Effective Date: January 12, 2021
GMO Trust Customers and Users
GMO Trust’s Services are available to different types of users, including those who purchase GMO Trust stablecoins (“Customers”), and website visitors (“Users”). The information that the Services collect from and share about you may vary based on your interactions with our Services as a Customer or User.
- An Individual Customer is an individual who purchases or sells a GMO Trust stablecoin directly from or to GMO Trust.
- An Institutional Customer is an institution that purchases or sells a GMO Trust stablecoin directly from or to GMO Trust.
- A User is an individual that visits or uses the website and may include Customers.
“Personal Information” means any information that identifies or relates to you, or other data that can be reasonably associated with or linked to such information, either directly or indirectly, by GMO Trust. This includes information such as your name, email address, phone number, and IP address.
Information We Collect
We and our service providers collect a variety of information through the Services. We collect information from you directly when you provide it to us through the Services, including through our webform or chat service, and when you engage in certain actions on the Services, as well as from third parties such as cryptocurrency exchanges. We may also automatically collect certain information about you and your computer, smartphone, or other device when you use, access, or interact with our Services.
The information we may collect includes:
- Account and profile information. In order to create an account for an individual on GMO Trust as an Individual Customer or User, we collect your full legal name, email address, mobile phone number, home address, date of birth, and password. For Institutional Customers, we collect all of this information as well as proof of legal entity status, full legal name of all account signatories and beneficial owners, contact information for owners, principals, and executive management (as applicable), and additional identifying information for each entity beneficial owner that owns 10% or more of the institutional customer entity.
- Proof of identity. We require Individual Customers’ Social Security numbers or a photocopied or scanned version of Individual Customers’ government-issued identification, such as a license or passport, in order to open an account with us. For Institutional Customers, we collect the Employer Identification Number (“EIN”) or any comparable identification number issued by a government. Users who are not Customers have the option to add such information to their profiles, but are not required to do so.
- Residence verification information. We require Customers to provide proof of residence via a utility bill, telephone bill, mortgage or lease document, homeowner’s or renter’s insurance policy, or a similar document.
- Blockchain transactions. We collect and monitor transactions on the blockchain to support anti-money laundering compliance and for other purposes. Information we collect for this purpose may include cryptocurrency wallet addresses, individual transaction volume, and transaction size.
- Financial information. We collect Customers’ bank account information in order to facilitate purchases and sales of GMO stablecoins. Users have the option to add such information to their profiles but are not required to do so.
- Additional Personal Information. Additional Personal Information or documentation is collected at the discretion of our Compliance Team, including in relation to criminal records or alleged criminal activity (which is special category data as defined in applicable data protection legislation).
- Information you provide to us directly when you contact us. We and our service providers also collect User information when Users communicate with us through the Services, such as through any “Contact” or “Help” feature, including any customer support chat messaging feature, on the Services.
- Information collected automatically. When you use our Services, we or our third-party service providers may automatically receive and record certain information. For example, this may include your device’s IP address, information about your use of the Site during your current session and over time (including the pages you view and the files you download), the date and time of your visit, how you interact with the Site including, links you click, searches conducted, the website visited before navigating to the Site, your software and hardware attributes (including browser and operating system type and version, device type, and your general location inferred from IP address. To obtain such information, we or our service providers may use the following technologies to recognize your device and collect information about your Site usage:
- Server logs. When you use the Site, we automatically receive and record certain information from your computer (or other device) and your browser. To obtain such information, we may use server logs or applications that recognize your device and gather information about its online activity.
- Web beacons, tags, pixels, and similar technologies. The Site and the emails that you receive from GMO Trust may use an application known as a “web beacon” (also known as a “tag” or “pixel”) and similar technologies. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data. For example, it may allow an email sender to determine whether a user has opened a particular email.
- Local Storage. We use Local Storage Objects (“LSOs”) such as HTML5 to store content information and preferences. Your browser may offer its own management tool to manage LSOs.
How We Use Information that We Collect
We and our service providers use the information that we collect for a variety of purposes, including:
- Providing the Services. To create an account for you on GMO Trust, to provide you with our Services, process applications and transactions, manage your preferences, fulfill the terms of any agreement you have with us, respond to your requests, and for other purposes related to managing our business;
- Verifying your identity. In order to comply with sanctions and anti-money laundering statutes and regulations, we share your information with vendors that provide sanctions tools, which we use to help verify your identity and comply with our legal obligations, such as anti-money laundering laws. This also includes the financial institutions with which we partner to process payments you have authorized. We also use your information to conduct screenings or due diligence checks as may be required under applicable law, regulation, directive or our customer agreement with you;
- Communicating with you. To communicate with you regarding your account, updates regarding our Services, and other administrative issues, and to respond to your questions or requests;
- Sending newsletters or other promotional messages. To send you newsletters or other promotional messages regarding our Services or other GMO Trust services that may be of interest to you;
- Conducting analytics and improving our Service. To count and recognize users of the Services, analyze how the Services are used, improve the Services and the User experience, create new products and services, and conduct analytics;
- Compiling aggregated and de-identified information. To compile aggregated and de-identified statistics or reports that we may share with our partners or other third parties;
- Managing our risk. We may use your information to manage the risk of our client base, including for assessing and processing applications, instructions or requests from you, maintaining credit and risk related models, managing our infrastructure and business operations and complying with internal policies and procedures and monitoring the use of our Services;
- Fraud prevention. We and other organizations may also access and use certain information to prevent fraud as may be required by applicable law and regulation and best practice at any given time. If you provide false or inaccurate information or fraud is identified or suspected, details may be passed to law enforcement and fraud prevention agencies and may be recorded by us or by them. In addition, we may share information with the financial institutions with which we partner to process payments you have authorized;
- Legal purposes. For legal or other necessary purposes, including as described below in the section below titled “How We Share information.”
- Lawful business purposes. Where permitted by law, for other purposes related to managing our business.
Bitcoin, ether, stablecoin, and other Digital Assets are not necessarily truly anonymous. Generally, anyone can see the balance and transaction history of any public Digital Asset address. We, and any others who can match your public Digital Asset address to other Personal Information about you, may be able to identify you from a blockchain transaction. This is because, in some circumstances, Personal Information published on a blockchain (such as your Digital Asset address and IP address) can be correlated with Personal Information that we and others may have. This may be the case even if we, or they, were not involved in the blockchain transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to identify other Personal Information about you. As part of our security, anti-fraud and/or identity verification and authentication checks, we may conduct such analysis to collect and process such Personal Information about you. You agree to allow us to perform such practices and understand that we do so.
How We Share Information
We share information with third parties for a variety of reasons, including as follows:
- Service providers. We use third-party service providers to help us manage and improve our Services. For example, we use third parties to host our website and perform data storage and processing services, ensure compliance with legal regimes including those related to sanctions and anti-money laundering, send emails, and perform analytics, among others.
- Third-party plugins. The Site may also integrate third-party plugins (such as a Facebook “like” button and Twitter “follow” button). Even if you do not click on these plugins, they may collect information about you, such as your IP address and the pages that you view. They also may set and/or access cookies or use similar technologies. These plugins are governed by the privacy policies of the companies providing them.
- Legal purposes. We may use or share your information with third parties when we believe, in our sole reasonable discretion, that doing so is necessary:
- To comply with applicable law or a court order, subpoena, or other legal process;
- To investigate, prevent, or take action regarding illegal or prohibited activities, suspected fraud, violations of our rules or terms and conditions, or situations involving threats to other Customers and Users, our property, or the property or physical safety of any person or third party;
- To establish, protect, or exercise our legal rights or defend against legal claims.
- Organizational transfers. We may share your information with third parties to facilitate the financing, securitization, insuring, merger, acquisition, sale, assignment, bankruptcy, or other disposal of all or part of our organization or assets.
- Aggregated and de-identified information. We may share aggregated or de-identified information with third parties that does not identify you personally, such as by publishing or sharing reports with third parties about trends in the usage of GMO Trust’s Services.
Do Not Track
Some browsers have “do not track” features that allow you to tell a website not to track you. We do not respond to those signals at this time.
Third-Party Links, Websites, and Apps
Data Security and Retention
GMO Trust uses physical, technical, and administrative safeguards to protect your information against loss or unauthorized access, use, modification, or deletion. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your information.
Your Rights and Choices
You may review your account information on the GMO Trust at any time by logging in and viewing your profile. You may update your name, email address, password, company reference ID (as applicable), at any time through your profile. Users can also review and update their profile photo, location, public and profiles.
GMO Trust wishes to maintain accurate information. If you wish to correct or delete the information we have about you, please contact us at firstname.lastname@example.org. You may unsubscribe from promotional communications from us by clicking the “Unsubscribe” link at the bottom of each message.
You may have rights under applicable laws to request access to, correction of, deletion of, or restrictions on the processing of certain information. You may also have rights under applicable laws to opt out of or withdraw consent to further processing, request copies of your personal data, or lodge a complaint with a data protection authority in your jurisdiction. To make such request and/or inquire about such rights, please send us an email at email@example.com. For your protection, we may only implement requests related to information that we have associated with the email address used to send us your request, and we may need to verify your identity before implementing your request.
Information for Individuals in California
If you are a California resident, California law provides you with specific rights regarding your personal information, including the right to know about personal information collected, disclosed, or sold. You also have the right to request that we delete any of your personal information that we have collected from you, subject to certain exceptions, and the right not to be discriminated against if you exercise any of your rights under the California Consumer Privacy Act.
GMO Trust may have collected the following categories of personal information from California residents in the past 12 months:
- Identifiers such as a name, social security number, passport number, postal address, IP address, email address, or other similar identifiers.
- Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80.
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of products purchased or considered.
- Internet or other electronic network activity information.
- Geolocation data.
- Professional or employment-related information.
- Inferences drawn from any of the information identified above.
You may only make a verifiable consumer request to know or delete your data twice within a 12-month period. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or are an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will need to verify your identity before processing most requests, which may require us to obtain additional personal information from you. We will only use the personal information provided in connection with a request to review and comply with the request. If you do not provide this information, we may not be able to verify or complete your request.
To make such a request, contact us at firstname.lastname@example.org or at 150 East 52nd Street, Suite 7003, New York, NY 10022. Please note that we are only required to respond to two such requests per customer each year.
GMO Trust will not and has not sold personal information of California residents, including those under 16 years of age, to third parties for a commercial purpose in the preceding twelve months.
Information for Individuals Outside the United States
The Site is intended for adults. We do not knowingly collect or solicit any information from anyone under the age of 16. In the event that we learn that we have inadvertently collected personal information from a child under age 16, we will delete that information as quickly as possible.
150 East 52nd Street
New York, NY 10022