This Privacy Notice applies to all individuals located in the European Economic Area (“EEA”) who are connected to any institutional investor or prospective institutional investor which does or may invest in any strategy or fund managed or advised by our affiliate, Epoch Investment Partners, Inc. (“Epoch”), and any individual located in the EEA with whom Epoch has an indirect relationship, whose data are processed by Epoch Investment Partners UK, Ltd (“Epoch UK”) in accordance with the EU General Data Protection Regulation 2016.
In this Policy, the words “you” and “your” mean any such individual or client representative, including prospective clients, as described above. Any reference to “we”, “us”, “our” or “they” refers to Epoch UK.
We have always regarded the need for the protection, privacy and confidentiality of the personal information (as defined in section 2 below) of our clients and prospective clients as an important and fundamental operating requirement. This Privacy Notice provides descriptions that support our obligations under the General Data Protection Regulation (the “GDPR”) by explaining when and why we collect Personal Information about those individuals, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice and GDPR generally. If you have any questions about this Privacy Notice or how we handle your Personal Information, please contact:
Data Protection Officer
Epoch Investment Partners UK, Ltd
60 Threadneedle Street, London
You have the right to make a complaint at any time if you feel the processing of your Personal Information infringes the GDPR. You can raise your concerns with the DPO (above) or with the UK data protection authority, the Information Commissioner’s Office.
2. Key definitions
“Personal Information” means any personal data or details from which a living individual may be directly or indirectly identified whether on its own or in conjunction with any other information we may have or be able to access (e.g., from you directly and/or obtained from others within or outside the Bank).
Examples of the categories of Personal Information we may process include:
- Demographic Information (e.g., name, address, phone number(s), age/date of birth and other contact information)
- Personal Identification Numbers (e.g., Driver’s License, National Insurance, Social Security Number, Tax identification)
“Process” or “processing” means any operation or set of operations which is performed on Personal Information (or sets of Personal Information), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, obtaining, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Data Controllers
As a data controller, Epoch UK is accountable and has an obligation to ensure that it processes your Personal Information in compliance with UK data protection law. This means that your Personal Information must be:
- Processed fairly, lawfully and in a transparent way;
- Collected only for specified, explicit and legitimate purposes that are clearly explained to you and not used in any way that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- Accurate and up to date;
- Not kept for longer than is necessary for the purposes explained to you;
- Processed in line with your rights;
- Kept securely; and
- Not transferred to other countries outside the EEA without adequate
Your relationship with us includes our co-ordination of the relationship between us and your company and the resulting processing of your Personal Information, and the collection and sharing of your Personal Information with our sister company, Epoch, and certain affiliated companies for the application for and management of financial services provided by us and the creation, administration and termination of the terms and conditions of these services.
It includes the administration of legislative programs such as fulfilling regulatory requirements, and tax and other statutory regulations.
4. How will we collect and what will be our legal ground for using your Personal Information?
During your relationship with us, we will collect and process your Personal Information as outlined in this Privacy Notice or as otherwise notified to you.
You will be the primary source for your Personal Information, for example via an application, subscription, or other forms/material provided by you, but it may also be necessary to collect information from third parties such as cookies. In this Privacy Notice, at or before the time of collection, we explain how we intend to use your Personal Information and the legal ground for processing (e.g., legal obligation we are subject to, legitimate interest we have or consent). For each type of processing where we are relying on Epoch and Epoch UK’s legitimate interests, we will list out such interests. For processing requiring your consent, we will provide you with details of the Personal Information we would like and the reason for collecting it, so that you can carefully consider whether you wish to consent.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact your relationship manager or client service representative. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose, or purposes, you originally agreed to, unless we have another legitimate basis for doing so in law.
We may process your Personal Information on other grounds in limited circumstances, in particular without your knowledge or consent:
- Where we need to protect your interests (or someone else’s interests);
- Where it is needed in the public interest or for official purposes;
- For an emergency that threatens an individual’s life, health or security, including your own;
- If knowledge would compromise the availability or accuracy of the Information and collection is required to investigate a breach of the Guidelines of Conduct or contravention of European law;
- If it is publicly available (such as name, address and telephone number of a subscriber in a telephone directory);
- If we have reasonable grounds to believe the Information could be useful when investigating a contravention of a European or foreign law and the information is used for that investigation.
5. Purposes of processing your Personal Information
We will process your Personal Information, including disclosure to third parties or other entities within Epoch or Epoch UK, for any of the following legitimate business and necessary purposes:
- To administer the client relationship, on the basis of legitimate interests;
- To comply with any legal or regulatory requirement or request or administer legislative obligations, on the basis of legal obligation;
- To assist with, manage and improve the operations, including security, of the Epoch entities enterprise-wide, on the basis of Epoch UK’s legitimate and necessary interest of data management and security;
- Liaise with appropriate third party suppliers, on the basis of Epoch UK’s legitimate and necessary interest of operational efficiency; and,
- Undertake business management and planning, on the basis of Epoch UK’s legitimate and necessary interest of operational efficiency.
- Ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, fraud and other security breaches, on the basis of Epoch UK’s legitimate and necessary interest of the prevention of crime and fraud and ensure the security of Epoch UK’s systems and further improve its service.
Some of the above purposes for processing will overlap and there may be several purposes which justify our use of your Personal Information.
We will only use your Personal Information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Sharing your Personal Information
We may share your Personal Information with our affiliates (as many of our processes are centralised) and with third parties, where it is necessary for the purpose for which it was collected or where we have another legitimate interest in doing so.
However, we may be required by law to share your Personal Information, including with any regulatory or other governmental organisation, either in Europe or in any jurisdiction in which we operate due to the nature of our specific business in that regulator’s jurisdiction. Where reasonable to do so, and subject to the exceptions set out in this Policy, we will use all reasonable endeavours to notify you prior to sharing Information with third parties and to explain why we are doing so.
We will never rent or sell your Personal Information.
We may transfer your data to countries outside the European Economic Area (“EEA”), for example, to our sister company located in the USA. Countries such as this may not have similar data protection laws to Europe. If the data is going to jurisdictions outside the EEA which are not considered to have the same level of data protection as the EEA, other measures are used to protect your Personal Information to the same level, such as the European Commission’s Standard Contractual Clauses.
By providing your Personal Information, you are acknowledging that this transfer, storing or processing may take place. If we transfer your information outside of the EEA, we will take steps to help ensure that appropriate measures are taken to protect your privacy rights, as outlined in this Privacy Notice. You can request more information about any such measures taken from the DPO.
7. Automated Decision Making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
8. Protection of your Personal Information
We have in place a number of technical and organization measures to protect our systems and your Personal Information. These include but are not limited to:
- Personal Information is only accessible by a limited number of relevant staff bound by duties of confidentiality;
- All electronic information is held on systems that incorporate firewalls, password- controlled access and virus protection procedures; and
- We audit our procedures and security measures regularly to help ensure that they are being properly administered and that they remain effective and appropriate to the sensitivity of the information.
We keep your Information for no longer than is necessary for the purpose(s) for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). When we no longer require your Personal Information, we will securely destroy and/or delete it from our systems as far as is reasonably and technically possible.
In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such Information without further notice to you.
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us, whether by informing your relationship manager or client service representative.
For your protection, you should not send confidential or Personal Information to us over the internet (e.g., email) or through any unsecured channel.
We have put in place procedures to manage any suspected data security breach and will notify you, and any applicable regulator, where we are legally required to do so.
9. What are your rights in connection with Personal Information?
Under certain circumstances, by law you have the right to:
- Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a set of the Personal Information we hold about you and to check that we are lawfully processing that Information. Please note that there are a number of legal reasons that entitle us to withhold your Personal Information from you, including but not limited to: references to other individuals; legal privilege; confidentiality; and in connection with legal disputes.
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no longer a purpose for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which may lead to you objecting to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
- Request the restriction of processing of your Personal Information in specific circumstances. This enables you to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Information to another party.
If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Personal Information, or request that we transfer a copy of your Personal Information to another party, please contact your relationship manager or the DPO.
You will not have to pay a fee to access your Personal Information or to exercise any of the other rights, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, in particular in relation to repetitive requests. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the Information or to exercise any of your other rights. This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.
10. Privacy Breaches and Complaints
If you are aware of, or are the victim of, a suspected privacy breach in connection to your relationship with us, you should immediately contact the DPO. All suspected privacy breaches are appropriately investigated and applicable corrective action is taken.
In addition, as set out above, you have the right to make a complaint at any time to your relationship manager or client service representative, your applicable data protection authority if you believe there has been any breach of data protection law or Epoch’s DPO.
11. Changes to this Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will notify you, whether directly or indirectly, for example via our privacy notice webpage or email signatures, when we make any substantial updates. We may also notify you in other ways about the processing of your Personal Information.
If you have any questions about this Privacy Notice, please contact David A. Barnett, Epoch’s Chief Compliance Officer at 399, Park Avenue, New York, NY 10022 or +1 212 303-7200, or alternatively, the DPO listed above.
Austria, Belgium, Bulgaria, Czech Republic, Cyprus, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom