We collect personal data from clients in order to provide financial planning and investment advisory services. We are also required to collect and maintain certain data under US and Thai Law according to the regulations of various entities to include the US Securities and Exchange Commission, the Thai Security and Exchange Commission, and the Thai Anti-Money Laundering Organization.
1. What is the purpose of this Privacy Policy?
Creveling & Creveling Financial Planning Ltd. (“C&C”) is an investment adviser registered with the U.S. Securities and Exchange Commission (the “SEC”) under the Investment Advisers Act of 1940, as amended, (the “Advisers Act”) and the Securities and Exchange Commission of Thailand. C&C is providing this Notice of Privacy Policy in order to comply with the U.S. SEC’s Privacy of Consumer Financial Information rule (commonly known as “Regulation S-P”) and the relevant policies of Thailand’s Personal Data Protection Act B.E. 2562.
More specifically, we want you to know what type of information we collect from you, how we use and safeguard that data and to inform you of your rights regarding the use of your personal data.
2. What is Personal Data and What information do we collect about you?
Personal Data is information that taken individually or in aggregate can identify you as the owner of that data. Personal Data that we collect can consist of both public and non-public information about you.
Examples of the type of data we collect from you in order to provide our services may include (but is not limited to) the following types of information:
- First and Last names
- Names of spouses and children
- Gender
- Nationality
- Date of Birth
- Home address
- Telephone numbers
- Email addresses
- Personal Identification Numbers to include Passport and National IDs
- Social Security and tax identification numbers
- Investment, Bank and Pension Account numbers
- Tax returns
- Financial statements
- Name of employer and position at employer
- Compensation and benefit packages at employer
- Investment Positions and transactions
- Details of various types of household debt
- Financial Information of a general nature to include account balances
We collect personal data from you in order to provide financial planning and investment advisory services. We are also required to collect and maintain certain data under US and Thai Law according to the regulations of various entities to include the US Securities and Exchange Commission, the Thai Security and Exchange Commission, and the Thai Anti-Money Laundering Organization.
3. Sources of Personal Data
We collect personal data directly from you via our initial Data Collection Questionnaire and various financial documents and statements provided by you at the outset of the engagement of our services. Information is periodically updated by you throughout the provision of our services.
We also obtain position and transaction details on investment accounts and pensions from your custodians that our linked to our Master Account at the relevant custodian. This is necessary for us to provide investment advisory services. You authorize the sharing of this information by providing authorization through your custodian. You can revoke that authorization at any time by directly contacting your custodian.
4. To whom do we disclose your non-public personal information?
We do not disclose or share your non-public personal information with any third-party except under the following conditions:
- Certain personal data is required to be utilized with certain third-party financial planning and portfolio accounting platforms in order to provide financial planning and investment advisory services. Such platforms include, but are not limited to, the financial planning platform, MoneyGuidePro, portfolio accounting platform, Morningstar and the secure file sharing service, Sharefile. We attempt to limit the amount of personally identifying information on these platforms to the extent possible and remove data when no longer needed to provide our services.
- As required by US or Thai law under the regulation of the US and Thai Securities and Exchange Commissions and the Thai Anti-Money Laundering Organization.
- As authorized in writing by you to share with other advisors such as tax and estate attorneys and/or a designated person(s) to whom you have authorized in writing to receive such information.
- For purposes of responding to any disputes with the Client and services provided by C&C
5. How do we safeguard your non-public personal information?
We restrict access to non-public personal information about you to those employees, third-party service providers and regulators who require that information in order for us to carry out the advisory services that you have asked us to provide you. We maintain physical, electronic, and procedural safeguards under C&C’s Cybersecurity and Information Protection Policies and Procedures that comply with US federal and Thai standards to safeguard your non-public personal information. You may request of copy of those policies and procedures if you desire more information.
6. How long do we keep your personal data?
By law we are required to maintain your data for 5 years after the termination of our services to you. Additionally, the Thai Anti-Money Laundering Organization requires us to maintain certain data for 10 years after termination of our services. After the mandated statutory period, we will securely destroy all your information as outlined in our Information Protection Policies and Procedures.
7. What are your rights as the data owner?
When you enter into a service agreement with C&C, you consent to provide certain personally identifiable information in order for us to provide financial planning and investment advisory services. This includes authorization to use such data on financial planning, portfolio accounting and custodial platforms.
You have the right to withdrawal your consent to the use of your personal data. This will typically terminate your relationship with C&C as we would no longer be able to provide our services. Upon termination of services, we reserve the right to and will immediately delink all custodian accounts from our master account and remove all data from third-party financial planning, portfolio accounting and file sharing platforms.
Note that upon termination of services, we are still required to maintain certain information for a period of 5 years by the Thai SEC and 10 years by the Thai Anti-Money Laundering Organization.
To revoke your consent and terminate services, you will need to notify us in writing under the terms of the Wealth Advisory Services Agreement.
8. Marketing Activities and Campaigns
We do not give, sell or otherwise use your personal information with any third-parties for any type of marketing or promotional activities. When you engage our services, we sign you up to C&C’s blog. If you do not wish to receive this, you can unsubscribe or notify us directly and we will remove you from C&C’s blog distribution list.
9. Changes to our Privacy Policy
We may update this privacy policy periodically according to our data protection policies and procedures and in compliance with relevant law.
We will provide a copy of our privacy policy annually to all current clients and to any client that has terminated services, but was a client at some point in the previous twelve (12) month period.
10. Limitation of Liability.
In no event shall C&C (including its directors, employees, and representatives) be liable for any indirect, incidental, special or consequential damages, or damages for loss of profits/reputational harm, revenue, data, or use, incurred by other party or any third party, whether in an action in contract or tort, even if such party has been advised of the possibility of such damages, including without limitation data breaches, security breaches, or cyberattack. CC’s (including its directors, employees, and representatives) aggregate liability is limited in all cases and in the aggregate to the amount of fees actually paid by the Client in the previous six (6) months preceding the date of the event that is the basis for the first claim. The Client acknowledges that data breaches can occur and that no data transmissions over the Internet can be guaranteed to be 100% secure.
11. If I have questions about this Notice of Privacy Policy, to whom to I direct my questions?
Questions about C&C’s Notice of Privacy Policy should be directed to Peggy Creveling, our Chief Compliance Officer, who can be reached at: peggy@crevelingandcreveling.com.