

Category I:              Professional or employment-related information

We disclose your personal information for a business purpose to the following categories of third parties:

1. Our affiliates;
2. Service providers;
3. Third parties to whom you or your representatives authorize us to disclose your personal information in connection with products or services we provide to you.

IN THE PRECEDING TWELVE (12) MONTHS, WE HAVE NOT SOLD ANY PERSONAL INFORMATION.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

1. The categories of personal information we collected about you;
2. The categories of sources for the personal information we collected about you;
3. Our business or commercial purpose for collecting or selling that personal information;
4. The categories of third parties with whom we share that personal information;
5. The specific pieces of personal information we collected about you (also called a data portability request);
6. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
   1. sales, identifying the personal information categories that each category of recipient purchased; and
   2. disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
3. Debug products to identify and repair errors that impair existing intended functionality;
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
8. Comply with a legal obligation;
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please contact us.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

1. provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
2. describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

1. deny you goods or services;
2. charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
3. provide you a different level or quality of goods or services;
4. suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Compliance

TresVista will use a self-assessment approach to verify compliance with this Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.

If you believe that your personal data/personal information has been processed or disclosed in violation of this Policy, TresVista encourages you to raise any concerns using the contact information provided in this Policy. TresVista will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of your personal data/personal information.

Changes to this Policy

This Policy may be amended from time to time, consistent with the requirements of applicable law. A notice will be posted by TresVista on this Website when this Policy is changed.

Contact Us

Please contact us at TresVista with questions, concerns, or complaints.