1.1 Santander Asset Management UK Limited ("SAM", "we", "us" or "our") (office address at Floor 6, 2 Triton Square, London NW1 3AN) collects and uses certain Personal Data from the directors, officers, employees and/or beneficial owners of its clients, entities with whom it enters, or may enter, into financial transactions and other parties to which it contracts, or may contract, with for the provision of services and from visitors to its website at www.santanderassetmanagement.co.uk (the "SAM Website"), each referred to within this statement as "you" or "your". SAM is responsible for using your Personal Data in compliance with data protection laws.
1.2 This statement sets out how SAM handles your Personal Data when you apply for or receive our products and services, commence a trading relationship with us or visit the SAM Website, including when and why Personal Data is collected, used and disclosed.
1.3 For the purposes of this statement, "Personal Data" means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
1.4 SAM is the data controller in respect of your Personal Data, which means that we are the entity responsible for determining the purposes and means of processing your Personal Data. You will find contact details of our Data Protection Officer at the end of this statement, which you can use if you have any questions about this statement, including how to access or update your Personal Data or to make a complaint.
1.5 This statement may change from time to time, and you can remain up-to-date with such changes by reviewing this statement on the SAM Website.
2 The types of Data we collect and use
2.1 Information that you provide to SAM
This includes information about you that you provide to us during any application or on-boarding process. The nature of the products, services or relationship you are requesting or the service you are providing will determine the specific Personal Data we might ask for, though such information may include (by way of a non-exhaustive list): your name; job title; company name; company email address; business phone number; business address; city; postcode; country.
2.2 Information that we collect or generate about you
2.3 Monitoring of communications
Subject to applicable laws, SAM may monitor and record your calls and emails or other communications relating to our dealings with you. We will do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities associated with the service we provide for these reasons.
This is justified by our legitimate interests or our legal obligations.
2.4 Anonymised data
Information we collect about you may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data to conduct research and analysis including to produce statistical research and reports.
3 How we use your Personal Data – the legal basis and purposes
SAM will process your Personal Data:
3.1 As necessary to perform the contract with you for the relevant service, for example:
- to take steps at your request prior to entering into it;
- to decide whether to enter into it;
- to manage and perform that contract; and
- to update our records.
3.2 As necessary for our own legitimate interests or those of other persons and organisations, for example:
- for good governance, accounting, managing and auditing our business operations;
- to monitor emails, calls, other communications, and activities related to provision of a service;
- for market research, analysis and developing statistics; and
- to send marketing communications on corporate services.
3.3 As necessary to comply with a legal obligation, for example:
- when you exercise your rights under data protection law and make requests;
- for compliance with legal and regulatory requirements and related disclosures;
- for establishment and defence of legal rights;
- for activities relating to the prevention, detection and investigation of crime (including market abuse, bribery, corruption and tax evasion) to verify your identity, make credit, fraud prevention, and Know Your Client (“KYC”) and Anti-Money Laundering (“AML”) checks including screening against government, supranational bodies (including but not limited to the UK, European Union and
the United Nations Security Council) and/or law enforcement agency sanctions lists, as well as internal sanctions lists and other legal restrictions; and
- to monitor emails, calls, other communications, and activities in relation to the service we provide.
3.4 Based on your consent, for example:
- when you request us to disclose your Personal Data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot provide the service or do certain things for you.
4 Disclosure of your information to third parties
4.1 We may share your Personal Data within the Santander group of companies (which includes Banco Santander, S.A. and its subsidiaries (the "Santander Group")) for the purposes described above and for services which they provide to us. For example this may include data back-up and server hosting services or provision and maintenance of IT software.
4.2 We may also share your Personal Data outside of the Santander Group for the following purposes:
- with our business partners. For example, this could include our partners from whom you or your company or your organisation receive SAM products or services. Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- with third-party agents and contractors for the purposes of providing our services to you (for example, SAM’s accountants, professional advisors, IT and communications providers). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this statement;
- to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights;
- to credit reference agencies, anti-fraud services or any relevant party in connection with AML/KYC requirements;
- if we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes;
- if we are acquired by a third-party, in which case the Personal Data held by us about you will be disclosed to the third-party buyer;
Anywhere else where you have consented.
5 International transfers of Personal Data
5.1 SAM is a global business which means that we may transfer your Personal Data to locations outside of your country, including outside of the UK and European Economic Area ("EEA").
5.2 While some countries have adequate protections for Personal Data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection.
5.3 You can obtain more details of the protection given to your Personal Data when it is transferred outside the UK and Europe by contacting us as described in section 9 below.
6 Automated decision making and processing
6.1 Automated decision making involves processing your Personal Data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests or behaviour. SAM does not undertake automated decision making or processing.
7 How long we keep your Personal Data
7.1 How long we will hold your Personal Data for will vary and will be determined by (I) the purpose for which we are using it – SAM will need to keep the data for as long as is necessary for that purpose and (II) for compliance with any legal or regulatory obligations to which we are subject – laws or regulation may set a minimum period for which we have to keep your Personal Data; and (III) for as long as legal claims can be brought and defended.
8 Your rights
8.1 You have a number of rights under Data Protection legislation. If we hold Personal Data about you then your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):
- The right to be informed about our processing of your Personal Data;
- The right to have your Personal Data corrected if it’s inaccurate and to have incomplete Personal Data completed;
- The right to object to processing of your Personal Data;
- The right to restrict processing of your Personal Data;
- The right to have your Personal Data erased (the “right to be forgotten”);
- The right to request access to your Personal Data and information about how we process it;
- The right to move, copy or transfer your Personal Data (“data portability”); and
- Rights in relation to automated decision making including profiling.
8.2 For more information, or to exercise your rights, you can contact us using the details listed in section 9 below.
9 Questions and concerns
If you have any questions or concerns about SAM’s handling of your Personal Data, or about this statement, please contact our Data Protection Officer using the following contact information:
Address: SAM UK Data Protection Officer, Santander UK plc, Santander House, 201 Grafton Gate, East Milton Keynes MK9 1AN
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive, you have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk