This webpage is comprised of the following privacy policies: (1) Privacy & Cookie Policy – General, which is the privacy policy applicable to clients, prospective clients, and website users; and (2) Privacy Policy – Employee and Contractor, which is the privacy policy applicable to our employees and contractors.
This Privacy & Cookie Policy (this “Policy”) sets out how Fisher Investments Luxembourg, Sàrl, trading as Fisher Investments Europe, and its branches (“Fisher Investments Europe”), uses information about natural people (“Individuals”). This includes:
For more information about Fisher Investments Europe, please see the Regulatory Information section at the bottom of Fisher Investments Europe’s websites.
Fisher Investments Europe is committed to privacy, and will only use information about identified or identifiable Individuals (“Personal Data”) in accordance with this Policy. This Policy applies to Fisher Investments Europe’s websites and all interactions of Fisher Investments Europe with Individuals resident in the European Economic Area (“EEA”).
Individuals can contact Fisher Investments Europe in relation to this Policy using the following details:
Fisher Investments Luxembourg, Sàrl,
trading as Fisher Investments Europe
Attn: Frank Nies, Data Protection Officer
2, rue Albert Borschette
L-1246 Luxembourg
privacy@fisherinvestments.lu
+1 650 851 3334
Fisher Investments Europe uses the following Personal Data for the following categories of Individuals:
a. Prospective clients, clients, and their representatives:
b. Website users:
c. Business contacts at service providers and vendors:
d. Individuals who agree to participate in market research:
a. Purposes and Lawful Bases
Fisher Investments Europe may use Personal Data for the following purposes, and upon the legal bases set out in the table below.
Purpose for which Fisher Investments Europe uses Personal Data |
Legal Basis upon which Fisher |
To assess suitability and design an investment strategy recommendation This includes providing financial analysis. |
Fisher Investments Europe can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party or to take steps at the request of the Individual prior to entering into a contract. Fisher Investments Europe can also use Health Data for this purpose where Individuals have consented to it. |
To provide discretionary investment management services |
Fisher Investments Europe can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party. In addition, in order to perform a contract to which a non-Individual client is a party, Fisher Investments Europe has a legitimate interest in using Personal Data (i.e. business contact information, including name, title, telephone number and email address) of representatives of such party. |
To verify identity |
Fisher Investments Europe can use Personal Data for this purpose where required to comply with AML Laws. |
To conduct sanctions and anti-money laundering checks Fisher Investments Europe uses name, date of birth and address to conduct sanctions checks, and anti-money laundering and anti-terrorist financing screens, which may reveal data concerning criminal convictions or offences. |
Fisher Investments Europe can use Personal Data for this purpose where required to comply with AML Laws. |
To offer third party products or services |
Fisher Investments Europe can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party or to take steps at the request of the Individual prior to entering into a contract. |
To record telephone calls |
Fisher Investments Europe can use Personal Data for this purpose where required to comply with MiFID II and CDR 2017/565 requirements. |
To carry out direct marketing This includes sending mail and emails to Individuals on lists rented from third party list vendors. It also includes following up and sending promotional material by email, phone or mail to Individuals who requested informational materials and ongoing insights on financial matters and investment management services. |
Fisher Investments Europe can use Personal Data for marketing to Individuals on lists where Individuals have consented to it. Fisher Investments Europe can use Personal Data for marketing to Individuals who requested informational materials and ongoing insights from Fisher Investments Europe where Individuals have consented to it. In addition, Fisher Investments Europe can use Personal Data for marketing to Individuals who previously requested informational materials from Fisher Investments Europe or its affiliates (collectively, the “Fisher Group”) because it is in Fisher Investments Europe’s legitimate interest to promote its business to such interested Individuals. This includes contacting representatives (using their business contact information, including name, title, telephone number and email address) at non-Individual prospective clients because it is in Fisher Investments Europe’s legitimate interest to promote its business to such non-Individual prospective clients. |
To optimise marketing This includes analysing website visits to Fisher Investments Europe’s websites and the number of clicks through the pages to request informational materials. It also includes using cookies to display Fisher Investments Europe’s online advertisements to individuals who may be more likely to be interested. |
Fisher Investments Europe does not collect or receive any Personal Data, including IP addresses, with its cookies. Fisher Investments Europe can use cookies for this purpose where Individuals have consented to them. |
To conduct market research This includes conducting market research to ask Individuals about their marketing, investment and servicing preferences. |
Fisher Investments Europe can use Personal Data for this purpose where Individuals have consented to it. |
To keep records |
Fisher Investments Europe can use Personal Data for this purpose to comply with applicable financial services laws and regulations (including, without limitation, MiFID II, CDR 2017/565 and laws and regulations of the Commission de Surveillance du Secteur Financier (“CSSF”)) (“Financial Services Laws”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and local laws implementing GDPR, AML Laws, and other applicable laws and regulations (collectively, “Applicable Law”). In addition, Fisher Investments Europe can use Personal Data for this purpose beyond the legally mandated record retention period because it is in Fisher Investments Europe’s legitimate interest to keep data for as long as the statute of limitations so that Fisher Investments Europe can enforce and defend its legal rights. |
To share data with regulators and law enforcement officials This includes sharing information with the CSSF, the National Data Protection Commission (“NDPC”), Luxembourg Inland Revenue, other applicable regulatory and law enforcement bodies, and similar authorities and bodies of the Fisher Group, as required. |
Fisher Investments Europe can use Personal Data for this purpose where required to comply with Applicable Law. |
To meet Fisher Investments Europe’s obligations under Applicable Law This includes reviewing Personal Data as Fisher Investments Europe carries out its conduct of business obligations, including monitoring the advice process, supervising its representatives, and carrying out its compliance plan. |
Fisher Investments Europe can use Personal Data for this purpose where required to comply with Applicable Law. |
To share data with courts and tribunals |
Fisher Investments Europe can use Personal Data for this purpose because it is in Fisher Investments Europe’s legitimate interests to enforce and defend its legal rights. |
To train internal staff |
Fisher Investments Europe can use Personal Data for this purpose because it is in Fisher Investments Europe’s legitimate interest to train its workforce to offer the best possible service. |
To engage with service providers and vendors This includes contacting business contacts at service providers and vendors using their business contact information, including name, title, telephone number and email address. |
Fisher Investments Europe can use Personal Data for this purpose for its legitimate interest in engaging with its service providers and vendors. |
To suppress Individuals from being contacted |
Fisher Investments Europe can use Personal Data for this purpose because it is in Fisher Investments Europe’s legitimate interest to refrain from contacting Individuals who have requested not to be contacted or who Fisher Investments Europe believes should not be contacted. |
Where Fisher Investments Europe has relied upon its ‘legitimate interests’ as a legal basis for a particular purpose, it has performed a ‘balancing test’ to ensure that Individuals’ rights and interests are taken into account when their Personal Data is used. Further information on the balancing test can be obtained by contacting Fisher Investments Europe’s Data Protection Officer.
b. If Individuals fail to provide Personal Data
Where Fisher Investments Europe needs to collect Personal Data to comply with a legal obligation, or under the terms of a contract Fisher Investments Europe has with an Individual or at the request of an Individual prior to entering a contract, and the Individual does not provide such data, Fisher Investments Europe may not be able to provide services and may need to cancel the contract. Similarly, if an Individual does not consent to providing Health Data for the purpose described above, Fisher Investments Europe may not be able to provide services and may need to cancel the contract. Fisher Investments Europe will notify the Individual if this is the case at the time. If an Individual requesting informational materials and ongoing insights does not consent to receiving the same, Fisher Investments Europe will not be able to provide such materials and insights.
“Special Category Personal Data” includes data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. It also includes genetic data, biometric data for the purpose of uniquely identifying an Individual, data concerning health or data concerning an Individual’s sex life or sexual orientation.
As noted above, Fisher Investments Europe collects and uses Health Data to assess suitability with consent of the Individual. In addition, Fisher conducts sanctions and anti-money laundering checks to comply with AML Laws, which may reveal data concerning criminal convictions or offences. The collection or use of any other types of Special Category Personal Data will only be with consent of the Individual.
a. Who will Fisher Investments Europe share data with?
Fisher Investments Europe will not sell or lease Individuals’ Personal Data to third parties.
For the purposes listed in Section 3 above, Fisher Investments Europe may share Personal Data with:
FI, FI UK and/or FII (the “Outsourced Fisher Companies”) act as service providers of marketing, human resources, finance, information technology, legal support services, and investment sub-management and trading functions to Fisher Investments Europe. In these capacities, all data collected and used by Fisher Investments Europe will be accessible by the Outsourced Fisher Companies. For clients, Fisher Investments Europe obtains their consent in order to share Personal Data with the Outsourced Fisher Companies. In addition, Fisher Investments Europe has put in place safeguards in the form of Model Clauses with Outsourced Fisher Companies located outside the EEA, as described below.
b. What safeguards are in place where data is transferred outside of the EEA?
Where data is transferred by Fisher Investments Europe to FI, Individuals’ data will be transferred to the United States, where the laws do not provide the same level of data protection as the country in which the Individual initially provided the data. Fisher Investments Europe will therefore make the transfer in accordance with the European Commission Standard Contractual Clauses (“Model Clauses”). The European Commission has determined that the Model Clauses offer sufficient safeguards to protect Individuals’ privacy and their fundamental rights and freedoms, including the ability to exercise their rights. For more information on EU Standard Data Protection Clauses please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. Furthermore, as described above, some of the third party service providers that process Personal Data on behalf of Fisher Investments Europe are located in countries outside the EEA that have not been recognised by the European Commission as providing an adequate level of data protection. In these cases, Fisher Investments Europe has put in place measures to ensure that Individuals’ Personal Data is adequately protected, including by having the third party service provider entering into Model Clauses or by ensuring that the third party service provider is certified to the EU-US Privacy Shield. Please contact Fisher Investments Europe using the contact details in Section 1 above with any questions about the safeguards in place to protect Personal Data when transferred outside the EEA (including how to obtain a copy or consult these safeguards).
In accordance with applicable data protection laws, Individuals who consent to Fisher Investments Europe using their Personal Data may contact Fisher Investments Europe at any time to say that they withdraw that consent, and that they do not want their Personal Data to be used for those purposes. Individuals may do so by contacting Fisher Investments Europe via Fisher Investments Europe’s online form at https://www.fisherinvestments.com/en-lu/campaigns/unsubscribe/zu or using the details set out in Section 1 above.
When doing so, Individuals should:
Individuals may also unsubscribe from direct email marketing via Fisher Investments Europe's online form at https://www.fisherinvestments.com/en-lu/unsubscribe.
In accordance with applicable data protection laws, Individuals may exercise rights in relation to the Personal Data that Fisher Investments Europe holds about them.
An Individual’s rights under applicable law may include access to the Personal Data that Fisher Investments Europe processes about the Individual, the right to have such Personal Data corrected or erased, the right to restrict the processing of the Individual’s Personal Data, as well as the right to data portability. Where Fisher Investments Europe has obtained an Individual’s consent for the processing of Personal Data, the Individual has the right to withdraw consent at any time. This will not affect the lawfulness of the processing that has happened based on consent prior to the withdrawal. An Individual also has the right to object, at any time, to the processing of Personal Data which is based on Fisher Investments Europe’s legitimate interests. Where Fisher Investments Europe processes Personal Data for direct marketing purposes, an Individual has the right to object at any time to such processing, including for profiling purposes to the extent that it is related to direct marketing. If an Individual objects to processing for direct marketing purposes, Fisher Investments Europe will no longer process the Individual’s Personal Data for such purposes.
To exercise these rights, Individuals should contact Fisher Investments Europe using the contact details set out in Section 1 above. In each case, Individuals should ensure that the full name and address and/or email address are provided in exactly the form in which they were originally provided to Fisher Investments Europe to avoid any possible confusion with a different Individual. If Individuals are not satisfied with the way Fisher Investments Europe handles the request, they may lodge a complaint with the supervisory authority in their country of residence.
Fisher Investments Europe is committed to ensuring that Personal Data is secure. In order to prevent unauthorised access or disclosure, Fisher Investments Europe has put in place suitable physical, electronic and managerial procedures to safeguard and secure Personal Data collected. Fisher Investments Europe uses encryption when collecting or transferring sensitive data.
For further information on cookies and how to manage them, please click here.
A cookie is a small text file with an identification tag that is created and downloaded to a user’s computer (or other device) when accessing websites that use cookies. Cookies allow a website to, among other things, store and retrieve information about a user’s online activity, browsing habits of a user or user’s computer (or other device) and, depending on the information they contain and the way a user uses a computer (or other device), may be used to recognise the user.
Cookies can be categorised by who places them:
Cookies can also be categorised by their duration:
Lastly, cookies can be categorised by the function they serve. Fisher Investments Europe uses the following types of first- and third-party cookies:
a. Functionality Cookies
Fisher Investments Europe uses functionality cookies to keep track of whether or not a user has consented to have other types of cookies placed on their computer (or other device) and, if the user has consented, to note when consent was obtained. Functionality cookies do not collect any Personal Data. Enabling functionality cookies may be necessary to access the full content of website material.
b. Personalisation Cookies
Personalisation cookies allow the website to remember information that changes the page’s appearance or behaviour, such as, for example, the language selected for viewing the page.
c. Analytics Cookies
Analytics cookies analyse site statistics and how users browse the Fisher Investments Europe websites and enable Fisher Investments Europe to measure the number of visitors to the website, as well as to measure and analyse how users interact with the website. This information is used to improve Fisher Investments Europe’s websites and the products or services offered.
d. Behavioural Cookies
Fisher Investments Europe serves advertisements on various websites using third-party companies. If a user visits a Fisher Investments Europe website or clicks on one of Fisher Investments Europe’s advertisements, behavioural cookies will be placed on the user’s computer (or other device). Behavioural cookies allow Fisher Investments Europe to manage and optimise its digital marketing (e.g. banner ads, pages offering informational brochures, email campaigns, etc.). Behavioural cookies may be used to build a user profile to provide users with content more relevant to their interests. They adapt advertising and the content users see on other websites based on their browsing habits, including how users navigate the Fisher Investments Europe websites and other websites that the user may visit, as well as how users interact with internet advertising.
Fisher Investments Europe uses the third party personalisation, analytics and behavioural cookie services provided by the companies below and these companies may have access to information collected by the cookies. More information about these cookies can be found here.
A user can manage cookie preferences for the Fisher Investments Europe websites by using Fisher Investments Europe’s online cookie preference tool at Privacy Options.
Some browsers have a “Do Not Track” setting that allows users to send a signal to the websites they visit that the user does not wish to be tracked. Fisher Investments Europe’s website may not respond to these signals.
Information of Individuals that are clients of Fisher Investments Europe (meaning any Individual who has received an investment strategy recommendation or has retained Fisher Investments Europe as discretionary investment manager) will be kept for the duration of the client relationship plus ten years in order for Fisher Investments Europe to satisfy its recordkeeping obligations under applicable Financial Services Laws, as well as to enforce or defend its legal rights. Information on identity verification and sanctions and anti-money laundering checks will be kept for the duration of the client relationship plus five years in order for Fisher Investments Europe to satisfy its recordkeeping obligations under applicable AML Laws. Recordings of telephone calls will be retained for a period of five years in order for Fisher Investments Europe to satisfy its recordkeeping obligations under applicable Financial Services Laws. Information of Individuals will be kept for a period of five years from the date the Individual consented to direct marketing or until the Individual requests earlier erasure of their information. However, where an Individual consents to have their information retained by the Company to receive ongoing information and insights (subscription) from the Company, their information will be kept until they opt out unless they did not receive a regular opportunity to opt out in which case such information will be retained for five years from consent. In some cases, such general retention periods may be extended for up to ten years for some Individuals who are in more advanced discussions with Fisher Investments Europe or have had regular interactions or meetings with Fisher Investments Europe about its investment management services, unless the Individual requests earlier erasure of their information. Information collected for the purposes of conducting market research will be kept for up to two years following such research, unless the Individual requests earlier erasure of their information. Contact information for vendors/service providers and contact information for Individuals on suppression lists (i.e. name, address, email address and/or phone number) will be retained indefinitely.
If Individuals have any questions or complaints in relation to Fisher Investments Europe’s data protection practices, Fisher Investments Europe encourages Individuals to get in contact using the contact details set out in Section 1 above. Individuals also have the right to lodge a complaint with a data protection authority where they believe that Fisher Investments Europe has infringed data protection rules. In particular, this complaint can be made to the data protection authority in the country in which that Individual usually lives, usually works, or the country where the Individual believes the infringement took place.
From time to time, Fisher Investments Europe may use Personal Data for new, unanticipated uses not previously disclosed in this Policy to the extent permitted by law. If its practices regarding Personal Data change at some time in the future, Fisher Investments Europe will post the policy changes to https://www.fisherinvestments.com/en-gb/privacy and notify Individuals of these changes and provide the ability to “opt out” or unsubscribe from these new uses.
This Employee and Tied Agent Privacy Policy (“Policy”) describes how Fisher Investments Luxembourg, Sàrl, trading as Fisher Investments Europe, and its branches (collectively, the “Company”), uses information about employees (“Employees”) and contractors including tied agents (collectively, “Tied Agents”). Employees and Tied Agents together include current, former, prospective/candidate, permanent or temporary employees and contractors of the Company.
In this Policy, “Personal Data” means any information about Employees or Tied Agents who are identified or identifiable. The Company is committed to fulfilling its obligations under the applicable data protection laws in respect of all processing of Personal Data in connection with its business. This Policy does not distinguish between manual and electronic Personal Data.
This Policy may be updated from time to time, should it become necessary to do so.
The Company can be contacted about this Policy using the following details:
Fisher Investments Luxembourg, Sàrl,
trading as Fisher Investments Europe
Attn: Frank Nies, Data Protection Officer
2, rue Albert Borschette
L-1246 Luxembourg
privacy@fisherinvestments.lu
+1 650 851 3334
The Company processes the following types of Employee and Tied Agent Personal Data for the purposes set out in this Policy:
Personal Data are collected from a variety of sources, but mainly from Employees and Tied Agents themselves. In addition, the Company collects reference check information from previous employers of (or companies to which services were provided by) Employees and Tied Agents. Background check information, which may reveal data concerning criminal convictions or offences, is collected from Sterling Talent Solutions UK Limited (“Sterling”), a background checking firm located in the UK that collects Personal Data from both public and private sources with consent of the Employee or Tied Agent.
a. Purposes and Lawful Bases
Employee and Tied Agent Personal Data may be processed by the Company for the following purposes:
Purpose for which the Company uses Personal Data |
Legal Basis upon which the Company relies |
To manage the recruitment process This includes making decisions about hiring Employees or engaging Tied Agents. |
The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Employee or Tied Agent prior to entering into a contract. |
To perform background checks on Employee or Tied Agent candidates The Company uses name, date of birth and address to conduct background checks on Employees or Tied Agents, which may reveal data concerning criminal convictions or offences. |
The Company can use Personal Data for this purpose where required to comply with the Markets in Financial Instruments Directive 2014/65/EU (“MiFID II”), other applicable financial services laws and regulations, and local rules of the Commission de Surveillance du Secteur Financier (“CSSF”) and other applicable financial services regulators (collectively, “Financial Services Laws”). |
To verify identity and work authorisation |
The Company can use Personal Data for this purpose where required to comply with employment and immigration laws. |
To market employment opportunities at the Company This includes contacting Employee or Tied Agent candidates by email, phone or mail who have consented to be considered for future employment/engagement opportunities. |
The Company can use Personal Data for this purpose with the consent of the Employee or Tied Agent. |
To make decisions about Employees’ or Tied Agents’ fitness for work This includes making decisions about Employees’ or Tied Agents’ competence and qualifications to carry out regulated roles. |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws. |
To administer the Company’s relationship with Employees and Tied Agents This includes administering payroll, processing invoices and reimbursements, and providing other support services. |
The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Employee or Tied Agent is a party. |
To fulfilling social security and tax obligations |
The Company can use Personal Data for this purpose where required to comply with social security and tax laws. |
To provide and administer benefits This includes, if relevant, pension, medical insurance and similar benefits. |
The Company can use Personal Data for this purpose because it is necessary to perform the employment contract to which the Employee is a party. |
To obtain work authorisation/visas for Employees |
The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Employee. |
To evaluate performance This includes monitoring performance for management purposes, carrying out performance reviews, and making decisions about discipline and termination of Employees and Tied Agents. |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to evaluate its workforce, and to give Employees or Tied Agents opportunities to improve performance. |
To administer Employees’ sick leave and absence The Company may ask for, and Employees may need to provide, Health Data where such information impacts the Employee’s ability to perform his or her role. |
The Company can use Personal Data for this purpose where required to comply with employment laws. |
To accommodate religious requests The Company does not ask for this type of Personal Data, but it may be provided by an Employee as part of a request for religious accommodation. |
The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Employee. |
To record telephone calls |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws. |
To monitor systems and Employees and Tied Agents This includes monitoring the advice process, supervising its representatives, including monitoring Employees’ and Tied Agents’ activities as recorded on computer, telecommunications and security systems (including emails and voicemail), and carrying out the Company’s compliance plan. |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws.
|
To provide references to future employers and other third parties This includes providing employment/earnings confirmation letters to banks, mortgage lenders and landlords at the request of the Employee or Tied Agent. |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws or at the request of the Employee or Tied Agent. |
To providing information to governmental and quasi-governmental bodies and law enforcement agencies for regulatory, social security, taxation and other purposes This includes providing information to applicable financial services regulators and investigating alleged fraud, money laundering and similar offences. |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws, anti-money laundering laws, social security or tax laws, or other applicable laws or regulations. |
To keep records |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws, anti-money laundering laws, social security or tax laws, or other applicable laws or regulations. In addition, the Company can use Personal Data for this purpose beyond the legally mandated record retention period because it is in the Company’s legitimate interest to keep data for as long as the statute of limitations so that the Company can enforce and defend its legal rights. |
To share data with courts and tribunals |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interests to enforce and defend its legal rights. |
To use photos and contact information to enable effective communication across the Fisher Group |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interests to ensure effective communication across the Fisher Group. |
To train, survey, analyse, recognise and reward Employees and Tied Agents |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interests. |
To use images and recordings to promote the Company in internal and external materials and advertising |
The Company can use Personal Data for this purpose with the consent of the Employee or Tied Agent. |
To conduct candidate research |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interests. |
Where the Company has relied upon its ‘legitimate interests’ as a legal basis for a particular purpose, it has performed a ‘balancing test’ to ensure that Employees’ and Tied Agents’ rights and interests are taken into account when their Personal Data is used. Further information on the balancing test can be obtained by contacting the Company’s Data Protection Officer.
b. If Employees/Tied Agents fail to provide Personal Data
Failure of an Employee or Tied Agent to provide Personal Data to the Company, in whole or in part, could make it impossible for the Company to fulfil some or all of its obligations towards the Employee or Tied Agent, such as payment of compensation or fees, calculation of withholdings, or consideration of an employment application.
a. Who will the Company share Personal Data with?
Employee and Tied Agent Personal Data may be disclosed to the extent necessary for the purposes in Section 3 to the following recipients:
FI, FI UK and/or FII (the “Outsourced Fisher Companies”) act as service providers of marketing, human resources, finance, information technology, legal support services, and investment sub-management and trading functions to the Company. In these capacities, all data collected and used by the Company will be accessible by the Outsourced Fisher Companies. The Company ensures adequate safeguards in the form of Model Clauses with Outsourced Fisher Companies located outside the EEA, as described below.
b. What safeguards are in place where data is transferred outside of the EEA?
Where data is transferred to FI, the Company’s parent, Employee and Tied Agent Personal Data will be transferred to the United States, where the laws do not provide the same level of data protection as the country in which the Employee or Tied Agent initially provided the data. The Company will therefore make the transfer in accordance with the European Commission Standard Contractual Clauses (“Model Clauses”). The European Commission has determined that the Model Clauses offer sufficient safeguards to protect individuals’ privacy and their fundamental rights and freedoms, including the ability to exercise their rights. For more information on EU Standard Data Protection Clauses please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
Where data is transferred to FIUK, the Company’s affiliate, Employee and Tied Agent Personal Data will be transferred to the United Kingdom, where the European Commission may have issued a decision that the laws of the jurisdiction provide an adequate level of data protection (an “Adequacy Decision”). In the event the European Commission does not issue an Adequacy Decision for the UK, the Company will make the transfer in accordance with Model Clauses.
As described above, some of the third party service providers that process Personal Data on behalf of the Company are located in countries outside the EEA that do not have an Adequacy Decision. In these cases, the Company has put in place or ensured there are measures to ensure that Personal Data is adequately protected, including by having the third party service provider enter into Model Clauses or by ensuring that the third party service provider is certified to the EU-US Privacy Shield. Please contact the Company using the contact details in Section 1 with any questions about the safeguards in place to protect Personal Data when transferred outside the EEA (including how to obtain a copy or consult these safeguards).
In accordance with applicable data protection laws, Employees and Tied Agents who consent to the Company using their Personal Data may withdraw that consent at any time. Employees and Tied Agents may do so by contacting the Company using the details set out in Section 1 above.
In accordance with applicable data protection laws, Employees and Tied Agents may exercise rights in relation to the Personal Data that the Company holds about them.
An Employee’s or Tied Agent’s rights under applicable law may include access to the Personal Data the Company processes about them, the right to have such Personal Data corrected or erased, the right to restrict the processing of their Personal Data, as well as the right to data portability. Where the Company has obtained the Employee’s or Tied Agent’s consent for the processing of Personal Data, the Employee or Tied Agent has the right to withdraw consent at any time. This will not affect the lawfulness of the processing that has happened based on consent prior to the withdrawal. An Employee or Tied Agent also has the right to object, at any time, to the processing of Personal Data which is based on the Company’s legitimate interests. Where the Company processes an Employee’s or Tied Agent’s personal data for direct marketing purposes, the Employee or Tied Agent has the right to object at any time to such processing, including for profiling purposes to the extent that it is related to direct marketing. If an Employee or Tied Agent objects to processing for direct marketing purposes, the Company will no longer process their Personal Data for such purposes.
To exercise these rights, Employees and Tied Agents should contact the Company using the contact details set out in Section 1 above.
It is every Employee’s and Tied Agent’s responsibility to provide the Company with accurate Personal Data and to inform the Company of any changes (e.g. new home address or change of name).
The Company and the Fisher Group have put in place adequate security measures to ensure (a) there is no unauthorised access to, or amendment or deletion of, personal data, and (b) access is only be granted to appropriate persons when and to the extent necessary (this entails the use of appropriate password protection for computer held databases and appropriately secured areas, or locked cabinets for manual files).
The website used by the Company for Employee and Tied Agent positions (i.e. hosted by iCIMS) uses only first- and third-party functional session cookies, as described below. The Company’s main websites for clients, prospective clients and general website users uses additional cookies. By visiting such other websites, Employees and Tied Agents will be subject to the Privacy & Cookie Policy disclosed on such websites.
A cookie is a small text file with an identification tag that is created and downloaded to a user’s computer (or other device) when accessing websites that use cookies. Cookies allow a website to, among other things, store and retrieve information about a user’s online activity, browsing habits of a user or user’s computer (or other device) and, depending on the information they contain and the way a user uses a computer (or other device), may be used to recognise the user.
Cookies can be categorised by who places them:
Cookies can also be categorised by their duration:
Lastly, cookies can be categorised by the function they serve. The Company uses the following types of first- and third-party cookies:
a. Functionality Cookies
Functionality cookies can keep track of whether or not a user has consented to have other types of cookies placed on their computer (or other device) and, if the user has consented, to note when consent was obtained. Functionality cookies do not collect Personal Data. Enabling functionality cookies may be necessary to access the full content of website material. Functionality cookies may also include authentication cookies.
b. Personalisation Cookies
c. Analytics Cookies
Analytics cookies analyse site statistics and how users browse the website and enable measuring the number of visitors to the website, as well as to measure and analyse how users interact with the website. This information can be used to improve the website and the products or services offered.
d. Behavioural Cookies
Behavioural cookies can include behavioural advertising cookies, allowing advertisements on various websites using third-party companies. If a user visits a website or clicks on one an advertisement that uses behavioural cookies, a behavioural cookie will be placed on the user’s computer (or other device). Behavioural cookies allow a company to optimise its advertising. Behavioural cookies may also be used to build a user profile to provide users with content more relevant to their interests. They adapt advertising and the content users see on other websites based on their browsing habits, including how users navigate the website and other websites that the user may visit, as well as how users interact with internet advertising.
Information of Employees and Tied Agents who have entered into an employment or tied agent agreement with the Company will be kept for the duration of the employee/contractor relationship plus seven years in order for the Company to satisfy its recordkeeping obligations under applicable tax laws and Financial Services Laws, as well as to enforce or defend its legal rights. However, information of Employees or Tied Agents that forms part of the records of clients may need to be kept for a longer period to satisfy the Company’s recordkeeping obligations under Financial Services Laws with respect to such client records as set out in the Company’s Privacy & Cookie Policy. Recordings of telephone calls will be retained for a period of five years in order for the Company to satisfy its recordkeeping obligations under applicable Financial Services Laws. Information of Employee and Tied Agent candidates will be kept for a period of up to one year from the date of information collected or the date of job application rejection. However, where an Employee or Tied Agent candidate consents to have their information retained by the Company for consideration for future positions with the Company, their information will be kept for five years unless the Employee or Tied Agent requests earlier erasure of their information.
If Employees or Tied Agents have any questions or complaints in relation to the Company’s data protection practices, the Company encourages them to get in contact using the contact details set out in Section 1 above. Employees and Tied Agents also have the right to lodge a complaint with a data protection authority where they believe that the Company has infringed data protection rules. In particular, this complaint can be made to the data protection authority in the country in which that Employee or Tied Agent usually lives, usually works, or the country where the Employee or Tied Agent believes the infringement took place.