PMC Privacy Policy

Last updated May 5 2018

Website Users

Paramount Financial Communications Inc., D/B/A Plan Management Corp. (“PMC”) collects and uses Personal Data provided to the PMC through the www.optiontrax.com and www.planmanagementcorp.com websites solely to directly contact individuals who express interest in receiving our services. PMC does not sell any Personal Data to any third parties. By providing PMC your Personal Data, you agree that PMC may contact you and may use, store, and process your Personal Data solely and exclusively for the purpose for which it was originally collected and may not use, store, process, and/or disclose your Personal Data for any other purpose. See PMC’s Privacy Policy below for more information about how PMC protects your privacy.

Software Platform Users

PMC collects and uses Personal Data provided to the PMC through the OptionTrax ® software platform solely to provide equity compensation plan and shareholder and securities transaction management and administration services purchased from PMC by client entities. By providing PMC your Personal Data directly, or via a client entity or authorized agent, you agree that PMC may contact you and may use, store, process, and disclose to third parties your Personal Data solely and exclusively for the purpose for which it was originally collected and may not use, store, process, and/or disclose your Personal Data for any other purpose. See PMC’s Privacy Policy below for more information about the services that PMC provides to client entities, and how PMC protects your privacy.

EU-U.S. Privacy Shield

PMC complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union including Norway, Lichtenstein and Iceland to the United States. PMC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

PMC is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. PMC complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

Definitions

“Personal Data” or “Information” means information relating to an individual residing in the European Union and (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual.

Scope and Responsibility

This Privacy Shield Policy applies to Personal Data transferred from European Union member countries including Norway, Lichtenstein and Iceland  to PMC’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU Directive.

Some types of Personal Data may be subject to other privacy-related requirements and policies. For example:

  • Personal Data regarding and/or received from a client is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.

 

All employees of PMC that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy.  Adherence by PMC to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Privacy Shield Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of PMC’s Chief Operating Officer.

PMC employees responsible for engaging third parties to which Personal Data covered by this Privacy Shield Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Privacy Shield Principles, including any applicable contractual assurances required by Privacy Shield.

Collection

If you are an employee of a company that is a customer (client entity) of PMC, as part of our Software as a Service (SaaS) or other service offerings, we may collect the following Personal Data from your employer about you such as: First Name, Middle Initial, Last Name, Tax ID, Address, Office Phone, Cell Phone, Fax, Email address, Equity Plan Grants, Date of Birth, Hire Date, Retirement Eligibility Date, Annual Compensation, Transfer Agent Account Number, Broker Account Number. PMC collects information submitted by client entities in order to facilitate the management and administration of equity compensation plans and shareholder and securities transactions.  Not all of these fields are required and hence they may or may not be stored in our database.

Privacy Shield Principles

Notice

The Personal Data PMC receives comes from use of our services and software platform by company administrators on behalf of employees and share plan participants of a client entity, and from use of our software platform by employees or share plan participants of a client entity.  In some circumstances, Personal Data may be received from a third party agent authorized by the client entity to provide such data to PMC for the sole purpose of providing the requested services. PMC uses this Personal Data solely to directly contact individuals who express interest in receiving our services or to provide such services. PMC does not sell any Personal Data to any third parties.

PMC informs client entities providing their employees’ and share plan participants’ Personal Data of the purpose for which PMC collects and uses the Personal Data and the types of non-agent third parties to which PMC discloses or may disclose that Information.  If the individual is providing his or her Personal Data directly, then PMC shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data for any purpose other than those necessary for the processing of services for which it was originally collected.

Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to PMC, or as soon as practicable thereafter, and in any event before PMC uses or discloses the Information for a purpose other than for which it was originally collected.

If in connection with providing its services, PMC receives Personal Data indirectly through an administrator employee or client entity authorized third party, and not the individual with respect to which the Personal Data is regarding, then the administrator employee or authorized third party agent has received the express or implied consent of the applicable employee with whose Personal Data is being provided.

Choice

If Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, PMC will provide individuals providing their Personal Data directly, and administrator employees, with an opportunity to choose whether to have their Personal Data so used or disclosed.

We will provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected subsequently authorized.

To limit the use and disclosure of your personal information, please submit a written request to [email protected]

By using PMC’s services and providing Personal Data to PMC through such use, individuals or administrators on behalf of those individuals, have opted to authorize PMC to use the Personal Data for the purpose it was intended but for no other purpose.

Onward Transfers

PMC may provide Personal Data to third parties performing services on PMC’s behalf for the benefit of such individuals whose Personal Data is being disclosed (agent third parties) provided that such third parties have agreed in writing with PMC that they will provide at least the same level of privacy protection as is required by the Principles. Such agent third parties may include the following:

  • Web hosting service providers that host PMC software and servers,
  • Financial brokers where the client entity or individual has a brokerage account and authorized PMC to share data for equity transaction execution,
  • Client entity transfer agent/ share registrars providing share settlement and delivery services
  • Client entity payroll/ HR system providers,
  • Client entity accounting system or service providers,
  • Data exchange service providers where the client entity has requested system integration and a data exchange service provider is used to format, configure, or exchange the data as requested

Other than as permitted in the prior paragraph, prior to disclosing Personal Data for any other purpose, PMC shall notify the individual or company administrator employee of such disclosure and allow the individual the choice (opt out) of such disclosure. PMC shall ensure that any third party for which Personal Data may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection.

With respect to our agents, we will transfer only the Personal Data covered by this Privacy Shield Policy needed for an agent to deliver to PMC the requested product or service. Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with PMC’s obligations under the Privacy Shield Principles; and (iv) require the agent to notify PMC if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles.  Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

PMC remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where PMC is not responsible for the event giving rise to the damage.

Cookies and Related Technologies

This website uses cookies and related technologies. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us solely for the purpose of operating and personalizing the platform. The types of data collected may include IP addresses, cookies identifiers, or website activity. This information is not used for any purpose other than providing the services requested by the client entity.

Data Security

PMC shall take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. PMC has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. PMC cannot guarantee the security of Information on or transmitted via the Internet.

Data Integrity

PMC limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. PMC does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual or company client administrator on behalf of the individual.

Access

PMC acknowledges the right of EU individuals to access their personal data.

Access for Individuals who are employees or share plan participants of our Clients:  PMC has no direct relationship with the individuals whose personal data it processes on behalf of our clients and we are acting in the role of data processor for that information. An individual who seeks access, or who wishes to correct, amend, or delete their personal data should contact the PMC Client Entity, who is the data controller.

Access for Individuals who Place Their Data Directly with PMC: Upon request PMC will provide you with information about whether we hold any of your Personal Data. You may access your Personal Data by logging in to your account, or by contacting your employer or administrator directly.  You may correct or request deletion of your Personal Data by contacting your employer or administrator directly, or by contacting us at [email protected]

All requests for data access will be handled within a reasonable timeframe and may be limited where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.

Recourse, Enforcement, and Liability

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, PMC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, PMC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US Privacy Shield, PMC commits to resolve complaints about your privacy and our collection or use of your Personal Data.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact PMC at:

Plan Management Corp.
Attn: Elena Thomas, Chief Operating Officer

5 Radnor Corporate Center, Suite 441

Radnor, PA 19087
Telephone: (610) 359-5870
Fax: (610) 688-1323

PMC has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Finally, as a last resort and under limited circumstances, EU individuals with residual complaints may invoke a binding arbitration option before the Privacy Shield Panel as described on the Privacy Shield website at https://www.privacyshield.gov

PMC uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using (an independent resource mechanism) as a third party resolution provider as outlined above.

Amendments

This Privacy Policy may be amended from time to time consistent with the requirements of the Privacy Shield Framework. PMC will post any revised policy on this website. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.