Privacy Policy

INTRODUCTION

Your privacy is important to us. This Privacy Notice describes how Cresset Asset Management, LLC (“Cresset”) and its Covered Entities (as defined below) collect, use, share, and protect Personal Information when they provide services to clients or engage with prospects who share personal information with us. Except as provided herein, for purposes of this Notice, prospects shall be treated as “clients.”

“Covered Entities” means Cresset Capital Management LLC, Cresset Family Office LLC, Cresset Trust Company LLC, The Connable Office Inc., any controlled subsidiary of such entities, as well as any private investment fund managed by such entities or their subsidiaries. Please note that Cresset may do business under the names of Cresset Capital, Cresset Sports & Entertainment, and CH Investment Partners.

Financial companies choose how they share consumer’s Personal Information (as defined below). Federal law gives consumers the right to limit some, but not all, sharing. Federal law also requires Cresset and its Covered Entities (which may be referred to collectively as “we” or “us”) to tell clients what we do with their Personal Information. Please read this Notice carefully.

If a client’s relationship with us ends, we will continue to treat their Personal Information as described in this Privacy Notice.

WHAT PERSONAL INFORMATION WE COLLECT

We collect personally identifiable information from clients in the course of providing or recommending services or products. “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, to a client. Please note that Personal Information does not include public information (for example, information from federal, state, or local government records and information that was lawfully made available to the general public), aggregated information (information relating to multiple individuals that has been combined and grouped together, resulting in a data set that is not reasonably capable of identifying any individual), or de-identified information (information that is not attributable to an identified or identifiable individual).

We may collect or process Personal Information about clients in a number of ways and from a number of sources depending on the services / products provided to clients and the relationship we have with clients. We collect Personal Information from the following categories of sources:

Directly from clients or individuals / entities acting on their behalf;
Indirectly from clients, such as when they visit or interact with our digital services including our websites or events;
Third-party sources, such as when data is used to provide and support our services / products such as custodial services, reporting services, fraud prevention, and marketing.

The following is a list of the categories of Personal Information that we may collect or process. Some types of information will fit into multiple categories.

Personal identifiers such as name, address, unique personal identifier, email address, account names, signature, telephone number, social security number, driver’s license number, passport number and other similar identifiers;
Financial information such as bank account numbers, transaction and financial account information, source of wealth information, insurance information, and other information regarding clients’ financial circumstances;
Protected classification characteristics such as date of birth, citizenship, marital status, sex or gender;
Commercial information such as records of property, products or services purchased, obtained or considered, purchasing or consuming history or tendencies;
Internet, application, and network activity such as browsing history, search and clickstream history, Internet Protocol (IP) address, online identifier, device identifier, online website tracking information, and other data related to user activity;
Sensory data such as audio or visual recordings (if the client attends meetings) and photographs or visual recordings (if the client attends our events);
Professional, employment, and education-related information such as occupation, employer, employment history, income, industry affiliations, and education;
Sensitive Personal Information some of the Personal Information that we collect and process and that is described above is considered “Sensitive Personal Information.” This includes Social Security, driver’s license, state identification card, and passport numbers; account log-in, financial account, debit card, and credit card numbers in combination with credentials allowing access to an account, racial origin, or citizenship status.

HOW WE USE PERSONAL INFORMATION

We collect and use Personal Information for the following business purposes:

Administering, operating, and managing client relationship with us;
Understanding client profiles and needs, and providing and offering services/products to clients;
Complying with contractual obligations, relevant industry standards, and our policies;
Authenticating client identity;
Mitigating fraud and enhancing the security of our services;
Contacting and communicating with clients;
Conducting marketing activity, such as delivering advertisements and marketing communications;
Performing analytics;
Operating, evaluating, and improving our business and our services/products (including assessing and managing risk, fulfilling our legal and regulatory requirements, developing new services, improving and personalizing existing services, and performing accounting, auditing and other internal functions); and
Other purposes permitted or required by applicable law.

TO WHOM WE DISCLOSE PERSONAL INFORMATION

Cresset may disclose the Personal Information we collect from and about clients with our Covered Entities and other third parties as described below. In particular, Cresset may disclose Personal Information as follows:

Covered Entities: Cresset (and each Covered Entity) may disclose Personal Information to each other to service clients, improve services, provide products, market other products or services, or for other purposes permissible under applicable laws and regulations.
Service Providers: We may disclose Personal Information to non-affiliated companies that perform services for us and/or clients, such as fraud analysis, identity verification, risk management, security services, advertising and marketing, data analytics and lead generation, support for client services, and information technology.
Other Third Parties: We may disclose Personal Information to other third parties as permitted by, or to comply with, applicable laws or when clients specifically direct or expressly consent to us disclosing Personal Information. Examples include responding to a subpoena or similar legal process; protecting against fraud; providing requested data to a third party at a client’s direction; cooperating with law enforcement or regulatory authorities; or otherwise to protect the rights, property or security of clients or third parties.

Please review our Website Terms of Use for additional information regarding any use of our Websites, information collected through such usage, and tracking technology we may use, including Cookies, Web Beacons, and the like.

Cresset may share clients’ information with Covered Entities so that they may market to the clients, and Covered Entities may share clients’ information to enhance our ability to determine what services/products may be the best fit for a client or to enhance our ability to generate relevant information about a client. If we do so, federal law gives clients the right to limit such sharing. (State laws may give clients additional rights to limit sharing.) Please contact [email protected] to request limitations on such sharing.

Please note that we do not jointly market with non-affiliates and do not share information with non-affiliates to market to clients, although we may refer clients to a non-affiliate who a client may contact at their discretion.

SECURITY

We take the security of Personal Information seriously. We take commercially reasonable steps to protect clients’ information from loss, misuse, unauthorized access, disclosure, or destruction. We also take commercially reasonable steps to ensure that Personal Information remains secure after disposal, including shredding paper documents and records prior to disposal, and destroying data contained on electronic media in such a manner that the Information can no longer be read or reconstructed.

Please note that we do not send emails to clients requesting billing, login, user ID, or password information. If a client receives an email requesting such information that purports to be from us, we strongly advise clients to verify such communication is from us. We ask that clients report any suspicious communications to us as well.

RETENTION

We retain Personal Information for varying time periods depending on our relationship with the client and the status of that relationship. When determining how long to keep Personal Information, we take into account our legal and regulatory obligations and our legitimate business interests, such as managing the client relationship, preventing fraud, responding to regulatory or supervisory inquiries, and establishing, exercising, or defending legal claims, disputes or complaints.

USE OF ARTIFICAL INTELLIGENCE

We may use technologies, such as machine learning, artificial intelligence, and generative artificial intelligence, which enable computer systems to automate or perform tasks that have traditionally required human intelligence (“AI Systems”) to process Personal Information in connection with the purposes described in the “How We Use Personal Information” section. Please note that our use of AI Systems will not result in automated decisions with any material legal or similar effects. Further, our internal policies mandate that all output is reviewed and approved by a human. Where required under applicable law, we provide a specific notice and/or obtain consent.

AI Systems are used to assist and enhance activities as well as to automate repetitive tasks, generate outputs, and provide insights and analytics to support our work. For example:

Search: To enhance our search capabilities where AI Systems are used to extract relevant information using specific questions, commands, and statements (“Prompts”) from our databases as well as other documents, data, and records.
Summarize: To classify, summarize, and digest content where AI Systems are used to condense documents, information, and text into summaries.
Generate Content: To assist with drafting and generating content based on inputs or Prompts.
Transcribe: To create a written transcription of spoken communication, for example meeting or discussion notes.

We never use AI Systems for investment advice, portfolio management decisions, or client recommendations. We use AI Tools in a manner consistent with our confidentiality, cybersecurity, and data protection policies and in accordance with applicable law. The use of AI Systems does not diminish Cresset’s fiduciary duty to clients.

MODIFICATIONS

We may, in our sole discretion, modify the Privacy Notice from time to time. If we make material modifications, we will notify all actual clients as required by applicable law and post on our Websites. Continued use of our services following the posting of any changes will mean that the client accepts those changes.

Privacy Policy – California

For California residents, California law may provide individual consumers with additional rights regarding use of their Personal Information. Please see Privacy Notice for California Residents below.

THIS PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements information contained in the Privacy Notice of Cresset Asset Management, LLC (“Cresset”) and applies to clients who reside in the State of California. “Covered Entities” means Cresset Capital Management LLC, Cresset Family Office LLC, Cresset Trust Company LLC, The Connable Office Inc., any controlled subsidiary of such entities, as well as any private investment fund managed by such entities or their subsidiaries. Please note that Cresset may do business under the names of Cresset Capital, Cresset Sports & Entertainment, and CH Investment Partners. Cresset and its Covered Entities may be referred to collectively as “we” or “us.” We adopt this Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this Notice.

INFORMATION COLLECTED

We collect “Personal Information,” which is means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, to a California consumer.

Category	Examples	Collected
A. Identifiers	Name, alias, postal address, unique personal identifier, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law	Includes marital status, age (40 years or older), citizenship, sex and, veteran or military status.	YES
D. Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric Information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voice recordings, or other physical patterns.	NO
F. Internet or other similar network activity	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. The only reason why “YES” is indicated is because we capture the consumer’s activity on our websites.	YES
G. Geolocation Activities	Physical location or movements.	NO
H. Sensory Data	Audio, electronic, visual, thermal, olfactory, or similar information. The only reason why “Yes” has been indicated is because we capture audio and electronic information through interactions.	YES
I. Protected classification characteristics under California or federal law	Current or past job history or performance evaluations. The only reason “Yes” has been indicated is because we capture some job history.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary record.	NO
K. Inferences drawn from other personal information	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student ID codes, or student financial information.	NO

Personal Information does not include publicly available information from government records, de-identified or aggregated consumer information, and information excluded from the CCPA’s scope, such as: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of Personal Information listed above from the following categories of sources:

Directly or indirectly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us or through information we collect from our clients in the course of providing services to them.
Directly and indirectly from activity on our websites. For example, from submissions through our website portal or website usage details collected automatically.
From third parties that interact with us in connection with the services we perform.

USE OF INFORMATION COLLECTED

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

To provide clients with information, products or services that the client requests from us.
To fulfill or meet the reason for which the information is provided.
To provide clients with email alerts, event registrations, and other notices concerning us that may be of interest.
To carry out our obligations and enforce our rights arising from any contracts entered into with clients, including for billing and collections.
To improve our website and present its contents.
For testing, research, analysis and product / service development.
As necessary or appropriate to protect the rights, property, or safety of us, clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described when collecting Personal Information or as otherwise set forth in the CCPA.
To evaluate or conduct a merger, reorganization, or other sale or transfer of some or all of our assets, in which personal information held by us is among the assets transferred.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing relevant clients notice.

SHARING PERSONAL INFORMATION

We may disclose Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

CATEGORY A: Identifiers
CATEGORY B: California Customer Records personal information categories
CATEGORY C: Protected classification characteristics under California or federal law
CATEGORY F: Internet or other similar network activity
CATEGORY H: Sensory data
CATEGORY I: Professional or employment-related information

We disclose Personal Information for a business purpose to the following categories of third parties: our affiliates; service providers; and third parties to whom the individual or their agents authorize us to disclose Personal Information in connection with products or services we provided. WE DO NOT SELL PERSONAL INFORMATION. IN THE PRECEDING TWELVE (12) MONTHS, WE HAVE NOT SOLD ANY PERSONAL INFORMATION.

CLIENT RIGHTS AND CHOICES

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes clients’ CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights: Covered California consumers have the right to request that we disclose certain information to them about our collection and use of their Personal Information over the past 12 months. Once we receive and confirm a verifiable request, we will disclose to the requestor:

The categories of Personal Information we collect.
The categories of sources for the Personal Information we collected.
Our business or commercial purpose for collecting that Personal Information.
The categories of third parties with whom we share that Personal Information.
The specific pieces of Personal Information we collected about the requestor (i.e., a data portability request).

Deletion Request Rights: Covered California consumers have the right to request that we delete any of their Personal Information that we collected from them and retained, subject to certain exceptions. Once we receive and confirm a consumer’s verifiable request, we will delete (and direct our service providers to delete) their applicable Personal Information from our records unless an exception applies. Please note that we may deny a deletion request if retaining the Personal Information is necessary for us or our service providers to:

Complete the transaction for which we collected the Personal Information, provide the service requested, take actions reasonably anticipated within the context of our ongoing business relationship with the requestor, or otherwise perform our contract with the requestor.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Enable solely internal uses that are reasonably aligned with the requestor’s expectations based on the relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that Information that are compatible with the context in which the requestor provided it.

Exercising Access, Data Portability, and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at the mail address or email address noted below. Only covered California consumers or a person registered with the California Secretary of State that the requestor authorizes to act on their behalf, may make a verifiable consumer request related to their Personal Information. The requestor may also make a request on behalf of the requestor’s minor child. A covered California consumer may only submit a request for access or data portability twice within a 12-month period. Such request must (a) provide sufficient information that allows us to reasonably verify the person about whom we collected Personal Information or an authorized representative of the same, and (b) describe the request with sufficient detail that allows us to understand, evaluate, and respond to the request.

Please note that we cannot respond to consumer requests or provide the requestor with Personal Information if we cannot verify identity or authority to make the request and confirm the Personal Information relates to the requestor. Cresset will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it. Making a verifiable request does not require the requestor to be a client or investor with us.

Response Time and Format: We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform the requestor of the reason and extension period in writing.

If the requestor is a client or investor of ours, we will deliver our written response electronically (or mail if they have opted out of electronic delivery). If the requestor is not a client or investor of ours, we will deliver our written response electronically or by mail. Please note that any disclosures we provide will only cover the 12- month period preceding our receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide the requested Personal Information that is readily useable and should allow the requestor to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell the client why we made that decision and provide the client with a cost estimate before completing the request.

NON-DISCRIMINATION

We will not discriminate against California consumers for exercising any of their CCPA rights. Unless permitted by the CCPA, we will not (a) deny California consumers goods or services, (b) charge California consumers different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, (c) provide California consumers with different level or quality of goods or services, or (d) suggest that California consumers may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer Californians certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Participation in a financial incentive program requires CA Individual’s prior opt-in consent, which may be revoked at any time.

OTHER CALIFORNIA PRIVACY RIGHT

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits Users of Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email using contact information provided in this Policy.

CHANGES TO OUR PRIVACY NOTICE

We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will notify relevant clients by email or through a notice on Cresset’s website homepage.

Please contact [email protected] to request limitations on sharing.