Privacy Policy

Privacy Notice For California Consumers

Last updated: July 1, 2023

This notice contains disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”). Terms defined in the CPRA have the same meaning when used in this notice. This notice is only relevant to California residents (“consumers” or “you”). Consumers with disabilities may access a printable copy of this notice in pdf format by clicking here.

Information We Collect.  In the past 12 months, we have collected and disclosed for a business purpose the following categories of personal information ("Personal Information"): 

Identifiers.  A real name, alias, email address, postal address, Internet Protocol (IP) address, account name, Social Security number, driver’s license number, passport number, or other similar personal identifiers.

Other personal information categories, as listed in the California Customer Records Statute.  A signature, physical characteristics  or description, telephone number, insurance policy number, education,  employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Protected classification characteristics under California or federal law.  Age (40 years or older), race,  citizenship, marital status, sex, veteran or military status.

Commercial information.  Account activity, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Professional or employment-related information.  Current or past job history or performance evaluations. 

Non-public education information (per the Family Educational Rights and Privacy Act).  Education records directly related to a student maintained by an educational institution or party acting on its behalf.

Sensitive personal information.  A consumer's SS, driver’s license, state ID card, or passport number; account log-in or debit/credit card number in combination with any access code, password, or account credentials; precise geolocation; racial/ethnic origin, religious/philosophical beliefs, or union membership; contents of mail, email, and text messages; genetic data; biometric information; PHI; or sex   life or sexual orientation.

Personal Information does not include information that is publicly available, de-identified/ aggregated, or subject to HIPAA or GLBA.

We collect Personal Information from the following categories of sources:

• Your communications with us; 
• Service providers, including, but not limited to:  administrators, lenders, banks, brokers, auditors, law firms, consultants, placement agents, employment agencies, credit bureaus;
• Affiliates not under the Castle Hook Partners LP brand; 
• Nonprofit organizations; and 
• Government entities. 

We do not knowingly collect, solicit or sell Personal Information from anyone under the age of 16 without the prior consent of a parent or guardian.

Purpose for Collection and Use of Personal Information.  We may collect or use Personal Information for one or more of the following purposes: 

• Providing you with information about our products and services;
• Providing you with performance and other updates; 
• One or more of the following business purposes:

                               o   Performing services (for us or our service provider or contractor) such as account servicing,           

                                     processing orders and payments, and analytics;

                               o   Legal compliance;

                               o   Detecting and protecting against security incidents, fraud, and illegal activity;

                               o   Debugging;

                               o   Internal research for technological improvement;

                               o   Internal operations;

                               o   Activities to maintain and improve our services; and 

                               o   Short-term, transient use, such that the personal information is not disclosed to another third party

                                     and is not used to build a profile about you. 

The use of sensitive personal information is limited to only those purposes authorized under the CPRA.

Disclosing Personal Information.  We may disclose Personal Information to:

• Service providers, including but not limited to: administrators, lenders, banks, brokers, auditors, law firms, consultants, placement agents, employment agencies, credit bureaus; 
• Affiliates; 
• Business partners; 
• Legal or government regulatory authorities as required by applicable law;  
• In connection with a potential business transfer; and
• Third parties to whom you or your agents authorize us to disclose such information in connection with services we provide to you.

In the past 12 months, we have not sold or shared (for cross-context behavioral advertising) Personal Information to third parties.

Length of Time.  We will keep your Personal Information for as long as necessary to comply with our regulatory obligations.

Rights of California Consumers.  The CPRA provides a California consumer the following rights, subject to certain exceptions and limitations: 

• The right to request: (a) the categories and specific pieces of Personal Information we collect about you; (b) the categories of sources from which we collect your Personal Information; (c) our business or commercial purposes for collecting, selling or sharing your Personal Information; (d) the categories of Personal Information disclosed for a business purpose or shared with third parties (for cross-context behavioral advertising) and the categories of persons to whom it was disclosed or shared; (e) the categories of your Personal Information (if any) that we have either sold, shared, or disclosed.
• The right to request that we delete your Personal Information, subject to certain exceptions.
• The right to opt out of our sale(s) (if any) of your Personal Information to third parties or sharing with such third parties for the purpose of cross-context behavioral advertising.
• The right to request we correct any inaccurate Personal Information maintained about you.
• The right to limit our use of your sensitive personal information to only use that is necessary to perform the services expected or provide the goods reasonably expected.
• The right not to receive discriminatory treatment for exercising your CPRA rights.

You may submit requests relating to your exercise of CPRA rights to us via:

phone 212.698.4720

email compliance@castlehook.com

You may only make a verifiable request for access or data portability twice within a 12-month period. All verifiable requests must provide (1) enough information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized agent and (2) sufficient detail that allows us to properly evaluate and respond to it. We may need to request additional information from you to verify your identity or understand the scope of your request. If we are unable to verify your identity, we will need to deny your request. You may designate an authorized agent to make a CPRA request on your behalf and reserve the right to seek proof that you have given the authorized agent signed permission to act on your behalf. 

We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. 

Questions 

If you have questions regarding this Notice, please contact us at compliance@castlehook.com.