1.1 Santander Asset Management UK Limited ("SAM", "we", "us" or "our") (registered office at 287 St Vincent Street, Glasgow, G2 5NB) collects and uses certain Personal Data from the directors and staff of its institutional clients and entities with whom it enters into financial transactions, as well as from visitors to its website at www.santanderassetmanagement.co.uk (the "SAM Website"), each referred to within this document as "you" or "your". SAM is responsible for ensuring that it uses your Personal Data in compliance with data protection laws.
1.2 This statement sets out how SAM handles your Personal Data when you apply for or receive our products and services, commence a trading relationship with us or visit the SAM Website, including when and why Personal Data is collected, used and disclosed.
1.3 For the purposes of this statement, "Personal Data" means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
1.4 SAM is the data controller in respect of your Personal Data, which means that we are the entity responsible for determining the purposes and means of processing your Personal Data. You will find contact details of our Data Protection Officer at the end of this statement, which you can use if you have any questions about this statement, including how to access or update your Personal Data or to make a complaint.
1.5 This statement may change from time to time, and you can remain up-to-date with such changes by reviewing this statement on the SAM Website.
2 The types of Data we collect and use
2.1 Information that you provide to SAM.
This includes information about you that you provide to us during any application or on-boarding process. The nature of the products, services or relationship you are requesting will determine the specific Personal Data we might ask for, though such information may include (by way of a non-exhaustive list): your name; job title; company name; company email address; business phone number; business address; city; postcode; country.
2.2 Information that we collect or generate about you.
We may automatically collect information when you visit the SAM Website which could constitute Personal Data, such as your IP address, the pages you visit on the SAM website and the date of your visit.
2.3 Monitoring of communications
Subject to applicable laws, SAM may monitor and record your calls and emails or other communications relating to our dealings with you. We will do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities associated with the service we provide for these reasons. This is justified by our legitimate interests or our legal obligations.
2.4 Anonymised data
Information we collect about you may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We may use this data to conduct research and analysis including to produce statistical research and reports.
3 How we use your Personal Data – the legal basis and purposes
SAM will process your Personal Data:
3.1 As necessary to perform the contract with you for the relevant service, for example:
- to take steps at your request prior to entering into it;
- to decide whether to enter into it;
- to manage and perform that contract; and
- to update our records.
3.2 As necessary for our own legitimate interests or those of other persons and organisations, for example:
- for good governance, accounting, managing and auditing our business operations;
- to monitor emails, calls, other communications, and activities related to provision of a service;
- for market research, analysis and developing statistics; and
- to send marketing communications on corporate services.
3.3 As necessary to comply with a legal obligation, for example:
- when you exercise your rights under data protection law and make requests;
- for compliance with legal and regulatory requirements and related disclosures;
- for establishment and defence of legal rights;
- for activities relating to the prevention, detection and investigation of crime;
- to verify your identity, make credit, fraud prevention and anti-money laundering checks; and
- to monitor emails, calls, other communications, and activities in relation to the service we provide.
3.4 Based on your consent, for example:
- when you request us to disclose your Personal Data to other people or organisations such as a companyhandling a claim on your behalf, or otherwise agree to disclosures.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot provide the service or do certain things for you.
4 Disclosure of your information to third parties
4.1 We may share your Personal Data within the Santander group of companies (which includes Banco Santander, S.A. and its subsidiaries (the "Santander Group")) for the purposes described above and for services which they provide to us. For example this may include data back-up and server hosting services or provision and maintenance of IT software.
4.2 We may also share your Personal Data outside of the Santander Group for the following purposes:
- with our business partners. For example, this could include our partners from whom you or your company or your organisation receive SAM products or services. Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
- with third-party agents and contractors for the purposes of providing our services to you (for example, SAM’s accountants, professional advisors, IT and communications providers). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this statement;
- to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights;
- if we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes;
- if we are acquired by a third-party, in which case the Personal Data held by us about you will be disclosed to the third-party buyer;
Anyone else where you have consented.
5 International transfers of Personal Data
5.1 SAM is a global business which means that we may transfer your Personal Data to locations outside of your country, including outside of the European Economic Area ("EEA").
5.2 While some countries have adequate protections for Personal Data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. This may be done in one of the following ways:
- the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances where the law permits us to otherwise transfer your Personal Data outside Europe.
5.3 You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe by contacting us as described in section 9 below.
6 Automated decision making and processing
6.1 Automated decision making involves processing your Personal Data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests or behaviour. SAM does not undertake automated decision making or processing.
7 How long we keep your Personal Data
7.1 How long we will hold your Personal Data for will vary and will be determined by (i) the purpose for which we are using it – SAM will need to keep the data for as long as is necessary for that purpose and (ii) for compliance with any legal or regulatory obligations to which we are subject – laws or regulation may set a minimum period for which we have to keep your Personal Data.
8 Your rights
8.1 You have a number of rights under Data Protection legislation. If we hold Personal Data about you then your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):
- The right to be informed about our processing of your Personal Data;
- The right to have your Personal Data corrected if it’s inaccurate and to have incomplete Personal Data completed;
- The right to object to processing of your Personal Data;
- The right to restrict processing of your Personal Data;
- The right to have your Personal Data erased (the “right to be forgotten”);
- The right to request access to your Personal Data and information about how we process it;
- The right to move, copy or transfer your Personal Data (“data portability”); and
- Rights in relation to automated decision making including profiling.
8.2 For more information, or to exercise your rights, you can contact us using the details listed in section 9 below.
9 Questions and concerns
If you have any questions or concerns about SAM’s handling of your Personal Data, or about this statement, please contact our Data Protection Officer using the following contact information:
Address: Data Protection Officer, Santander Asset Management UK Limited, 287 St Vincent Street, Glasgow, G2 5NB
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive, you have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law. Further information is available from www.ico.org.uk