Privacy Policy
Last Updated: December 2019
Your privacy is a priority at Research Affiliates, LLC and its sister company, RAFI Indices, LLC (individually, “RA” and “RI”, respectively, and together the "RA Companies," “we,” “us,” or “our”). This privacy policy (the “Privacy Policy”) describes our approach to the collection, processing, storage, and use of the information that we collect from you.
We understand that you have entrusted us with private information and we care about your privacy. For purposes of certain data protection laws, the RA Companies are considered the “controller” with respect to your Personal Information.
Application
This Privacy Policy applies to information we collect through our websites, www.researchaffiliates.com and www.rafi.com (the “Websites”), as well as through email or other electronic messages and related to events that we may hold. This Privacy Policy does not apply to information we formally collect from our current and former clients, who should refer to our Client Privacy Notice.
Access to the Websites
We provide Visitors and Registered Users with access to the Websites as described below.
Visitors: Visitors are individuals who do not create a login and can only access publicly-available features and functionalities of the Websites.
Registered Users: Registered Users are individuals who create a login and can access public as well as password-protected areas of the Websites. Registered Users are also considered those individuals who provide personal information in connection with an event registration form created by the RA Companies.
Collection of Information
We may collect information as described below (collectively, the “Information”).
For Visitors: As a Visitor, we will collect automatically, internet or other electronic network activity information, including, but not limited to, referring URL, browser, operating system, device type, and Internet Protocol (“IP”) address. If you consent to our Cookies Policy, we will also collect additional internet activity information as described in that policy and briefly herein.
For Registered Users: As a Registered User, we collect information that you provide us, including:
We may also collect Internet or other electronic network activity information, such as analytic information relating to your use of the Websites, including, but not limited to, the areas of the Websites you view, the number of times you visit specific areas of the Websites, the amount of time you spend on specific areas of the Websites, your visit dates, your exits to partner sites, your geolocation information, etc. If you consent to our Cookies Policy, we will also collect information additional internet activity information as described in that policy.
Do Not Track: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated DNT signals.
Use of Information
The Information that we collect is used by us for the performance of a contract with you (or on your behalf), based on your consent, where it is requested and provided, or on the basis of our legitimate business interests, including for client service, marketing, business development purposes, to improve our Websites and services, for legal and regulatory purposes, and to conduct analytics.
Sharing of Personal Information
The RA Companies do not sell any of your Information.
The RA Companies may share your Information described above, in whole or in part, for business or commercial purposes with non-affiliated third parties in the following circumstances, or in other circumstances where there is a legitimate business purpose:
International Transfers
The RA Companies are established and store data in the United States. As such, any personal data processed by us will be processed there. An adequacy decision has not been made by the European Commission in respect of the United States.
Where privacy laws impose restrictions on the transfer of personal information, your personal information will be transferred to and stored by us only upon any of the following conditions;
Security and Protection of Your Information
We take steps to protect your Information from loss, misuse, and unauthorized access or disclosure. Such steps include physical, electronic, and procedural safeguards. For example, we make use of firewall barriers, encryption techniques and authentication procedures. Additionally, we restrict access to Information to only those employees and agents required for legitimate business purposes.
Despite the steps we take to protect your Information, please be aware that we cannot guarantee the security of our databases or the databases of the third parties with which we may share your Information. We also cannot guarantee that the Information will not be intercepted while being transmitted over the internet, such as via e-mails you send to us.
Your Rights
Individuals in Andorra, Argentina, Australia, California, Canada, Europe, Faroe Islands, Guernsey, Hong Kong, Israel, Isle of Man, Japan, Jersey, Mexico, New Zealand, Singapore, South Korea, Switzerland, the United Kingdom, Uruguay, and certain other jurisdictions may have certain data subject rights. These rights vary, but they may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) restrict or object to the processing of their personal data; and (iii) obtain a copy of their personal data in a portable format. Individuals may also have the right to lodge a complaint about the processing of personal data with a data protection authority.
If you wish to exercise any of these rights please email dataprivacy@rallc.com with the phrase “Data Subject Rights” in the subject line. You may also call us toll-free at 888-412-1255 or complete this web form. We will review your requests and respond accordingly. The rights described herein are not absolute and we reserve all of our rights available to us at law in this regard. Additionally, if we retain your Personal Information only in de-identified form, we will not attempt to re-identify your data in response to a Data Subject Rights request.
If you make a request related to Personal Information about you, we will need to verify your identity. To do so, we will request that you match specific pieces of information you have provided us previously, as well as, in some instances, provide a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying the request. For requests related to particularly sensitive information, we may require additional proof of identification.
If you make a Data Subject Rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.
We will process your request within the time provided by applicable law.
Changes to this Privacy Policy
We may make changes to this Privacy Policy from time to time. By continuing to access and/or use the Websites, you are deemed to have accepted any such changes.
Contact
If you have any questions or concerns regarding this policy, please contact us at compliance@rallc.com or compliance@rafi.com.