Data protection policy
1. Legal Framework
In accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and any law, circular or regulation in the context of GDPR, personal data may be processed by the Manco, the undertakings for collective investment in transferable securities that it manages (“Funds”) and their service providers, when relevant.
In the case of Funds organised as investment companies with variable share capital (“SICAV”), the Manco will act as joint data controller together with the relevant UCITS.
The following information must, in accordance with articles 13 and 14 of GDPR be provided by the data controller to Data Subjects.
Data Subjects should be understood as identified or identifiable natural persons whose personal data is processed by the Funds or by the Manco such as the investors of the Funds, their ultimate beneficial owners, directors, agents, authorised representatives, their designated contact persons (the “Investors”) as well as the ultimate beneficial owners, directors, agents, authorised representatives, designated contact persons of the portfolio investments of the relevant Fund (together with the Investors, the “Data Subjects”).
2. General Requirements
2.1 Who are the data controller(s) and who to contact?
For SICAVs, the relevant Fund together with the Manco act as joint data controllers, determining the purpose and means of processing.
The data controller(s) collect, store and process by electronic or other means the personal data supplied by the Data Subjects, for the purpose of fulfilling the services related to an investment in the relevant Fund by the Investors or in relation to the investment in the portfolio investments by the relevant Fund and to comply with their legal obligations and specifically in compliance with the provisions of GDPR.
Ganado SARL has been appointed as data protection officer. Data Subjects who wish to contact the data protection officer should contact:
In writing at the following address:
15A, boulevard Grande-Duchesse Charlotte
Grand Duchy of Luxembourg
Att: Data protection team
Data Subjects who wish to contact the data controller(s) should contact:
In writing at the following address:
19, Rue de Bitbourg
Grand Duchy of Luxembourg
Att: Santander Asset Management Luxembourg S.A.
2.2 What kind of personal data is processed?
Personal data includes, but it is not limited to, the name, address, passport or identification card details, bank account details, granted amount and financial situation of each Data Subject.
In particular the data processed includes:
• identification data (e.g. name, date of birth, place of birth, gender, marital status, e-mail, postal address, telephone number, country of residence, passport, identity card, tax identification number and bank account details);
• contact details of the Data Subjects;
• source of wealth; and
• any other information provided by the Data Subjects when carrying out the services for them.
2.3 How do we receive your personal data and recipients and categories of information?
Certain personal data shall be collected, recorded, stored, adapted, transferred or otherwise processed.
The data processed is received through the business relationship with the Data Subject. The Funds receive the data either directly from the Data Subject or through the service providers.
The following parties may have access to the data:
• The Funds;
• The Manco;
• Santander Asset Management UK LTD;
• J.P. Morgan Bank Luxembourg S.A.;
• Deloitte S.A.
• J.P. Morgan Chase Bank, N.A.;
• J.P. Morgan Bank (Ireland) plc;
• J.P. Morgan Europe Limited;
• J.P. Morgan Services India Private Limited;
• Santander Asset Management LLC,
• Santander Pensiones SA EGFP;
• Santander Asset Management SA SGIIC and its branches;
• Santander Rio Asset Management Gerente de Fondos Comunes de Inversión SA;
• SAM Brasil Participacoes SA;
• Santander Brasil Asset Management Distribuidora de Titulos e Valores Mobiliarios SA;
• Santander Brasil Gestao de Recursos Ltda;
• SAM Asset Management SA de CV;
• Sociedad Operadora de Sociedades de Inversión;
• Santander Asset Management S.A. AGF;
• Santander Asset Management UK Ltd;
• Santander Asset Management UK Holdings Limited;
• SAM UK Investment Holdings Limited;
• SAM Investment Holdings Limited and its branches;
• Banco Santander SA and any of its affiliates worldwide; and
• any entity or platform engaged in the offering or distribution of the Funds.
Any affiliates or delegates of the foregoing, the employees of those entities, the appointed legal and professional advisers of those entities in connection with the operations of the Funds.
The data controller(s) may sub-contract to another entity (such as the service providers) the processing of personal data. The service providers may also engage sub-processors.
When the data controller(s) use processors (such as the service providers), the data controller(s) shall ensure that such processors provide sufficient guarantees to implement appropriate technical and organisational measures and that such processing on behalf of the data controller(s) meet the requirements of GDPR and ensure the protection of the rights of the Data Subjects.
When information is not collected directly from the Data Subject, the latter shall ensure to inform any other Data Subject about processing of its personal data and their related rights. The Data Subject shall transfer the information described in this privacy notice to the relevant Data Subject so they can properly exercise their rights.
3. For which purposes do we process your personal data?
3.1 For the purposes of a contractual obligation
We process your personal data in relation to your investment in the relevant Fund. The information required is necessary for you to make an investment in the relevant Fund. In this regard personal data may be processed for the following purposes:
• maintaining the register of shareholders/unitholders;
• processing subscriptions and redemptions of shares/units and payments of distributions to shareholders/unitholders; and
• maintaining controls in respect of late trading and market timing practices.
We process your personal data in relation to the relevant Fund acquiring the portfolio investments
3.2 For compliance with laws and regulations
The Funds, the Manco, the service providers and any of their affiliates are subject to various legal obligations pursuant to statutory (e.g. laws of the financial sector, anti-money laundering and combating the financing of terrorism laws, tax laws) and regulatory requirements.
This covers our processing of your personal data for compliance with applicable laws such as the applicable legislation on know-your-Customer (“KYC”) and anti-money laundering and combating the financing of terrorism (“AML/CFT”), compliance with requests from or requirements of local or foreign regulatory enforcement authorities, tax identification and reporting (where appropriate) notably under Council Directive 2011/16/EU on administrative cooperation in the field of taxation (as amended by Council Directive 2014/107/EU), the OECD’s standard for automatic exchange of financial account information commonly referred to as the Common Reporting Standard, for Foreign Account Tax and Compliance Act purposes, for the automatic exchange of information and any other exchange of information regime to which we may be subject to from time to time.
Your personal data may be shared with Luxembourg tax authorities (or service providers for the purpose of effecting the reporting) and may be forwarded by the latter to foreign tax authorities (failure to provide correct information to us or to respond may result in incorrect or double reporting).
3.3 For how long do we keep your personal data
Your personal data will be kept in a form which permits its identification for the duration of the investment in the relevant Fund and for the length of time required by applicable law. Luxembourg laws relating to KYC and AML/CFT requires that documents be retained for a period of five (5) or ten (10) years (depending of the specific processing) after the relationship has come to an end and as advisable in light of an applicable statute of limitations.
3.4 Automated decision making
Data Subjects should note that the personal data shall not be used for direct marketing nor profiling or automated decision making.
4. Rights of the Data Subject
Each Data Subject has:
a) a right to access his/her personal information processed by or on behalf of the data controller(s). Data Subjects should send their requests as set out in section 2.1;
b) a right to have his/her personal data rectified if they are incorrect or incomplete;
c) a right to request the erasure (right to be forgotten) of his/her personal data in accordance with the provisions of article 17 of the GDPR including in the following situations (i) where the personal data is no longer necessary in relation to the Investor’s subscription in the relevant Fund or the portfolio investments of the relevant Fund, and (ii) the Data Subject objects to the processing of its personal data and there are no overriding legitimate grounds for the processing, and (iii) where the data has been unlawfully processed;
d) a right to request a restriction of the processing in accordance with the provisions of Article 18 of the GDPR;
e) a right to lodge a complaint with the Luxembourg Commission Nationale pour la Protection des Données (“CNPD”) or the relevant authority of the Member State in which the Data Subject resides or works in accordance with the provisions of Article 77 of the GDPR; and
f) a right to receive the personal data concerning him or her or to request that it be transmitted to another data controller, when feasible, in accordance with the provisions of article 20 of GDPR.
To make any of the above requests you need to put the request in writing addressing it as set out in section 2.1 of this notice.
5. Transfer of data outside European Economic Area
Personal data of the Data Subjects may be processed by the service providers or their sub-processors in accordance with the permitted purposes as set out in the offering document of the Funds, including where such authorised entities are located outside Luxembourg or in jurisdictions where confidentiality and personal data protection laws might not exist or be of a lower standard than in the European Union. In this case appropriate or suitable safeguards will be put in place. Data Subject may obtain a copy of the same at the registered address of the Funds.
6. Additional information
The Funds or the Manco may request the Data Subject to provide additional or updated identification documents from time to time pursuant to on-going client due diligence requirements under relevant laws, regulations and circulars, and Data Subjects shall comply with such requests. Data Subjects should note that the data processed may be obtained from, the service providers, or from public registers, when available. Data Subjects should be aware that the information provided here above may be subject to changes.