Privacy Protection Policy
SpiderRock Advisors, LLC will seek to limit its collection of Nonpublic Personal Information to that which is reasonably necessary for legitimate business purposes. SpiderRock Advisors, LLC will not disclose Nonpublic Personal Information except in accordance with these policies and procedures, as permitted or required by law, or as authorized in writing by the Client. SpiderRock Advisors, LLC will never sell Nonpublic Personal Information.
With respect to Nonpublic Personal Information, SpiderRock Advisors, LLC will strive to: (a) ensure the security and confidentiality of the information; (b) protect against anticipated threats and hazards to the security and integrity of the information; and (c) protect against unauthorized access to, or improper use of, the information. The Chief Compliance Officer is responsible for administering these policies and procedures. SpiderRock Advisors, LLC employees should notify the Chief Compliance Officer promptly of any threats to, or improper disclosure of, Nonpublic Personal Information.
Although these principles and the following procedures apply specifically to Nonpublic Personal Information, Employees must be careful to protect all of SpiderRock Advisors, LLC's proprietary information.
Protecting Confidential Information
Employees will maintain the confidentiality of information acquired in connection with their employment, with particular care being taken regarding Nonpublic Personal Information. Improper use of SpiderRock Advisors, LLC's proprietary information, including Nonpublic Personal Information, may be cause for disciplinary action, up to and including termination of employment for cause and possible referral to appropriate civil and criminal legal authorities.
Nonpublic Personal Information will be restricted to Employees who have a need to know such information.
Disclosure of Nonpublic Personal Information
Nonpublic Personal Information may only be provided to third parties under the following circumstances:
- To broker-dealers opening client brokerage accounts
- To accountants, lawyers and others as directed in writing by Clients
- To specified family members as directed in writing by Clients, or as authorized by law
- To third-party service providers, as necessary to service Client accounts
- To regulators and others, as required by law
Employees should take reasonable precautions to confirm the identity of individuals requesting Nonpublic Personal Information. Employees must be careful to avoid disclosures to identity thieves, who may use certain Nonpublic Personal Information, such as a social security number, to convince an Employee to divulge additional information. Any contacts with suspected identity thieves must be reported promptly to the Chief Compliance Officer.
To the extent practicable, Employees will seek to remove nonessential Nonpublic Personal Information from information disclosed to third parties. Social security numbers must never be included in widely distributed lists or reports.
Information Stored in Hard Copy Formats
SpiderRock Advisors, LLC has implemented the following procedures to protect Nonpublic Personal Information stored in hard copy formats:
- To the extent practicable, Nonpublic Personal Information will be kept in lockable filing cabinets located in the main office at all times;
- All Nonpublic Personal Information should be locked up at the end of each workday;
- Documents containing Nonpublic Personal Information must never be left unattended in main office public spaces, such as lobby or conference rooms;
- Employees will exercise due caution when mailing or faxing documents containing Nonpublic Personal Information to ensure that the documents are sent to the intended recipients; and
- Employees may only remove documents containing Nonpublic Personal Information from SpiderRock Advisors, LLC's premises for legitimate business purposes and require approval from the Managing Director in written form or the firm’s CCO. Any documents taken off premises must be handled with the same appropriate care and returned as soon as practicable.
Electronic Information Systems
SpiderRock Advisors, LLC has implemented the following procedures to protect Nonpublic Personal Information stored on electronic systems:
- SpiderRock Advisors, LLC uses passwords to protect Employee computers, computer networks, and web-based systems administered by third parties. Employees must never share their passwords or store passwords in a place that is accessible to others;
- Computers are automatically locked when unused for certain periods of time as determined by the Chief Technology Officer ("CTO"),;
- Employees must change passwords periodically. If a password is compromised, the Employee must change his or her password immediately and promptly notify the CTO of the breach;
- Employees will consider whether to use encryption when sending emails including Nonpublic Personal Information outside of SpiderRock Advisors, LLC's network;
- Any theft or loss of electronic storage media must immediately be reported to the CTO;
- The CTO is responsible for implementing appropriate protections for electronic information systems, including:
- Anti-virus software
- Prompt implementation of system patches and updates
- Lock-out periods following repeated unsuccessful login attempts
- Encryption of all wireless data transmissions
- When technically feasible, encryption of files containing Nonpublic Personal Information traveling across public networks
- Monitoring of SpiderRock Advisors, LLC's computer systems for unauthorized use
- To the extent practicable, Nonpublic Personal Information will be kept on portions of the network that are only available to Employees with a legitimate need to access the information;
- The CTO or designee is responsible for setting Employees/Supervised Persons' access permissions on the Company's computer network. The CTO or designee will obtain pre-approval from the Employee/Supervised Person who has primary responsibilities over the data in question prior to granting another Employee/Supervised Person access; and
- The CTO or designee will promptly disable system access for any terminated Employee.
Access to Client Accounts
SpiderRock Advisors, LLC may access Client accounts to debit fees and for other administrative purposes. Employees must utilize the utmost care to prevent improper or unauthorized use of such access. Any actual or suspected breach of security involving Client accounts must immediately be reported to the Chief Compliance Officer.
SpiderRock Advisors, LLC will provide a Privacy Notice to all Clients upon their establishment of an advisory relationship. SpiderRock Advisors, LLC will also provide a copy of the Privacy Notice to all Clients annually. A copy of SpiderRock Advisors, LLC's Privacy Notice is attached and also available on the firm’s internet site www.SpiderRockAdvisors.com.
The Compliance Department oversees the distribution of annual Privacy Notices, by informing Clients by email of the availability of such notices.
SpiderRock Advisors, LLC will provide Clients with prompt notice of any change to the Company's privacy policies, and will give Clients sufficient opportunity to opt out of any new disclosure provisions.
Responding to Privacy Breaches
If any Employee/Supervised Person becomes aware of an actual or suspected privacy breach, including any improper disclosure of Nonpublic Personal Information, that Employee/Supervised Person must promptly notify the Chief Compliance Officer. Upon becoming aware of an actual or suspected breach, the Chief Compliance Officer will investigate the situation and take the following actions, as appropriate:
- To the extent possible, identify the information that was disclosed and the improper recipients;
- Take any actions necessary to prevent further improper disclosures;
- Take any actions necessary to reduce the potential harm from improper disclosures that have already occurred;
- Consider discussing the issue with Outside Counsel, and/or law enforcement officials;
- Evaluate the need to notify affected Clients, and make any such notifications;
- Collect, prepare, and retain documentation associated with the inadvertent disclosure and SpiderRock Advisors, LLC's response(s); and
- Evaluate the need for changes to SpiderRock Advisors, LLC's privacy protection policies and procedures in light of the breach.
Privacy Protection Training
The Chief Compliance Officer will ensure that all new Employees have received, reviewed and understand their obligations to protect Nonpublic Personal Information. The Chief Compliance Officer will remind all Employees of their privacy protection obligations as necessary thereafter. The Chief Compliance Officer may provide training more frequently and/or in person to individuals or groups if:
- SpiderRock Advisors, LLC's policies and procedures, or the threats to Nonpublic Personal Information, change in a material way;
- SpiderRock Advisors, LLC experiences a privacy breach; and/or
- One or more Employees do not appear to understand their obligations regarding privacy protection.
Information Obtained from or provided to Affiliate
SpiderRock Advisors, LLC's currently has three affiliates commonly owned under SpiderRock Holdings, LLC: SpiderRock EXS, LLC, SpiderRock Platform Services, LLC, and SpiderRock Gateway Technologies, LLC. It may from time to time share information with the intent of providing or increasing client services or with third parties which must know details to help facilitate the client advisory services, including account trading, record retention, technology development, client information security, and communication. No affiliate will disclose or sell client information to a third party for any other means than to help carry out our investment advisory services to the client.