Make an enquiry

California Privacy Notice

PERSONAL INFORMATION PROCESSED UNDER THE CALIFORNIA PRIVACY RIGHTS ACT (“CPRA”)

Scope: This notice applies to the handling of Personal Information (“PI”) and Sensitive Personal Information (“SPI”) of Consumers by TMF Group B.V. and its Affiliates (“TMF”, “we”, “our” “us”).

Acting as a California Business, we may process PI and SPI of the following Consumers: TMF website users, TMF employees (current and former employees, full-time, part-time and temporary employees, staff, officers, directors and owners of TMF), TMF employees related persons (employee family members, dependents, emergency contacts and beneficiaries), TMF candidate employees, and TMF commercial partners (clients, prospective clients, vendors, prospective vendors or any other TMF commercial partners).

This notice does not address or apply to our handling of:

  • Publicly available information made lawfully available by state or federal governments.
  • PI or SPI that is subject to an exemption under the CPRA.

This California Privacy Notice is divided into the following sections:

  1. Information about how we process our Consumers PI and SPI;
  2. Consumers rights under the CPRA;
  3. Annex 1: Definitions used in the California Privacy Notice.

1. INFORMATION ABOUT HOW WE PROCESS OUR CONSUMERS PI AND SPI

In line with the requirements of the CPRA, the table below provides information about the PI and SPI we process from our Consumers: the categories of PI and SPI we collected (or disclosed or shared where applicable) about our Consumers in the preceding 12 months, the sources of collection, the purposes of processing, the data retention periods, the third parties to whom we may have disclosed (or shared if applicable) Consumers PI or SPI in the preceding 12 months, and the purposes of such disclosure or sharing:

Categories of PI collected in the preceding 12 months
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
  • Identifiers (see Definitions for details);
  • Internet or other electronic network activity data, including, but not limited to, browsing history, search history, and information regarding users interaction with the website;
  • Inferences that may reveal website user´s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes;
  • Data shared in communications with TMF.
  • Identifiers (see Definitions for details);
  • Compensation and benefits data;
  • Banking details;
  • Commercial data (for example, business travel and expense records);
  • Preferences;
  • Memberships in charitable and public organizations;
  • Inferences that may reveal preferences or predispositions;
  • Background check data;
  • Data of employee related persons;
  • Internet or other electronic network activity data;
  • Audio, electronic and visual data;
  • Professional or employment related data.
  • Identifiers (see Definitions for details);
  • Compensation and benefits data;
  • Banking details;
  • Preferences;
  • Data shared in communications with TMF;
  • Audio, electronic and visual data.
  • Identifiers (see Definitions for details);
  • Inferences that may reveal preferences or predispositions;
  • Data shared in communications with TMF;
  • Background check data;
  • Internet or other electronic network activity data;
  • Education and other recruitment-related data;
  • Audio, electronic and visual data.
  • Identifiers (see Definitions for details);
  • Data shared in communications with TMF;
  • Data relevant for Know Your Client “KYC” purposes (including annual income, estimated wealth or source of wealth and tax residence if you are a TMF client Ultimate Beneficial Owner “UBO” or an executive);
  • Professional or employment related data;
  • Audio, electronic and visual data.

Categories of SPI collected in the preceding 12 months
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
  • Precise geolocation data about a particular individual or device.
  • ID document;
  • TMF´s account log-in data;
  • Geolocation data;
  • E-mails where TMF is not the intended recipient (for backup purposes or where we are compelled to do so in accordance with applicable laws);
  • Health data;
  • Racial or ethnic origin data;
  • Religious or philosophical beliefs;
  • Union membership data;
  • Sex data (data about employees related persons that may reveal sexual preferences);
  • Data on former criminal convictions.
  • ID document;
  • Health data;
  • Sex data (data about related employees that may reveal sexual preferences).
  • ID document;
  • TMF´s account log-in data;
  • Health data;
  • Racial or ethnic origin data;
  • Religious or philosophical beliefs data;
  • Union membership data;
  • Data on former criminal convictions.
  • ID document;
  • Health data.

Sources of collection
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
TMF website.
  • During the recruitment process;
  • Internally generated by TMF;
  • Third parties;
  • Public sources or public records.
 TMF employees. Please review Section 2 of TMF Group privacy statement for processing of candidate employee personal data to see this information. Please review Section 1 of TMF Privacy Statement to see this information.

Purposes for processing
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
Please review TMF Website Policy to obtain this information.
  • Compliance with our legal obligations;
  • Management and administration of employment benefits;
  • Performance of the employment contract;
  • Our legitimate interests;
  • Protection of vital interests of employees;
  • Marketing and promotional activities.
  • Teambuilding, bonding and other similar internal social activities.
  • Management and administration of benefits;
  • Our legitimate interests;
  • Protection of vital interests of employees or employees related persons;
  • Teambuilding, bonding and other similar internal social activities.
 Please review section 10 of TMF Group privacy statement for processing of candidate employee personal data to see this information. Please review section 4 of TMF Privacy Statement to see this information.

Data retention period
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
Please review TMF Website Policy to see this information. As long as required to satisfy the purpose for which the PI/SPI was initially collected and used, or for the establishment, exercise or defence of legal claims. As long as required to satisfy the purpose for which the PI/SPI was initially collected and used, or for the establishment, exercise or defence of legal claims. Please review section 4 of TMF Group privacy statement for processing of candidate employee personal data to see this information. Please review section 5 of TMF Privacy Statement to see this information.

Categories of 3rd parties to which PI/SPI has been disclosed in the preceding 12 months
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
Please review TMF Website Policy to see this information.
  • TMF Affiliates;
  • Successors in title of TMF business in case of a corporate transaction;
  • Vendors and suppliers that process PI/SPI on our behalf;
  • Third parties with whom TMF has a contractual relationship with;
  • Public authorities.
  • TMF Affiliates;
  • Successors in title of TMF business in case of a corporate transaction;
  • Vendors and suppliers that process PI/SPI on our behalf;
  • Third parties with whom TMF has a contractual relationship with;
  • Public authorities.
 Please review Section 6 and 10 of TMF Group privacy statement for processing of candidate employee personal data to see this information. Please review section 5 of TMF Privacy Statement to see this information.

Purposes of disclosure
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
To help us achieve the purposes described above. To help us achieve the purposes described above. To help us achieve the purposes described above. To help us achieve the purposes described above. To help us achieve the purposes described above.

Categories of 3rd parties to which PI/SPI has been shared in the preceding 12 months
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
  • TMF Affiliates, service providers;
  • Analytics companies;
  • Public authorities;
  • Entities in connection with corporate transaction;
  • Other third parties as required by law.
 N/A N/A N/A N/A

Purposes of sharing
Website Users Employees Employees Related Persons Candidate Employees Commercial Partners
  • Receive certain services or benefits from them (such as when TMF allows third-party tags to collect data by making browsing data available to third party ad companies):
  • To improve and measure ad campaigns and reach users with more relevant ads and content.
 N/A N/A N/A N/A

More information about the processing of PI/SPI related to TMF employees is provided to them at the moment of contracting with TMF, and is available to them at all times on TMF´s internal intranet.

We do not sell any PI or SPI and we do not knowingly disclose or share any PI or SPI from individuals under the age of 16.

2. CPRA RIGHTS

If you reside in California, you have the right:

  • With respect to the PI/SPI TMF has collected about you in the prior twelve (12) months, to require that TMF discloses the following to you, up to twice per year and subject to the exemptions set out in the CPRA:
    • Categories of PI/SPI collected;
    • Categories of sources of PI/SPI;
    • Categories of PI/SPI about you TMF has disclosed, shared or sold;
    • Categories of third parties to whom TMF has sold, shared or disclosed your PI/SPI;
    • The purposes for collecting, disclosing or sharing PI/SPI;
    • A copy of the specific pieces of PI/SPI TMF has collected about you;
  • Request the deletion of your PI/SPI that TMF collected, subject to the exceptions set forth in the CPRA;
  • Request the correction of any inaccurate PI/SPI, taking into account the nature of the PI/SPI and the purposes of the processing;
  • Opt-out of the sale, share or disclose of your PI/SPI. To opt-out from sharing your web-users data, click on the Cookie Settings button at the bottom of this page and disable all options;
  • Request to limit the use and disclosure of SPI only to what is necessary and proportionate to achieve the purposes required to maintain the relationship with TMF (as employee, as an employee related person, as candidate, or as a client, prospective client, vendors, prospective vendor or other individual commercial partner of TMF);
  • Be free from discriminatory adverse treatment for exercising these rights.

You or your authorized agent can submit your request to exercise your California Privacy Rights by going to TMF General Privacy Statement at (https://www.tmf-group.com/en/legal/privacy-statement/) and clicking on “exercise your rights” link here or at the bottom of the same page, or by calling TMF at +1 3053771200.

In general, TMF will verify your request and your identity by requesting you to disclose a copy of your valid ID (e.g. driver’s license, national ID card or passport) through TMF automated Exercise Your Rights software, sending a verification request and a confirmation link to your email address. In some cases, TMF may request additional information in order to verify your request or where necessary to process your request. If TMF is unable to adequately verify a request, TMF will notify the requestor.

Authorized agents will be required to provide proof of their authorization and TMF may also require that the relevant Consumer directly verify their identity and the authority of the authorized agent.
If you have questions or concerns about TMF privacy practices, you may contact TMF at dataprotection@tmf-group.com

3. ANNEX 1: DEFINITIONS

The terms and abbreviations listed below, have the following meaning in this Policy:

Definition Meaning
Affiliates / TMF Affiliates means with respect to TMF, any entity directly or indirectly controlling or controlled by or under direct or indirect common control by TMF Group B.V. Specifically excluded from this definition are the shareholding companies controlling TMF Group B.V.
Business has the meaning provided for in Section 1798.140 d) of the CPRA: “A sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that collects consumers’ personal information, or on the behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information that does business in the State of California, and that satisfies one or more of the following thresholds […]”
Consumer has the meaning provided for in Section 1708.140 (i) of the CPRA: “a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.”
CPRA means the California Privacy Rights Act that was passed into law on November 3, 2020 in California, United States of America.
Identifiers has the meaning provided for in Section 1798.140 (v) (1) (a) of the CPRA: “[…] a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers […]”
Personal Information (“PI”) has the meaning provided for in Section 1798.140 (v) of the CPRA: “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household […]”.
process / processing has the meaning provided for in Section 1798.140 (y) of the CPRA: “any operation or set of operations that are performed on Personal Information or on sets of Personal Information, whether or not by automated means.”
Sensitive Personal Information

has the meaning provided for in Section 1798.140 (ae) of the CPRA:

1. Personal information that reveals: (a) a Consumer’s social security, driver’s license, state identification card, or passport number, (b) a Consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (c) a Consumer’s precise geolocation, (d) a Consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership, (e) the contents of a Consumer’s mail, email, and text messages unless the business is the intended recipient of the communication, (f) a Consumer’s genetic data;

2. (i) the processing of biometric information for the purpose of uniquely identifying a Consumer, (ii) Personal information collected and analyzed concerning a Consumer’s health, and (iii) Personal information collected and analyzed concerning a Consumer’s sex life or sexual orientation.

3. Sensitive Personal Information that is “publicly available” pursuant to paragraph (2) of subdivision (v)of the CPRA shall not be considered sensitive Personal Information or Personal Information.”
TMF Website Policy

means the policy published on TMF´s website and accessible through the link:

https://www.tmf-group.com/en/legal/privacy-statement/website-policy/
TMF Privacy Statement

means the policy published on TMF´s website and accessible through the link:

https://www.tmf-group.com/en/legal/privacy-statement/
TMF Group privacy statement for processing of candidate employee personal data

means the policy published on TMF´s website and accessible through the link:

https://www.tmf-group.com/en/legal/privacy-statement-for-candidates/
sell / sold / selling has the meaning provided for in Section 1798.140 (ad) of the CPRA: “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Information by the business to a third party for monetary or other valuable consideration. For purposes of this title, a business does not sell personal information when A consumer uses or directs the business to intentionally (i) disclose Personal Information, or (ii) interact with one or more third parties. […]”
share / shared /sharing has the meaning provided for in Section 1798.140 (ah) of the CPRA: “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged […]”

California Privacy Notice TMF Group | December 2020 | Version 1.0

California Privacy Notice TMF Group | May 2023 | Version 2.0

man with posti-it notes

We make a complex world simple

TMF Group is a leading provider of critical administrative services, helping clients invest and operate safely around the world. More than 10,000 colleagues in 125 offices across 86 jurisdictions provide local expertise. Our locations cover 92% of world GDP and 95% of FDI inflow.

We are a key part of our clients’ governance, providing the accounting, tax, payroll, fund administration and legal entity management services essential to their success. We make sure rules are followed, reputations protected and operational compliance maintained. We work with the majority of the Fortune Global 500, FTSE 100 and top 300 private equity firms.

Learn more about us Learn more about us

Expand your business efficiently across borders

Get in touch to find out how we can help your organisation grow in a complex world.

Contact us Contact us