Find Communities

Privacy Policy

ACRES Capital Privacy Notice and Policies and Procedures

Effective May 30, 2019

Privacy Notice and Statements
ACRES Capital LLC collectively referred to as “ACRES”, “we” or “us”) take their data protection and privacy responsibilities seriously. This privacy notice describes (i) what information we collect from users of www.acrescap.com and the services offered thereon (collectively, the “Website”), (ii) how we protect such information, (iii) how we may use and disclose that information, and (iv) what choices you have about how that information is used and disclosed in the course of our business activities, including:

  • What Personal Information We Collect and When and Why We Use It
  • How We Share Personal Information Within ACRES, With Third Parties, With Our Regulators
  • Using Cookies and Other Technologies
  • Carrying Out Direct Marketing
  • Transferring Personal Information Globally
  • How We Protect and Store Personal Information
  • Legal Rights Available to Help Manage Your Privacy
  • How You Can Contact Us For More Support

Changes to this Policy
This Privacy Policy was last updated as of the “Last Revised” date listed above. ACRES reserves the right to change this Privacy Policy from time to time. We will let you know that the policy has been changed by changing the “Last Revised” date listed below. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances. Minor changes to our Privacy Policy may occur that will not significantly affect our use of Personal Information without notice or consent. We encourage you to refer to this Privacy Policy on an ongoing basis to ensure you are aware of any updates. If revisions to the Privacy Policy are unacceptable to you, you must cease using our Website.

Important Information About ACRES
ACRES is responsible for your personal information and will be the entity that originally collects information from or about you. This will be explained in separate privacy notices made available when your personal information is first collected by ACRES, for example where you open your account or conduct your business with the funds.

You can find out more about ACRES at https://acrescap.com or by contacting us using the information in the contact us section.

What Personal Information We Collect and When and Why We Use It

In this section you can find out more about:

  • the types of personal information we collect
  • how we use personal information
  • when we collect personal information
  • the legal basis for using personal information

ACRES Data Subjects

ACRES collects information about you if you:

  • register with or use one of our Website(s) or online services;
  • are an Investor;
  • work with us as a service provider; and/or
  • visit an ACRES office or register to attend an ACRES event.

Personal Information We Collect
Personal Information we collect will fall within one or more of the below categories:

  • Your name and how to contact you – Basic contact information about you, including your signature.
  • Identification data including unique descriptors – Government issued identifiers, other unique identifiers such as date of birth, and personal descriptors that might identify you.
  • Financial and transactional – Financial information about you, transactional information and credit information, account authentication details.
  • Contractual details – Information collected as part of the products and services we provide to you.
  • Socio-demographic – Includes details about your work or profession, nationality, education.
  • Technical information – Details about your devices and technology that you use to access our services, including IP address.
  • Behavioral – Information about how you use our products and services.
  • Location – Data we receive about where you are.
  • Communications – Information we capture through your communications with us, e.g. telephone conversations, emails and instant messaging.
  • Publicly available data – Details about you that are in public records and information about you that is openly available on the internet.
  • Sensitive categories of data – The law and other regulations treat some types of personal information, including personal information relating to health or criminal convictions and offences as special and affords them additional protections. We will only collect and use these types of data if the law allows us to do so.

Where We Collect Your Personal Information From

We will collect the personal information we use for the above purposes from one or more of the below sources:

  • directly from you throughout our relationship, including when you use our products, services and websites
  • from third-parties that are authorized to share your information with us, such as intermediaries, our service providers or funds
  • from publicly available sources of information

The Legal Basis for Using Your Personal Information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This is explained in more detail in other sections of this Privacy Notice where we indicate that we will have one or more of the following reasons for using your personal information:

  • our use of your personal information is necessary to fulfill a contract we have with you or to take steps to enter into a contract with you, for example when you ask us to provide you with a product or service
  • our use of your personal information is necessary to comply with a legal obligation that we have, for example where we are required to report to tax authorities
  • our use of your personal information is required for regulatory reasons that are in the public interest, for example to prevent and detect financial crime
  • you have provided your consent to us using the personal information, for example if you have agreed to receive marketing communications
  • our use of your personal information is in our legitimate interest as a commercial organization to provide services to our clients, provided our use is proportionate and respects your privacy rights; where we rely on our legitimate interest, we will tell you what that interest is

How We Share Personal Information Within ACRES, With Third-Parties and With Our Regulators

In this section you can find out more about how we share personal information:

  • within ACRES
  • with third parties that help us provide our products and services; and
  • our regulators and/or law enforcement

We share your information in the manner and for the purposes described below:

  • within ACRES, where such disclosure is necessary to provide you with our services or to manage our business
  • with third-parties who help manage our business and deliver services. These third-parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems
  • with agencies and organizations working to prevent fraud in financial services
  • with our regulators
  • to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies
  • we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our business partners, affiliates or advertisers
  • ACRES may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personal information, technical information about your device or browser and/or other anonymous information we obtain from you via the websites may be disclosed to any potential or actual third-party purchasers of such assets and/or may be among those assets transferred.

Using Cookies and Other Technologies

In this section you can find out more about:

  • types of cookies used on our websites
  • third-party advertisers
  • third-party sites
  • control your cookie settings

Types of Cookies Used on Our Websites

You should be aware that in some cases, your computer needs to accept cookies from a website to take full advantage of its services. This is especially true on sites that require a user ID or a password. In order to provide better service, ACRES may use “cookies” in connection with the Website. Cookies are small files that your web browser places on your computer’s hard drive.

We may use cookies to let us know that you are a prior user of the Website and to retrieve certain information previously provided by you. We also may use cookies to keep track of information about your current “session” which will be discarded as soon as you log out or close your web browser. This information also allows us to statistically monitor how many people are using our Website and for what purpose. However, if you do not wish to receive cookies, or want to be notified of when they are placed, your internet browser may permit you to do so. In many internet browsers, you can change the browser settings to warn you before accepting cookies or to block cookies. If you block cookies, you may not be able to use certain web site features or functions, or the Website may not operate in an optimal mode.
We do not track our users across third-party websites and thus our Website does not respond to the Do Not Track (“DNT”) settings in your web browsers. However, some third-party websites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, certain website browsers allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.

We may also use services hosted by third parties, such as Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to assist in providing the services on or through our Website. Google Analytics uses cookies to help us analyze how users use such services. The information generated by the cookies about your use of our Website (including your IP address) will be transmitted to, and stored by, Google on their servers. Google will use this information for the purpose of evaluating your use of our Website, compiling reports on Website activity for us and providing other services relating to Website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the Website. By using our Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Control Your Cookie Settings
Most browsers are initially set to accept Cookies. However, you have the ability to change your browser settings. It may also be possible to configure your browser settings to enable acceptance of specific Cookies or to notify you each time a new Cookie is about to be stored on your device enabling you to decide whether to accept or reject the Cookie. You can also disable Cookies by configuring your browser setting to reject Cookies. Please refer to the help section of your browser for instructions on disabling Cookies. For more information about Cookies, how they work, why they are so useful and how to disable them, you can visit http://www.allaboutcookies.org/

If you do not wish to accept Cookies from our Website, please either disable them or refrain from using our website. If Cookies are disabled, it may mean that you experience reduced functionality or will be prevented from using all or part of our website.

Please refer to our cookie policy to find out more about the information we collect using Cookies and tracking technologies.

How We Use Personal Information to Keep You Up To Date With Our Products and Services

We use the information that we collect from you to provide you with the information and services offered through our Website, to support and enhance your use of our Website, to monitor which features of the Website are used most and to allow us to determine which features of the Website we need to focus on improving.
By providing an email or telephone number, you consent to us contacting you at that number for the purposes outlined in this Privacy Policy. You may revoke your consent by emailing us at acresinfo@acrescap.com. We will use commercially reasonable efforts to respond to your access request within 30 days.
ACRES may use your Internet Protocol (IP) address and other non-Personal Information to help diagnose problems with our computer server, and to administer the Website. Your IP address is also used to gather broad demographic data. It is not stored or linked to your personal profile information, such as name or contact information.

How You Can Manage Your Marketing Preferences

To protect your privacy rights and ensure you have control over how we manage marketing with you:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
  • you can ask us to stop direct marketing at any time. You can ask us to stop sending email marketing by following the ‘unsubscribe’ link you will find on the email marketing messages we send you. Alternatively, you can contact us. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
  • you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained above.

We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms, as well as your preferences within your account.

Transferring Personal Information Globally

In this section you can find out more about:

  • how we operate as a global business and transfer data internationally
  • the arrangements we have in place to protect your personal information if we transfer it overseas

We are a US-based company so the Personal Information that we collect from you may be transferred to, and stored at, a destination outside of your country and the European Economic Area (“EEA”) and, in particular, the United States, which may have different or less protective privacy laws than those in your country. Personal Information may also be processed by any service providers appointed by us who operate outside the EEA and their staff, and/or our own staff based outside of the EEA. By using our Website and providing Personal Information to us, you consent to such transfer to, and processing in, the United States.

If you have a complaint or dispute regarding this privacy policy or our processing of your Personal Information, and you are not satisfied by our response, you have the right to lodge a complaint with a supervisor authority. To this end:

  • transfers within ACRES will be covered by an agreement entered into by members of ACRES (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within ACRES;
  • ACRES may share aggregated and/or de-identified data collected from users of the Website (i.e., data that is not Personal Information) with third parties for various business purposes including product and service development and improvement activities related to our services. Where we transfer your personal information outside ACRES, or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU-US Privacy Shield for the protection of personal information transferred from within the EU to the United States; or
  • ACRES cooperates with public authorities, government and law enforcement officials, and governmental agencies to enforce and comply with the law. We will disclose any information about you to public authorities, government or law enforcement officials, or governmental agencies as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal processes (including but not limited to subpoenas and lawful government requests), to protect the property and rights of ACRES or a third-party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before personal information is disclosed.
  • In the event that all or a substantial portion of the assets, business or equity of ACRES is acquired by, merged with or transferred to another party, or in the event that ACRES goes out of business or enters bankruptcy, your Personal Information may be one of the assets that is transferred to or acquired by the third-party. You acknowledge that such transfers may occur, and that any acquirer of ACRES or its assets may continue to use your Personal Information as set forth in this Privacy Policy. If any acquirer of ACRES or its assets will use your Personal Information contrary to this Privacy Policy, you will receive prior notice.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

How We Protect and Store Your Information

Security

We have procedures that limit ACRES’ employees and contractors’ access to Personal Information. Only those employees and contractors with a business reason to know have access to such information. We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, mandatory training programs, and internal policies on data privacy and corporate integrity. We take appropriate disciplinary measures to enforce employee privacy responsibilities.

Please bear in mind, however, that no Internet transmission is ever 100% secure or error-free. More specifically, information transmitted to or from the Services may not be via a secure connection. As a result, you should take particular care in deciding what information you send via our Website.

Any information you provide to ACRES through the use of the Website may be stored and processed, transferred between and accessed from the United States and other countries which may not have the same level of protection of personal information as the one in which you reside. ACRES will handle your Personal Information in accordance with this Privacy Policy regardless of where your Personal Information is stored or accessed.

Links to Other Sites
This Privacy Policy covers the treatment of Personal Information gathered when you are using or accessing our Website. This Privacy Policy does not apply to practices of third parties that we do not own or control, including but not limited to, any third-party sites.

ACRES does not control these third-party sites and is not responsible for the content or the privacy policies or practices of any third-party site. If you connect to third-party sites from a link on our Website, we encourage you to consult the privacy policy of each site you visit.

Storing your personal information
We will retain your Personal Information as long as necessary to provide you the services offered there through and the other permitted uses specified in Section II above, and for a reasonable transition time thereafter. We may store aggregated and anonymized information (i.e., information that is not Personal Information) indefinitely.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Our Services are not directed at or intended for use by minors. Therefore, we do not wish to receive, nor do we knowingly collect, Personal Information from minors via our Website. No one under age 13 may provide any Personal Information to ACRES on or through our Website. In the event that we learn that we have collected Personal Information from a child under age 13 without verification of parental consent, we

Legal Rights Available to Help Manage Your Privacy

The new rights provided by the EU General Data Protection Regulation have been in effect since May 25, 2018.

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:

  • to access personal information
  • to rectify / erase personal information
  • to restrict the processing of your personal information
  • to transfer your personal information
  • to object to the processing of personal information
  • to object to how we use your personal information for direct marketing purposes
  • to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
  • to lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will use reasonable efforts to honor your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to Access Personal Information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to Rectify or Erase Personal Information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which ACRES is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defense of legal claims.

Right to Restrict the Processing of Your Personal Information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object and we are considering your request.

We can continue to use your personal information following a request for restriction:

  • where we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to Transfer Your Personal Information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to Object to the Processing of Your Personal Information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Object to How We Use Your Personal Information for Direct Marketing Purposes

You can request that we change the way we contact you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to Obtain a Copy of Personal Information Safeguards Used for Transfers Outside Your Jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area.

We may redact data agreements to protect commercial terms.

Right to Lodge a Complaint With Your Local Supervisory Authority

You have a right to lodge a complaint with your local data protection supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

How You Can Contact Us For More Support

The primary point of contact for all issues arising from this privacy notice, is our Chief Compliance Officer who can be contacted in the following ways:

ACRES Capital, LLC
865 Merrick Ave, Suite 200 S
Westbury, New York 11590
Telephone: (516) 535-0015
Email: acresinfo@acrescap.com

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to comply with your request to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

To Contact Your Data Protection Supervisory Authority

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before lodging a complaint with your local supervisory authority.

Data Protection and Privacy Policy

Introduction and Purpose
ACRES has a legal responsibility to protect the privacy of its Investors, employees and other individuals. The purpose of this policy is to provide guidance to ACRES employees for protecting information belonging to its investors and that is controlled by ACRES.

The loss of any data can be harmful to ACRES financially and could further harm its reputation. Thus, ACRES must have in place appropriate systems and controls to protect the data and prevent the material risk of loss and other damages.

ACRES employees will have knowledge of and may be in possession of highly confidential and/or confidential information about ACRES business or that of its investors. ACRES is ultimately responsible for verifying compliance with and enforcing the standards outlined in this policy. ACRES must treat information with the highest level of care, therefore confidential and personal data is to be used only for ACRES business purposes.

This Policy applies to all permanent and non-permanent employees and contractors of ACRES.

ACRES employees that are covered by this Policy are required to protect information collected by, owned by or under the custody of ACRES.

Data for the purposes of this policy applies to both confidential fund data and investor personal data.

This Policy sets out the requirements regarding:

  • The handling of information belonging to ACRES and its funds and investors;
  • The handling of the rights of Investors;
  • The treatment of data protection and client confidentiality complaints and breaches; and
  • The restrictions on the transfer of data outside of the European Economic Area.

Policy Statement
To ensure confidentiality, integrity and availability of ACRES’ data or of its investors, stakeholders, third-parties, employees must:
Ensure business units apply appropriate controls to protect data owned by ACRES;
Use data only for the specified purpose for which it was intended, or as agreed between the user and the investor or company data owner;
Be alert to and report any data protection and confidentiality incidents, issues or concerns to Compliance within the timeframes set out in Section E of this policy;
Employees that use personal data are prohibited from disclosing ACRES information to unauthorized parties;
ACRES must ensure that it has a valid and updated registration to process personal data with their respective Data Protection Authorities; and
Investors that invoke their data protection rights under data protection laws must be respected and handled in accordance with the appropriate local legal requirements.

Data Handling

Data Minimization
Business Units must implement adequate controls so that only adequate and relevant data is collected and processed when carrying out their personal data processing activities.

Data Accuracy
Business units processing personal data must implement adequate controls so that the data entered into systems, databases, or when transposing into electronic files is accurate. The accuracy of data must be maintained throughout the information lifecycle.

Data Purpose Limitation
Personal data must only be processed for the original purpose for which it was intended and agreed upon and must not be used for a new or different purpose without the investor’s consent.

Storage Limitation
Personal data must not be retained for longer than necessary. Business units are responsible for implement adequate controls and processes so that personal data is regularly deleted, using appropriate deletion methods, once there is no longer a legitimate business reason to maintain the data and in line with relevant firm policies, such as ACRES records retention schedule and policy.

Confidentiality and Integrity of Personal Data
Employees must ensure appropriate physical and technical controls are in place for both electronic and hardcopy documentation containing personal data.
ACRES must ensure that there are controls in place to detect a data breach that could result in destruction, loss, alteration, unauthorized disclosure of or access to personal data.

Email Security
Highly confidential and confidential data sent to external parties must not be included within the body of an email. Such data must be saved within an electronic file, utilizing appropriate encrypted methods.
The password for the file attachment must be provided to the client over the telephone, wherever possible, or the password should be sent to the client in a separate email.

Individual Rights
ACRES is obligated to provide Investors with certain rights. ACRES Investors, employees and other individuals have the following rights:

Data Subject Access Requests
All Subject Access Requests from Investors and funds must be referred to Compliance without delay.
Subject Access Requests must be made in writing and processed within one month and at no cost to the Investor.
Prior to providing any data in response to an access request, the identity of the individual must be verified; therefore, the following must be received from the individual:

  • The access request must be in writing with details specifying the information requested;
  • A recent utility bill or bank statement dated within the previous three months, which evidence their name and provides proof of address;
  • Current ID with photo, such as passport or driver’s license.
    Employees’ subject access requests must be directed to ACRES HR.
    ACRES employees have an obligation to restrict processing, rectify or erase any data that has been identified by an individual as inaccurate. If you believe that any data is inaccurate, you must escalate to Compliance.
    Any inquiries from Investors or funds, pertaining to restriction, erasure or automated decision making must be directed to Compliance without delay. Compliance is responsible for documenting and maintaining all inquiries from Investors.

Right to Restrict Processing to Data Processing
Investors have the right to request ACRES stop processing their personal date if they consider that such processing is causing them, or is likely to cause, unwarranted and substantial damage or harm.

Rectification, Blocking, Erasure and Destruction
Requests to correct, amend and delete inaccurate information must be investigated and referred to Compliance without any undue delay.

Complaints and Breaches

Complaints
Employees must make immediate referral of complaints, incidents, issues or concerns relating to privacy and data protection to Complaints. The resolution of any such complaint should follow ACRES Whistleblower Policies and Procedures.

Client Confidentiality and Data Breaches
Employees must inform Compliance of any actual or suspected confidentiality breaches immediately upon discovery of the breach and personal data within 24 hours.
When informing Compliance of the breach the employee must complete a Complaint Report Form as soon as a breach has been determined.

Reportable Data Breaches
Compliance must ensure that data protection breaches resulting in a high-risk breach are reported to the relevant data protection authority within 72 hours after first becoming aware of the breach. When reporting and investigating data protection breaches the Breach Reporting Procedures must be followed.

Transfer of Data Outside of the European Economic Area
The transfer of personal data outside of the European Economic Area (“EEA”) is acceptable provided that an appropriate legal method for transfers is in place. Any legal method used for transfers must be accompanied by a signed agreement with the intended recipient of the data prior to transfer.
Concerns or queries relating to the transfer of information outside of the EEA should be referred to Compliance or Legal Team.

Records of Processing Activities
Business units that process personal data must maintain and review an inventory annually at a minimum. The records of processing activities must reflect the data protection activities of the business area and must include details such as, the current processing activities, data sets processed, data subjects, retention period for deleting information, internal and external transfers of data and storage repositories including systems.
Compliance must be informed of any changes to business processing activities.

Privacy Contact
The Chief Compliance Officer has been named the contact for privacy matters. The privacy contact will assist with questions related to data protection and privacy and annual training. Additionally, the privacy contact will monitor Acres compliance with applicable privacy laws and regulations and will advise the business on data privacy matters.
From time to time, it may be necessary for the privacy contact to communicate with a supervisory authority regarding a regulatory inquiry or to notify a supervisory authority in the event of a material or high-risk data breach or violation of these policies.

Training
ACRES employees must undertake data protection training on an annual basis. Data protection training will be delivered via computer-based training as well as live training developed by Acres or an outside provider.

ACRES Code of Ethics
The ACRES Code of Ethics also sets out employee obligations with respect to protecting client and employee records. Employees must carefully protect and must not disclose to any third party all confidential and proprietary information belonging to the Company or its Clients. Such protected information includes, but is not limited to, the following: matters of a technical nature, such as computer software, product sources, product research and designs; and matters of a business nature, such as Client lists, Client contact information, personnel information, limited partnership and limited liability company agreements; agreements governing managed accounts; investment positions; research analyses and trading strategies; investment performance; internal communications; legal advice; and computer access passwords.