POLICY STATEMENT ON PRIVACY AND SECURITY
Whale Rock Capital Management LLC (“Whale Rock”) and the investment limited partnerships for which it serves as general partner may collect nonpublic information to process and administer clients’ business and to ensure that we are satisfying their financial needs. This includes:
- Information provided to Whale Rock, such as on applications, questionnaires, contracts, or other forms
- Transactions, account balances, account history, and transactions with us, affiliates or third parties.
- Information provided by clients and their representatives.
It is the policy of Whale Rock to restrict access to nonpublic information to those employees, agents, representatives or third parties that need to know the information to provide products and services to its clients. This includes:
- Physical safeguards including restricted elevator access to its offices and full-time staffed reception desk to check people who arrive at the office.
- Electronic safeguards including firewalls for server database protection, passwords for
computer login, and limited access to the computer room.
- Restricting access to client information to those required to have access to service client needs.
Sharing of nonpublic information:
Whale Rock does not share nonpublic information about its customers with anyone except:
- As permitted by law
- Affiliated Whale Rock companies, brokers, banks, agents, employees, and third parties who need to know to perform services on the client’s behalf.
- Other financial institutions with whom we have a relationships which may include banks, attorneys, trustees, third-party administrators, registered broker/dealers, auditors, regulators, and transfer agents in order to service client accounts.
In addition, to comply with Massachusetts Data Security Regulation, Whale Rock has developed a process to ensure confidentiality and integrity of personal information, maintained by the firm and its administrators that could create the risk of identity theft or fraud against a resident of the commonwealth and have codified the policies and procedures in writing. These procedures include:
- Designation of one or more individuals responsible for maintaining and monitoring the information security program;
- Assessment of information security risks on an ongoing basis;
- Encryption of portable devices – portable devices that contain personal information of customers or employees and only where technically feasible are encrypted.
- Encryption of backup tapes and emails – backup tapes and emails containing personal information are encrypted on a prospective basis if it is technically feasible;
- Maintaining up-to-date virus definitions, firewall protections, and operating system security patches;
- Overseeing third party service provider;
- Documenting responsive actions taken in connection with any incident involving information security breaches and records of corrective actions taken.