This policy sets out details on how Personal Data (as defined below in Section 1) relating to you will be handled by the Comgest Group as controllers of the Personal data.
The Comgest Group1 (“Comgest”) may collect, hold, use and transfer information which may constitute personal data under the EU Data Protection Regulation, and the laws of other countries (mainly Hong Kong, Singapore, Japan and Unites States).
This policy describes what data we collect about you, how we collect that data, for what purposes we use it, the legal basis for processing, to whom we may disclose the data, how you can exercise your rights, additional terms applicable only to specific jurisdictions and other information necessary to ensure fair and transparent processing of your Personal Data. This policy covers both online and offline data collection.
KEY INFORMATION SUMMARY
- Comgest Group Entities, as data controllers, collect and use Personal Data that you provide as part of your interaction with us, together with additional Personal Data that we collect when you register as a client and throughout the course of providing services to you.
- The Personal Data we collect is used primarily for providing you with marketing and communication material upon your request, for managing our website and performing our obligations under client service contracts and applicable law. All purposes and legal basis for such processing are detailed in this policy.
- You have rights with respect to your Personal Data, which are described in Section 6 of this policy. To obtain further information or ask any questions regarding these rights, or if you have any queries regarding Comgest’s processing of your Personal Data, please send an email to firstname.lastname@example.org.
1. PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSES
Personal Data that we collect includes:
- Contact information: We collect such Personal Data so as to be able to reach you and/or communicate with you. In particular, pages of the Comgest website allow you to submit your Personal Data to us. We may use the information you provide to send you requested information, respond to your inquiry, verify your relationship with Comgest and take other actions as necessary to respond to your request. Information includes your first and last names, gender (Ms./Mr.), mailing address, telephone number, email address, job title, and other information you provide online and/or offline.
- Preferences & Interests: This information helps us understand your interest in our services and particular investment products described on our website. It may include contact and investment product preferences, languages, and marketing preferences.
- Transaction & Service history: Such Personal Data is necessary to provide the services you have requested and validate any instructions authorized. This includes service requests and instructions, transactions completed and correspondence records, as well as potential complaints.
- Security: We use this information to secure our website, network systems and other IT assets. This may include any information we use to verify your identity, information concerning your IP address, geographic location, resources you have accessed and ancillary data (e.g., login credentials, usernames and passwords).
- Compliance and investigations: We process Personal Data to respond to all Comgest legal, regulatory or tax obligations. In particular, as part of KYC (Know Your Customer) and AML (Anti-Money Laundering including the fight against terrorism financing and the application of financial sanctions) mandatory processing, Comgest may implement controls prior to initiating any business relationship and throughout such relationship, and assist regulatory authorities on surveillance, detection and verification of transactions. This may also include recordings of any correspondence and communications between us (including incoming and outgoing phone calls, e-mails, instant messaging, social networks and any other types of communications).
If you do not provide us with such information, we may not be able to perform our contract with you. We will inform you when providing your Personal Data that it is necessary and what the effects will be on our relationship if you do not provide it.
2. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
To process your Personal Data lawfully, we will be relying on one of the following:
- Performance of a Contract: Comgest must process your Personal Data in order to enter into and perform its contract with you or in order to take steps at your request prior to entering into a contract;
- Processing is necessary for us to comply with our relevant legal and regulatory obligations: For example, processing may occur when we are creating a customer record, managing IT security, disclosing required data to a government or regulatory authority, complying with AML or fulfilling similar regulatory obligations;
- Processing is necessary to exercise or preserve our legitimate business interests and our interests are not overridden by your interests, fundamental rights or freedoms: For example, processing may occur when we are assessing new investment or business opportunities, managing legal matters, etc.; or
- Processing is based on your prior consent: In such case, we will request your consent for a specific use of your personal data (for example, in order to provide you with marketing and communications material).
3. SOURCES OF PERSONAL DATA
Your Personal Data is primarily provided to us directly by you (for example, through the contact form on our website, through emails you send or through verbal information). From time to time, we may receive Personal Data about you from third parties, for example other clients and business partners.
In some circumstances, your Personal Data may be collected indirectly for example, via telephone logs and recordings and email and Internet access logs, if and to the extent permitted by applicable laws.
4. THIRD PARTY RECIPIENTS OF YOUR PERSONAL DATA
We may disclose your Personal Data, where permitted by applicable law and on a need-to-know basis, to entities within the Comgest Group, our relevant service providers and/or other third parties including:
- Entities within the Comgest Group (Client Relationship Management administrator, teams in charge of Investor Relations, Marketing and Reporting, System administrators, Compliance, Legal, Information Technology and Audit teams);
- To companies that assist us in marketing or client servicing;
- To third parties, providing us with IT services, such as hosting, supporting and maintaining our systems or website;
- To regulatory authorities, Comgest’s insurers, IT administrators, lawyers, auditors, consultants and other professional advisors;
- To companies that help us maintain, process or service your transactions or account(s), including companies that perform administrative, accounting, transfer agency, custodial or brokerage services for us.
Where these third parties act as a data processor they carry out their tasks on our behalf and upon our instructions for the abovementioned purposes.
5. WILL COMGEST TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EU/EEA?
We may share your data within the Comgest Group or with vendors, as indicated above, where necessary to provide you with our services. We will ensure that your personal data is treated securely and in accordance with this Policy and any applicable privacy rules.
Transfers of Personal Data in accordance with this Section 5 are based on the same legal grounds as applicable for the respective purposes of processing as set forth in Sections 1 and 2 above.
6. WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have a number of rights in relation to your Personal Data, which are set out below.
- The right to request access to Personal Data that Comgest maintains about you, as well as the right to request rectification of any Personal Data that is inaccurate, incorrect or incomplete;
- The right to erasure of your Personal Data under specific circumstances;
- The right to restrict our processing of your Personal Data (that is, allow only its storage) under specific circumstances; where your Personal Data is subject to restriction, we will only process it with your consent or for the establishment, exercise or defense of legal claims or for regulatory purposes;
- In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by clicking the ‘Manage my Subscriptions/Unsubscribe’ link in any communication you receive, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to object to processing:
- When the processing is made for direct marketing purposes, you have a right to object to that processing at any time. If you object, Personal Data must no longer be processed for such purposes.
- When the processing is based on legitimate interest grounds, you also have the right to object to that processing at any time. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the Personal Data for the establishment, exercise or defense of legal claims.
To exercise any of these rights, please contact us at email@example.com.
7. HOW SECURE IS THE PERSONAL DATA YOU PROVIDE?
We implement physical, technical and administrative security standards designed to protect your Personal Data from loss, misuse, alteration, unauthorized access, destruction or damage.
We take steps to limit access to your Personal Data to those individuals who need to have access to it for one of the purposes listed in Section 1.
However, no Internet transmission is ever fully secure or error free. In particular, Personal Data sent using email or our website (e.g., via the contact form) may not be secure. You should take special care before deciding to send us information via email or our website.
8. FOR HOW LONG DOES COMGEST RETAIN YOUR PERSONAL DATA?
We retain your Personal Data for no longer than is necessary for the purposes for which the Personal Data are processed, which will in many cases be for the period during which we have a business relationship with you. We may retain your Personal Data for longer periods of time corresponding to:
- regulatory requirements,
- a statute of limitation,
- to establish, exercise or defend legal claims, or
- as otherwise permitted or required by law.
This is done to ensure that we have an accurate record of your dealings with us in the event of any complaints or claims, or where we are required to do so in accordance with legal, tax and/or accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request.
9. ADDITIONAL TERMS
A. For data collected in the EU and/or collected by Comgest European entities2
- Will Comgest transfer your personal data outside of the EU/EEA?
- Some Comgest Group entities or vendors may be located outside the EU/EEA in countries which do not offer the same level of protection to your Personal Data. For transfers to Comgest group entities as well as third parties located outside the EU/EEA, we will take steps to ensure that your personal information receives the same level of protection as if it remained within the EU/EEA. We will do this by using the European Commission approved Standard Contractual Clauses, by relying on certification schemes such as the EU - US Privacy Shield or by applying other valid mechanisms for transfers.
- For transfers outside of the EU/EEA, you have a right to obtain further information including details of the mechanism under which your personal information is transferred outside of the EU/EEA by contacting us at firstname.lastname@example.org.
- What are your additional rights with respect to your personal data?
- For personal data collected in the EU/EEA and/or collected by Comgest European entities, you have the right to receive all such Personal Data which you have provided to Comgest in a structured, commonly used and machine-readable format, and also to require us to transmit it to a third party where this is technically feasible and under specific circumstances;
- You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your Personal Data infringes applicable law. For instance, the French supervisory authority may be contacted at https://www.cnil.fr/fr/agir or by regular mail at CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 Paris – Cedex 07. A list of the other European data protection supervisory authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
The policy we have outlined here is current as of 17 January 2020, but Comgest reserves the right to amend this policy at its discretion.
1This communication is provided by the Comgest entities including Comgest S.A., Comgest Asset Management International Ltd and its representative office in the UK, Comgest Deutschland GmbH and Comgest Benelux B.V., Comgest Far East Ltd, Comgest Asset Management Japan Ltd, Comgest Singapore Pte Ltd and Comgest US LLC.
2Comgest European entities includes Comgest S.A., Comgest Asset Management International Ltd and its representative office in the UK, Comgest Deutschland GmbH and Comgest Benelux B.V.
Last update: 17-Jan-2020
©All rights reserved.