GDPR Notice
(updated 11/01/2020)
Colonial Stock Transfer Company, Inc. collects data to operate effectively and provide better quality experiences. Below, you will find a list of our products, services, and processes that gather personal data, our purpose and legal basis for processing that information, who we share that information with, and how long we hold that information.
How Colonial Stock Transfer Company, Inc. uses Personal Data:
Product, Service, or Process
Description of Product, Service, or Process |
Our websites provides information, tips and compliance about our services. |
|
Categories of Personal Data |
Identifying Information |
|
Category of Data Subjects |
The organization's website handles information from website visitors. |
|
Purpose of Processing |
The organization is using the personal information to improve its marketing and provide better services. |
|
Legal Basis for Processing |
The organization has a legitimate business interest in handling the
information. |
|
Automated Processing or Profiling |
Automated processing occurs. |
|
If Automated Processing is Used, Methods and Logic |
The automated system takes visitor data from the websites and based on selected criteria and/or interactions with our websites and/or other marketing channels will determine whether the visitor will receive advertising, promotions or informational communications from us. |
|
Decisions with a Legal Effect that Use Automated Processing |
If the visitor's data matches the attributes of those by identifying information, social and contact information, preferences related to our services, personal history and other interactions with our company, the organization will advertise, send promotions or other informational communications. |
|
Categories of Recipients who Receive this Personal Data |
We share information with technology partners, communication partners, marketing partners and cloud service partners for marketing and service purposes. |
|
Whether the Personal Data is Transferred Outside of the European Economic Area |
USA, Australia, Singapore, Ireland, UK, Israel, Netherlands, Google Data servers https://www.google.com/about/datacenters/locations/, AWS servers https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ |
|
Retention Period |
As long as necessary to fulfill marketing purposes and/or our services. |
Description of Product, Service, or Process |
The shareholder services we provide help shareholders with securities ownership support, securities transfers, payments, mailings, and other investor related services. |
|
Categories of Personal Data |
Identifying Information |
|
Category of Data Subjects |
The organization collects shareholder information from shareholders, corporate clients, broker dealers, and any representatives that shareholders appoint. |
|
Purpose of Processing |
The organization is using the personal information because it is required by federal and state laws for SEC registered transfer agents. |
|
Legal Basis for Processing |
The organization received consent to handle the personal information. |
|
Automated Processing or Profiling |
Automated processing does not occur. |
|
If Automated Processing is Used, Methods and Logic |
|
|
Decisions with a Legal Effect that Use Automated Processing |
|
|
Categories of Recipients who Receive this Personal Data |
We share shareholder information with marketing partners, bank and payment processors, shipping providers, cloud service providers, technology partners, communication partners, and compliance partners to provide services to shareholders. |
|
Whether the Personal Data is Transferred Outside of the European Economic Area |
United States, Canada, Australia, Netherlands, Ireland, Google data (https://www.google.com/about/datacenters/locations/), Amazon data (https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) |
|
Retention Period |
6 years or as required by law. |
Description of Product, Service, or Process |
The employee data we store and process is used for prospective and current EU employees. |
|
Categories of Personal Data |
Identifying Information |
|
Category of Data Subjects |
The organization collects information from EU employees. |
|
Purpose of Processing |
The organization is collecting this data to evaluate prospective employees and hire and maintain current EU employees, in the normal course of business. Information collected for new EU employees is required by federal and state law. |
|
Legal Basis for Processing |
The organization received consent to handle the personal information. |
|
Automated Processing or Profiling |
Automated processing occurs. |
|
If Automated Processing is Used, Methods and Logic |
Automated processing occurs with background checks. |
|
Decisions with a Legal Effect that Use Automated Processing |
Background checks help determine if EU employee is eligible for hire. |
|
Categories of Recipients who Receive this Personal Data |
We share information with communication partners, technology partners, compliance partners and cloud service partners to better manage employees. |
|
Whether the Personal Data is Transferred Outside of the European Economic Area |
USA, UK, India, Australia, Google Data servers https://www.google.com/about/datacenters/locations/ |
|
Retention Period |
6 years or as required by law. |
Description of Product, Service, or Process |
The corporate services we provide help corporate clients with transfer agent and other compliance and investor communications related services. |
|
Categories of Personal Data |
Identifying Information |
|
Category of Data Subjects |
The organization collects information from corporate clients. |
|
Purpose of Processing |
The organization is using the personal information because it is required by federal and state laws for SEC registered transfer agents. |
|
Legal Basis for Processing |
The organization received consent to handle the personal information. |
|
Automated Processing or Profiling |
Automated processing does not occur. |
|
If Automated Processing is Used, Methods and Logic |
|
|
Decisions with a Legal Effect that Use Automated Processing |
|
|
Categories of Recipients who Receive this Personal Data |
We share corporate customer information with marketing partners, bank and payment processors, shipping providers, cloud service providers, technology partners, communication partners, and compliance partners that allow us to provide service for our clients and for marketing purposes. |
|
Whether the Personal Data is Transferred Outside of the European Economic Area |
USA, Canada, Spain, Australia, Poland, Singapore, Netherlands, Ireland, Google Data servers https://www.google.com/about/datacenters/locations/, AWS servers https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ |
|
Retention Period |
6 years or as required by law. |
Your rights with regard to the data we collect:
As a Data Subject in the European Economic Area, you have the right to request, access, rectify, erase, and restrict how we process your Personal Data. These rights include the ability to review the Personal Data we have in our Information and Communications systems concerning you, the ability to make any corrections to that Personal Data, the ability to be informed of who that data may have been shared with, the ability to request that we erase all of our Personal Data, and the ability to restrict how we Process your Personal Data.
We are required to respond to any of your requests to exercise these above Data Subject rights within 30 days. Should we be unable to comply within 30 days, we will contact you anyway and let you know of any delay.
Exercising Your Rights:
If you want to exercise your rights, you may contact us or our privacy point of contact at:
Organization
Colonial Stock Transfer Company, Inc.
Address: 66 Exchange Place, SLC, UT 84111
Phone: 801-355-5740
Email: privacy@colonialstock.com
Privacy Point of Contact
Privacy Department
Address: 66 exchange place, Salt Lake City, UT 84111
Phone: 8013555740
Email: privacy@colonialstock.com
Withdraw Consent:
If our legal basis for processing information your information is based on your consent, you may withdraw your consent at any time by contacting Privacy Department at the contact information above and informing him/her that you withdraw your consent.
Contacting Supervisory Authorities:
If you would like to lodge a complaint against us, you may contact your local supervisory authority. If you have trouble locating a supervisory authority, please contact Privacy Department above and they will help you contact a supervisory authority.
Changes to our privacy statement
Changes to our privacy statement We keep this privacy statement under regular review and will place any updates on our website. Paper copies of the privacy statement may also be obtained by contacting Privacy Department at the information above and requesting a paper copy.
This privacy statement was last updated on 11/09/2020.
We have been in business for over 30 years as an independently owned transfer agent, and are committed to providing the best value to you and your shareholders.