ONLINE AND EMAIL MARKETING PRIVACY POLICY

1. SS&C and data privacy


SS&C Technologies Holdings Inc. and its subsidiaries ("SS&C") is committed to protecting personal information and respecting your privacy. Personal information has the meaning given to it under applicable privacy and data protection laws and includes “personal data” as defined in the European General Data Protection Regulation (“GDPR”).

This privacy statement describes how we collect, use, share, protect, and otherwise process personal information about you. This privacy statement applies to the personal information that you provide to us:

  • as a visitor to our websites or as a user of our client portals;
  • when you send us personal information in connection with an inquiry about SS&C providing products and services directly to you;
  • as a visitor to our premises; and
  • as a contact at one of our clients, potential clients, suppliers or other business partners.

Notice to Customers of SS&C Clients

Where we collect personal information on behalf of our clients, SS&C acts as a “data processor” (as defined under applicable privacy and data protection laws, including U.S. state privacy laws and GDPR) on behalf of its clients and this privacy statement does not apply. Customers of our clients (e.g. Fund investors or any person providing information in connection with obtaining a product or service from a client of SS&C) should consult directly with the applicable client to obtain a copy of the privacy notice issued by the client as “controllers” (as defined under applicable privacy and data protection laws) which will apply in such instance.

2. What information do we collect from you?


We may collect and process the following information (including personal information) about you:

Information that you give us:

  • This includes information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), giving us a business card (or similar), or corresponding with us by telephone, post, email or other means.
  • It may include, for example, your name, address, email address, work telephone number, mobile telephone number, information about your business relationship with us, information about you necessary to complete anti-money laundering checks in order to comply with requirements relating to anti-money laundering and other legislation applicable to us; and information about your professional role, background and interests.

Information that our website and other systems collect about you:

  • If you visit our website, it will automatically collect certain information about you and your visit, such as your browser type and version.  Our website uses Google Analytics (more info here), a web analytics tool provided by Google, Inc. that tracks and reports on the manner in which the website is used to help us to improve it and, with the setting anonymizeIp, anonymizes data collection by masking the last part of your Internet protocol (IP) address.  We may also collect information about the pages on our site that you visit. Our website may also download "cookies" to your device – this is described in our separate cookie statement.
  • If you email, telephone, write, or exchange other electronic communications with our employees and other staff members, our information technology systems will record details of those conversations and exchanges, sometimes including their content.
  • Some of our premises have closed-circuit TV systems, which may record you if you visit our premises, for security and safety purposes.

Other information: We may also collect some information from other sources. For example:

  • If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you, such as your contact details or details of your role in the organization that you represent.
  • We sometimes collect information from other third parties, which can include third-party data providers, or from publicly available sources for anti-money-laundering, background checking and similar purposes, to protect our business and to comply with our legal and regulatory obligations.

3. How will we use your information?


We may use your information for the following purposes:

  • to personalize and customize your experience with us; conduct research and analysis; and fulfil orders and requests for products, services, or information from you or the organization that you represent.
  • to send you marketing communications regarding our products and services.
  • for ordinary business purposes, including to operate and administer the products and services provided by SS&C in accordance with the terms of any agreements that we may have with our clients.
  • to operate, administer and improve our products and services, website, premises and other aspects of the way in which we conduct our operations.
  • to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials, unlawful or criminal activity, and unauthorized access to or use of personal information and our data system services.
  • to comply with our legal and regulatory obligations, and to bring and defend legal claims where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain).
  • to comply with our internal policies and maintain our records or as otherwise required by applicable data protection laws.
  • to investigate and resolve disputes and security issues and to enforce our applicable terms of use/service and any other contracts you have entered into with us.
  • to respond to requests from our clients that are not already addressed above.
  • for the performance of any contract we enter into with you, or as otherwise set forth in the relevant contracts/terms to which you agree.
  • for any other lawful, legitimate business purpose.

We may from time to time be required to review information about you held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above.

This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations.

To the extent permitted by applicable law, these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve the disclosure of your information to governmental agencies and litigation counterparties as set out below.

Your emails and other communications may also be accessed occasionally by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left our organization).

We will only process your personal information as necessary to pursue the purposes described in this privacy statement.

In exceptional circumstances, we may also be required by law to disclose or otherwise process your personal information.

We will tell you when we ask you to provide information about yourself, if:

  • provision of the requested information is necessary for compliance with a legal obligation, or
  • it is purely voluntary and there will be no implications if you decline to provide the information.

If you are uncertain as to SS&C's need for information that we request from you, please contact the SS&C representative asking for the information, or Contact us, with your query.

4. Disclosure and international transfer of your information


We may disclose personal information about you, in accordance with the various legitimate purposes set out above:

  • to the other legal entities, businesses and brands within SS&C who may use your personal information in the manner described in this statement.
  • if we receive the personal information from you as a representative of one of our business partners or clients, to your colleagues within the organization that you represent.
  • to third-party service providers who host our website or other information technology systems or otherwise hold or process your personal information on our behalf, under substantially similar confidentiality and data protection conditions.
  • to third-party business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, or as otherwise set forth in the relevant contracts/terms to which you agree.
  • in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit; in accordance with our legal obligations, including to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory or where we are otherwise required by law to disclose.
  • with third-parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the our legal obligations under the laws in the jurisdictions in which we operate; (b) to comply with the lawful or reasonable requests of law enforcement, government authorities, courts or to respond to legal process; (c) to enforce our applicable terms/contracts or to protect the security or integrity of our products and services; and/or (d) to exercise or protect the rights, property, or personal safety or health of us, our clients, or any other third-party.
  • with your consent or at your direction, we may share your information with third parties to whom you direct us to share information

We may also share information with others in an aggregated or otherwise de-identified form that does not reasonably identify you.

These disclosures may involve transferring your personal information overseas. If you are dealing with us within the European Economic Area (or the UK), you should be aware that this may include transfers to countries outside the European Economic Area and/or the UK, which do not have similarly strict data privacy laws and which may therefore afford a lower standard of personal information protection. In those cases, where we transfer personal information to other legal entities within SS&C or our service providers, we will ensure that our arrangements with them are governed by data transfer agreements, designed to ensure that your personal information is protected, on terms approved for this purpose by the European Commission.

As part of our SS&C Data Protection Compliance Program, SS&C has executed the new standard contractual clauses (SCCs) for the transfer of personal information to third countries published by the European Commission on 4 June 2021, to ensure that any international transfer of your information is in compliance with GDPR. In addition, our UK domiciled legal entities have executed with the relevant SS&C subsidiaries the UK Addendum published by the UK supervisory authority, the Information Commissioner’s Office (ICO), to ensure compliance with UK data protection laws. The purpose of the UK Addendum, approved by the UK Parliament on 21 March 2022, is to amend the EU SCCs to work in the context of UK data transfers to third countries.

5. How we keep your personal information safe?


We are committed to protecting your personal information submitted to us. We maintain an information security program including internal policies addressing the acceptable use and access to confidential business information and personal information, which may be contained within SS&C’s information systems. We maintain physical, electronic and procedural safeguards reasonably designed to guard personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction of the information that has been provided to us through our online services.

6. How long do we keep your personal information?


We will retain your personal information in accordance with our Personal Data Retention Policy, which may provide for us to retain your personal information for a period of at least 7 years or longer as required by applicable law or our internal policies.

Subject to applicable law or our internal policies, we will delete the personal information that we hold about you when we no longer need it to achieve the purpose of the processing.

Note that we may retain some limited information about you even when we know that you have left the organization that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organization.

7. Your rights as a resident of Australia


If you are an Australian resident, please click here or refer to the section titled “Additional Australian Privacy Disclosures” below for additional specific privacy disclosures under Australian data protection law.

8. Yours rights as a resident of the EU/EEA and/or UK


If you are an EU/EEA and/or UK resident, please click here or refer to the section titled “Additional EU//EA and UK Privacy Disclosures” below for additional specific privacy disclosures under GDPR.

9. Your rights as a resident of Thailand


If you are a resident of Thailand, please click here or refer to the section titled “SS&C Thailand Data Privacy” below for additional specific privacy disclosures under the Thailand Personal Data Protection Act.

10. Your rights as a resident of certain U.S.-States


Depending on your country, region, or state of residence, certain rights may apply to you. If you are a resident of the State of California, Colorado, Connecticut, Nevada, Utah or Virginia in the United States, please click here or refer to the section titled “Additional U.S. State Privacy Disclosures” below for additional U.S. state-specific privacy disclosures.

11. Contact us


We welcome questions, comments and requests regarding this privacy statement and our processing of personal information.  Please send them to the “Data Protection Office” at SS&C Financial Services (Ireland) Limited, La Touche House, Custom House Dock, I.F.S.C., Dublin 1 D01 R5P3, Ireland or email us at gdpr_dpo@sscinc.com.

To make a request for the disclosures or deletion described under this privacy statement, please contact us by phone toll-free at +1 800-234-0556 or by email at gdpr_dpo@sscinc.com.

We will respond to your request consistent with applicable data protection laws.   Depending upon the type of business relationship that you have with us, we may need to notify you that additional information is necessary to authenticate your identity for your data security or that we will refer your inquiry to the financial services entity that holds the primary relationship with you.

For requests to delete your personal information as permitted under applicable data protection laws, we will work with you to accomplish your requests unless otherwise exempted under applicable data protection laws, such as compliance with applicable law or regulatory inquiry.

12. Changes to this privacy statement


Any changes we make to this privacy statement in the future will be posted to our website and also available if you contact us. Please check back frequently to see any changes.

 

Last updated: 27 March 2023

 

 

Additional Australian Privacy Disclosures


These Additional Australian Privacy Disclosures (the “Disclosures”) supplement the information contained in our privacy statement  by providing additional information about our personal information processing practices relating to individual residents of Australia as set forth below. For a detailed description of how we collect, use, disclose, and otherwise process personal information in connection with our services, please visit our privacy statement . Unless otherwise expressly stated, all terms defined in our privacy statement  retain the same meaning in these Disclosures.

Your rights as a resident of Australia

Under the Australian Privacy Act 1988 (Cth), as amended, including the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (collectively “Aus PA”)), you (if you are an Australian resident) may have certain privacy rights in connection with your personal information (as such term is described in the Aus PA).  Some of those rights and disclosure requirements are already outlined in the privacy statement 

  1. 1. Collection of Information
    We collect the personal information categories outlined below, which we may disclose to other legal entities within SS&C, third party service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under substantially similar conditions of confidentiality and security, and business partners, suppliers and sub-contractors for our operational business purposes:
    • Identifiers, such as name, contact information, date of birth, gender, tax file number, financial details, online identifiers and any other required information to maintain a super fund’s records in a format that identifies the member. These records are essential to the proper management of a superannuation fund (Fund) and to enable the Fund to provide members with superannuation benefits and may be provided by the Fund to us.
    • Personal information, as defined in the Aus PA.
    • We might also collect health information on behalf of our clients to enable death or disability insurance cover from the Fund’s insurer or to process a member’s disability claim. Information about a member’s potential beneficiaries is also held by us or our client.
    • Professional or employment-related information, such as company name.

    Depending on how you choose to interact with us, we may collect your personal information when you contact us by telephone, email, through our website or when you complete an application form.

    We do not share or sell your personal information with third parties for such third parties’ direct marketing practices; nor do we sell personal information (as contemplated by the Aus PA) about you that you have provided to us or that we may have collected.

If you are an Australian resident, you have the following rights as set forth in the Aus PA:

  1. 2. Access to and Correction of Personal Information
    • You can access your own personal information by contacting us. Requests for access to your personal information will be responded to within a reasonable period after the request is made. Access to your personal information will be given in the manner requested by you, if it is reasonable and practical to do so. A fee for providing the requested access may apply.

      There are some circumstances in which we are entitled to deny you access to your personal information. These include circumstances where such personal information is used in confidential decisions or in a commercially sensitive decision-making process, where the privacy of others may be breached if the personal information was accessed or where the law requires or authorises such access to be denied.

      If access to requested information is refused or not provided in the manner requested, or there is a refusal to correct the information, then written notice will be provided setting out reasons for the refusal and mechanisms available to complain about the refusal.
    • If we are holding personal information in relation to you that is inaccurate, out of date, incomplete, irrelevant or misleading or you request to correct the information, we will take reasonable action to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
  1. 3. Transfer of Personal Information Overseas

    In certain situations, personal information that we collect may be disclosed to other legal entities within SS&C, third party service providers that operate overseas. This may include India and the United Kingdom that may lead to personal information disclosed to overseas recipients.

    Before disclosing personal information overseas, reasonable steps will be taken to ensure the recipient does not breach the Aus PA or the effect is that the information will be protected in at least a substantially similar way in which the Aus PA protects the personal information.

  1. 4. Notifiable Privacy Data Breaches

    A data breach happens when personal information is accessed or disclosed without authorisation or is lost. Where we assess that we have reasonable grounds to believe that an eligible data breach has occurred, we will notify you and the Australian Information Commissioner about the breach when a data breach involving personal information is likely to result in serious harm.

  1. 5. How do you Contact Us regarding your rights under the Aus PA?

    In addition to the contact details in section 11 of our privacy statement, if you have any questions, complaints, feedback, or would like further information about this Australian privacy statement, or if you wish to make a complaint as regards our compliance with the Aus PA when processing your information you can contact us by post at Level 17, 469 La Trobe St Melbourne VIC 3000 or phone at (03) 9903 6700.

 

 

Additional EU/EEA and UK Privacy Disclosures


These Additional EU/EEA and UK Privacy Disclosures (the “Disclosures”) supplement the information contained in our privacy statement by providing additional information about our personal information processing practices relating to individual residents of the EU/EEA and/or UK as set forth below. For a detailed description of how we collect, use, disclose, and otherwise process personal information in connection with our services, please visit our privacy statement. Unless otherwise expressly stated, all terms defined in our privacy statement retain the same meaning in these Disclosures.

Your rights as a resident of the UK or EU/EEA

  1. 1. Rights of access, correction, restriction and deletion
    You have a right of access to the personal information that we hold about you under European data protection legislation, and to some related information. You can also require any inaccurate personal information to be corrected or deleted as well as that any further data processing is restricted
  1. 2. Right to object
    You can object to our use of your personal information for direct marketing purposes at any time and you have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.
  1. 3. Right to request a copy of SCCs and UK Addendum

    SS&C has executed the new standard contractual clauses (SCCs) for the transfer of personal information to third countries published by the European Commission on 4 June 2021, to ensure that any international transfer of your information is in compliance with GDPR.

    Our UK domiciled legal entities have also executed with the relevant SS&C subsidiaries the UK Addendum published by the ICO, to ensure compliance with UK data protection laws.

    In accordance with the transparency requirements set out in the SCCs, a copy of the SCCs and UK Addendum implemented by SS&C is available upon simple request (subject to the redaction of information to include confidential information, and personal information not relevant to you).

    If you wish to exercise any of these rights, please contact us as set out below.

  1. 4. Complaints

    If you wish to make a complaint as regards our compliance with the SCCs when processing your information, please contact the Data Protection Office at gdpr_dpo@sscinc.com.

    You can also lodge a complaint about our processing of your personal information with the body regulating data protection in your country.

 

 

Additional U.S. State Privacy Disclosures


These Additional U.S. State Privacy Disclosures to include the California-Specific Disclosures and Nevada-Specific Disclosures (the “Disclosures”) supplement the information contained in our privacy statement  by providing additional information about our personal information processing practices relating to individual residents of the States of California, Colorado, Connecticut, Utah, Virginia, and other states as set forth below. For a detailed description of how we collect, use, disclose, and otherwise process personal information in connection with our services, please visit our privacy statement. Unless otherwise expressly stated, all terms defined in our privacy statement  retain the same meaning in these Disclosures.

  1. 1. Note on SS&C Client Data
    Applicable privacy and data protection laws sometimes differentiate between “controllers” and “processors” of personal information. A “controller” determines the purposes and means (or the why and the how) of processing personal information. A “processor,” which is sometimes referred to as a “service provider,” processes personal information on behalf of a controller subject to contractual restrictions.

    As part of our business relationship with our clients, we are often asked to receive, gather, store, analyze, or otherwise process information, which may include personal information, on behalf of our clients. We refer to this type of information and personal information as “client data.” When we process client data, we generally act as a processor or service provider, unless otherwise noted in applicable contract/terms for the product or service. This means we typically process client data on behalf of our clients subject to restrictions set forth in our contracts with them.

    Where SS&C collects personal information on behalf of our clients as a processor, our clients are primarily responsible for how we use and disclose the personal information we collect in our role as a processor. In addition, we are generally not permitted to respond to individual requests relating to client data. As a result, we recommend referring to the privacy statement of the business with which you have a relationship for information on how they engage processors, like us, to process client data on their behalf. If we process your personal information on behalf of one of our clients, and you have questions about how we process your personal information, we may direct any inquiries about our use of your personal information to that client.
  2. Personal Information Disclosures

    Personal Information Collection

    We collect various categories of personal information in connection with our services. Please review the What information do we collect from you? section of the privacy statement to learn more about the personal information we collect and the sources from which we collect or receive personal information. Please review the How will we use your information? section of the privacy statement to learn more about the purposes for which we collect and use personal information.

    Sensitive Information
    The following personal information elements we collect may be classified as “sensitive” under certain U.S. state privacy laws (“sensitive information”):
    • Government identification numbers;
    • Citizenship or immigration status; and
    • Business email content (limited to persons registered with an SS&C ALPS broker-dealer).

    As described in our privacy statement, we use account name and password, as well as payment card information to provide certain of our products and services.

    We do not sell sensitive information, and we do not process or otherwise share sensitive information for the purpose of targeted advertising. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit, or withdraw your consent for, our processing of sensitive information (as described in the Your Privacy Rightssection below).

    Deidentified Information

    We may at times receive, or process personal information to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

  3. 3. Your Privacy Rights
    Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

    The Right to Know

    The right to confirm whether we are processing personal information about you and, under California law only, to obtain certain personalized details about the personal information we have collected about you, including:

    • The categories of personal information collected;
    • The categories of sources of the personal information;
    • The purposes for which the personal information were collected;
    • The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom the personal information were disclosed;
    • The categories of personal information shared for cross-context behavioral advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for those purposes; and
    • The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold.

    The Right to Access & Portability

    The right to obtain access to the personal information we have collected about you and, where required by law, the right to obtain a copy of the personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

    The Right to Correction

    The right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information.

    The Right to Deletion

    The right to have us delete the personal information we maintain about you.

    The Right to Opt-Out of Sales or Sharing of Personal information

    The right to direct us not to “sell” your personal information to third parties for monetary or other valuable consideration, or “share” your personal information to third parties for cross-context behavioral advertising purposes and targeted advertising purposes.

    “Shine the Light”

    California residents that have an established business relationship with us have the right to know how their personal information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law, or the right to opt out of such practices (Civ. Code §1798.83).


    Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

  4. 4. How to Exercise Your Privacy Rights
    To Exercise Your Privacy Rights

    To submit a request to exercise one of the privacy rights identified above, please:

    Email us at USPrivacyRequests@sscinc.com; or
    Call 1-800-234-0556.

    Before processing your request, we may need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we will generally either require the successful authentication of your relationship with us, or the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests to include required personal information elements such as the name of the requesting individual, the name and residency of the data subject, or again the scope of personal data involved (e.g., all or a subset of the information). We may at times need to request additional personal information from you, taking into consideration our relationship with you and the sensitivity of your request.

    In certain circumstances, we may decline a privacy rights request, particularly where you are not a resident of one of the eligible states or where we are unable to verify your identity.

    To Exercise Your Right to Opt-Out of Personal information Sales or Sharing

    Unless you have exercised your Right to Opt-Out, we may disclose or “sell” your personal information to third parties for monetary or other valuable consideration the third parties to whom we sell or share personal information may use such information for their own purposes in accordance with their own privacy policies.

    You do not need to create an account with us to exercise your Right to Opt-Out. However, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

    To exercise the Right to Opt-Out, you may submit a request by clicking the link below:

    • Cookies-based Opt-Out (Do Not Sell or Share My Personal Information). To exercise your right to opt-out as it relates to the use of cookies and other tracking technologies for analytics, please click here. Please note this opt out is browser specific. You must reset your preferences if you clear cookies or use a different browser or device.
  5. 5. Submitting Authorized Agent Requests
    In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.
  6. 6. Appealing Privacy Rights Decisions
    Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at USPrivacyRequests@sscinc.com; or calling 1-800-234-0556.
  7. 7. “Shine the Light” Disclosures
    The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please email us at USPrivacyRequests@sscinc.com.
  8. 8. Minors
    We do not sell the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the “Right to Opt In”) from either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. If you are under the age of 18 and you want to remove your name or comments from our website or publicly displayed content, please contact us directly at USPrivacyRequests@sscinc.com. We may not be able to modify or delete your information in all circumstances.
  9. 9. California-Specific Disclosures
    The following disclosures only apply to residents of the State of California.

    Personal information Collection

    In the last 12 months, we may have collected the following categories of personal information:

    • Identifiers, such as name, social security number, date of birth, phone number, address and other contact information, and online identifiers.
    • Personal information, as defined in the California customer records law.
    • Internet or network activity information, such as interactions with our website or websites we create for our clients.
    • Professional or employment-related information, such as company name, business email address, business address and business phone number.
    • Business email content (limited to persons registered with an SS&C ALPS broker-dealer).
    • Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
    Disclosure of Personal Information

    As described in the Disclosure and international transfer of your information section of our privacy statement, we disclose personal information with a variety of third parties for business purposes or we may sell or share your personal information to third parties, subject to your right to opt out of those sales or sharing (see Your Privacy Rights above).

    In the previous 12 months, we have disclosed, sold or shared certain of the categories of personal information we collect, explained above, to third parties.

    Notice of Financial Incentives

    A part of our business involves the design and implementation of programs and other offerings intended to provide benefits to eligible participants. Most of the programs and other offerings we manage are provided on behalf of our clients. For these programs and other offerings, please refer to the terms and privacy statement of the client with which you have a relationship for information regarding any financial incentives they may offer through our services.

    Apart from the programs and other offerings we provide on behalf of our clients, we also provide our own programs and other offerings directly to interested individuals that may qualify as financial incentives. For example, the programs and other offerings we may make available to interested individuals include:

    Access to exclusive content, research, and insights; or
    Discounts, coupons, cash back, and other special offers for shopping with our partners.

    To obtain access to certain of these programs and other offerings, we may ask to collect or share an interested individual’s personal information, including name, contact information, professional information, account information, and shopping transaction information. We have determined that the value of these programs and other offerings are reasonably related to the value of the personal information we receive and otherwise process in connection with these programs and offerings, based on our reasonable but sole determination. We estimate the value of the personal information we receive and otherwise process in connection with these programs and offerings by considering the expense we incur in collecting and processing the personal information, as well as the expenses related to facilitating the program or offering.

    The terms applicable to each program and other offering are provided at the time an eligible individual is offered an opportunity to participate. Interested individuals can opt-in to these financial incentives by following the instructions presented at the time the offer is made. Participating individuals may withdraw from our programs and other offerings at any time by following the instructions provided in connection with each offering or calling 1-800-234-0556 or emailing USPrivacyRequests@sscinc.com.

    Data Retention

    We will usually store the personal information we collect about you for no longer than necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal information for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and accounting requirements set by a legislature, regulator or other government authority. To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.

    Once retention of the personal information is no longer necessary for the purposes outlined above, we will either delete or deidentify the personal information or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store the personal information and isolate it from further processing until deletion or deidentification is possible.

  10. 10. Nevada-Specific Disclosures
    If you are a resident of the State of Nevada in the United States, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. We do not sell your covered information, as defined by Chapter 603A of the Nevada Revised Statutes. If you reside in Nevada, you have the right to submit a request to USPrivacyRequests@sscinc.com to opt out of the sale of covered information. Please include “Nevada Rights Request” in the subject line.

 

 

Additional Thiland Privacy Disclosures

 

  1. 1. SS&C Thailand and data privacy

SS&C FinTech Services (Thailand) LTD., Global Solutions (Thailand) LTD., SS&C Financial Services International Limited (Thailand) (‘SS&C Thailand’) is committed to protecting personal data and respecting your privacy. 

This privacy statement describes how we collect, use, share, protect, and otherwise process personal information about you. This statement applies to personal information that you provide to us:

  • as a visitor to our websites or as a user of our client portals;
  • when you send us personal information in connection with an inquiry about SS&C Thailand providing products and services directly to you;
  • as a visitor to our premises; and
  • as a contact at one of our clients, potential clients, suppliers or other business partners.

Notice to Customers of SS&C Thailand Clients

Where we collect personal information on behalf of our clients, SS&C Thailand acts as a “data processor” (as defined in the Thailand Personal Data Protection Act (PDPA)) on behalf of its clients and this privacy policy does not apply.  Customers of our clients (e.g. Fund investors or any person providing information in connection with obtaining a product or service from a client of SS&C Thailand) should consult directly with the applicable client to obtain a copy of the privacy policy issued by the client as “data controllers” (as described in PDPA) which will apply in such instance.

  1. 2. What information do we collect from you?

We may collect and process the following information (personal data) about you:

  • Information that you give us:
    • This includes information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), giving us a business card (or similar), or corresponding with us by telephone, post, email or other means.
    • It may include, for example, your name, address, email address, work telephone number, mobile telephone number, information about your business relationship with us, information about you necessary to complete anti-money laundering checks in order to comply with requirements relating to anti-money laundering and other legislation applicable to us; and information about your professional role, background and interests.
  • Information that our website and other systems collect about you:
    • If you visit our website, it will automatically collect certain information about you and your visit, such as your browser type and version. Our website uses Google Analytics (more info here), a web analytics tool provided by Google, Inc. that tracks and reports on the manner in which the website is used to help us to improve it and, with the setting anonymizeIp, guarantees anonymized data collection by masking the last part of your Internet protocol (IP) address. We may also collect information about the pages on our site that you visit. Our website may also download "cookies" to your device – this is described in our separate cookie statement.
    • If you email, telephone, write, or exchange other electronic communications with our employees and other staff members, our information technology systems will record details of those conversations and exchanges, sometimes including their content.
    • Some of our premises have closed circuit TV systems which may record you if you visit our premises, for security and safety purposes.
  • Other information: We may also collect some information from other sources. For example:
    • If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you, such as your contact details or details of your role in the organization that you represent.
    • We sometimes collect information from other third parties, which can include third party data providers, or from publicly available sources for anti-money-laundering, background checking and similar purposes, to protect our business and to comply with our legal and regulatory obligations.
  1. 3. How will we use your information?

We may use your information for the following purposes:

      • to personalize and customize your experience with us; conduct research and analysis; and fulfil orders and requests for products, services, or information from you or the organization that you represent.
      • to send you marketing communications regarding our products and services.
      • for ordinary business purposes, including to operate and administer the products and services provided by SS&C Thailand in accordance with the terms of any agreements that we may have with our clients.
      • to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations.
      • to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes.
      • to comply with our legal and regulatory obligations, and to bring and defend legal claims where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain).
      • to comply with our internal policies and maintain our records or as otherwise required by applicable data protection laws.
      • to respond to requests from our clients that are not already addressed above.

We may from time to time be required to review information about you held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above.

This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations.

To the extent permitted by applicable law, these reviews will be conducted in a reasonable and proportionate way, and approved at an appropriate level of management. They may ultimately involve disclosure of your information to governmental agencies and litigation counterparties as set out below.

Your emails and other communications may also be accessed occasionally by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left our organization).

We will only process your personal information as necessary to pursue the purposes described above.

In exceptional circumstances, we may also be required by law to disclose or otherwise process your personal information.

We will tell you, when we ask you to provide information about yourself, if:

      • provision of the requested information is necessary for compliance with a legal obligation, or
      • it is purely voluntary and there will be no implications if you decline to provide the information.

If you are uncertain as to SS&C Thailand's need for information that we request from you, please contact the SS&C Thailand’s representative asking for the information, or contact us, with your query.

  1. 4. Disclosure and international transfer of your information

We may disclose personal information about you, in accordance with the various legitimate purposes set out above:

  • to the other legal entities within SS&C Thailand.
  • if we receive the personal information from you as a representative of one of our business partners or clients, to your colleagues within the organization that you represent.
  • to third party service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under substantially similar conditions of confidentiality and security.
  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
  • in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit; in accordance with our legal obligations, including to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory or where we are otherwise required by law to disclose.

These disclosures may involve transferring your personal information overseas. If you are dealing with us within Thailand, you should be aware that this may include transfers to countries outside Thailand, which do not have similarly strict data privacy laws and which may therefore afford a lower standard of personal data protection. In those cases, where we transfer personal data to other legal entities within SS&C Thailand or our service providers, we will ensure that our arrangements with them are governed by data transfer agreements, designed to ensure that your personal information is protected, on terms approved for this purpose by the Thailand Personal Data Protection Committee.

  1. 5. How we keep your personal information safe?

We are committed to protecting your personal information submitted to us. We maintain an information security program including internal policies addressing the acceptable use and access to confidential business information and personal information which may be contained within SS&C Thailand’s information systems. We maintain physical, electronic and procedural safeguards reasonably designed to guard personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction of the information that has been provided to us through our on-line services.

  1. 6. How long do we keep your personal information?

We will retain your data as required by applicable law or our internal data protection policy.

We will delete the information that we hold about you when we no longer need it.

Note that we may retain some limited information about you even when we know that you have left the organization that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organization.

  1. 7. What are your rights?

Your rights under Thailand Personal Data Protection Act (PDPA)

Under the Thailand Personal Data Protection Act (PDPA), you (if you are a Thai resident) may have certain privacy rights in connection with your Personal Data (as such term is described in the PDPA). In addition, we collect the personal data, as defined in the Thailand Personal Data Protection Act, which we may disclose to other legal entities within SS&C, third party service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under substantially similar conditions of confidentiality and security, and business partners, suppliers and sub-contractors for our operational business purposes.

If you are a Thai resident, subject to the PDPA and exceptions thereof, you may have the following rights to:

  • Right of Access: you may have the right to access or request a copy of the personal data we collect, use or disclose about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
  • Right of Rectification: you may have the right to have incomplete, inaccurate, misleading, or not up-to-date personal data that we collect, use or disclose about you rectified.
  • Right to Data Portability: you may have the right to obtain personal data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we collect, use or disclose such data on the basis of your consent or to perform a contract with you.
  • Right to Object Processing: you may have the right to object to certain collection, use or disclosure of your personal data such as objecting to direct marketing.
  • Right to Restrict Processing: you may have the right to restrict the use of your personal data in certain circumstances.
  • Right to Withdraw Consent: for the purposes you have consented to our collection, use or disclosure of your personal data, you have the right to withdraw your consent at any time.
  • Right to Erasure: you may have the right to request that we erase or de-identify personal data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

If you wish to exercise any of these rights, please contact us as set out below.

  1. 8. Contact us

We welcome questions, comments and requests regarding this privacy policy and our processing of personal information, or exercise rights described under Section 7.

Please send them to the Data Controller, 6th Floor, RSU Tower, 571 Sukhumvit Road, North Klongton, Wattana, Bangkok 10110, Thailand or by email th.risk@sscnc-corp.global.

We will respond to your request consistent with applicable data protection laws.   Depending upon the type of business relationship that you have with us, we may need to notify you that additional information is necessary to authenticate your identity for your data security or that we will refer your inquiry to the financial services entity that holds the primary relationship with you.

For requests to delete your personal information as permitted under applicable data protection laws, we will work with you to accomplish your requests unless otherwise exempted under applicable data protection laws, such as compliance with applicable law or regulatory inquiry.