Insight Investment

This privacy notice applies to Insight Investment Management Limited, its subsidiaries listed below, and Insight North America LLC (collectively referred to as "Insight", "we", "us").

Insight Investment Management Limited’s subsidiaries include:

• Insight Investment Management (Global) Limited
• Insight Investment Management Services (Europe) (IIMSEL) Limited
• Insight Investment International Limited
• Insight Investment Funds Management Limited
• Insight Investment Services Limited
• Insight Investment Management (Europe) Limited

Insight itself is a wholly-owned subsidiary of The Bank of New York Mellon Corporation ("BNY Mellon"). You can access BNY Mellon’s Online Privacy Statements and Privacy Notices here: https://www.bny.com/corporate/global/en/data-privacy.html

• What Personal Information we collect and when and why we use it
• Communication recording policy
• How we share personal information within BNY Mellon and with our service providers, regulators and other third parties
• Transferring personal information globally
• How we protect and store personal information
• Legal rights available to help manage your privacy
• How you can contact us for more support

This notice does not apply to personal information processed in respect of prospective, current or former employees of Insight. Our employee privacy notice is available here.

We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice. If we make significant changes to this privacy notice, we will seek to inform you by notice on our website or email.

 

Sale of Personal Data

Insight does not sell personal information. Personal information is only transferred or used in accordance with the terms of this notice.

 

What Personal Information We Collect and When and Why We Use It

In this section you can find out more about:

• the data subjects from whom we collect personal data
• the types of personal information we collect
• the legal basis for processing personal information
• how we use personal information
• when we collect personal information
• additional information on the use of artificial intelligence and machine learning

The Data Subjects From Whom We Collect Personal Data

“Personal data” or “personal information” means any information relating to an identified or identifiable living individual. An “identifiable living individual” means a living individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

Insight collects personal information, acting as data controller, from individuals who:

• are clients or prospective clients or from their respective agents, managers, fiduciaries, consultants and/or other representatives;
• are associated with an Insight client or prospective client;  
• work or correspond with us, including personnel from regulators, consultants, counterparties, intermediaries, administrators, vendors and/or other service providers;
• register with or use one of our websites or online services;
• visit an Insight office or register to attend an event that Insight hosts or sponsors;
• attend an event where the sponsor shares attendance information with exhibitors; and/or
• are associated with a financial arrangement which is promoted to Insight or its clients.

The Types of Personal Information We Collect

Personal Information we collect will fall within the following categories:

• Your name and contact information - This includes basic contact information about you, your name, residential address, email address, telephone number, fax number and/or other contact information.
• Personal identifiers - This includes unique descriptors that may identify you (either on their own or when combined with other personal information we hold), such as date of birth, nationality, gender, age, signature, government-issued identifiers (such as National Insurance Number) and/or other personal identifiers  including account details used to identify.
• Relationship, Professional and/or Educational Information - Details about your work or profession, education and/or family status.
• Technical information - Details about your devices and technology that you use to access our services, including internet protocol (IP) address.
• Location - Data we receive about where you are (including your physical location).
• Communications and CCTV - Information we capture through your communications or interactions with us, including (i) through voice recordings of on-line conversations, telephone calls and/or in conferences, and/or (ii) personal information acquired from emails and instant messaging, and/or (iii) CCTV images if you visit our offices.
• Publicly available data - Details about you that are in public records and information about you that is openly available on the internet.
• Sensitive categories of data - Laws and other regulations treat some types of personal information, including personal information relating to health, ethnicity, religious beliefs,  criminal convictions and offences, as “special” categories of personal information and affords them additional protections. We will only collect and use these types of data in accordance with applicable laws.

The legal basis for processing your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This is explained in more detail in the section below which sets out the purposes for which we collect personal information. For each purpose, we indicate that we will have one or more of the following reasons for using your personal information:

• Legitimate interest: our use of your personal information is necessary for the purposes of the legitimate interests pursued by Insight or a third party, provided that such interests are not overridden by your rights and freedoms;
• Compliance with a legal obligation: our use of your personal information is necessary to comply with a legal obligation that we have, for example where we are required to report to tax authorities;
• Performance of a contract: our use of your personal information is necessary to fulfil a contract we have with you or to take steps to enter into a contract with you, for example when you ask us to provide you with a product or service;
• Task in the public interest: our use of your personal information is required for for performance of a task carried out in the public interest, for example to prevent and detect financial crime; and/or
• Consent: you have provided your consent to us using the personal information, for example if you have agreed to receive communications about an Insight event.
•  

How we use your personal information

Insight collects personal information to build, manage and understand relationships with corporations: institutional customers and prospects, and vendors and suppliers. The personal information required to do this comes from employees, consultants, trustees and other people associated with the corporations and the market for institutional investment services. These activities, and the legal basis for the associated processing of personal information are described in more detail below.

Insight provides investment services to corporations through and to natural people whose personal information must be processed to deliver the service. Personal information of officers, trustees and others is required to identify and research persons relevant to the “know your customer” process required by regulators. This activity takes place on the legal basis of Insight’s compliance with a legal obligation (specifically, those arising under financial services rules or regulations).

The specific requirements (reporting, instructions, authentication and others) of customer service require contact and other information for a wide range of people associated with the customer and other organisations including their consultants, intermediaries, fiduciaries, auditors, regulators and suppliers.

To defend Insight and our customers and stakeholders, Insight may need to process personal data to prevent or detect crime. This activity may take place on the basis of our compliance with a legal obligation and/or our legitimate interest in protecting our customers and protecting our reputation.

If you are participating in an Insight event you may be asked to consent to the processing of your personal information to provide elements of the event such as a specific menu choice. Where you have provided your consent for the processing of your personal information, you have the right to withdraw your consent at any time. You can do so by making a request to the team that collected your personal information, by clicking ‘opt out’ or ‘unsubscribe’ on direct electronic marketing communications, or by contacting us.

Our relationships with vendors and/or service providers are carried out through contacts with team members at the vendor and/or service provider or their respective representatives, intermediaries or agents. Our use of the personal information required to maintain these relationship is based on performance of a contract (where we have a contract with the vendor or service provider) and/or legitimate interest.

We may use your personal information to send you direct marketing via email. We consider that the information we provide in the form of direct marketing is worthwhile and interesting. Anyone can opt out or tailor use of their contact information for this processing via the “unsubscribe” link in any electronic marketing email.

Where we rely on our legitimate interests as a basis for processing your personal information, we will do so on the basis that the activity:

• is necessary for us to meet our business or commercial objectives and to provide services to our clients and cannot be achieved without reliance on our legitimate interests;
• is proportionate and would not cause unjustified harm;
• is aligned to, or would not conflict with, your reasonable expectations;
• does not undermine your individual rights, interests or freedoms; and
• on balance, does not outweigh your privacy rights.

The balance between our legitimate interests and the rights of those involved in customer service has to consider the large sums of money being managed, the views of regulators, and the interests of members and pensioners not directly party to the relationship.

 

 

Communications Recording Privacy

Insight records internal and external communications made on its platforms for the following reasons:

• With the purpose of complying with our record-keeping obligations under financial service regulations
• With the purpose of recording commitments made by the firm on its own behalf or on behalf of others
• Through automatic systems to ensure that records are not lost.

When required by regulation, the legal basis for this recording is compliance with that requirement. Other recording is legally based on Insight’s legitimate interest in having good and complete records of governance, commercial and market activities and choices, as balanced between relatively low risk to the participants in business-to-business communications, against the importance of these other commitments to Insight’s economic viability and contribution to society.

Some Insight communication platforms will obligatorily record all communication, while others record all communication made involving Insight parties who are judged to be at greater risk of communication relevant to our regulatory record-keeping requirements. In addition, some Insight parties can elect to record communication that would otherwise not have been recorded. Insight is controller of all these recordings.

Insight recorded communications channels are:

• Bloomberg and Symphony messaging
• The content of Insight-controlled on-line calls and conferences including calls on telephone numbers, where one or more parties is an Insight colleague identified as being at elevated risk of certain investment communications, or any Insight party has elected to record. All text content on external conferencing services controlled by Insight is recorded.
• All email to or from InsightInvestment.com addresses

Insight retains these records for as long as necessary to fulfil the relevant purposes, which may include compliance with MIFID regulation and its successors which require five year retention, or with Insight’s requirement to be accountable for activities in relations to clients or colleagues during and after the end of the relationship.

Non-Insight participants in communications involving Insight parties may make other records. Even when the call has been set up by Insight colleagues or uses Insight accounts, Insight does not control processing of personal information in such records, nor is it responsible for giving any notices that may be required.

 

Sharing Personal Information Within Insight and BNY Mellon, With Third Parties, With Our Regulators

In this section you can find out more about how we share personal information:

• with our affiliates within the BNY Mellon group of companies (together, our  “Group”)
• with third parties that help us provide our products and services (such as, but not limited to, service providers, IT system providers and cloud services providers
• your service providers (such as, your representatives, fiduciary managers, brokers and counterparties)
• our regulators

We share your information in the manner and for the purposes described below:

• within our Group, where such disclosure is necessary to provide you with our services or to manage our business or otherwise where we have a lawful basis (such as a legitimate interest) for sharing such information;
• with third parties who help manage our business and deliver services. These include IT service providers who help manage our IT and back-office systems. In order to safeguard personal data, we put in place contractual arrangements with such third parties which include, for example, provisions relating to confidentiality and the use of personal data,  as appropriate and in line with our prevailing legal risk policies;
• with agencies and organizations working to prevent fraud in financial services;
• with our regulators;
• to comply with applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
• we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our business partners, affiliates or advertisers;
• Insight may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personal information, technical information about your device or browser and/or other anonymous information we obtain from you via the websites may be disclosed to any potential or actual third-party purchasers of such assets and/or may be among those assets transferred.

 

Additional information on the use of artificial intelligence and machine learning

Insight uses manual and automated methods of processing. In particular, we may use automated methods of processing your personal information such as Artificial Intelligence (“AI”) and Machine Learning (“ML”), which are a set of technologies programmed to perform tasks and actions that are commonly associated with human beings. We may use AI and/or ML to optimize and increase the efficiency of business processes and/or to support and enhance existing security controls.

Automated methods of processing are subject to regularly tested controls designed to ensure accuracy and fairness of the output. By using AI and/or ML, we do not intend to make automated decisions about you and therefore its application would not produce legal or similarly significant effects concerning you, unless stated otherwise in a specific privacy notice provided to you directly.

 

Transferring Personal Information Globally

In this section you can find out more about:

• how we operate as a global business and transfer data internationally
• the arrangements we have in place to protect your personal information if we transfer it overseas

Insight operates on a global basis. Accordingly, your personal information may be processed in countries that are subject to different standards of data protection, including the United States and India. Insight takes appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests, and that transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

• where Insight transfers your personal information to a member of the Group outside the UK or the European Economic Area (EEA), that does not provide adequate level of protection, Insight will effect such transfer under  an intra-group agreement which contractually obliges the relevant member of the Group (the data importer) to ensure that personal information receives an adequate and consistent level of protection. This agreement is based on standard contractual clauses (SCCs) approved for use in the UK and/ EEA by the ICO and the European Commission respectively;
• where we transfer your personal information outside Insight, or to third parties who help provide our products and services, in each case, to a jurisdiction outside the UK or EEA, we obtain contractual commitments from them to protect your personal information, including incorporating the SCCs as appropriate; or
• where we receive requests for information from law enforcement or regulators, we carefully validate these requests before personal information is disclosed.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

 

How We Protect and Store Your Information

Security

Insight has implemented and maintains a comprehensive information security security management system (ISMS) which is certified compliant with the relevant international standard, ISO 27001. The standard requires written policies and procedures designed to protect the confidentiality and integrity of personal information. The ISMS contains administrative, technical and physical safeguards, appropriate to the type of information concerned, designed to: (i) maintain the security and confidentiality of such information; (ii) protect against any anticipated threats or hazards to the security or integrity of such information; (iii) protect against unauthorized access to or use of such information that could result in substantial harm, and (iv) ensure appropriate disposal of such information. The security of your personal information also depends in part on the security of the devices you use to communicate with us, the security you use to protect user IDs and passwords, and the security provided by your internet service providers.

Storing and Retaining your personal information

BNY Mellon will retain your personal information:

• for as long as required for the purposes for which it was collected, as explained in this notice
• where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements
• for longer periods of time in specific circumstances so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe that it may be required in defence of a legal claim.

In these circumstances your personal information will be subject to a corporate retention plan which incorporates the factors above. For more information on the retention of your personal information, you can contact us.

 

Legal Rights Available to Help Manage Your Privacy

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Please note that depending on your location your rights may vary.

Your may have rights:

• to access personal information
• to rectify / erase personal information
• to withdraw your consent
• to restrict the processing of your personal information
• to transfer your personal information
• to object to the processing of personal information
• to object to how we use your personal information for direct marketing purposes
• to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
• to lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We may charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will use reasonable efforts to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to Access Personal Information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to Rectify or Erase Personal Information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

• it is no longer needed for the purposes for which it was collected; or
• you have withdrawn your consent (where the data processing was based on consent); or
• following a successful right to object (see right to object); or
• it has been processed unlawfully; or
• to comply with a legal obligation to which Insight is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

• for compliance with a legal obligation; or
• for the establishment, exercise or defence of legal claims.

Right to Restrict the Processing of Your Personal Information

You can ask us to restrict your personal information, but only where:

• its accuracy is contested, to allow us to verify its accuracy; or
• the processing is unlawful, but you do not want it erased; or
• it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
• you have exercised the right to object and we are considering your request.

We can continue to use your personal information following a request for restriction:

• where we have your consent; or
• to establish, exercise or defend legal claims; or
• to protect the rights of another natural or legal person.

Right to Transfer Your Personal Information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where: the processing is based on your consent or on the performance of a contract with you; and the processing is carried out by automated means.

Right to Object to the Processing of Your Personal Information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Object to How We Use Your Personal Information for Direct Marketing Purposes

You can request that we change the manner in which we contact you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes

Right to Obtain a Copy of Personal Information Safeguards Used for Transfers Outside Your Jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred to countries not providing an adequate level of data protection.

We may redact data agreements to protect commercial terms.

Right to Lodge a Complaint With Your Local Supervisory Authority

You have a right to lodge a complaint with your local data protection supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

 

Contact Us

For all enquiries related to this notice and your rights, please contact us via email at privacy@insightinvestment.com. If you wish to submit a complaint, you may also use the contact form provided at the end of this notice. 

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first make contact as described above. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event within the timescales provided by data protection laws.

Contact details of the Data Protection Officer

Insight’s Data Protection Officer is Samad Miah. If you have any questions or concerns regarding data protection or privacy, you can also contact him directly at: privacy@insightinvestment.com. 

To Contact Your Data Protection Supervisory Authority

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place of work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before lodging a complaint with your local supervisory authority

Employee Privacy Notices

There is a separate privacy notice relating to the processing of data for employees here.