HW&Co. EU Data Statement
HW&Co. EU Data Statement
Please note: This information only applies to data subjects in the European Economic Area.
PERSONAL DATA: HW&Co strives to protect any data relating to an identified or identifiable individual data subject located in the European Economic Area. HW&Co may collect personally identifiable information (“EU Personal Information”) such as but not limited to; name, address, email address, financial information, contact information, identification numbers, any IP address, geolocation information, browsing history, cookies, any other digital identifiers and/or their physical, mental, social, and economic or cultural identities and anonymous information to provide the best services and online experiences from individual data subjects located in the European Economic Area.
Throughout HW&Co databases, servers and on/in HWCO.CPA, EU Personal Information may be used, collected, updated, processed and stored in a multitude of ways.
HW&Co may ask you to provide EU Personal Information when you create an account, subscribe to newsletters, send e-mails, register for an event, purchase products or services, submit information through HWCO.CPA or through a portal, submit a question or concern, or participate in other digital activities when you visit HWCO.CPA.
Other ways your EU Personal Information may be collected, updated, processed, stored or used include, but are not limited to, the following:
- From you when inputting, uploading or submitting to HWCO.CPA or third-party data aggregators
- Your inquiries by mail, telephone, e-mail, social media or face-to-face conversations
- Agreements, applications, forms and other documents received from you
- Any information you submit voluntarily to HW&Co
HW&Co may also collect EU Personal Information from you at professional conferences and seminars that you voluntarily submit through business cards, forms or face-to-face conversations.
PERSONAL DATA USAGE, PROCESSING & STORAGE: For collection, processing and storage of EU Personal Information and anonymous information HW&Co uses a variety of means, including but not limited to, GoToWebinar, LeapFile, Thomson Reuters Suites, MimeCast, Microsoft Teams, Microsoft Office Suites and Microsoft Server Suites along with various other software programs/suites. Data may also be enhanced or captured through in-person sharing via phone call, e-mail, third-party data aggregators, digital exchanges or social media.
Data Storage Duration: In general, HW&Co’s Information Retention Policies requires the purge of most data within a range of six months to ten years in accordance with U.S. laws and regulations and HW&Co’s business needs. Items not related to specific engagements are usually purged within three years or less.
DATA HANDLING: HW&Co will not sell, license, transmit or disclose your EU Personal Information outside of HW&Co and its affiliated companies. HW&Co restricts access to EU Personal Information. HW&Co maintains physical, electronic and procedural safeguards to protect EU Personal Information. Person-to-person sharing of your EU Personal Information may occur between our personnel and our affiliates and subsidiaries. This sharing may occur by mail, telephone, e-mail, private and direct messaging such as Microsoft Teams or face-to-face conversations.
If HW&Co uses agents, contractors or other companies, to perform services on our behalf, HW&Co will require that they protect your EU Personal Information.
Although we do not sell EU Personal Information, we may disclose EU Personal Information to the following parties:
- You (if you direct HW&Co to do so)
- Unaffiliated financial services providers
- Custodians and trustees
- Banks, financial representatives, proxy services, vendors, affiliates, licensees, licensors, affiliates, solicitors or printers
- Third parties who assist HW&Co or who perform services on our behalf in order to provide you with products and services or to affect transactions that you request or authorize
- Third parties in order to protect any account you may have with HW&Co from fraud, misfeasance, malfeasance or other wrongful acts
From time to time, HW&Co may be required to disclose your EU Personal Information in response to a court order, subpoena, government investigation or as otherwise required by law. HW&Co also reserves the right to report to law enforcement agencies any activities that HW&Co, in good faith, believe to be unlawful. HW&Co also may disclose certain EU Personal Information when HW&Co believes that such disclosure is reasonably necessary to protect the rights, property and safety of others or HW&Co.
Data Access & Control: If you are subject to the GDPR and we are processing your data, you have several data subject access rights, which include the following:
- Right to be informed
- Right to request data correction
- Right to request data access
- Right to request data portability
- Right to request data erasure
- Right to request withdrawal of consent
- Right to restrict processing
- Right to objection
- Right to request not to be subjected to automated decision making
Data subject access rights may be exercised here. The request will be fulfilled in 30 days once requested, processed and received by HW&Co. HW&Co reserves the right to deny any requests deemed too financially cumbersome to be executed.
You may disable cookies, opt-out of being tracked via cookies all together across HWCO.CPA, receive a warning before a cookie is placed on your device and erase cookies from your device through use of options or preferences menus in your browser. It is possible, however, that some parts of HWCO.CPA will not operate correctly if you disable the cookies feature. You should consult with your browser’s provider/manufacturer if you have any questions regarding disabling cookies.
DATA TRANSFER: Whenever HW&Co transfers EU Personal Information from individual data subjects located in the European Economic Area to a third party service provider located in a country that has been deemed inadequate, we do so with and approved legal adequacy mechanisms in place.
By using any of the services offered by HW&Co or on/in HWCO.CPA, or by submitting any EU Personal Information to HW&Co, you authorize HW&Co and its authorized service partners to transfer, use, store and/or process any EU Personal Information to the US.
Cybersecurity Breach Protocol: In accordance with GDPR requirements, HW&Co will inform the supervisory authority within 72 hours of our data controller(s) becoming aware of any significant cybersecurity breach and/or incident involving EU Personal Information of individual data subjects located in the European Economic Area. If the breach is of a serious nature and impacts the rights and freedoms of individuals in our databases, we will inform the intended public as reasonably as possible and without delay.