Introduction or Background
Hermes Fund Managers Limited, and other companies in the Hermes group (‘Hermes’, ‘we’ or ‘us’) will collect information about individual persons that it deals with, employs, receives information from, and sends information to.
Hermes is committed to maintaining the privacy and confidentiality of information including “Personal Data” provided to us.
Definition and purpose
‘Personal Data’ may be defined in regulations applying to the jurisdictions that Hermes operates in.
In the UK the Data Protection Act 1998 (‘DPA’) is the main piece of legislation that governs the protection of personal data in the UK. In practice it provides a way in which individuals can control information about themselves. The term “Personal Data” is used in the DPA to refer to personally identifiable information about any living individual, such as their name, job description, health related data, date of birth, e-mail address or mailing address.
Singapore has the Personal Data Protection Act 2012, and other jurisdictions or regulatory bodies have similar requirements.
Hermes will ensure that it complies with, or exceeds, relevant regulatory requirements in jurisdictions where Hermes is undertaking a business activity.
To define how Hermes will gather, use, and protect Personal Data in accordance with the following key principles:
1. Data will only be used fairly and lawfully, and for the specific purposes for which it was collected.
2. Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime).
3. Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
4. Personal information will be kept for no longer than is necessary and must be kept up to date.
5. Personal information may not be sent outside of the European Economic Area unless the individual whom it is about has consented, or adequate protection is in place.
6. Adequate security measures should be in place to protect the information. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
7. Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion).
In the UK, a number of companies in the Hermes group are registered with the Information Commissioner's Office as data controllers.
Use of Data
Collection of Data
You may provide us with your Personal Data in order to receive information, advice, products or services from us or in connection with your job application or employment by us. We may request personal information about you which enables us to provide a personalised service to you. We ask only for data that is adequate, relevant and not excessive for those purposes.
To comply with money laundering regulations, we may need to request additional evidence of identity from you, and may use a credit reference agency for this purpose (which will record that an enquiry has been made).
If you provide us with the Personal Data of a third party pursuant to a power of attorney, we may process such Personal Data (including information about the third party’s mental health) in order to provide information, goods or services to the third party for whom you act as attorney. In addition, we may hold information about your position as attorney for the purpose of administering products or services to the third party for whom you act as attorney.
Data collected through our websites
If you access any password protected areas of our website, the website will recognise you and your information may be combined or added to other information that we have about you.
We may use your IP address to help diagnose problems with our server and to administer our websites. An IP address is a numeric code that identifies your computer on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information, such as determining how many of our visitors are from outside of the UK.
We may also perform IP lookups to determine which domain you are coming from (i.e. aol.com, yourcompany.com) to more accurately gauge our users' demographics.
Processing of Data
We will process your Personal Data, and share your Personal Data with other members of the Hermes Group, or others, only for specific and limited purposes. Some of these purposes may include, but not be limited to the following:
- To send you newsletters, update emails and other information you request.
- To process and respond to your enquiries and requests for information and/or advice.
- To contact you occasionally to inform you of products and services provided by us, other members of the Hermes Group or third parties whose products and/or services we think you may be interested in. We may contact you by letter, telephone or email for this purpose.
- To process your customer application form(s) and associated documentation.
- To carry out credit checks, money laundering checks, identification authentication or verification checks – we may use a credit reference agency for this purpose (which will record that an enquiry has been made).
- To provide the financial and investment services you have requested.
For the purposes of processing, servicing and maintaining accounts and transaction records.
- To protect your and our security, and the websites, databases and systems that support the business.
- To monitor and archive communications with you.
- To comply with legal and regulatory requirements, resolve disputes and take precautions against legal liability.
We sometimes supplement the information that you provide with information that is received from third parties. For instance, to correct inaccurate post codes.
We may share or transfer the information in our databases to comply with a legal or regulatory requirement, for the administration of justice, interacting with anti-fraud databases, to protect your vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability, or in the event of our sale, merger, reorganisation, transfer of business, dissolution or similar event.
Hermes reserves the right to disclose all of the personal information that we collect (as described above) to other financial institutions with whom we may, from time to time, establish joint marketing arrangements. Any such agreement will maintain the confidentiality of your personal information.
If you ask us to, we may share your personal information with your designated agent, advisor, or other parties.
Unsubscribing from services
We will provide you with a convenient method to discontinue electronic communication at your discretion via an "unsubscribe" option on emails, or by contacting Hermes at the address listed in Data Access below.
Data Integrity and Security
We strive to maintain the reliability, accuracy, completeness and currency of Personal Data in our databases and to protect the privacy and security of our databases. The security measures in place on our website and computer systems aim to prevent the loss, misuse or incorrect alteration of the information you provide to us.
We encourage you to ensure that your Personal Data is accurate and kept up to date so please update any information you have provided, or write to us at the address listed under Data Access. We will correct, amend or delete any Personal Data that you notify us is inaccurate and notify any third party recipients of necessary changes.
We reserve the right to monitor, restrict, delay, intercept and/or record your communication with us by mail, voice, email or any other form of transmission for the purposes of quality control, security, regulatory and other business needs. We may reject, restrict, delay or remove communications traffic which have a nature, content or attachments which may disrupt our system or because they may pose security risks. We may also filter out emails which contain certain content which is deemed offensive or unwanted spam. Unavoidably such filtering may affect the delivery of some “innocent” emails.
Upon receipt of your written request and enough information to permit us to identify your Personal Data, we will (subject to legal and regulatory requirements) disclose to you the Personal Data we hold about you, for which we may make a small charge.
Requests to review or delete Personal Data are subject to any applicable legal and regulatory requirements or document retention obligations and any of our current contracts which are still in force.
If you wish to make a subject access request relating to Personal Data held about you by the Hermes group, please write to:
The Company Secretary,
Hermes Fund Managers Limited,
Links from our websites to third-party websites
Our websites contain links to other pages on our websites. We may use technology to track how often these links are used and which pages on our websites our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these links.
Transfer of Data Abroad
We may transfer data between members of the Hermes group, and our offices and third party processors which may be located outside the country the data originated in (including, for the avoidance of doubt, the United States of America). Where your Personal Data is transferred abroad we will ensure that the recipient agrees to keep your information confidential and hold it securely in accordance with regulatory requirements.
If you visit our websites from a country other than the country in which our servers are located (currently the UK), the various communications will necessarily result in the transfer of information across international boundaries.
BY PROVIDING US WITH YOUR PERSONAL DATA, YOU CONSENT TO THE PROCESSING AND TRANSFER OF YOUR PERSONAL DATA AS SET OUT IN THIS SECTION.
Roles and responsibilities
The Data Protection Officer
This role is held by the Hermes Company Secretary who ensures that registrations are appropriate and current. The board of the relevant registered Hermes entity, in its capacity as Data Controller, ensures that data is gathered for specific purposes as permitted by regulation and may only be used as such.
The Information Security & Controls Officer (“ISCO”)
The ISCO has primary responsibility for the execution of the Information Security Policy at Hermes. The ISCO acts as a focal point for IT related security matters, including supporting the development and implementation of systems and business services in accordance with the Information Security Policy, Controls, and Procedures.
Hermes will conduct the firm's business in accordance with the highest ethical standards, respecting the firm's customers, suppliers, and other business counterparties, dealing responsibly with the firm's assets, and complying with applicable legal and regulatory requirements.
Hermes does not sell personal information that is collected from customers.
Notification of changes to this Policy
We are continually improving our methods of communication and adding new functionality and features to our website and to our existing services. Due to these ongoing changes, changes in the law and the changing nature of technology, our data practices will change from time to time. If and when our data practices change, we will notify you of the changes by posting an updated version of this Policy on our website. We encourage you to check this Policy frequently.