As required under applicable federal law, this notice informs you of the privacy policies of Ironwood Capital Management Corporation (“Ironwood”) and the investment funds it manages.
Unless authorized by the specific client or former client, or as permitted by law, Ironwood will not disclose nonpublic personal information (such as name, address, social security number, tax identification number, net worth, total assets, income and other financial information necessary to determine required accreditation standards) about its clients or former clients to third parties other than affiliates and/or other third party firms that assist Ironwood in providing advisory services and/or effecting client transactions (such as brokers, fund administrators and compliance/operational support service providers). Instances in which Ironwood may, as authorized and as disclosed in its Privacy Notice, share its customers’ information with non-affiliated third parties include:
(a) disclosure to companies that provide services necessary to effect a transaction that you request or to service your account such as prime brokers, accountants, banks, attorneys or administrators.
(b) disclosure to government agencies, courts, parties to lawsuits, or regulators in response to subpoenas. In such cases, we share only the information that we are required or authorized to share.
(a) Access to Ironwood’s locked office requires a security pass (which is generally only provided to Ironwood’s employees);
(b) access to clients’ nonpublic personal information is restricted to an identified group of employees and service providers;
(c) hard-copies of clients’ nonpublic personal information are kept in a locked file room or on file with the fund administrator;
(d) access to clients’ electronic-based nonpublic personal information is restricted (through passwords or similar securitization) to the enumerated group of employees under (a) above; and
(e) employees are strictly prohibited from keeping or transporting clients’ non- public personal information outside of Ironwood’s business premises.
In order to protect clients against the risks of fraud and fraud-related crimes, including identity theft, Ironwood has also adopted the following internal procedures relating to the secured disposal of non-public personal information (although this list may not be exhaustive):
(a) to the extent not covered under Rule 204-2 of the Advisers Act, hard-copies of the clients’ and investors’ non-public personal information (or any extra hard-copies of such non-public personal information, whether or not covered by Rule 204-2) shall be shredded or otherwise destroyed in a manner so that such information cannot be practicably read or reconstructed;
(b) to the extent not covered under Rule 204-2 of the Investment Advisers Act of 1940 ("Advisers Act"), the clients’ and investors’ non-public personal information which is stored on disk, CD, tape or other electronic media (or any extra disks, CDs, tapes or other electronic media which contains of such non-public personal information, whether or not covered by Rule 204-2) shall be cleared, purged, declassified, overwritten and/or encrypted in such a manner so that any information contained therein cannot be restored or decrypted; and
(c) After the electronic media is cleared, purged, declassified, overwritten or encrypted, Ironwood’s Chief Compliance Officer, or its designee, shall check that the original information is not backed-up or saved on a hard drive, recycle bin or other memories. Ironwood shall notify each third-party service provider engaged by Ironwood (which necessarily obtains access to the clients’ and investors’ non-public personal information during the course of their services on behalf of Ironwood) of its policies and procedures relating to the secure disposal of non-public personal information. Ironwood will request that such service providers shall notify Ironwood if they believe that their own procedures are not sufficient to ensure adherence to Ironwood’s procedures.
Ironwood seeks to establish and maintain a security system that covers its use of computers and other technologies. In this regard, Ironwood is currently in the process of adopting internal procedures to (i) secure user authentication protocols, (ii) ensure there is the proper encryption of transmitted records and files containing investor information, (iii) ensure there is the proper encryption of all investors’ information stored on laptops and other portable devices, (iv) require periodic updates of firewall protection and operating system patches on systems connected to the internet, and (v) ensure that any cleared, purged, declassified, overwritten or encrypted electronic media is not backed-up or saved on a hard drive, recycle bin or other memories.
Ironwood reserves the right to change this privacy notice, and to apply changes to information previously collected, as permitted by law. Ironwood will inform investors of any changes as required by law.