Group Privacy Policy
This Privacy Policy is designed to help you understand what information we gather and process about you, why and how we use it, and with whom we share it. It also sets out the rights you have in relation to your information and how you may contact us for your queries.
DEFINITIONS USED IN THIS PRIVACY POLICY
“Client” means an investor in our products or a recipient of our services, who may be an individual investor, or an employee, director, officer, trustee, beneficiary, or representative of an institutional or intermediary client of Schroders.
"Data Protection Laws” means the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), and as such is incorporated into UK law by virtue of the EU (Withdrawal) Act 2018 and the EU (Withdrawal Agreement) Act 2020, and any other applicable national data protection laws (including but not limited to the Luxembourg law of 1st August 2018 on the organisation of the National Data Protection Commission and the general data protection framework, as amended from time to time).
“Schroders”, “we” or “us” means Schroders plc with its registered office at 1 London Wall Place, London EC2Y 5AU or any of its subsidiaries or affiliates, details of which can be found on the Schroders Website. Together these are also referred to as the Schroders Group.
“Schroders Website(s)” means the website(s) operated by Schroders.
“Schroders Products and Services” means the products and services that we offer to our clients, including through our related support, mobile or cloud-based services.
“Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information, which is in the possession of, or is likely to come into the possession of, Schroders (or its representatives or service providers). In addition to factual information such as a name or address, it could include an expression of opinion about or an indication of intention in respect of an individual.
“You” means everyone to whom this notice is addressed, who may be:
(a) a Client or prospective Client of ours;
(b) a visitor to a Schroders Website; or
(c) an employee, director, officer or representative of another organisation with which we have a business relationship.
1. BACKGROUND INFORMATION
(1.1) Schroders collects and uses certain Personal Data. The relevant entity of the Schroders Group with which you have or are contemplating a relationship (e.g. when subscribing for limited partnership interests, as visitor of the website or as other commercial partner), acts as data controller of such Personal Data and is therefore responsible for ensuring that it uses that Personal Data in compliance with the Data Protection Laws.
(1.2) This Privacy Policy is directed to individuals whose Personal Data we handle while carrying on our commercial activities. Those individuals could be Clients or prospective Clients or their representatives, agents or appointees, or an employee, director, officer or representative of another organisation with which we have a business relationship. This Privacy Policy is also directed to visitors to Schroders Websites.
(1.3) Please note that in addition to this Privacy Policy, the Personal Data we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your Personal Data will be used by us and these fraud prevention agencies, and your data protection rights, can be found at the following link Fair Processing Notices for Cifas (‘National Fraud Database’).
(1.4) Further additional terms, conditions and commitments may also govern how the different entities of the Schroders Group collect and use your Personal Data. Such additional terms should be read in conjunction with this Privacy Policy. In case of inconsistencies, the provisions of this Privacy Policy (as updated from time to time) shall prevail.
2. OVERVIEW OF CIRCUMSTANCES IN WHICH WE HANDLE YOUR PERSONAL DATA
(2.1) Schroders gathers information about you in the following ways:
(a) Information we receive while providing products or services to you. This may be provided directly from you or from other parties, such as, for example, providers of, fraud prevention, ‘know your client’ and anti-money laundering services which we sometimes use to help us meet our legal obligations.
(b) Information we receive as part of your interest in our products or services or interaction with Schroders Websites. This is provided by you and includes enquiries and other activities you perform while visiting our premises, participating in informative events and using Schroders Websites. Details of how we handle the information we receive through Schroders Websites are set out in paragraph 10 of this Privacy Policy.
(c) Information we receive in relation to services that you provide to us or our Clients or associated companies. This information may include contact information or other details relating to the relevant service or relationship with you.
We may combine the personal and other data we collect directly from you with information collected from or about you in other contexts, such as from Schroders Websites or from third parties.
3. THE TYPE OF PERSONAL DATA WE COLLECT
(3.1) The nature of our relationship with you will determine the kind of Personal Data we may process. These types of Personal Data we process may include:
• Identification data: first name; family name; age; gender; nationality; citizenship; place of birth; national insurance number; ID or passport number, occupation and job title; ID documentation (including your photograph); date of birth; civil status; life events and family information; signature.
• Contact data: email address; phone and/or fax account number; address.
• Technical data: Personal Data related to your use of the Schroders Websites through our use of cookies. This includes information that may identify you, particularly when you interact with our website in ways that involve providing your details (see further section 10 below).
• Financial data: account number; client reference number; fees quotation and proposal; bank account information such as IBAN and BIC codes; bills and invoices; billing amount; taxpayer identifying/identification number(s); country(ies) of tax residency; tax status and tax certificates.
• Contractual data: files that we may produce as a record of our relationship with our clients and prospective Clients, including contact history; information concerning the fulfilment of contractual obligations and pre-contractual measures (including for investors any invested amount and any information regarding the dealing in shares (subscription, conversion, redemption and transfer as well as balance or value at year-end and total gross amount paid or credited in relation to the shares, including redemption proceeds)).
• AML/KYC data: source of wealth and funds, fraud related search results, power of attorney, information on related parties.
• Sensitive data: health related information; disability status; sexual orientation; personal data revealing racial or ethnic origin or religious or philosophical beliefs; biometric data used for the purpose of authentication in connection with certain applications; details of political opinions or affiliations; or records of criminal offences and court proceedings.
• Communication data: any Personal Data that you provide during telephone and email communications with us which we may monitor and record in order to resolve complaints, manage or improve our service and in order to comply with our legal and regulatory requirements.
You may, at your discretion, refuse to communicate the Personal Data to Schroders. In this case, however, Schroders may not be able to enter into a contractual or other business relationship with you, if such Personal Data is necessary for the relevant purposes.
Moreover, you should refrain from providing us with Personal Data which are not requested by Schroders or any other entity acting on the relevant entity’s behalf. Unless provided otherwise by applicable law, Schroders shall not be liable for any damage caused by the processing of such Personal Data provided by you without being requested by Schroders.
(3.2.) The Personal Data listed above is collected from the following sources:
• Information that you or third parties representing you provide to Schroders. This includes information about you that you provide to us. The nature of our relationship with you will determine the kind of Personal Data we might ask for. Such information may include identification data, contact data, financial data, and sensitive data.
• We also process personal data about any person on whose behalf you are acting, for example investment beneficiaries, that you may have provided to us in connection with our provision of services to you. By providing us with their personal data, you agree to provide them with the information set out in this Privacy Policy.
• Information that we collect or generate about you. This may include contractual data, communication data and technical data.
• Information we obtain from other sources. Some of this Personal Data may be sensitive and may include:
- Information from publicly available sources, including third party agencies such as credit reference agencies; fraud prevention agencies (including CIFAS (Fair Processing Notices for Cifas); law enforcement agencies/authorities; public databases, registers and records such as the UK’s Companies House and the FCA Register and other publicly accessible sources.
- Information provided to us by independent financial advisors (IFAs), other professional advisers, product providers, events organisers, other agents and/or representatives, industry databases and other business intelligence tools Schroders subscribes to.
4. HOW WE USE YOUR INFORMATION
(4.1) The Data Protection Laws allow or require us to use your Personal Data for a variety of reasons. These include the following instances where the processing of Personal Data is necessary for:
• performing our contractual obligations;
• discharging legal and regulatory obligations;
• establishing, exercising or defending our legal rights;
• purposes for which we have obtained your consent; and/or
• our legitimate business interests which are not overridden by the interests or fundamental rights and freedoms of data subjects, including you.
Where the Schroders entity acting as controller’s purposes change over time or where the Schroders entity wants to use Personal Data for new purposes, we will inform you of such new processing in accordance with the Data Protection Laws.
For the avoidance of doubt, where consent is given by you, this consent is separate from any consent given in the context of confidentiality and/or professional secrecy compliance obligations.
(4.2) Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
a. to execute the contract between you and the relevant entity of the Schroders Group
Categories of Personal Data | Purposes |
|
|
b. the legitimate interest of the Schroders entity acting as controller
Categories of Personal Data | Purposes |
|
|
|
|
|
|
c. to comply with the legal obligations imposed on the Schroders entity acting as controller
Categories of Personal Data | Purposes |
|
|
|
|
|
|
|
|
(4.3) Within Schroders, your Personal Data is accessed only by personnel of Schroders that have a need to access it for the purposes described in this Privacy Policy.
5. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
(5.1) We may share your Personal Data within the Schroders Group for the purposes described above.
(5.2) We may also share your Personal Data outside of the Schroders Group as further described below:
• with business partners of ours and with representatives, agents, custodians, intermediaries and/or other third-party product providers appointed by a Client or prospective Client (such as accountants, professional advisors, custody service providers and product providers);
• with third party agents and contractors for the purposes of them providing services both to us (for example, Schroders’ accountants, professional advisors, IT and communications providers, background screening providers, credit reference agencies and debt collectors) and to Clients or prospective Clients.;
• with any depository, stock exchange, clearing or settlement system, counterparties, dealers and others where disclosure of your Personal Data is reasonably intended for the purpose of effecting, managing or reporting transactions or establishing a relationship with a view to such transactions;
• where you are a joint account or portfolio holder (or otherwise one of multiple persons holding an account or portfolio), we may disclose your Personal Data to the other joint account or portfolio holder;
• to the extent required by law or regulation, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators, auditors or public authorities), or to establish, exercise or defend its legal rights; and
• if we sell any part of our business or our assets or reorganise our business, in which case we may need to disclose your Personal Data to a prospective buyer or other third party for purposes related to such sale or reorganisation.
The above recipients of Personal Data (“Recipients”) may disclose the Personal Data to their agents and/or delegates (the “Sub-Recipients”), which shall process the Personal Data for the purposes of assisting the Recipients in providing their services to the Schroders entity acting as controller and/or assisting the Recipients in fulfilling their own legal obligations.
The Recipients and Sub-Recipients may process the Personal Data as processors (when processing the Personal Data upon instructions of the controller and/or the Recipients), or as distinct controllers (when processing the Personal Data for their own purposes, namely fulfilling their own legal obligations).
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA
(6.1) Schroders is a global business with Clients and operations around the world. As a result, we collect and transfer Personal Data within companies part of the Schroders Group or to other Recipients on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
(6.2) If we transfer your Personal Data to another country, we take steps to protect and transfer it in a manner consistent with local legal requirements. In particular, in relation to data transferred outside of the European Economic Area ( “EEA”), Switzerland, the UK, and your jurisdiction, we may do so in one of the following ways:
• the country to which we send your Personal Data is approved by the European Commission, the UK, or your local data protection authority (as relevant) as offering an adequate level of protection for Personal Data, including if the recipient is established in the United States and participates in the EU-US Data Privacy Framework and its UK extension, or other multilateral or bilateral arrangement where your country is a party to such arrangement (as relevant); or
• the recipient has signed up to a contract based on “model contractual clauses” approved by the European Commission or your local data protection authority (as relevant), or any other appropriate safeguards pursuant to the GDPR or local laws (as relevant), as well as, if necessary, supplementary measures, obliging it to protect your Personal Data; or
• you have provided consent to us for the transfer of your Personal Data to another country (where this is permitted under local law).
(6.3) You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA and the UK, or your jurisdiction, and between other countries outside the EEA and UK, including copies of the relevant documents for enabling the Personal Data transfer(s) by contacting us as described in paragraph 12 below.
7. HOW WE SAFEGUARD YOUR PERSONAL DATA
(7.1) We ensure safe processing operations by operating and maintaining physical, electronic and procedural safeguards to guard your non-public personal information and we restrict access only to authorised personnel. The effectiveness of these safeguards is periodically tested.
(7.2) We have extensive controls and mechanisms in place designed to detect, respond and recover data and functionality in case of adverse events that may arise.
8. HOW LONG WE KEEP YOUR PERSONAL DATA
(8.1) The length of time for which we hold your Personal Data will vary as determined by the following criteria:
• the purpose for which we are using it (as further described in this Privacy Policy at paragraph 4.1) – we will need to keep the data for as long as is necessary for that purpose; and
• our legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
For example, we will retain Personal Data for required statutory retention periods where these apply, or we will retain Personal Data for the duration of the contract we have with you (if applicable) and thereafter for a period relating to the duration within which contractual claims are able to be raised (e.g. 10 years within Luxembourg or 7 years within the UK).
(8.2) If you would like to know in detail how long we hold specific Personal Data for, please contact us in accordance with paragraph 12 below.
(8.2) Once we no longer require your Personal Data for the purposes for which it was collected, we will securely destroy the Personal Data in accordance with applicable laws and regulations.
In some circumstances the Personal Data may be anonymised so that it can no longer be associated with you, in which case documents that have been anonymised may be kept indefinitely.
9. YOUR RIGHTS
(9.1) In each the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you may exercise them free of charge. These rights include:
• the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
• the right to withdraw your consent to the processing of your Personal Data at any time. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal and to the extent we keep a copy of the Personal Data for a different purpose under another lawful basis (as listed in paragraph 4 above), we may continue to process it for that purpose;
• in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit such data to a third party where this is technically feasible. Please note that this right only applies to Personal Data that you have provided directly to Schroders;
• the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
• the right to object to profiling, including profiling for marketing purposes;
• the right to request that we erase or delete your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are required or entitled to retain it;
• the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are required or entitled to refuse that request; and
• the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
(9.2) You can exercise your rights by contacting us using the details provided at paragraph 12 below.
10. SCHRODERS WEBSITES AND OTHER WEBSITES
(10.1) If you use a Schroders Website, we may collect technical information using cookies. The type of information collected varies by category of cookies as explained in our Cookie Notice. As detailed in our Cookie Notice, we provide you with the opportunity to selectively accept certain categories of cookies in your web browser through our Cookie Manager Application. If you accept cookies of the tracking category and you make your identity known during a secure (logged-on) browsing session on one of Schroders Websites, we will be able to combine the information we collect about your usage of the Schroders Websites during that session with other information we know about you, such as any searches you conduct on Schroders Websites or information you request during your web session. We will use this combined information to assess the appeal and usefulness of the information and tools offered on Schroders Websites as well as to identify Schroders Products and Services that may be of interest to you.
We also gather anonymous information related to browsing habits of users through other categories of cookies with the purpose of managing and improving Schroders Websites.
(10.2) If you use a Schroders Website and follow a link from it to another website, different privacy policies may apply. Prior to submitting any Personal Data to a website, you should read the privacy policy applicable to that website.
11. CHANGES TO THIS PRIVACY POLICY
(11.1) Any changes we make to our Privacy Policy in the future will be posted on this website and where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
12. QUESTIONS AND CONCERNS
(12.1) If you have any questions or concerns about Schroders’ handling of your Personal Data, or about this Privacy Policy, or to exercise any of your rights, please contact us at the address below.
To exercise your right to withdraw consent to receive electronic marketing communications at any time, please follow the “unsubscribe” instructions found in such marketing materials.
Schroder Investment Management Limited - Address
1 London Wall Place
London
EC2Y 5AU
United Kingdom
Privacy@schroders.com.
We are usually able to resolve privacy questions or concerns promptly and effectively.
You can also lodge a complaint with the competent data protection regulator. These include:
UK: https://ico.org.uk/make-a-complaint/
Luxembourg: National Data Protection Commission - Luxembourg (public.lu)
If you raise a concern, we may:
- request additional details from you regarding your concerns and personal data limited to what is necessary for the purpose of authenticating your communication;
- engage or consult with other parties in order to investigate and resolve your issue (and these parties will receive and process information about you); and/or
- keep records of your request and any resolution of your issue,
in each case in accordance with the Data Protection Laws and other legal obligations.
13. LANGUAGE
(13.1) Any local language translation (where applicable) of this Privacy Policy exists for reference purposes only, and only the English version shall take precedence. If there is any inconsistency between different versions, the English version shall prevail.