GDPR Privacy and Cookie Notice
GDPR Privacy Notice
At State Street Global Advisors (“SSGA”) we are committed to handling your Personal Data (defined below) responsibly and would like to let you know that we recognise and respect your right to privacy. This notice explains how SSGA and any fund or product sponsored, managed, or otherwise affiliated with SSGA (the “Funds”) (together “we”, “our”, “us”) collect, use, share or otherwise process Personal Data in connection with your relationship with us. For a list of the SSGA entities and Funds acting as a controller for the purposes of GDPR, please see annex I.
We may provide supplemental notices from time to time, for example where we collect or use your sensitive personal data, which should be read together with this notice. We will publish the current notice on our websites (the “Sites”) which will apply each time you share Personal Data with us. We reserve the right to amend or update this notice at any time.
How we collect your Personal Data
We may collect your contact details (such as your address, email address and telephone number) or other information (such as your job title, identifying information required for anti-money laundering and related matters, your IP address, and information regarding the computer or mobile device ("Electronic Device") used to access our Sites, such as its operating system, unique identifier, and model name, as well as its user configurations and settings etc.) from which you can be identified (“Personal Data”). We may collect and use, for example, details you provide:
i. by filling in online/application/dealing forms,
ii. during our onboarding process;
iii. during telephone calls or meetings with us or our representatives/agents,
iv. when you register to use or use our Services (including via our Sites),
v. when registering or subscribing to our newsletters or conferences,
vi. when asking us to authenticate you as an authorised user and to facilitate communications between us that you request,
vii. by completing surveys issued by SSGA (we will process information provided by you for research and monitoring purposes).
We may combine the information that we collect with personal or other information that we obtain from third parties (such as social media networks or marketing partners) or that we collect from you in other contexts (such as when you email us, call us, or attend one of our events). If the information collected is about you or relates to you, or is combined with such information, we will treat it as Personal Data.
Any Personal Data which you provide to us or our agents is at your sole discretion. However, we may not be able to engage with you (fully or at all) if you do not provide requested Personal Data. Please do let us know if your Personal Data changes during our relationship. Please note that if your Personal Data is anonymised, it is no longer Personal Data.
Basis of and Use of Personal Data
In order to effectively manage our relationship with you, we will collect, use, process, or arrange processing of this Personal Data if and to the extent that we have a lawful basis to do so; that is:
i. you have consented;
ii. we need to do so in order to perform the contract we have entered into with you/in relation to your investment in our Fund or the provision of State Street services as well as to effect administrative or operational processes by SSGA, our Funds or their service providers (“Services”);
iii. if we need to do so in order to comply with an EU legal or regulatory obligation; or
iv. if we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests may include direct marketing by State Street entities or our regulatory obligation as a global financial institution. You have the right to unsubscribe from such direct marketing. See the section below entitled "Marketing Communications and Your Choices".
We will also use your Personal Data and the Funds and their service providers (or any of their affiliates, agents, employees, delegates or sub-contractors) will use your Personal Data to:
i. provide Services to you and/or the institution that you act for;
ii. to facilitate the opening of your account, the management and administration of your holdings and/or your holdings in a Fund and any related account on an on-going basis;
iii. carry out anti-money laundering checks and related actions;
iv. carry out fitness and probity checks and related actions;
v. to report tax related information to tax authorities in order to comply with a legal obligation;
vi. to monitor and record calls and electronic communications for (a) processing and verification of instructions, (b) investigation and fraud prevention purposes, (c) for crime detection, prevention, investigation and prosecution, (d) to enforce or defend SSGA, the Funds and their affiliates', directly or through third parties to whom they delegate such responsibilities or rights in order to comply with any applicable legal obligation, (e) for quality, business analysis, training and related purposes (f) to pursue our legitimate interests in relation to such matters or (g) where the processing is in the public interest;
vii. to update and maintain records and fee calculations;
viii. enhance or personalise your online experience;
ix. authenticate you as an authorised user and to facilitate communications between us that you request;
x. fulfil your requests, including sending you white papers, newsletters and other supplements;
xi. contact you for marketing purposes in-line with the applicable laws (see the section below entitled "Marketing Communications and Your Choices");
xii. operate our business in a prudent manner in accordance with industry standards and applicable law, which may include, in addition to supporting the Services; responding to inquiries and requests; preventing fraud; and monitoring and archiving communications;
xiii. to take advice from our advisors;
xiv. for governance and management reporting purposes.
We may use or disclose your Personal Data if we are required to do so by law or if we reasonably believe that we need to do so to protect our rights or to comply with a judicial or regulatory requirement or to pursue our legitimate interests. If we need to use your Personal Data for a reason which is not reasonably compatible with the original purpose, we will notify you and explain the basis on which we are permitted to so use your Personal Data.
Marketing Communications and Your Choices
SSGA uses information collected to market business services to our institutional customers. Specifically, we may collect, use, and/or share your information with our affiliates and service providers in order to provide specific information that you request, thought leadership materials, industry information, invitations to events and webinars, and other communications or solicitations that we believe will be of interest to you. We target and tailor such communications based on your interaction with us such as on our Sites and with our emails; your inquiries; your participation in events or webinars; relevant social media activity; and other third-party data. If you do not wish to receive this information from us, please manage your preferences accordingly. You can also unsubscribe by clicking on the unsubscribe link in any of our emails or by letting your SSGA contact know.
How we may share Personal Data
We may disclose or share Personal Data:
i. to our affiliates for various purposes, as permitted by law, including in order for its affiliates to provide services;
ii. with government agencies, exchanges, or other self-regulatory organisations and law enforcement authorities as required or permitted by law, rule, regulation or legal process, including, without limitation, for governmental reporting or to enforce any rights SSGA may have against you as necessary. Personal Data about you that is collected on our Sites, or in the course of the provision of Services, including any of your financial information, can become subject to the legal systems and laws in force in each state or country (a) where it is held, received or stored by you or us, (b) from where it is accessed by you or us, or (c) through which it passes. In addition, if you have an account at SSGA, because your account(s) may include information about more than one individual and about your business relations with SSGA and its affiliates, statements released to comply with legal process may contain information regarding your relationship with these individuals and with us and our affiliates.
iii. at the request of a regulatory agency or in connection with an examination of us by bank or other examiners;
iv. at the request of our internal or external auditors or attorneys;
v. when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity,
vi. if disclosure is necessary to protect the vital interests of a person;
vii. to non-affiliated third parties with whom we have contracted to perform services on its behalf. We require our third-party servicers to agree to comply with appropriate privacy and security standards or to undertake to provide similar and appropriate levels of protection as we do when processing Personal Data.
viii. with a successor entity in the event of a merger, acquisition or similar transaction.
How we Transfer and Store Personal Data
SSGA is a global organisation and part of the global State Street group; Personal Data we collect may be transferred internationally throughout the world to countries where State Street does business, which may not have the same data protection laws as the country in which you reside. We have relevant legal safeguards, internal policies and procedures in place in an effort to achieve an equivalent level of protection across our organisation. To find out more about the safeguards that SSGA has in place please contact Jill Stoller (Chief Privacy Officer) at JStoller@StateStreet.com. The transfer of Personal Data to other countries is based on a business need or to comply with applicable laws. Personal Data stored or processed in a foreign jurisdiction may be accessed under a lawful order made in that jurisdiction.
By providing your information to SSGA in the course of your access and use of our Sites or the Services, you agree that your Personal Data, for the purposes explained in this privacy notice, may be transferred to and stored in other countries where SSGA does business, which may not have the same data protection laws as the country in which you reside.
How we protect your Personal Data
We use security measures, in compliance with applicable law, to protect Personal Data from unauthorised access or use. Yet you should understand that the open nature of the Internet is such that information and Personal Data may flow, without security measures, over networks connecting you to our systems and may be accessed and used by people other than those for whom the data is intended.
To safeguard against unauthorised access to Personal Data by third parties, all electronic Personal Data held by SSGA is maintained on systems protected by secure network architectures that contain firewalls and intrusion detection devices. The servers holding Personal Data are "backed up" (i.e., recorded) on a regular basis in an effort to avoid any inadvertent erasure or destruction of such Personal Data and are stored in facilities with appropriate security and fire detection and response system.
When you contact SSGA with questions about our Sites or the Services, we must confirm your identity on the phone before discussing your information. The questions and answers you select when logging into our Sites for the first time are used for this identification process.
Our Sites may, from time to time, contain links to and from the sites of third parties. If you follow a link to any of these sites, please note that these sites have their own privacy notices or practices and that we do not accept any responsibility or liability for these notices, practices or sites. Please check these policies before you submit any Personal Data to these sites.
We will retain your Personal Data for as long as required and for as long as necessary to provide our Services, products and information or as permitted / required by applicable law. This period may extend beyond the termination of our relationship with you.
Any person who has sent us Personal Data has the right to:
In the interests of security, we may request specific information from you to help us confirm your identity when you are exercising your rights.
If you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. If you choose to withdraw your consent, we will no longer process your Personal Data for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You may also unsubscribe from any direct marketing at any time.
You will not generally have to pay a fee in relation to the exercise of the above rights but please note that a reasonable fee may be levied on excessive or manifestly unfounded requests or in such cases, we may refuse to comply with such excessive or unreasonable requests.
How to Contact Us
If you have questions or comments about this privacy notice, or about how your data is processed, please contact: Jill Stoller (Chief Privacy Officer) at JStoller@StateStreet.com
Last updated: 25 May 2018
By using the website www.ssga.com, you agree that State Street Global Advisors (SSGA) can store and access cookies, IP address and use other methods in order to collect website usage data and improve your online experience. This can include information related to your use of the website, the browser and device type you are accessing the website from and where you are located.
What are cookies?
Cookies are small text files downloaded to your computer or device by websites you visit. Cookies are widely used in order to allow websites to function properly, as well as to provide business and marketing information to the owners of the site.
Cookies are used for technical reasons to enable www.ssga.com to work efficiently. These cookies are essential in order to enable you to move around the Site and use its features, such as accessing secure areas of the Site. Without these cookies, services you have asked for cannot be provided.
Ease of Use
Cookies are used to enhance the usability of the site for visitors, such as by capturing visitor preferences on our site so that they are remembered for subsequent visits improving the visitor experience.
Cookies are used to gather statistics on how visitors use our site. This allows us to gain insight into how visitors use the website so that we may make improvements to its usability.
Cookies are used for web analytics and intelligence about our Site. This information may be combined with other information for the purposes described below, including marketing. We may also use web beacons or other technologies for similar purposes and we may include these in marketing email messages or our newsletters in order to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but may work in conjunction with cookies to monitor online activity.
If you want to remove existing cookies from your device, you can do this using your browser options. You may refuse to accept cookies by changing your browser settings. For more information on managing cookies and other tracking devices see www.allaboutcookies.org/manage-cookies.
Deleting and blocking cookies will have an impact on your user experience as parts of the Site may not function properly or be accessible. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon you visit our Site, even if you have previously deleted our cookies.
The following table details the most frequently used cookies on www.ssga.com and explains their use.
At State Street Global Advisors (“SSGA”) we are committed to handling your personal information or personal data (“Personal Data”) responsibly and transparently. This Global Privacy Notice (“Notice”) is intended to comply with the relevant transparency requirements under the applicable privacy or data protection laws. This Notice explains how SSGA and any fund or product issued, sponsored, managed, or otherwise affiliated with SSGA (the “Funds”) (together “we”, “our”, “us”) collect, use, share or otherwise process your Personal Data in connection with your relationship with us. The Notice applies to any Personal Data we may collect from you through our websites or applications, accessed using your device (e.g., mobile, computer) or various other offline means, such as when you attend our events, or when you otherwise interact with us as described below.
Please note in certain jurisdictions there might be exemptions to the rights we describe below pursuant to applicable privacy laws and regulations. We may amend this Notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please check these pages regularly for the latest version of this Notice.
This Notice contains the following sections:
Subject to the laws or regulations applicable to the relevant jurisdiction, we may collect the following categories of Personal Data about you or your device:
A. Identity information
first name, middle name, last name, alias username or similar identifier, marital status, title, date of birth, gender, state or national identification number (such as a driver license or social security number), passport number, internet protocol, signature, physical characteristics or description or other similar identifiers. Some information included in this category may overlap with other categories.
B. Demographic information
Age, race, color, national origin, citizenship, marital status, sex (including gender).
C. Contact information
Billing address, delivery address, email address or telephone numbers.
D. Biometric information
Identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, keystroke.
E. Contractual information
Information collected as part of the products and services we provide to you.
F. Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
G. Financial information
Bank account and payment card details.
H. Internet or another similar network activity
Browsing history, search history, information on a consumer's interaction with a website, application, advertisement, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites or applications.
I. Sensory data
Audio, visual, or similar information.
J. Professional or employment-related information
Education, current employment, employment history.
K. Inferences drawn from other personal information
Profile reflecting a person's household, individuals associated with your account(s), information regarding your relationship with these individuals, or information about your business relations with us.
We collect your Personal Data in a variety of ways and from various sources. For example, we may collect your Personal Data:
The Personal Data that we collect from you may include sensitive Personal Data. We recognize that certain jurisdictions have enacted laws that require higher protection of certain sensitive Personal Data. Sensitive Personal Data includes categories of information identified by the applicable privacy laws as requiring special treatment or protection. This information may include, but is not limited to, racial or ethnic origin; political opinions; religious, philosophical, or other similar beliefs; membership of a trade union or profession or trade association; physical or mental health; biometric data; or sexual orientation.
We do not collect, use, share or otherwise process sensitive Personal Data or criminal records unless permitted to do so by law. For example, we may collect, use, share or otherwise process your sensitive Personal Data or criminal records to perform Know Your Customer (KYC) checks to comply with applicable Anti-Money Laundering (AML) laws.
We use Personal Data for the following purposes:
If you do not provide us with your Personal Data when requested, it may prevent us from being able to carry out the tasks listed above.
We may use your Personal Data to market to you. Specifically, we may collect, use, or otherwise process your Personal Data and share it with our affiliates and service providers to provide you with thought leadership materials, industry information, invitations to events and webinars, and other communications or solicitations that we believe will be of interest to you. We target and tailor such communications based on your interaction with us, via mail, email, online, telephone, in-person, or through third-party partners or vendors. If you do not wish to receive this information from us, please manage your preferences by clicking on the unsubscribe link in any of our emails, letting your relationship manager know or by clicking here.
We may disclose the categories of your Personal Data described above to our affiliates, service providers, and other third parties for our business purposes. When we do so, we will make sure that your Personal Data is used in a manner consistent with this notice, or enter into a contract that describes the business purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract.
We may disclose your Personal Data to the following categories of third parties:
We do not sell any of your Personal Data including Personal Data of minors under the age of 16 or as defined by applicable laws or regulations.
We operate globally and we may share some of your Personal Data, with organizations (including our affiliates and our service providers) who are outside of the jurisdiction in which the Personal Data was collected. Because we are headquartered in the United States, Personal Data collected in other countries is routinely transferred to the United States for processing. That is, Personal Data collected in one jurisdiction may be transferred, stored, and processed outside the country of origin. For these transfers, we have the relevant legal safeguards in place, including (for example) by way of contractual arrangements based on sets of standard contractual clauses that have been pre-approved by the European Commission (or otherwise consistent with the requirements of the relevant jurisdiction) to ensure adequate protection, or in certain circumstances we may rely on one of the exceptions to the rules that allows us to perform these transfers. This reflects our commitment to protecting your personal data regardless of where your personal data resides. Personal Data stored or processed in a foreign jurisdiction may be accessed under a lawful order made in that jurisdiction.
We are committed to protecting the security of your Personal Data. We use reasonable technical and organization measures, in compliance with applicable law, to protect your Personal Data from unauthorized access, unlawful processing and against accidental loss, destruction or damage.
We will retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected, such as providing our services, or as required by applicable laws or regulations. This period may extend beyond the termination of our relationship with you.
Depending on the jurisdiction, and subject to certain exceptions, you may have specific rights regarding your Personal Data. This section describes such rights and how you may exercise them.
If we are relying on your consent to use or share your Personal Data, you have the right to fully or partially withdraw your consent, subject to certain exceptions defined in applicable laws and regulations. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
Please click here to access the U.S. Consumer Privacy Notice.
California residents please click here for more information.
This Notice sets out how the following entities in Australia collect, hold, use, store and disclose “personal information” for the purposes of the Privacy Act 1988 (Cth):
Please contact us at firstname.lastname@example.org if you have any concerns about the accuracy, handling or retention of personal information under the Privacy Act 1988 (Cth).
The primary point of contact for all issues arising from this Notice is our Chief Privacy Officer or Data Protection Officer. If you wish to exercise your rights, or have questions or comments about this Notice or about how your Personal Data is processed, please contact our Chief Privacy Officer or Data Protection Officer by email or via our website at: