As part of an ongoing commitment to data protection and transparency, Insight1 has made changes to our data collection and storage processes in order to address the new standards introduced by the European data protection law known as the General Data Protection Regulation (GDPR).
This page summarises the nature of the information that is stored by Insight, why and how it is used, your rights in regard to this data, as well as the protections in place to safeguard it.
There is no need for you to take any action.
In this notice we cover:
1. Personal information we collect, when and why we use it
2. How we use your personal data
3. Legal basis for processing your data
4. Data sharing
5. Data retention
7. Direct marketing
8. Your rights as a data subject
Personal information we collect, when and why we use it
Data subjects, controllers and processors
Insight collects personal information and will act as the data controller of this information if you:
- are a client or represent one of our clients
- are associated with an Insight client while we undertake know your customer (KYC) due diligence
- work with us as a vendor or service provider
- register with or use one of our website or online services
- visit an Insight office or register to attend an event that Insight sponsors
- attend an event where the sponsor shares attendance information
Types of personal data we collect
Insight only collects information that's necessary to fulfil the purpose behind our relationship with you. We won't collect information we don't need. Personal information we collect falls within one or more of the below categories:
- Contact information: first name, last name, e-mail address, age, date of birth, home postal address, marital status, children information
- Contractual details: Information collected about the products and services we provide to you.
- Online identifiers: including IP addresses, cookie identifiers, clickstream/online website tracking. Cookies will be stored following visits to our website. Login details will be retained if a client attends Insight seminars and also if the client is a member of Insight's training portal.
- Sensitive data: We will only collect and use this type of data if we have a specific purpose, voluntary consent and the law allows us to do so. Examples of this type of data include health, ethnicity, religion, political (contributions or opinions), partner's name and dietary requirements. As part of know-your-client (KYC) and anti-money laundering (AML) we are required to identify Politically Exposed Persons (PEP) so may collect political information on the data subject.
- Government issued identification numbers: (national ID card, passport number, driver's license number): Retained as part of KYC.
- Financial information: (bank account numbers, credit card numbers, background checks): Retained to make a payment (although unlikely to be a personal account)
- Communications: Information we capture through your communications with us, e.g. telephone conversations, emails and meetings.
- Publicly available data: Details about you that are in public records and information about you that is openly available on the internet.
How we use your personal data
We will only process your personal data on the basis allowed in law, for the purposes below, and we will adhere to the limits placed on the use of the classes of data which have special legal protection.
Personal data held is limited to what is necessary for the agreed purpose for which it is being processed including:
- know your customer (KYC) and anti-money laundering (AML) diligence for associated persons
- contact information for the purposes of relationship management, customer service, training and communication
- the provision of important regulatory updates
- direct marketing of relevant strategies
- to develop new ways to meet our clients' needs and to grow our business, for example by seeking feedback or sharing our market research
- to develop and carry out marketing activities in order to keep our clients informed about our products and services
- to develop, test and manage new and existing products and services
- to understand how our clients use products and services from us and other organisations, for example through research and analytics
- to log and monitor use and abuse of our technical services
- to manage how we work with other companies that provide services to us and our clients, for example our relationships with vendors and suppliers
Crime prevention and detection
- to detect, investigate, report, and seek to prevent fraud, financial crime and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks
- to comply with other laws and regulations that apply to us, for example other financial services or country-specific legislation
To act in our clients' interests and manage our business
- to manage risk for us and our clients, for example through research and statistical analysis
- to respond to complaints and seek to resolve them
- to comply with foreign laws, law enforcement and regulatory requirements that may affect us as a global institution
- to protect our IT systems, network and infrastructure
- to run our business in an efficient and proper way, for example managing our financial position, building our business capability, or for planning, communications, corporate governance or audit
Legal basis for processing your data
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will have one or more of the following reasons for using your personal information:
- our use of your personal information is necessary to fulfil a contract we have with you or to take steps to enter into a contract with you
- our use of your personal information is necessary to comply with a legal or regulatory obligation that we have, for example where we are required to report to tax authorities
- our use of your personal information is in the public interest, for example to prevent and detect financial crime
- you have provided your consent to us using the personal information, for example where you have provided information for use at an event
- our use of your personal information is in our legitimate interest as a commercial organisation to provide services to our clients or for the purpose of business development, provided our use is proportionate and respects your privacy rights
Insight may share your information in the manner and for the purposes described below:
- with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and to use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us
- with agencies and organisation working to prevent fraud in financial services
- with our regulators
- to comply with all applicable laws, regulations and rules, and requests of law enforcement
- regulatory and other governmental agencies
Transferring personal information globally
Insight operates on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the EU that are subject to different standards of data protection. Insight will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests, and that transfers are limited to countries that are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
To this end:
- transfers within Insight's parent company group, BNY Mellon, will be covered by an agreement entered into by members of BNY Mellon (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within BNY Mellon
- where we transfer your personal information outside Insight, or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU-US Privacy Shield for the protection of personal information transferred from within the EU to the United States
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before personal information is disclosed
You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.
We will store your personal information for as long as is necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.
When you visit any website, including the Insight website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalised web experience.
We may use personal information to let you know about Insight products and/or services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing communications with you.
To protect your privacy rights and ensure you have control over how we manage marketing with you:
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you
- you can ask us to stop direct marketing at any time by following the 'unsubscribe' link in email communications. Alternatively, you can contact us to specify communication you would like to receive (e.g. event invitations only)
Your rights as a data subject
You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the back of this document. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you
- the right to withdraw your consent to our processing of your personal data at any time in circumstances where you have explicitly given your consent. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) to do so
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to us
- the right to request that we correct your personal data if it is inaccurate or incomplete
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain itthe right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request
- when we are processing on the grounds of legitimate interest, you have the right to object to the processing and we must stop unless we have an overriding reason which will be communicated
- the right to lodge a complaint with the applicable data protection regulator
Main contact: Insight Information Risk Team
Address: 160 Queen Victoria Street, London EC4V 4LA
1Insight is the corporate brand for certain companies operated by Insight Investment Management Limited (IIML). Insight includes, among others, Insight Investment Management (Global) Limited (IIMG), Insight Investment International Limited (IIIL) and Insight North America LLC (INA), each of which provides asset management services