Schroders plc (the "Company") and any third party service providers, functionaries and agents appointed by the Company and acting on its behalf (together the "we", "us", "our") are committed to protecting your personal data and are required, by Data Protection Legislation (defined below), to provide individuals with certain information about how we use your personal information.
- your personal information is sometimes also referred to as "personal data";
- we may also sometimes collectively refer to handling, collecting, protecting and storing your personal data as "processing" such personal data; and
- the term "Data Protection Legislation" means the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection.
For the purposes of Data Protection Legislation the data controller is the Company.
1. What information we collect about you
The personal data we collect and process may include:
(A) Information that you provide to us
This is information that personally identifies you that you provide to us. Such information may typically include:
- information obtained from identification documentation (including your name, email address, telephone number, address (including city, postcode and country), nationality and national identity numbers (where applicable));
- your professional title and occupation;
- your age, date of birth and marital status;
- financial information, tax status, bank account details and evidence of ownership of financial assets;
- personal identifiers such as your social security number, national insurance number, tax file number, IP address or your internal electronic identifiers;
- other information you provide in the course of your dealings with us or which we require you to provide so that we can provide you with products and services.
(B) Information that we collect or generate about you
This may include:
- files that we may produce as a record of our relationship with you, including contact history, correspondence records; and
- any personal data that you provide during telephone and email communications with us which we may monitor and record in order to resolve complaints, improve our service and in order to comply with our legal and regulatory requirements.
(C) Information we obtain from other sources
This may include information from publicly available sources, including third party agencies such as credit reference agencies, public databases, registers and records such as Companies House and the FCA Register and information obtained from sanction checking and background screening providers.
In certain circumstances, we also collect and process what are known as 'special categories' of personal data (as defined by Data Protection Legislation). Money laundering, sanctions, financial crime and fraud prevention checks sometimes result in the Company obtaining information about actual or alleged criminal convictions and offences.
You are not obliged to provide us with your personal data where it is requested but we may be unable to provide certain products and services or proceed with your business relationship with the Company if you do not do so.
2. How we collect your information
The personal information we collect comes from:
- application forms or other materials you or your authorised representative submits to us during the course of your relationship with the Company;
- your or your authorised representative's interactions with the Company, transactions and use of our products and services (including the use of any of our websites);
- your or your authorised representative's business dealings with the Company, including via email, telephone or as stated in contracts with you;
- depending on the products or services you or your authorised representative requires, third parties (including for credit and money laundering checks, among other things); and
- recording and monitoring tools that we use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails, etc.).
3. How we use your information
Our primary purpose in collecting your personal information is to facilitate and record your holding of shares in the Company, the management and administration of your holdings in the Company and any related administration on an on-going basis.
Additionally, on an ongoing basis during your relationship with us, we may use your information for the following specific purposes:
- to process transactions and to improve the quality of the service that we provide to you;
- to disclose information to other third parties such as service providers of the Company, auditors, regulatory authorities and technology providers for the purposes outlined in this Privacy Notice (as set out in more detail below);
- to update and maintain records;
- to monitor and record calls and electronic communications;
- in connection with the Company’s internal management and reporting;
- to report regulatory and tax related information to regulatory and tax authorities in order to comply with a legal obligation, including any obligation arising under legislation implementing the U.S. Foreign Account Tax Compliance Act of 2010, as amended, and the Organisation for Economic Co-operation and Development's Common Reporting Standard;
- to permit, administer and record your holdings in the Company;
- in order to carry out anti-money laundering checks and related actions which are necessary to comply with legal obligations, in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis;
- for prudential and risk management purposes;
- to provide you with any products and services that you request from us; and
- other reasons compatible with the primary purpose.
4. Legal grounds for using your personal information
Data Protection Legislation permits us to process your personal data in the way that we do because such processing is:
- necessary for the purposes of the legitimate interests that we pursue, which are to discharge our legal obligations, to store and disclose information where necessary; or
- necessary for the performance of a contract with you;
- necessary in order to comply with a legal obligation to which we are subject; or
- otherwise with your express consent.
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that personal data; (ii) you have made the personal data manifestly public; or (iii) the processing is necessary for the establishment, exercise or defence of legal claims.
5. Providing your information to third parties
We may share your personal data with our subsidiaries or affiliates, details of which can be found on our website. Together these are referred to as the Schroders Group.
- representatives, agents, custodians, intermediaries and/or other third party product providers appointed by you;
- third party agents and contractors for the purposes of them providing services both to us and to you (for example, professional advisers and IT and communications providers). These third parties will be subject to appropriate data protection obligations;
- any depositary, stock exchange, clearing or settlement system, counterparties, dealers and others where disclosure of your personal information is reasonably required for the purpose of effecting, managing or reporting transactions on your behalf or establishing a relationship with a view to such transactions;
- any regulatory, supervisory or governmental authorities to the extent we are required by law or regulation to do so, or in other limited circumstances (for example if required by a court order or regulatory authority, or if we believe that such action is necessary to prevent fraud) or to establish, exercise or defend our legal rights;
- any prospective buyer for due diligence purposes if we sell any part of our business or our assets; and
- tax authorities.
The Company does not undertake marketing activities for third parties, nor does it provide information to third parties for their own marketing purposes.
6. Transferring data outside of the EEA
We are a global business with operations around the world. As a result, the Company collects and transfers personal data on a global basis. That means that we may transfer your personal data to locations outside of your country.
Where we transfer your personal data to another country it will be protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the European Economic Area (the “EEA”), for example, this may be done in one of the following ways:
- the country to which we send your personal data might be approved by the European Commission as offering an adequate level of protection for personal data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging it to protect your personal data;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit us to otherwise transfer your personal data outside the EEA.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us as described in paragraph 13 below.
7. Automated processing
We do not carry out automated decision-making or profiling based on your personal data.
8. Your rights
- to be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);
- to request access to or a copy of any personal data which we hold about you;
- to rectification of your personal data, if you consider that it is inaccurate or incomplete;
- to ask us to delete your personal data, if you consider that we do not have the right to hold it (please note that there may be circumstances where you ask us to erase your personal information but we are required or entitled to retain it);
- to withdraw your consent to our processing of your personal data (please note that we may still be entitled to process your personal data if we have another legitimate reason for doing so, for example we may need to retain your personal data to comply with legal or regulatory obligations or to satisfy our internal audit requirements);
- to restrict processing of your personal data;
- where applicable, to data portability (moving some of your personal data elsewhere) in certain circumstances;
- to object to your personal data being processed in certain circumstances;
- not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data; and
- the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.
We will correct any incorrect or incomplete information of which we are made aware and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change. Failure to provide accurate information or to update changed information may have a detrimental impact on your investment in the Company, including the processing of any subscription or redemption instructions or the suspension of your account.
9. How long we keep your information
- as long as is necessary for the relevant activity or as long as is set out in any relevant agreement you enter into with the Company;
- the length of time it is reasonable to keep records to demonstrate compliance with professional or legal obligations;
- any retention period that is required by law; or
- the end of the period in which litigation or investigations might arise in respect of an investment in the Company.
This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.
10. How we protect your information
We ensure that there are appropriate technical, physical, electronic, and administrative safeguards in place to protect your personal information from unauthorised access. The Company has controls and mechanisms in place designed to detect, respond and recover in case of any adverse events that may arise.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
If you have any concerns about our use of your information, you also have the right (as a UK resident) to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.
Version: May 2018