Privacy and cookies policy
Data privacy notice
Prospective and existing clients, vendors, agents, third-parties and their employees or representatives (as applicable)
June 2025
As a financial company with a global presence, Mesirow Financial Holdings, Inc., and its affiliates and subsidiaries (collectively, “Mesirow,” “we,” “our,” or “us”), is subject to various data privacy laws and regulations depending on the type of information and jurisdiction. As such, not all sections of this Privacy Notice are applicable to every individual. The privacy of the personal information you provide to us is important, and we want to assure you that we are committed to protecting your privacy. This Privacy Notice describes how Mesirow collects, uses, discloses, and otherwise processes personal information described in this Privacy Notice, as well as the rights and choices individuals have regarding such personal information.
For individuals residing in California: Please read additional information about your privacy rights and other important information here.
For individuals residing in the EEA/UK or doing business with a Mesirow entity in the EEA/UK: Please read additional information about your privacy rights and how we handle your personal information here.
For Individuals Outside the EEA/UK: By using our services, you agree that your personal information will be handled as described in this Privacy Notice. Your use of our services and any dispute over privacy is subject to this Privacy Notice and our Terms and Conditions, including their applicable terms governing limitations on damages and the resolution of disputes.
The types of personal information we collect
In order to provide services to website users and customers and to develop new customer relationships, we may collect the following types of personal information, to the extent permitted by applicable law:
- Application Data. Personal information contained in applications and other forms including, but not limited to, your name, alias, address, social security number, family member information, beneficiaries, occupation, education, birth date, email addresses, telephone numbers, bank account numbers, driver’s license, passport, assets, and income;
- Contract Data. Personal information concerning your relationships with us such as products or services purchased from us, account balances and transactions and payment history;
- Credit Data. Personal information from consumer reporting agencies such as credit bureau reports and related history;
- Website Data. Personal information from visits to our website such browser type, domain name, page views, access times, date/time stamps, operating system, language, device type, clickstream data, and other similar device and browsing information, as well as activity and usage information such as information about the links clicked, searches, features used, items viewed, and time spent on our website;
- Contact Information. Business contact personal information such as name, email address, and telephone number;
- Regulatory Data. Personal information required for us to meet legal and regulatory requirements including, without limitation, information with respect to anti-money laundering regulations, such as the source of funds; and
- Other Data. Any other personal information you may provide to us.
Our products and services are not intended for children or persons under 18 years of age, and we will not knowingly collect any data related to children unless they are a beneficiary in which case we will only collect and use the information as required to perform our obligations to the associated client.
How do we collect personal information about you and what is the source?
Typically, we may collect personal information from you when you contact us directly or provide information in order for us to provide our products and services and we use your personal information in ways that are compatible with the purposes for which we originally requested it and as described in this Privacy Notice. We may collect personal information from and about you in the following ways:
Through direct interactions when you give us your personal information by filling in forms or during correspondence with us. This includes when you:
- Apply for our products and services;
- Subscribe to our services;
- Create an account;
- Meet with us in person or talk to us face to face;
- Complete questionnaires, for example to give us feedback;
- Engage with us in connection with your employment at one of our vendors, contractors or counterparty banks;
Through using our website when we collect personal information using cookies or similar technologies which tell us about your equipment, browsing actions and patterns.
How we will use your personal information
We collect, use, disclose, and otherwise process the personal information we collect in ways that are compatible with the purposes described in this Privacy Notice.
Under some laws, we need to have a legal basis (a legal justification) to use your personal information. Most commonly, we use your personal information in reliance on the following legal bases:
- We have a contract with you and need to perform our contractual obligations. For example, we have agreed to provide financial advice or to manage investments for you and have a contractual agreement to do this. In other cases, you may ask us to take certain steps in anticipation of potentially entering into a contract with you.
- We have a legal obligation. We need to use your personal information to comply with laws that assist in the prevention of financial crime and to comply with regulatory obligations. For example, this might include confirming your identity and source of wealth, as well as ensuring we provide you with necessary information so you understand the risk of the financial services we can provide.
- We have asked for, and you have provided, consent to use your personal information. Please note that you can withdraw your consent at any time for future processing.
- We, or a third party, have a legitimate interest in processing the personal information and your interests and fundamental right do not override those interests. For example, we may process your personal information to prevent fraud.
We set out in the table below in the purposes for which we use your personal information, the categories of personal information used, and the legal bases we rely on to do so. We also explain what our legitimate interests are where appropriate:
Purpose and Categories of Personal Information | Legal basis for processing including our legitimate interests |
To on-board you (or your employer) as a new customer, service provider, or counterparty Application Data; Contract Data; Credit Data; Regulatory Data | To fulfill our contract with you (or our legitimate interests in managing our customer relationships, where the contract is with your employer) To fulfill our legal obligations to prevent financial crime (or our legitimate interests in complying with legal obligations, when those obligations do not arise under EEA or UK laws) |
To manage your account Contract Data; Contact Information | To fulfill our contract with you (or our legitimate interests in managing our customer relationships, where the contract is with your employer) |
To provide services to you (or your employer) Application Data; Contract Data; Credit Data | To fulfill our contract with you (or our legitimate interests in managing our customer relationships, where the contract is with your employer) |
To monitor your investment on an on-going basis Contract Data; Credit Data; Contact Information | To fulfill our contract with you (or our legitimate interests in managing our customer relationships, where the contract is with your employer) |
To meet our legal or regulatory obligations to provide you with regular information about your investment Contact Information | To fulfill our regulatory obligations (or our legitimate interests in complying with legal obligations, when those obligations do not arise under EEA or UK laws) |
To meet our legal or regulatory obligations to provide information to regulators, law enforcement agencies, courts, including to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority All Categories | To fulfill our regulatory obligations (or our legitimate interests in complying with legal obligations, when those obligations do not arise under EEA or UK laws) |
To correspond with you as an employee of one of our customers, service providers or counterparties in connection with performing contractual obligations with your employer Contact Information | Necessary for our legitimate interests – to communicate with representatives of our customers, service providers and counterparties to effectively manage our customer relationships |
To contact you about other products and services we think you (or your employer) may be interested in Contract Data; Website Data: Contact Information | Necessary for our legitimate interests – to develop our products and services and grow our business. Where required by law, Website Data is used on the basis of your consent |
To communicate with employees of service providers, agents or counterparty banks to establish relationships that are necessary to operate our business and service our clients Contact Information | Necessary for our legitimate interests – to access business relationships required to operate our business and to manage our customer relationships, where a contract is with your employer |
To verify your identity as a visitor on our premises or for general security monitoring at our office locations. Contact Information | Necessary for our legitimate interests – to ensure the security of our systems, staff and premises. |
To better understand how visitors access and use our products and services, and for other research and analytical purposes, such as to evaluate and improve our services and business operations, and for internal quality control and training purposes. Website Data | Necessary for our legitimate interests – to develop and improve our products and services and grow our business |
To tailor content we may send or display to you, including offering location customization and to otherwise personalize your experiences and offerings. Website Data | Necessary for our legitimate interests – to develop and improve our products and services and grow our business |
To conduct marketing and advertising, and for other promotional purposes Contract Data; Credit Data; Website Data; Contact Information | Necessary for our legitimate interests – to promote our products and services in order to grow our business |
To prevent and detect fraud, unauthorized activities and access, and other misuse of our website and services, including where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms and Conditions. All Categories | Necessary for our legitimate interests – to protect our customers, business, reputation and stakeholders (including employees and investors) |
To conduct financial, tax and accounting audits, audits and assessments of our operations, including our privacy, security and financial controls, as well as for risk and compliance purposes, and to maintain appropriate business records and enforce our policies and procedures. All Categories | To fulfill our regulatory obligations (or our legitimate interests in complying with legal obligations, when those obligations do not arise under EEA or UK laws) Where there are no regulatory obligations, necessary for our legitimate interests – to operate our business in compliance with legal obligations, when those obligations do not arise under EEA or UK laws |
To consider, assess, and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions. All Categories | Necessary for our legitimate interests – to operate our business efficiently and ensure its stability and longevity |
Marketing
We will use your personal information for marketing activities in accordance with applicable laws, including, where required, by first obtaining your consent.
You may opt-out of marketing at any time by clicking ‘unsubscribe’ in any marketing email we send you, or by contacting the Mesirow Compliance Department at:
Email : compliance4@mesirow.com
Mail:
Mesirow
Attn: Compliance Department
353 North Clark Street
Chicago, Illinois 60654
Third-Party marketing
Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above (or below) categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
External links and features
The Mesirow website and its communications to clients may contain links to other third-party websites or features that are not affiliated or controlled by Mesirow. Mesirow does not endorse any products or services that may be referenced in these websites and is not responsible for the security or privacy practices of such sites or features. Any access to and use of such linked sites or features is not governed by this Privacy Notice, but instead is governed by the privacy policies of those third parties.
Cookies and other tracking mechanisms
We and our third-party service providers use cookies, pixels, local storage objects, log files, and other mechanisms to automatically collect browsing, activity, device, and similar information on our website and within our services. We use this information to, for example, analyze and understand how users access, use, and interact with us, to identify and resolve bugs and errors, to assess secure, protect, optimize and improve the performance of our website and services, as well as for marketing and analytics purposes, and to personalize content within our services.
Cookies. Cookies are alphanumeric identifiers we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website and our services, while others are used to enable a faster log-in process, support the security and performance of the website and our services, or allow us to track activity and usage data within our services.
Types of cookies. Cookies have different characteristics depending on their type:
- Session cookies. Session cookies are stored only temporarily during a browsing session and are deleted from the visitor’s device when the browser is closed.
- Persistent cookies. Persistent cookies are saved on your device for a pre-defined period of time and not deleted when the browser is closed.
- First-party cookies. First party cookies are set by the websites or application you are visiting and they can only be read by that site or application.
- Third-party cookies. Third party cookies are not set by the owner of the website or application you are visiting, but by a different organization. For example, advertisers and other third parties may use their own cookies when you click on a link on our website, or we might engage an analytics company that will set their own cookie to perform this service.
Categories of cookies. The different types of cookies described above can be categorized as follows:
- Strictly necessary cookies. These are cookies that are required for the operation of our website (such as to help secure the site), or to provide services that you request (such as to remember your cookie choices). These cookies do not require your consent and cannot be switched off (although in some cases you can change your requests). You can set your browser to block or alert you about these cookies, but some parts of our website may not work if you block this type of cookies.
- Functional cookies. These cookies are used to provide certain functionalities to you by recognizing you when you return to our website so that we can offer you a better experience on the website. For instance, these cookies help us to personalize our content for you, greet you by name and remember your preferences.
- Analytics cookies. These cookies allow us to analyze website usage and understand how visitors interact with our website. These cookies recognize and collect information about the number of visitors, the pages they view, how long they view pages and how they move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that visitors are easily finding what they are searching.
- Advertising cookies. These cookies are used to tailor advertising and content to your interests (“Targeting”), both within and beyond our website. These cookies collect data about your online activity, including your visit to our website, the pages you have visited and the links you have followed. They identify your interests so that we can provide advertising that we believe is relevant to you. We may use this information to make our website and the Targeting displayed on it, and the marketing messages we send to you, more relevant to your interests. We may also share this information with third parties who provide a service to us for this purpose. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the Targeting and to monitor from which Targeting source a visitor was directed towards our website so that we know whether it is worth for us to invest in that particular Targeting source.
These cookies may be set through our websites or by our Targeting partners. They may be used by those partners to build a profile of your interests and show you relevant advertisements on other sites.
Lifespans. The various cookies used by our websites have different lifespans. Session cookies will be deleted once you close your browser or the websites.
Cookies we use. We use different categories of both session and persistent cookies on our website, which can either be first-party or third-party cookies.
Pixel Tags. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these to, among other things, track the activities of users, and help us manage content and compile usage statistics. We may also use these in our emails to let us know when they have been opened or forwarded, so we can track response rates and gauge the effectiveness of our communications.
Local Storage Objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web servers to cache certain information in order enable faster loading of pages and content when you return to our websites. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.
Third-Party Analytics and Tools. We use third party tools, such as Google Analytics , which are operated by third party companies. These third-party analytics companies may use cookies, pixels, and other similar tools to collect usage data about our services in order to provide us with reports and metrics that help us evaluate usage of our website and services and improve performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Cross-Device Tracking. We and our third-party providers may use the information we collect about you on our website and within our services and on other third-party sites and services to help us and these third parties to identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.).
Custom Lists and Matching. We may share or make available certain customer list information (such as your name, email address and other contact information) with third parties (i) so that we can better target ads and content to you across third party sites, platforms and services, and (ii) in some cases, these third parties may help us to enhance our customer lists with additional demographic or other information, so we can better target our advertising and marketing campaigns.
Cookie preferences. You have certain choices available to you to help manage the use of cookies and other technologies:
- When you visit our website, you may “Accept” or “Reject” our use of cookies and other technologies, including to analyze your interaction with our website, to personalize content and ads on our websites, and to track your interaction with ads. If you do not accept our use of cookies (or any particular category of cookies), the only cookies that will be set on your device are strictly necessary cookies (including cookies to provide basic website functionalities and security), and cookies required to provide a service you have requested, such as a language preference.
- You can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. You can also manage your cookie preferences through the “Cookie Settings” link at the bottom of the webpage. Visitors to our website who disable cookies will be able to browse the website, but some features may not function. If you visit our website from a different device or from a different browser on the same device, you will need to apply your cookie settings for that browser and/or device as well.
- There also are choices provided by the Network Advertising Initiative and the Digital Advertising Alliance. Ads displayed to you using targeted advertising technologies will usually have an AdChoices logo in the corner, which you can also click on to begin the industry opt-out process. Additionally, if you receive ads on a social media site, you can check that site’s privacy statement and terms of use to determine how to stop seeing such ads.
- If you would like to learn more about how advertisers use cookies or to choose not to receive them, please visit http://www.youronlinechoices.eu. You can find further information on managing cookies in most browsers here: http://www.allaboutcookies.org.
To whom we disclose your personal information
We may disclose the personal information we collect for the purposes described in this Privacy Notice to the following recipients and in the following circumstances:
- To our subsidiaries and affiliated companies (i.e., our parent company and other companies under common ownership, control or management with us).
- Financial service institutions, such as mutual fund companies, securities brokers, joint ventures, and banks, with which we have joint marketing agreements.
- Financial service institutions with which we have trading relationships.
- Companies and their agents that are under contract to perform services for us or on our behalf such as vendors providing data processing, computer software maintenance, web portal services, contact relationship management systems, auditors, administrators, development, transaction processing, and marketing services.
- Certain personal information, such as device and browsing, and activities and usage information, and other similar information, may be disclosed to third party marketing and data analytics providers, and other companies who provide marketing, advertising, campaign management, or analytics services on our behalf.
- If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose or transfer the personal information we have collected from you with or to the other company in accordance with applicable laws. We may also disclose certain personal information as necessary prior to the completion of such a transaction or other corporate transaction such as a financing or restructuring, to lenders, auditors, and third-party advisors, including attorneys and consultants.
- To third parties to the extent required by applicable law and legal obligations. For example, we may disclose personal information in response to subpoenas, court orders, and other lawful requests by regulators, government entities, and law enforcement, including responding to national security or law enforcement disclosure requirements, or as otherwise required by law or legal process.
- Where believe doing so is necessary to protect our products and services, our rights and property, or the rights, property, and safety of others. For example, we may disclose personal information to (i) prevent, detect, investigate, and respond to fraud, unauthorized activities and access, illegal activities, and misuse of our products or services, (ii) situations involving potential threats to the health, safety, or legal rights of any person or third party, or (iii) enforce, detect, investigate, and take action in response to violations of contractual rights. We may also disclose personal information related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
- We may disclose personal information in other ways not described above that we notify you of or that we obtain your consent for, or that are otherwise authorized or required by law.
Storing your personal information
We will retain your personal information in accordance with applicable laws and internal record retention policies for so long as it is needed.
When we decide how long we will retain your personal information, we will take into account the amount, nature, sensitivity of your information and how we want to use it as well as the potential risk of harm being caused from unauthorized use or disclosure. Subject to legal and record retention requirements, as well as relevant statutes of limitation for bringing legal claims, we will not retain your personal information for longer than is reasonably necessary for the purpose for which it was collected.
Security of personal information
We have put in place safeguards aimed to protect the personal information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security. There are also certain steps you can take to better protect against unauthorized access to your personal information. For example, when registering for an account, you should choose a strong password that is unique to our website and services. You should not reuse passwords across multiple websites or services, and you should never share your password with others.
Your privacy choices
We make available several ways that you can manage your preferences and privacy choices related to your personal information. Some of these choices are browser and device specific, which means that you may need to set the preference for each browser and device you use to access our website and services. In addition, if you delete or block cookies, you may need to reapply these preferences to each browser and/or device used to access our website and services. The preferences and privacy choices we make available include:
- You may access, update, and delete certain of your personal information by accessing and adjusting your account information or settings directly within our services.
- We may send periodic promotional emails or other similar communications to you, in accordance with applicable law. You may opt-out of these communications by following the instructions provided to you in the communication. If you opt-out of receiving promotional content from us, we may still send you communications about your account or any services you have requested or received from us. Additionally, you can manage your communication preferences in your account settings.
- To prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. You can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our website who disable cookies will be able to browse the website, but some features may not function.
Changes to this Privacy Notice
This Privacy Notice is current as of the effective date set forth above. We may change this Privacy Notice from time to time, so please be sure to check back periodically. We will post any updates to this Privacy Notice on our website. If we make material changes to how we collect, use, or disclose the personal information we have previously collected about you, we will endeavor to provide you prior notice, such as by emailing you or posting prominent notice on our website or within our services.
Contact us
Updates to this Privacy Notice will be made available on our website at mesirow.com
If you have any questions about this Privacy Notice, the information we hold about you, or would like to submit a request in connection with this Policy, please contact our Compliance Department using the details set out below:
Mesirow
Attn: Compliance Department
353 North Clark Street
Chicago, Illinois 60654
Toll-Free: 1.800.453.0600
Phone: 312.595.6000
Email: Compliance4@mesirow.com
Additional Information for Texas residents
This section of the Privacy Notice provides additional information under certain applicable state privacy laws for residents of Texas. Residents of Texas may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- Access. To confirm whether we are processing their personal information and to obtain a copy of their personal information in a portable and, to the extent technically feasible, readily usable format.
- Deletion. To delete their personal information provided to or obtained by us.
- Correction. The right to correct inaccuracies in their personal information, taking into account the nature and purposes of the processing of the personal information.
- Opt-Out. To opt out of certain types of processing, including:
- to opt out of the “sale” of their personal information;
- to opt out of targeted advertising by us; and
- to opt out of any processing of personal information for purposes of making decisions that produce legal or similarly significant effects.
Additional Information for California residents – California Notice at Collection and Privacy Rights
This section of the Privacy Notices provides additional information for California residents and describes our information practices pursuant to applicable California privacy laws, including the California Consumer Privacy Act (the “CCPA”). This section applies to “personal information” as defined in the CCPA, whether collected online or offline. This section does not address or apply to our handling of personal information that is exempt under the CCPA, such as publicly available information or de-identified or aggregated information.
Categories of Personal Information Collected and Disclosed. The following table identifies the categories of personal information we may collect about you (and may have collected in the prior 12 months), as defined by the CCPA, as well as the categories of third parties to whom we may disclose this personal information for a business or commercial purpose.
Categories of Personal Information Collected | Third-Party Disclosures for Business or Commercial Purposes |
Identifiers. Includes direct identifiers such as name, alias, email, phone number, address, user ID, username, unique personal identifier, online identifier, IP address, or other similar identifiers, social security number, driver’s license number, passport number, and other government identifiers. |
|
Customer Records. Incudes information such as name, user ID, account name, contact information, and financial or payment information (i.e., payment type, payment card details, billing and shipping address) that individuals provide us in order to purchase or obtain our products and services. |
|
Commercial Information. Includes records of products or Services purchased, obtained, or considered, or other purchasing or use histories or tendencies. |
|
Internet or Other Electronic Network Activity Information. Includes, but is not limited to, browsing history, clickstream data, search history, and information regarding interactions with our Site, advertisements, or emails, including other usage data related to your use of any of our Services or other similar online services. |
|
Location Data. Such as general location information about a particular individual or device. |
|
Audio, Electronic, Visual, or Similar Information. Includes, but is not limited to, information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, photographs, and user profile images. |
|
Professional Information. Includes, but is not limited to, job title, company name, business email, business phone number, and other similar professional-related information. |
|
Education Information. Such as degrees earned, educational institutions attended, transcripts, training records, and other information about your educational history or background that is not publicly available personally identifiable information as defined under the Family Educational Rights and Privacy Act. |
|
Inferences. Such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behaviors, attitudes, abilities, and aptitudes. |
|
Sensitive Personal Information. In some circumstances, we may collect account log-in information, financial account information, social security number, driver’s license number, passport number, and other government identifiers. |
|
Sources of Personal Information. We generally collect personal information from the following categories of sources:
- Directly or indirectly from you
- Publicly available sources
- Credit reference agencies and fraud prevention agencies
- Internet service providers
- Social networks
- Marketing and analytics providers
- Service providers, representatives, advisors, and agents
- Affiliates and subsidiaries
Purposes of Collection, Use, and Disclosure. In general, we collect and otherwise process personal information for the following business or commercial purposes, or as otherwise directed or consented to by you:
- Services and support
- Analytics and improvement
- Communication
- Customization and personalization
- Marketing and advertising
- Security and protection of rights
- Compliance and legal process
- Auditing, reporting, and other internal operations
- General business and operational support
Sensitive Personal Information. Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Retention of Personal Information. We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. When deciding how long to keep your personal information, we consider whether we are subject to any legal obligations (e.g., any laws that require us to keep records for a certain period before we can delete them) or whether we have taken any legal positions (e.g., issued any legal holds or otherwise need to preserve the information). Rather than delete your data, we may also deidentify it by removing identifying details. Where we have committed to maintaining and using personal information in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.
Sales and Sharing of Personal Information. The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers, commercial information, and Internet and network activity information. We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns . We do not sell or share sensitive personal information, nor do we sell or share personal information about individuals we know are under age sixteen (16).
California Privacy Rights. The CCPA provides California residents with certain rights regarding personal information. Subject to certain conditions and exceptions, California residents have the following rights with respect to their personal information:
- Right to Know/Access. You have the right to request: (i) the categories or personal information we collected about you; (ii) the categories of sources from which the personal information is collected; (iii) our business or commercial purposes for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we have disclosed personal information; and (v) a copy of the specific pieces of personal information we have collected about you.
- Right to Delete. You have the right to request we delete personal information we have collected from you.
- Right to Correct. You have the right to request that we correct inaccuracies in your personal information.
- Right to Opt-Out. You have the right to opt-out of “sales” and “sharing” of your personal information, as those terms are defined under the CCPA.
- Right to Limit Use. You have the right to limit use and disclose of your sensitive personal information. We do not use or disclose sensitive personal information beyond the purposes authorized by the CCPA; thus, this right is not available.
- Right to Non-Discrimination. You have the right not to be subjected to discriminatory treatment for exercising any of the rights described in this section.
Exercising Your Privacy Rights. California residents may exercise their CCPA privacy rights as set forth below:
- Right to Know/Access, Delete, and Correct. California residents may submit CCPA requests to know/access, delete, and correct their personal information by emailing us at compliance4@mesirow.com, or calling 1.800.453.0600.
When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.
You may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. - Right to Opt-Out of Sales and Sharing. To exercise your right to opt-out of the “sale” or “sharing” of your personal information, you may do so via our cookie preference manager. We will apply your opt out based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. You may also click the “Do Not Sell or Share My Personal Information” link at the bottom of our Site.
In addition, if we detect that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control” or (“GPC”) signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our Site or use our Services from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well. More information about GPC is available at: https://globalprivacycontrol.org.
Notice of Financial Incentive. With respect to some of our services, we may make available certain programs or offerings which may include certain offers, rewards, discounts, services, perks, and promotions which may be considered “financial incentives” under the CCPA.
California Shine the Light Law. Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. To submit a “Shine the Light” request, email us at compliance4@mesirow.com, and include in your request a current California address and your attestation that you are a California resident.
Additional Information for Persons Residing in the EEA/UK
Data Controller. Mesirow Financial International UK, Limited, Sackville House, 40 Piccadilly, 5th Floor, London, W1J0DR, is the controller of the Website Data and any personal information you submit via the Mesirow website.
If you or your employer is a customer or vendor and has a contract with Mesirow Financial International UK, Limited, Sackville House, 40 Piccadilly, 5th Floor, London, W1J0DR, that company is the controller of the related personal information.
Your Rights. You are provided with a number of different rights under the GDPR/UK GDR in relation to your personal information. Subject to the conditions and requirements of GDPR, these rights allow you:
- To access your information: You have the right to obtain confirmation whether we are processing your personal information, and if so, to obtain a copy of the personal information, and information about the processing of such personal information.
- To correct your information: You have the right to correct any inaccuracies in your personal information and, where applicable, to complete any incomplete personal information.
- To request that we erase your information: You have the right, in some circumstances, to require us to erase personal information. Examples include where consent is withdrawn, where you object (on grounds relating to your particular situation) to processing based on legitimate interests and we have no overriding legitimate grounds, or where personal information is unlawfully processed. The right to erasure does not apply in certain circumstances, including where the processing is necessary for the establishment, exercise, or defense of legal claims.
- To object to the processing of your information: You have the right to object to any processing of personal information relying on our legitimate interests or those of a third party where the objection is based on grounds relating to your particular situation. We will no longer process the data, unless there are compelling legitimate grounds for our processing that override your interests, rights, and freedoms, or the processing serves the purpose of establishing, exercising, or defending legal claims.
If your personal information is processed for direct marketing purposes, you also have the right to object at any time to processing of that personal information for marketing purposes, which includes profiling to the extent that it is related to such direct marketing. - To request a restriction in the processing of your information: You have the right to restrict our processing of your personal information (that is, allow only its storage) if one of the following conditions applies:
- you contest the accuracy of the personal information, until we have taken sufficient steps to correct or verify its accuracy;
- the processing is unlawful but you do not want us to erase the personal information;
- we no longer need your personal information for the purposes of the processing, but you require such personal information for the establishment, exercise or defense of legal claims; or
- you have objected to processing justified on legitimate interest grounds (see above), pending verification as to whether we have compelling legitimate grounds to continue processing.
- To request a transfer of your information: Under specific conditions, you have the right to receive personal information provided to us in a structured, common, and machine-readable format, and the right to request transmission of the information to another controller where this is technically feasible.
- To withdraw your consent: Where you have consented to our processing of personal information for a specific purpose, you have the right to change your mind and withdraw consent at any time; such withdrawal applies going forward, and not to past processing. We may, however, have other legal grounds to continue to process the personal information for other purposes.
If the GDPR applies to you and you wish to exercise any of these rights please contact the Compliance Department at Compliance4@mesirow.com. Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights. We may, however, charge a reasonable fee if your request is manifestly unfounded or excessive or we may refuse to act on your request. We may also need to seek further information from you to confirm your identity before we release any personal information. This does not affect your right to make a complaint.
You have the right to lodge a complaint about our processing of your personal information with a supervisory authority, including in the Member State of the place of your habitual residence or work or the place where the alleged infringement took place.
Transfers of Personal Information. We may transfer your personal information to third parties who are outside of the EEA or UK, notably to our parent company, affiliates and third-party service providers that are based in the U.S., which has not received an adequacy decision from the European Commission except for entities that have certified their adherence to the EU-U.S. Data Privacy Framework and the UK Extension thereto. When we transfer personal information we do so on the basis of the following safeguards:
- The country (or entity) where we send your personal information is deemed to provide an adequate level of protection by the European Commission or UK government;
- We have Standard Contractual Clauses approved by the European Commission or UK government agreed with the recipient of the personal information, and which set out how your privacy will be protected; or
- In exceptional circumstances (such as where we will make a one-time transfer), we will transfer your personal information with your explicit consent, or as necessary to perform a contract to which you are party or take pre-contractual steps at your request.
You can obtain further information on the specific mechanism used by us when transferring your personal information outside of the EEA or UK by contacting the Mesirow IT Department at ITGovernance@mesirow.com.
Consequences of not providing some types of information. Where we need to collect your personal information by law, or under the terms of a contract we have with you, and you fail to provide that information when asked, we may not be able to provide the goods or services you requested. In this case we may have to cancel the product or services but we will tell you if this is the case.