Privacy Policy
MUFG Investor Services Data Protection Notice
This Data Protection Notice (the Notice) (also referred to as a Privacy Notice or Privacy Policy) contains important information about how We collect and use Your Personal Data.
In the Notice:
We’ ‘Us’ ‘Our’ means MUFG Investor Services.
‘AML Law’ means anti-money laundering and prevention of terrorist financing legislation, regulations and guidance that are applicable as a result of relevant business activity in the jurisdictions in which We operate.
‘Applicable Law’ means all applicable statutes, rules, regulations and orders that are applicable as a result of relevant business activity in the jurisdictions in which We operate.
‘Data Protection Law’ means all applicable data protection and privacy laws or regulations that must be complied with as a result of relevant business activity in the jurisdictions in which We operate, including the EU General Data Protection Regulation (Regulation 2016/679), the Data Protection Act 2018 (Ireland), the Data Protection Act (2021 Revision) (Cayman Islands), the Personal Information Protection Act 2016 (PIPA) (Bermuda), the Law 125(I) of 2018, Law providing for the Protection of Natural Persons with Regard to the Processing of Personal Data and for the Free Movement of Such Data (Cyprus), the UK GDPR and Data Protection Act 2018 (United Kingdom), the Personal Information Protection and Electronics Documents Act, SC 2000 c5 and the Personal Information Protection Act (British Columbia) SBC 2003 (Canada), the Personal Data (Privacy) Ordinance (Cap. 486) (Ordinance) 1996 and the Personal Data (Privacy)(Amendment) Ordinance (Amendment Ordinance) 2021 (Hong Kong), the Personal Data Protection Act 2012 (Singapore), the Privacy Act 1988 (Cth) (Australia) and the Personal Data Protection Act 2010 (Malaysia).
‘Client’ means the legal person, entity or relationship which We provide Services to.
‘Personal Data’ means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature, for example digital identifiers like cookies and IP addresses. Put simply, Personal Data is any information that will identify or single out an individual.
‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘You’ are the Data Subject, meaning the person who can be identified from the Personal Data, and one of the following categories:
- Visitors to Our website(s)
- Visitors to Our offices/premises and Attendees at Our events, webinars and training initiatives
- Employees and Directors of Our Clients as well as Client-related parties, such as Investment Managers
- Investors into a Fund We administer
- Beneficiaries of Our Clients and Trusts
- Employees, Directors and Major Shareholders (>25%) of Third-Party Providers
- Business Prospects
This Notice applies to any websites that link to this notice but not those that have their own specific Notice.
Who We Are
MUFG Investor Services is an industry-leading asset services and fund financing arm within Mitsubishi UFJ Financial Group (MUFG). We partner with leading investment firms to provide them with holistic, customised solutions that meet their operations, financing and regulatory needs across the investment lifecycle.
MUFG Investor Services is a service brand name and includes the following entities only within the MUFG global financial group: MUFG Investor Services Holdings Limited, MUFG Fund Services (Bermuda) Limited, MUFG Fund Services Limited, MUFG Fund Services (Cayman) Limited, AFS Controlled Subsidiary 1 Ltd, AFS Controlled Subsidiary 2 Ltd, AFS Controlled Subsidiary 3 Ltd, MUFG Alternative Fund Services (Cayman) Limited, MUFG Controlled Subsidiary 1 (Cayman) Limited, MUFG Fund Services (Cyprus) Limited, MUFG Alternative Fund Services (Ireland) Limited, MUFG Fund Services (Singapore) Pte. Ltd., MUFG Fund Services (Canada) Limited, MUFG Fund Services (UK) Limited, MUFG Fund Services (Hong Kong) Limited, MUFG Fund Services (Australia) Pty Ltd and MUFG Investor Services (Malaysia) SDN BHD.
Personal Data We Process about You
Depending on the relationship We have with You and the services We provide to You, We may collect Personal Data:
- Directly from You (for example, when you interact with Our website, visit Our office or when You use Our services)
- From other MUFG Investor Services entities
- From other parties that are authorised to share Your information with Us such as Your Employer, Our Clients, or Investors into a Fund We administer
- From service providers that provide the necessary information to Us so that we can conduct anti-money laundering and other legally required due diligence checks, and from those that help Us identify products and services that may be of interest to You
From publicly available sources of information, and as permitted by law, such as business websites or social media pages (e.g. LinkedIn) containing information that You have made public.
The Personal Data We Process about You falls into the below categories:
Identity and contact information | Name, gender, email address, telephone number, FAX number, postal address, country of residence, nationality, legal domicile, place of birth, citizenship, signature, passport number, government-approved ID, emergency contact details, user credentials, IP address |
Work details | Position/title, department, company name, office location, identification number, registered address, work history, visa details, area of expertise |
Financial details and circumstances | Bank account details, taxation details, tax ID, Social Security Number, FATCA/CRS status, FATCA Global Intermediary Identification Number (“GIIN”), risk rating, source of funds & source of wealth, investment data |
Marital status and/or financial associations | Marital status, family member name (spouse, minors, etc.) and other beneficiaries, as requested by you |
Image/video and/or voice recordings | Images/photos, video and/or voice recordings of meetings, webinars or calls, transcripts |
Special categories (“sensitive categories”) | Health information (including dietary preferences and restrictions), sanction screening and adverse media searches, criminal records, PEP status, compliance status, health leave, religion, race/ethnicity, trade union membership details, political beliefs |
Why We Process Your Personal Data and Our Lawful Basis for Processing
We will only process Personal Data for the purposes for which it was intended and any reasonably related purpose, as required by Data Protection Law. We will also ensure that all Processing is supported by a lawful basis. A lawful basis means a legal justification or reason for Processing Your Personal Data which is set out in Data Protection Law.
The lawful basis for Processing Personal Data may differ depending on the country in which the Processing of Your Personal Data occurs and the purpose for the Processing. In some countries, for example, “legitimate interest” is the applicable lawful basis for certain Processing whereas in other jurisdictions it is implied (or “deemed”) consent, which means that Your actions or behaviour and particular facts and circumstances suggest that you agree to the Processing.
We will only rely on legitimate interest as Our lawful basis after taking Your interests, rights and freedoms into consideration to make sure You are protected and that We do not cause You any harm. Where We need to Process Your Personal Data to comply with Our legal and regulatory obligations and You choose not to provide Us with the Personal Data, We may not be able to provide (or continue providing) services to You or otherwise do business with You or Our Client.
Why We Process Your Personal Data | Our Lawful Basis |
---|---|
To carry out anti-money laundering checks and related actions for the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis. To carry out these and any other activities required to comply with AML Law and to report on these activities. | To comply with legal and regulatory obligations to which We are subject. |
To carry out any activities required to comply with Applicable Laws and to report on these activities. | To comply with legal and regulatory reporting obligations to which We are subject. |
Where We act as a trustee, and to comply with Applicable Law, to identify and verify beneficiaries, perform due diligence activities, as well as establish, manage and monitor the activities of trusts. | To comply with legal and regulatory obligations to which We are subject. |
To protect and ensure the security of Our business and Your Personal Data, to ensure the health and safety of visitors to Our offices and that of Our employees and to manage Our internal operations, including corporate governance, secretarial administration, software development, hosting, business development, business continuity, disaster recovery. fraud prevention, risk and incident management, procurement and third-party management, in-house legal advice and litigation, screening and due diligence activities, event planning and management, as well as audit and compliance activities. In limited circumstances, We may record meetings or calls for these purposes. | To pursue Our legitimate interests. With Your Consent. To comply with legal and regulatory obligations to which We are subject. |
To develop and maintain Your relationship with Us, to provide and administer products and services to You, to communicate with You about business-related matters (e.g. projects, services, billing and invoicing, contract negotiations, etc.), to check Your instructions to Us and to respond to and resolve any issues or complaints. To train Our staff, monitor the quality of and analyse, assess and improve Our products and services. | To pursue Our legitimate interests. |
When You visit Our website, to improve Your experience, contact You about queries You submit via Our contact form and provide You with information about Our products and services, if requested. | To pursue Our legitimate interests. With Your Consent. |
To send You marketing communications. You can opt out of receiving marketing communications by clicking the “Unsubscribe” link in the bottom of emails. | With Your Consent. To pursue Our legitimate interests. |
To engage in preparatory steps for or to conclude a corporate transaction or business sale where We may sell one or more of Our businesses, assets or services and Your Personal Data may be transferred as part of that purchase or sale. | To pursue Our legitimate interests. With Your Consent. |
How We Share Your Personal Data
We may share Your Personal Data with the types of third parties listed below but will only do so as permitted by law and subject to implementing any required data protection agreements, so your Personal Data is protected if it is shared.
Parent company, other entities, and affiliates | We may share your Personal Data with Our parent company, other entities, and/or other affiliates as required from time to time to manage Our business operations. |
Service providers | Our service providers include information technologies and telecommunication service providers, software support and development contractors, cloud hosting and support providers, computer maintenance contractors, printing companies, document storage and destruction companies, archiving services providers, auditors, consultants, legal advisors as well as sanctions and politically exposed persons screening application support services. |
Regulatory and Statutory Bodies, Competent Authorities | Your Personal Data may be disclosed to third parties such as statutory or regulatory bodies and competent authorities, only where We are legally obliged to do so. |
Parties involved in negotiations for sale of a business, asset or service | In the event of a disclosure to a party with whom We are in negotiation for the sale or transfer of a business, assets, or services, We will only share what is strictly necessary and proportionate in the circumstances and will take steps to ensure Personal Data is protected if disclosed. |
Countries Your Personal Data May Be Transferred to
We may transfer Personal Data to a country outside of the European Economic Area (“EEA”), including Australia, Bermuda, Canada, Cayman Islands, Hong Kong, India, Japan, Jersey, Malaysia, Singapore, UK, USA, and any other countries as may be required depending on a Client’s or Investor’s domicile in accordance with the Model Contracts or other available data transfer solutions under Data Protection Law. To the extent that Personal Data Processed is subject to the General Data Protection Regulation (“GDPR”), We will ensure that Model Contracts are entered into. These are safeguards that ensure that the Personal Data is protected to at least the same standard as the GDPR regardless of where the data is transferred to.
How Long We Keep (Retain) Your Personal Data
We will keep Your Personal Data for no longer than is necessary. We determine how long We need to keep Your Personal Data by taking into account legal obligations under Applicable Law to retain data for a certain period of time, statute of limitations under Applicable Law and guidelines issued by relevant data protection authorities and other relevant regulatory authorities.
How We Protect Your Personal Data
We have implemented technical and organizational measures to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the Processing, and the risks for the rights and freedoms of natural persons. We have aligned to ISO 27001:2013 for the implementation and management of a global Information Security Management System (“ISMS”).
Your Rights
You have a number of rights in relation to Your Personal Data, called Data Subject Rights. These rights are not absolute and are subject to certain exceptions or qualifications depending on the circumstances.
Right of Access to Your Personal Data
You have a right to access the Personal Data We process on You. We will endeavour to give You as much information as possible, but We can’t provide You with information about another person. If there is any specific information You are looking for, please outline this in Your request.
Right to Correct Your Personal Data
If any of the Personal Data We hold about You is incorrect, incomplete or out of date, You have a right to have Your Personal Data corrected.
Right to Object to the Processing of Your Personal Data
You have the right to object to certain types of Processing of Your Personal Data. If You object to the Processing of Your Personal Data, We will review Your objection in the context of the Personal Data We process about You. If We consider that We can demonstrate compelling legitimate grounds for the Processing which may override Your individual objection, We may continue to process Your Personal Data despite Your objection. If We feel we cannot demonstrate compelling legitimate grounds for the Processing, We will stop Processing Your Personal Data.
Right to Erase Your Personal Data
You can ask Us to erase Your Personal Data if You think that Your Personal Data is Processed without a legitimate reason or where You believe We no longer have grounds to process Your Personal Data. Please note that We cannot erase Your Personal Data if doing so prevents Us from meeting Our legal and regulatory obligations.
Right to Not Have Your Personal Data Used for Direct Marketing
You have the right to not be subject to direct marketing, and We will only use Your Personal Data for direct marketing purposes if You have given Us Your consent. You can withdraw Your consent at any time by clicking on the “unsubscribe” button in the bottom of marketing emails.
Right to Withdraw Consent
You have the right to withdraw Your consent to Our Processing of Your Personal Data. If You do so and We have no other legal justification for continuing to Process Your Personal Data, We will stop Processing Your Personal Data. There will be no consequences to You if You withdraw Your consent other than if We have to stop Processing Your Personal Data and We can no longer provide services to, or engage with, You as a result.
Complain to the Supervisory Authority
You have a right to complain to the relevant Supervisory Authority. This is the authority responsible for supervising data protection law and compliance in the jurisdiction You reside in.
If You would like to exercise any of Your rights, please email [email protected].
How to Contact Us
The Data Protection Officer for MUFG Investor Services is Gemma Normile.
You can contact Our Data Protection Team at:
MUFG Alternative Fund Services (Ireland) Limited
Data Protection Office
15 George’s Quay
D02VR98
Ireland
Tel: 01 647 0500 or email us at [email protected]
Contact details for Our office locations
Changes to This Data Protection Notice
We review and update (as required) this Notice to reflect changes in Data Protection Law and how We Process Personal Data.
Last Updated: November 19, 2024
Cookie Policy
AI Transparency and Responsible Use Policy
Click here to find out more about how we use Artificial Intelligence responsibly when processing Personal Data.