CACEIS Investor Services Bank S.A. and its branches, affiliates and subsidiaries (“IS Group” or “IS Group entities”) respect strict privacy management protocols. We remain committed to proactively managing and protecting information on behalf of our clients, employees and shareholders. We are sharing our Privacy Notice which complies with the requirements set out by the European Union’s General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.
IS Group provides services to clients through a number of entities which are a part of IS Group. Depending on the location from where the services are provided, certain entities may be the Data Controller in relation to your personal data. For further information regarding the IS Group entities (as defined below) through which we operate, view our List of Entities.
If you have any questions about this Privacy Notice, please contact IS-DPO@caceis.com.
Privacy Notice
Collecting and using your information
IS Group processes personal data of employees, directors, officers, legal representatives, beneficial owners, trustees, settlors, signatories, shareholders of its clients and its service providers, including vendors and sub-custodians. If you are in one of the situations above, and if the organization that you are associated with in that role is a client or service provider of IS Group, your data may be transferred to IS Group in the context of its relationship with us. We will obtain your information from the organization you are associated with in the course of its relationship with us.
As the sole Data Controller, IS Group provides data subjects with the following:
Categories of data and purposes of processing
- Depending on the relationship we have with the organization(s) you are associated with, and the services we provide or receive, we will process your personal data for regulatory, administrative, technology and accounting purposes:
- to ensure and facilitate compliance with applicable laws and/or regulations;
- to determine eligibility for products and services;
- to perform anti-money laundering and counter-terrorist finance checks;
- to make enquiries with licensed credit reporting or fraud prevention agencies;
- to enable us to provide to the clients existing, new or enhanced services in connection with or arising out of, the client’s agreement(s) with us, or on the client’s instructions;
- to assess financial and credit risks, and generally in connection with the prudent risk management of IS Group and all IS Group entities;
- to administer and process the client’s account(s);
- to manage information technology and associated databases and processes in an efficient manner that minimizes service interruptions and delivers quality client services;
- to receive services from other entities of the IS Group in connection with any of the above purposes;
- to enable other entities in the IS Group to market or offer services to the client;
- to protect and enforce any property or other rights of the IS Group and or recover a debt; and
- to handle disputes, litigation or investigations;
- to confirm the identity and carry out background checks in relation to or in connection with the client;
- to fulfil obligations under any reporting agreement entered into with any applicable tax authority or revenue service(s) from time to time; and
- in connection with the reorganization, acquisition, merger or sale of any business or entity in the IS Group.
- Depending on the relationship we have with the organization(s) you are associated with, and the services we provide or receive, or for the purposes listed above, we process any information relating to you particularly names, address, date of birth, sex, contact details, email addresses, title, nationality, tax domicile, tax identification number (TIN), Politically Exposed Person (PEP) status, as detailed on your identification documents.
- We do not process special categories of data referred to in Article 9 of the GDPR, unless it is required through a legal obligation. The data we use may be directly provided by you or obtained from publicly available third parties. We do not use automated decision-making processes.
- We will use your information:
- for our legitimate business interests, namely to help us operate and improve our business and minimise any disruption to the services we may offer to our clients;
- to comply with legal and regulatory obligations; and
- to prevent and detect crime, or for reasons of public interest, or for the establishment, exercise or defence of legal claims or proceedings.
Recipients of personal data and cross-border transfers
We will not disclose your personal data to anyone outside the IS Group except:
- (i) to companies, entities or persons (including, without limitation, any service providers) located in any jurisdictions, that undertake any service or activity directly or indirectly for us or for any of our service providers which directly or indirectly assists or enables us to provide services to the client or for any other purpose listed in para 2.1(a)—(o), (ii) to any government or regulatory authorities, stock exchanges and clearing houses, or as otherwise required in accordance with applicable laws and regulations, (iii) to the other party of a joint account in connection with any of the client’s agreement(s) with us, or (iv) to any person the client nominates or appoints in writing as having authority to give authorised instructions under any of the client’s agreement(s) with us.
- As part of our relationship with the clients and service providers and in the context of the provision or receipt of services, it may be necessary for us to send information to IS Group entities and branches located in Belgium, France, Ireland Jersey, Luxembourg, Malaysia, Switzerland and the United Kingdom.
- In case of cross-border transfers, we will implement appropriate measures to ensure that your personal information remains protected and secure, in accordance with applicable data protection and privacy laws. The measures include:
- in the case of transfers of personal information to outside the European Economic Area, entering into Standard Contractual Clauses. For further information, please contact IS-DPO@caceis.com.
- ensuring that the jurisdictions into which personal information is transferred have equivalent data protection legislation and requirements to those of the EU based on the European Commission’s adequacy decisions (such as Jersey, Switzerland and the United Kingdom).
- We will retain your information after the client’s/provider’s relationship is terminated, for as long as permitted for legal, regulatory, and fraud purposes.
Your rights
You have the right to:
- access your personal data,
- correct or delete your personal data,
- restrict processing concerning your data,
- object to the processing of your data,
- data portability, and
- file a complaint with your local supervisory authority
To exercise your rights, please contact IS-DPO@caceis.com.
Updates to the Privacy Notice
The information in this Privacy Notice may change and be updated periodically.