Schroders Group Privacy Policy - China
This Privacy Policy is designed to help you understand what information we gather and process about you ("personal data"), why and how we use it, and with whom we share it. It also sets out the rights you have in relation to your information and how you may contact us for your queries.
DEFINITIONS USED IN THIS PRIVACY POLICY CAN BE FOUND HERE
“Client” means an investor in our products or a recipient of our services, who may be an individual investor, or an employee, director, officer, trustee, beneficiary, or representative of an institutional or intermediary client of Schroders.
“Schroders”, “we” or “us” means Schroders plc with its registered office at 1 London Wall Place, London – United Kingdom - EC2Y 5AU, or any of its subsidiaries or affiliates, details of which can be found on the Schroders website. Together these are referred to as the Schroders Group.
“Schroders Websites” means the websites operated by Schroders.
“Schroders Products and Services” means the products and services that we offer to our Clients, including through our related support, mobile or cloud-based services.
“Personal Data” means any personal data prescribed in the Personal Information Protection Law and relevant regulations and implementation rules in the People’s Republic of China (“PRC”) (as amended from time to time), which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, Schroders (or its representatives or service providers), including but not limited to natural person’s full names, national identification numbers etc..
“Process” means any activity of collecting, storing, using, processing, transmitting, providing, disclosing, and erasing Personal Data.
“You” means each individual whose Personal Data is processed by Schroders, who may be:
(a) a Client or prospective Client of ours;
(b) a visitor to the Schroders website; or
(c) an employee, director, officer or representative of another organisation with which we have a business relationship.
1. Background
(1.1) Schroders collects and uses certain Personal Data. Schroders is responsible for ensuring that it uses that Personal Data in compliance with applicable data protection laws.
(1.2) At Schroders, we respect your privacy and we are making efforts to keeping your Personal Data secure.
(1.3) This Privacy Policy is directed to individuals whose Personal Data we handle in the course of carrying on our commercial activities. Those individuals could be Clients or prospective Clients or their representatives, agents or appointees, or an employee, director, officer or representative of another organisation with which we have a business relationship. This Privacy Policy is also directed to visitors to our websites.
2. Overview of circumstances in which we handle your personal data
(2.1) Schroders gathers information about you in the following ways:
a) Information we receive in the course of providing products or services to you or products or services provided to us by you. This may be provided directly from you or from other parties, such as, for example, providers of ‘know your client’ and anti-money laundering services which we sometimes use to help us meet our legal obligations.
b) Information we receive as part of your interest in our products or services. This is only provided by you and includes enquiries and other activities you perform while visiting our premises, participating in informative events and using Schroders Websites. Details of how we handle the information we receive through Schroders Websites are set out in paragraph 10 of this Privacy Policy.
We may combine the personal and other data we collect directly from you with information collected from or about you in other contexts, such as from our Web Sites or obtained from third parties.
3. The types of Personal Data we collect
(3.1) Many of the products or services offered by Schroders require us to obtain and process Personal Data, such as:
- Information that you provide to Schroders. This includes information about you that you provide to us. The nature of our relationship with you will determine the kind of Personal Data we might ask for. Such information may include:
- basic Personal Data such as first name; family name; national insurance number; email address; phone number; address (including city postcode and country); occupation and job title; bank details; ID documentation; date of birth; life events and family information;
- Financial information and transactional data such as information about your income and your asset, the source of income, your financial situations, your experience of investment, your targeted and existing investment portfolio, your risk tolerance level, your creditworthiness records.
We also process personal data about any person on whose behalf you are acting, for example investment beneficiaries, that you may have provided to us in connection with our provision of services to you. By providing us with their personal data, you agree to provide them with the information set out in this Privacy policy.
- Information that we collect or generate about you. This may include:
- files that we may produce as a record of our relationship with our Clients and prospective Clients or a third-party vendor, including contact history; and
- any Personal Data that you provide during telephone and email communications with us which we may monitor and record in order to resolve complaints, improve our service and in order to comply with our legal and regulatory requirements; or
- any Personal Data that we obtain in relation to your use of Schroders Websites (but this will be limited to the situations where users make themselves known by establishing a secure, authenticated session).
- Information we obtain from other sources. Some of this personal data may be sensitive and may include:
- information from publicly available sources, including third party agencies such as credit reference agencies; public security bureau; China Judgements Online; public databases, registers and records such as the website of State Administration for Market Regulation and other publicly accessible sources;
- information provided to us by independent financial advisors (IFAs), other professional advisers, product providers, events organisers, other agents and/or representatives, industry databases and other business intelligence tools Schroders subscribes to; and
- information obtained from sanctions checking and background screening service providers.
- We will also collect and use sensitive Personal Data about you. “Sensitive Personal Data” refers to the sensitive personal information as prescribed in the PRC Personal Information Protection Law that, if leaked or used illegally, may easily cause harm to the dignity of natural persons, or serious damage to the safety of individuals and properties, including information relating to biometric identification, religious beliefs, specific identities, healthcare, financial account, individual location tracking, etc., as well as personal information of minors under the age of 14. Some information which we collect as illustrated above, such as your ID information and bank information fall within the scope of sensitive Personal Data, of which the collection is necessary because without such information we cannot complete the KYC, anti-money laundry, and other necessary procedures to take you onboard as a Client nor can we complete a transaction (either an investment or a business relationship) with you. Your banking information is also necessary for us to make payments to you under the relevant transaction.
4. How we use your information
(4.1) Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
- to allow Clients and prospective Clients to use and access Schroders Products and Services;
- to assess Client and prospective Client applications or contracts for Schroders Products and Services;
- to set up / on-board prospective Clients to use Schroders Products and Services, including KYC and anti-money laundry checks as well as suitability assessments ;
- to keep our records up to date;
- to monitor IT systems in order to protect against cyber threats or malicious activity including abuse and misuse;
- to protect our premises from unauthorised access or use, or any unlawful activity;
- to administer or maintain IT systems in order to uphold standards of service;
- for ongoing review and improvement of the information provided on Schroders Websites to make them user friendly and prevent potential disruptions or cyber attacks;
- to understand feedback on Schroders Products and Services and to help provide more information on the use of those products and services quickly and easily;
- to communicate with and better understand the interests of Clients and prospective Clients in order to provide services or targeted information about Schroders and other Schroders Products and Services;
- to effectively manage and strengthen Client and prospective Client relationships, understand Client and prospective Client needs and interests and learn more about our Clients and prospective Clients in order to develop, improve and manage the products and services we can offer;
- for the management and administration of our business;
- in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; or
- for the administration and maintenance of databases storing your Personal Data.
(4.2) When we use your Personal Data, we comply with applicable law. The law allows or requires us to use your Personal Data for a variety of reasons. These include instances where:
- we are performing our contractual obligations or the processing is necessary in order for us to conduct human resources management under the labour rules formulated and the collective contracts entered into in accordance with applicable laws;
- we have statutory duties and/or statutory obligations to discharge;
- we may need to do so in order to establish, exercise or defend our legal rights or those of our Clients or for the purpose of legal proceedings;
- we have obtained your voluntary and explicit consent;
- any other circumstances as may be provided by applicable laws.
(4.3) Within Schroders, your Personal Data is accessed only by personnel that have a need to access it for the purposes described in this Privacy Policy.
5. Disclosure of your information to third parties
We will not sell, rent or trade your Personal Data.
We will only disclose your Personal Data to third parties where it is lawful to do so and in line with our obligations under data protection laws or contracts between us.
This implies that we have obtained the necessary assurance that they will properly manage and protect your information to the required standards under applicable laws. Moreover, before we provide and disclose your Personal Data to such service providers we require, by way of a written contract or similar means, assurance they will process this data strictly in compliance with our instructions and agreed terms of use including appropriate measures to properly handle Personal Data.
(5.1) We may share your Personal Data outside of the Schroders Group in the situations described below:
- with business partners of ours where they are contractually obliged to comply with appropriate data protection obligations;
- with representatives, agents, custodians, intermediaries and/or other third party product providers appointed by the Client or prospective Client (such as accountants, professional advisors, custody service providers and product providers);
- with third party agents and contractors for the purposes of them providing services both to us (for example, Schroders’ accountants, professional advisors, IT and communications providers, background screening providers, credit reference agencies and debt collectors) and to Clients or prospective Clients. These third parties will be subject to appropriate contractual or legal data protection obligations;
- with any depository, stock exchange, clearing or settlement system, counterparties, dealers and others where disclosure of your Personal Data is reasonably intended for the purpose of effecting, managing or reporting transactions or establishing a relationship with a view to such transactions;
- where you are a joint account or portfolio holder (or otherwise one of multiple persons holding an account or portfolio), we may disclose your Personal Data to the other joint account or portfolio holder or other person;
- to the extent required by law or regulation, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators, auditors or public authorities), or to establish, exercise or defend its legal rights; and
- if we sell any part of our business or our assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes.
6. International transfers of personal data
(6.1) Schroders is a global business with Clients and operations around the world. As a result we collect and transfer Personal Data within companies part of the Schroders Group on a global basis. That means that we may transfer your Personal Data to locations outside of your country.
(6.2) Where we transfer your Personal Data to another country we will obtain your separate consent and ensure that it will be protected and transferred in a manner consistent with local legal requirements. We require by contract that our third party service providers processing Personal Data on our behalf to comply with Schroders’ criteria for Personal Data processing. This may be done in one of the following ways:
- the outbound transfer of personal data passes a risk assessment by the PRC competent data protection authorities;
- the outbound transfer of personal data are certified by an institution authorized by the PRC competent data protection authorities;
- the recipient signed up to a contract based on “model contractual clauses” approved by the PRC competent data protection authorities, obliging it to protect your Personal Data and we assessed that the legislation of the third country of destination enables the recipient to comply with the those clauses.
(6.3) You can obtain more details of the protection given to your Personal Data when it is transferred outside of China as described in paragraph 12 below.
7. How we safeguard your personal data
(7.1) Data is a critical business asset and must be protected appropriate to its risk as well as its importance or value.
We ensure safe processing operations by operating and maintaining physical, electronic and procedural safeguards to guard your non-public Personal Data and we restrict access only to authorised personnel. The effectiveness of these safeguards is periodically tested.
We have extensive controls and mechanisms in place designed to detect, respond and recover in case of adverse events that may arise.
8. How long we keep your personal data
(8.1) The length of time for which we hold your Personal Data will vary as determined by the following criteria:
- the purpose for which we are using it (as further described in this Privacy Policy at paragraph 4.1) – we will need to keep the data for as long as is necessary for that purpose; and
- our legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
9. Your rights
(9.1) In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:
- the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
- the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another lawful reason for doing so;
- the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
- the right to request us to delete or otherwise properly dispose of your Personal Data, if we haven’t done so already, under any of the following circumstances:
- the purpose of processing has been achieved, unable to achieve, or is no longer necessary to achieve;
- we are no longer providing products or services to you and the storage period has expired;
- you had withdrawn your consent to your Personal Data, unless we have another lawful reason to process it;
- Requests for access or rectification of Personal Data, for withdrawal of authorisation or disposal of Personal Data beyond retention period, or enquiries about our practices regarding Personal Data processing and privacy protection, should be addressed as described at paragraph 12 below.
10. Schroders websites and other websites
(10.1) If you use a Schroders Website, we may collect technical information through the use of cookies. The type of information collected varies by category of cookies as explained in our Cookie Notice. As detailed in our Cookie Notice, we provide you with the opportunity to selectively accept certain categories of cookies in your Web browser through our Cookie Manager Application. If you accept cookies of the tracking category and you make your identity known during a secure (logged-on) browsing session on one of our Web Sites, we will be able to combine the information we collect about your usage of our Web Sites during that session with other information we know about you, such as any searches you conduct on our Web Sites or information you request during your web session. We will use this combined information to assess the appeal and usefulness of the information and tools offered on our Web Sites as well as to identify Schroders products and services that may be of interest to you.
We also gather anonymous information related to browsing habits of users through other categories of cookies with the purpose of managing and improving our Website.
(10.2) If you use a Schroders Website and follow a link from it to another website (including a website operated by Schroders), different privacy policies may apply. Prior to submitting any Personal Data to a website you should read the privacy policy applicable to that website.
11. Changes to this Privacy Policy
(11.1) We may change or update portions of this Privacy Policy to reflect changes in our practices and or applicable laws and regulations. Please check this Privacy Policy from time to time and when it was last updated at its very end, so you are aware of any changes or updates.
12. Questions and concerns
(12.1) If you have any questions or concerns about Schroders’ processing of your Personal Data, about this Privacy Policy, or to exercise any of your rights, please contact our Personal Information Protection Officer at the address below.
Schroder Investment Management (Shanghai) Co Ltd.
Address:
33T52A Unit
100 Century Avenue, Pudong New Area, Shanghai
Shanghai, Shanghai World Financial Centre - 200120
Email: privacy_cn@schroders.com
To exercise your right to withdraw consent to receive electronic marketing communications at any time, please click the “unsubscribe” hyperlink found in all our marketing communications.
We may charge a reasonable fee for the processing of any data request, as permitted by law or contract between us.
We are usually able to resolve privacy questions or concerns promptly and effectively in full compliance with timeframes set by applicable laws. Should your request for exercising personal rights be rejected, the reasons will be communicated to you.
If you are not satisfied with the response you receive, you may bring a lawsuit in a people’s court according to law and/or lodge a complaint with a competent data protection authority.
If you raise a concern, we may:
- request additional details from you regarding your concerns and personal data limited to what is necessary for the purpose of authenticating you: this is necessary to ensure beyond reasonable doubt that you are the individual against which the request is made or that you are the individual who is authorized to make the request on that individual's behalf;
- engage or consult with other parties in order to investigate and resolve your issue (and these parties will receive and Process information about you); and/or
- keep records of your request and any resolution of your issue,
in each case in accordance with our data protection and other legal obligations.