PERSONAL DATA PROCESSING BY SUMITOMO MITSUI TRUST HOLDINGS
EFFECTIVE DATE: 25 MAY 2018
PURPOSE AND APPLICATION OF THIS NOTICE
Sumitomo Mitsui Trust Holdings ("SMTH", "we", or "us", or “our”) routinely collects and uses information relating to identifiable individuals (“personal data”), including data relating to:
- staff, managers, advisors, intermediaries and other representatives of our clients and prospective clients (“representatives”);
- the beneficial owners, shareholders, partners, officers and directors of our legal entity, partnership or fund clients and prospective clients;
- the settlors, trustees, beneficiaries and protectors of the trusts (or similar legal arrangements) to which we provide services or to which we may seek to provide services; and
- other persons affiliated or associated with our clients and prospective clients and their representatives.
We provide this fair processing notice ("notice") in accordance with our obligations under the European Union’s General Data Protection Regulations and other applicable data protection laws, and as part of our commitment to processing personal data transparently.
This notice applies to you if the SMTH entity or entities which contracts or seeks to contract with the entity, partnership, trust or fund that you own, represent, are employed by or are otherwise associated with is established in the European Union or Switzerland.
This notice provides information on:
- the SMTH entity or entities responsible for processing your personal data;
- the personal data we collect from you and from third parties about you;
- the purposes for which personal data is processed and our lawful basis for doing so;
- how your personal data is shared by us; and
- your rights in relation to our processing of your personal data, and how you can exercise these rights.
If you would like to contact us regarding the processing of your personal data, please contact firstname.lastname@example.org or at the following address: 155 Bishopsgate, London EC2M 3XU.
1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
The SMTH entity which contracts, or seeks to contract, with the entity, partnership, trust or fund that you own, represent, are employed by or are otherwise associated with will be a data controller of your personal data. In addition, where processing of personal data is undertaken by an entity controlled by, or under common control with, Sumitomo Mitsui Trust Holdings (a “SMTH affiliate”) for their own purposes, these affiliates may also be data controllers of your personal data.
This notice applies in conjunction with any other notices you receive from SMTH affiliates in connection with the processing of your personal data.
2. WHAT PERSONAL DATA DO WE PROCESS?
2.1. YOUR PERSONAL DATA
SMTH and SMTH affiliates will, depending on the relationship we have with you and the products and services we provide (or seek to provide), process certain personal data relating to you and people connected to you, including the data listed below:
A. PROFESSIONAL AND PERSONAL DETAILS – primarily we process your name, details of the client you are employed by,
represent, own or are otherwise associated with, your role at such client and your professional contact details. We may also process additional information in order to be able to liaise with you in connection with this role, such as information to identify you and evidence your authority to represent our client. If you are a trust beneficiary or a fund unit holder this may also include details enabling us to honour your rights, including eligibility to payments, under the terms of the relevant trust or fund.
B. INFORMATION USED FOR BACKGROUND CHECKS, MONITORING AND COMPLYING WITH LAWS AND REGULATIONS – if you are
a principal this may include date of birth, nationality, country of residence/domicile, documents required for anti-money laundering checks and monitoring (including a copy of your passport or national identity card), records of any required disclosures, and of restrictions on your ability to invest (such as any insider status or political exposure), and other details of your affiliations and/or of our relationship with you as necessary to enable us to meet applicable laws and regulations, including regulatory reporting requirements and identifying any conflicts of interest. Where required or authorised by applicable laws, this may involve processing data relating to any political affiliations you may have, as well as criminal convictions or allegations of offences.
C. RECORDS CONNECTED WITH PROVIDING PRODUCTS AND SERVICES TO OUR CLIENTS OR PROSPECTIVE CLIENTS – such as
notes from interactions, meetings and conversations that you have with us or our affiliates (including records of your instructions to us and, to the extent permitted or required by law, recordings of telephone calls), records of correspondence, and/or our brokerage, finan cial or other services made available electronically by SMTH to you and/or the SMTH client or prospective client you represent (including data transmitted by your browser and automatically recorded by our server). This also includes account details, records of agreements, payments, investments, trades and other transactions that contain your name or other personal data, and any identifiers that we or our affiliates assign to records associated with you.
In some cases we may obtain your personal data from SMTH affiliates or from third parties. Depending on the products and services we provide to you, this may include trade or transaction counterparts, credit reference agencies, public registers (such as beneficial ownership registers), financial crime screening databases, fraud prevention agencies, and persons or entities instructed by you to provide us with your personal data.
2.2. DATA RELATING TO THIRD PARTIES – RELEVANT TO PRINCIPALS
If you are a principal, in addition to processing data on your representatives, if any (as discussed in this notice), we may process personal data of persons connected to you but with whom SMTH does not directly communicate, such as dependants and family members. Before you provide data relating to third parties, you should ensure you are permitted to do so and provide them with the relevant information contained in this notice, and draw their attention in particular to the following:
A. SMTH and SMTH affiliates may process data such as family information, academic information, former employment history and references when provided to us. In some instances we may therefore receive personal data about and from third parties.
This may include recruitment agencies, financial crime screening databases, fraudprevention agencies, and persons or entities instructed by you to provide us with your personal data.
B. Where we process data revealing political opinions, religious beliefs or concerning sexual orientation, we process this data on the basis that it: (i) has manifestly been made public (to the extent this applies); or otherwise (ii) is on the basis that this processing is necessary for the purposes of carrying out our obligations and exercising our specific rights in the field of employment; or otherwise (iii) is on the basis that processing is necessary for reasons of substantial public interest on the basis of European Union or Member State law or on the basis of other applicable laws.
3. FOR WHAT PURPOSES AND ON WHICH LEGAL BASES DO WE PROCESS PERSONAL DATA?
3.1.PURPOsES FOR PROCESSING
SMTH and SMTH affiliates process your personal data for specific purposes and process only the personal data relevant for achieving that purpose. Depending on our relationship with you and the products and services that we are providing, we may process your personal data for the following purposes and for compatible purposes:
A. ACCOUNT OPENING – processing data about you that we require in connection with opening our client’s account, such as identity verification information. This may include review and processing application and account opening documents and,if you are a principal, conducting background prudential and regulatory compliance checks.
B. PROVIDING PRODUCTS AND SERVICES TO OUR CLIENTS OR PROSPECTIVE CLIENTS – processing personal data to ensure the proper provision of our products and services to our clients. This includes identity verification, transaction processing and keeping appro priate records and registers (such as documenting agreements and recording in structions).
C. MANAGING OUR RELATIONSHIP WITH OUR CLIENTS AND CONNECTED PARTIES – including compiling and utilising internal reports and notes, managing the client file, conducting risk reviews, allowing you to access our websites and secure online platforms and other technological services, and, where applicable, managing any agreement or arrangement between us and our clients and connected parties.
D. COMMUNICATING WITH YOU – processing data required to communicate with you in person, by telephone, mail and email (including issuing statements and reports), keep records of our communications with you, and manage any complaints.
E. CARRYING OUT OPERATIONAL AND ADMINISTRATIVE FUNCTIONS - including carrying out billing-related and payment administrtion, staff and access management, preparing business reports and accounts, operating information technology systems, archiving and backing up data, and transferring personal data.
F. HELPING US TO IMPROVE OUR PRODUCTS, SERVICES AND OPERATIONS – including conducing market research, analysis of client and prospective client preferences, transactions and market trends, evaluating potential new products and services, evaluating the effectiveness of our marketing, as well as testing new systems and upgrading existing systems. To the extent permitted by law, this may include monitoring emails and your use of our brokerage, financial or other services made available to you electronically by SMTH to assess, maintain and improve the quality of our services.
G. PRUDENTLY MANAGING OUR BUSINESS AND PROTECTING AND ENFORCING OUR RIGHTS – including assessing, monitoring and managing financial, reputational and other risk, conducting audits of our business, liaising with our regulator, protecting data used by our business and establishing, enforcing and defending against legal claims.
H. MARKETING – such as direct marketing of products and services that we think may be of interest to our clients or prospective clients, including on behalf of SMTH affiliates and strategic partners.
I. MEETING OUR LEGAL, REGULATORY AND COMPLIANCE OBLIGATIONS AND PREVENTING FINANCIAL CRIME – this includes performing prudential and regulatory compliance checks on an ongoing basis, account and transaction monitoring, transaction reporting, tax reporting, monitoring our management of client accounts and client interactions, making disclosures to, and complying with requests from public authorities, regulators, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud and other crime. To the extent permitted or required by law, this may include recording telephone conversations and monitoring emails and your use of our brokerage, financial or other services made available to you electronically by SMTH.
We may also process data for other purposes we notify to you from time to time.
3.2. LEGAL BASIS FOR PROCESSING
The personal data processing described in this notice may be:
A. necessary in order to comply with our legal obligations under certain laws; This applies to regulatory compliance checks referred to in part
A and I of section 3.1, record keeping described in part D of section 3.1, reporting and creation of accounts referred to in part E of section 3.1, business management and regulatory liaison activities referred to in part G of section 3.1, and the processing described in part I of section 3.1, in each case where carried out in respect of the relevant laws.
B. necessary for entry into, or performance of, a contract with you; or Where you act as an intermediary, this relates to processing to manage our agreement with you, referred to in part C of section 3.1.
C. necessary for the legitimate interest of SMTH or others, where these are not overridden by your interests or fundamental rights and freedoms (as described below); or
D. in limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we obtain from you from time to time)
The ‘legitimate interests’ referred to in section 3.2.C above are:
- the processing purposes described in sections 3.1.A to 3.1.I (inclusive) of this notice, to the extent the processing is not necessary in order to (i) comply with our legal obligations under certain laws or (ii) to enter into any contract with you and fulfil our obligations thereunder (for example, where you provide intermediary services);
- meeting and complying with our accountability requirements and regulatory obligations globally; and
- exercising our fundamental rights and freedoms, including our freedom to conduct a business and our right to property.
DATA RELATING TO POLITICAL OPINIONS
AND CRIMINAL CONVICTIONS AND OFFENCES
In addition, if you are a principal, we may:
A. process data revealing your political opinions as part of our anti-money laundering checks. We process this on the basis that you have manifestly made such data public (to the extent this applies) or on the basis that this processing is necessary for reasons of the substantial public interest in preventing financial crime; and
B. process personal data relating to criminal convictions and offences as authorised by applicable law.
In limited circumstances we may process any of the personal data we hold to the extent necessary to defend, establish and exercise legal claims.
4. YOUR CONSENT
To the extent SMTH is relying on your consent to process your personal data, you have the right to withdraw your consent to such processing at any time. You can do this by contacting email@example.com.
5. SHARING PERSONAL DATA, INCLUDING INTERNATIONAL TRANSFER
Due to the size and complexity of SMTH’s operations it is not possible to name each of our data recipients in this notice. However, SMTH only shares your personal data with the categories of data recipients listed below. Depending on our relationship with you, we may share your personal data with:
A. The SMTH client you represent;
B. SMTH affiliates,
C. external custodians and strategic partners to SMTH and SMTH affiliates;
D. payment recipients and providers, beneficiaries, account nominees, intermediaries, and correspondent and agent banks;
E. market counterparties, and parties interested in or assuming risk in connection with a transaction (such as issuers of investments), shareholders selling securities in any offering, co-managers, lead managers, underwriters, bookrunners, financial advisers or any other relevant agent or advisor, including any agent or advisor to any of the above;
F. swap or trade repositories, swap data repositories or global trade repositories (or similar facilities or institutions), and stock exchanges;
G. clearing houses, and clearing or settlement systems and specialised payment networks, companies or institutions such as SWIFT;
H. service providers who provide a service to or operate a system on behalf of SMTH or the institutions or entities referred to in this section 5 (including non-affiliated companies);
I. SMTH's lawyers, auditors and accountants and others providing professional advice;
J. relevant governmental, regulatory, supervisory, law enforcement, prosecuting, tax or similar authority or industry body under applicable laws or regulations of any relevant jurisdiction;
K. your agents, representatives and other persons acting on your behalf or to whom you instruct or authorise us to disclose your data;
L. with prospective purchasers and assignees in the event our business, or any part thereof, is sold or re-organised, or in the event that any product entered into with a client is sold, transferred or assigned in whole or in part;
M. any other person or entity SMTH reasonably thinks customary, necessary or advisable for the processing purposes described in this notice or to whom SMTH is obliged by applicable law or regulation to make the disclosure; and
N. to any other party where we have first obtained your prior consent.
Such data sharing may involve the transfer of personal data to any country in which SMTH or a SMTH affiliate conducts business or has a service provider or to other countries for law enforcement purposes (including, without limitation, Japan, the United States of America and other countries whose data privacy laws are not as stringent as those in effect in the United Kingdom, Switzerland or the European Union).
SMTH will ensure that appropriate safeguards are in place to protect your personal data and that transfer of your personal data is in compliance with applicable data protection laws. Where required by applicable data protection laws, SMTH has ensured that service providers (including other SMTH affiliates) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter. You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting firstname.lastname@example.org.
6. DIRECT MARKETING
You are entitled by law to object to the use of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. You can opt-out of receiving further any marketing emails by clicking the "unsubscribe" link in any such emails, or by contacting us at email@example.com or by writing to us at the address listed in section 8 below.
7. DATA SUBJECT RIGHTS
You are entitled by law to the following rights in respect of your personal data:
A. INFORMATION AND ACCESS: You have the right to be provided with certain information about SMTH's processing of your personal data and access to that data(subject to exceptions).
B. RECTIFICATION: If your personal data changes, we encourage you to inform us of the change. You have the right to require inaccurate or incomplete personal data to be updated or corrected.
C. ERASURE: You have the right to require that your data be erased in certain circumstances, including where it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data, or if we processed this data on the basis of your consent and you have since withdrawn this consent.
D. DATA PORTABILITY: Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right to have the data transferred to you or another controller in a structured, commonly used and machinereadable format, where this is technically feasible.
E. RIGHT TO OBJECT TO CERTAIN DATA PROCESSING: To the extent that SMTH is relying upon the lawful basis of legitimate interest to process your personal data, then you have the right to object to such processing, and SMTH must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where SMTH needs to process the data for the establishment, exercise or defence of legal claims. Normally, where SMTH relies upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
F. RIGHT TO RESTRICTION OF PROCESSING: You have the right to restrict SMTH's processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data. If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another person, or for reasons of important public interest.
G. RIGHT TO WITHDRAW CONSENT: To the extent that SMTH is relying upon your consent to process personal data, you have the right to withdraw such consent at any time. Please see section 4 of this notice.
H. COMPLAINT: You also have the right to lodge a complaint with a supervisory authority, in particular that in your European Member State of residence, where applicable.
If you wish to exercise any of these rights you may do so by sending an email to firstname.lastname@example.org. Alternatively you can send a written request to the SMTH entity with which you have a relationship, clearly marked "Individual Rights – GDPR", using the details for that entity in section 1 of this notice. The letter should be accompanied, in the case of a request for further information and/or access, by a copy of your passport or other valid means of identification. We may provide additional ways for you to exercise your rights from time to time.
8. RETENTION OF PERSONAL DATA
SMTH and SMTH affiliates retain personal data for varying time periods in order to assist us in complying with legal and regulatory obligations, to enable compliance with any requests made by regulators or other relevant authorities and agencies, to enable us to establish, exercise and defend legal rights and claims, and for other legitimate business reasons. SMTH and SMTH affiliates retain your personal data for the period of time required for the purposes for which it was collected or to comply with legal, regulatory and SMTH policy requirements. This will usually be the period of your relationship or contract with SMTH plus a period reflecting the length of time for which legal claims may be made following the termination of such relationship or contract. Data will be kept for a shorter or longer period of time if so required by law or a SMTH policy or if the data becomes subject to a legal hold (for example, following a communication from our regulator).
SMTH is committed to data security and we use appropriate technical and organisational measures to protect personal data. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
10. UPDATES TO THIS NOTICE
The information in this notice may change from time to time – for example, the categories of personal data that SMTH collects,
the purposes for which it is used and the ways in which it is shared may change. This notice may be updated from time to time.