Candriam Privacy Notice for clients
Date of last update: June 2023
- General provisions
- Candriam, a Luxembourg société en commandite par actions (partnership limited by shares) (registered office: Serenity - Bloc B, 19-21 Route d’Arlon, L-8009 Strassen, Luxembourg), its branches, subsidiaries and Candriam Switzerland (registered office: rue du 31 décembre 40-42, CH-1207 Geneva, Switzerland) (“Candriam”, “we” or “our”) undertake to respect the personal data (the “Personal Data”) of their clients.
- Candriam owns and manages the website https://www.candriam.com.
- This information notice (the "Notice") sets out the principles on which Candriam processes Personal Data. Please read the text below carefully so that you understand our position and practices in managing Personal Data.
- For the purposes of applying applicable personal data protection laws (including among others, the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”), the Dubai International Financial Centre Data Protection Law (DPL) and the Swiss Federal Data Protection Act, amended or replaced from time to time and to the extent applicable) Candriam acts as the “data controller” of your Personal Data.
- Candriam Switzerland has appointed Candriam, a Luxembourg société en commandite par actions (partnership limited by shares) whose registered office is Serenity - Bloc B, 19-21 Route d’Arlon, L-8009 Strassen, Luxembourg, registered on the Luxembourg Trade and Companies Register under number B 37647 as its representative in the European Union for the purposes of the GDPR.
- In the event that you use Candriam’s services/website, you acknowledge that you have carefully read this Notice and have unreservedly accepted it. You acknowledge that you have understood the purposes and grounds on which your Personal Data is processed. You acknowledge that continued use will be considered to represent continued consent.
- You may, at any time, notify us that you no longer consent in an email to be sent to the email address stated at the end of this Notice.
- Please note that as part of our services/the website, we may use cookies or similar technologies. Cookies are small text files that are stored on a device's hard drive and that contain certain information and, sometimes, Personal Data. Candriam uses these cookies in accordance with its Cookie Policy. You may view our Cookies Policy via the following link: Legal information.
In case of doubt on the interpretation of the present Notice, the French version will prevail over the other versions.
- Collection of your Personal Data
- Candriam collects and processes the following categories of Personal Data concerning you, provided that such data is adequate, relevant and limited to what is necessary for the purposes for which they are processed. The relevant Personal Data are:
- Information that you provide to us:
- When you enquire about Candriam's expertise or services (including when you do so on behalf of your employer), we reserve the right to process your Personal Data, including your name, gender, postal address, personal or work email address, personal or work telephone number, financial information, description, photograph, identity documents (including your passport or identity card), job, marital status and information about your dependants or beneficiaries;
- You and/or your employer may provide us with information about you during our audit of your employer, when you complete a form on our website or when you communicate with us by telephone, e-mail, any other electronic means or in writing. This may include information that you provide when you create an account on our website, when you subscribe for any of our services or studies, when you carry out a search on our website, when you request information, enter information or content on our website, when you report a problem on our website or when you request information via our website. This information includes, among other things, your name, email address, gender, job, postal address, telephone number and fax number;
- If you are interested in participating in a physical or digital event organised by Candriam for social and entertainment purposes aimed at promoting our business activities, we may process your Personal Data, including, without limitation, your name, gender, postal address and personal or work email address;
- Some discussions during calls or meetings with Candriam may be recorded.
- The information we collect about you: Each time you visit our website, we reserve the right to automatically retrieve the following information:
- Technical information, including the Internet Protocol ("IP") address, used to connect your computer to the internet, your identifiers, the type and version of the browser you are using, the time zone settings, location data, the types and versions of the plug-ins integrated into your browser, your operating system and platform;
- Information relating to your visits, including the full sequence (URL) of queries or clicks made on this website (including the date and time), the products, services or questions you have visited or searched for, the page response time, download errors, the time spent on each page, information on interactions between pages (scrolling, clicks, mouse cursor pointing) and the methods used to leave a page and the phone numbers used to call us;
- Information from other sources:
- We may receive information about you when you use any of the websites we operate or any of the services we provide;
- We are part of a group of companies that manage funds and provide other financial services. We will notify you when you request services that involve one or more of our subsidiaries and/or affiliates, as they may provide us with information about you that is required in order to provide the service;
- We work closely with third parties (banks, financial institutions, business partners, legal or other advisers, technical subcontractors, statistical service providers, information research service providers) that may provide us with information about you;
- Information about third parties: Where you provide us with information about someone other than you, for example about other employees of your employer, or people who accompany you to physical or digital events organised by Candriam for social and entertainment purposes aimed at promoting our business activities, you must ensure that they understand how their information will be used and that they have authorised you to disclose it to us so that we and our service providers may use it.
- Information that you provide to us:
- Candriam collects and processes the following categories of Personal Data concerning you, provided that such data is adequate, relevant and limited to what is necessary for the purposes for which they are processed. The relevant Personal Data are:
- Purposes of processing
- The legal bases of our Personal Data processing activities are established within the strict limits of the purposes and conditions of Articles 6, 9 and 10 of the GDPR. If your Personal Data is processed on the basis of your consent or a legitimate interest, you may object to this processing at any time. This objection must be sent by email to the email address stated at the end of this Notice.
- Candriam collects, uses and processes your Personal Data for the following purposes:
- Collection and processing on certain occasions, including, as set out above, where necessary to provide you with information about products, services or events that may be of interest to you or your employer;
- To enter into a contract with you, particularly in order to execute your investment in a Candriam fund, to verify your identity or to provide you with services;
- Where required by law. This is the case where we are under a legal obligation to carry out certain checks or where we receive a request from a judicial or governmental authority.
- We process your Personal Data in accordance with the legitimate interests of Candriam, its subsidiaries and/or its branches in managing and marketing their business activities, which is considered by Candriam not to be contrary to the interests, freedoms, rights and fundamental rights of its Clients (given that, if Candriam is unable to carry out certain processing activities, the impact on its activities may be high and it is unlikely that the identified risks of harm to the individual’s interests will materialise). If these risks materialise, Candriam has put in place sufficient guarantees in order to mitigate their impact. In particular:
- We use your Personal Data to optimally manage Candriam's funds and our business activities;
- We use your Personal Data to verify commercial and legal information about our clients and investors. The purpose is to assess their activities and situation in relation to their investments and in relation to the services we provide to them;
- We monitor the use of our websites and use your Personal Data to better manage, improve and protect our services and websites, whether online or offline;
- We monitor our investors' accounts to prevent, investigate and/or report instances of fraud, terrorism, misrepresentation, security incidents or offences as required by applicable laws;
- We will use your Personal Data in connection with legal claims, to ensure compliance with applicable regulations or in connection with investigations, where necessary (we will also disclose this information as part of legal proceedings or disputes);
- We use your Personal Data or the Personal Data of persons who accompany you to in-person or digital events for social and entertainment purposes aimed at promoting our business activities.
- Disclosure of your Personal Data
- Your Personal Data may be disclosed to:
- Subsidiaries, branches and/or affiliated companies;
- Trusted third parties such as:
- Legal or other advisers, consultants and other professional experts, claimants, correspondents, investigators, suppliers and service providers of any of the entities referred to above and any company connected to them;
- Business partners, suppliers, subcontractors for the sole purpose of performing obligations under a contract with them, with you or with your employer. We take the necessary steps to ensure that our employees protect your Personal Data and are aware of their obligations in relation to data security;
- Providers of statistical services and information research services that help us to improve and optimise our website;
- The competent judicial and administrative authorities, or other authorities authorised by law or any other applicable regulations;
- Third parties:
- When we are selling or acquiring a business or asset, in which case we reserve the right to disclose your Personal Data to the potential seller or purchaser;
- If a third party acquires Candriam, or Candriam’s business or assets, in which case the data that Candriam holds about its users, suppliers or customers will be included in the transferred assets;
- In the event that we are required to disclose or share your Personal Data in order to comply with a legal obligation or to perform our obligations under contracts, or if we reasonably believe that such disclosure is necessary, or to protect the rights, property or security of Candriam, our users, our client or any other persons;
- In preventing crime or protecting against fraud.
- The Personal Data will only be disclosed within the framework of the legal basis used for the processing of the Personal Data in question, with contractual guarantees that the Personal Data remains secure and confidential.
- Your Personal Data may be disclosed to:
- Marketing Communications
- We or trusted third parties acting on our behalf may contact you by email, other electronic means or by post to provide you with information about products, services or events that may be of interest to you. Where necessary, at the time you provide us with your Personal Data, you may state whether you agree to us using your Personal Data to send you information about such products, services or events.
- You may withdraw your consent at any time by sending us an email to the email address stated at the end of this Notice.
- International transfers of Your Personal Data
- Some of the subsidiaries and/or branches affiliated with Candriam and some third parties to which Candriam may disclose or share your Personal Data (as described above) are located in countries outside the European Union whose laws do not offer a level of protection of Personal Data similar to that provided by your home country.
- In order to ensure to ensure adequate protection of such transfers, Candriam uses transfer mechanisms recognised by the European Commission, which may include the appropriate entry into standard contractual clauses approved by the European Commission pursuant to Article 46 (2) of the GDPR. To obtain a copy of the transfer mechanism, please contact us at the email address stated at the end of this Notice.
- We take the necessary steps to protect your Personal Data against the risk of loss, destruction or unauthorised access.
- Unfortunately, the transmission of information over the Internet is not a fully secure process. Although we make every effort to protect your Personal Data, we are unable to guarantee the security of the Personal Data you send us via our website. You are responsible for any transfer of data. Once we have received your Personal Data, strict procedures and security measures are put in place to prevent any unauthorised access.
- Retention of your Personal Data
- Candriam will not retain your Personal Data for longer than is necessary to carry out the purposes set out in this Notice or to comply with a legal obligation imposed by applicable laws. For more information on the retention of your Personal Data, please contact the email address stated at the end of this Notice.
- Candriam will not retain your Personal Data for longer than is necessary to carry out the purposes set out in this Notice or to comply with a legal obligation imposed by applicable laws. For more information on the retention of your Personal Data, please contact the email address stated at the end of this Notice.
- Your rights
- Unless otherwise provided in the GDPR or any other law, you, as a data subject, have a number of rights over the use of your Personal Data:
- Access: You have the right to obtain confirmation that your Personal Data is or is not being processed and to obtain access to that Personal Data and to receive certain additional information such as the purpose of the processing, the categories of Personal Data in question, etc. You have the right to request a copy of the Personal Data we hold about you. Please note that there are exceptions to this right. You may be denied access to your Personal Data if, for example, making it available to you involves disclosing the Personal Data of a third party, or if we are prohibited by law from disclosing such information. Please contact us at the email address stated at the end of this Notice.
- Accuracy: We strive to keep your Personal Data up to date and to ensure that it is accurate and complete. We invite you to contact us at the email address stated at the end of this Notice to notify us about any inaccurate Personal Data or changes so that we can update your Personal Data.
- Withdrawal: You have the right to withdraw your previous consent to the processing of your Personal Data. You may withdraw your consent at any time by sending an email to the email address provided at the end of this Notice.
- Objection: In some cases, you also have the right to object to the processing of your Personal Data.
- Limitation: In certain cases, you also have the right to restrict the processing of your Personal Data.
- Erasure: In certain cases, you also have the right to have your Personal Data erased.
- Portability: You have the right to request that some of your Personal Data be transferred to you or to another data controller, in a commonly used and machine-readable format.
- Complaints: If you consider that your Personal Data protection rights have been breached, you are entitled to lodge a complaint with the competent supervisory authority or to appeal to a court.
- Please note that there are exceptions to these rights if, for example, we are legally required to continue processing your Personal Data.
- Please note that you will be notified of any rectification or erasure of Personal Data or restriction of processing unless such notification proves to be impossible or requires a disproportionate effort.
- If you wish to submit a request to exercise one or more of the rights listed above, you should send an email to the email address stated at the end of this Notice. This request must clearly state which right you wish to exercise and, where applicable, the reasons for exercising the right.
- We will promptly notify you when your request is received. If the request is valid, we will comply with it as soon as reasonably possible and, in any event, within one month of receiving the request. Otherwise, we will inform you of the reasons for refusal within one month of receiving the request.
- When we ask you to provide Personal Data, we will make every effort to clearly state whether such data is required in order to provide you or your employer with the products and services in question or whether it is optional.
- Unless otherwise provided in the GDPR or any other law, you, as a data subject, have a number of rights over the use of your Personal Data:
- Questions about the processing of your Personal Data
- If you have any questions about this Notice or wish to: (I) access, transfer, object, cancel, revise, orrect or request the deletion of or restrict access to your Personal Data; (ii) make any other request; or (iii) raise a concern in relation to your Personal Data, please contact us at DPO[@]candriam.com.
- Although Candriam hopes to be able to answer any questions that clients may ask, if your issues are not resolved, you also have the right to complain to the data protection authorities. The competent data protection authority will be the supervisory authority in the country in which Candriam operates.
- An exhaustive list of our subsidiaries and affiliates is available via the following link: Legal Information
- Amendments of this Notice
- Candriam reserves the right to amend this Notice at any time. Any amendments to this Notice will be published on Candriam Privacy Notice webpage. Please check the website regularly for updates or modifications. If we make material changes to this Notice, we will notify you and seek your permission if required under applicable laws.
Candriam Privacy Notice for consultants and externals
Date of last update: June 2023
Introduction
Candriam, a Luxembourg société en commandite par actions (partnership limited by shares) (registered office: Serenity - Bloc B, 19-21 Route d'Arlon, L-8009 Strassen, Luxembourg), its branches, subsidiaries and Candriam Switzerland (registered office: rue du 31 décembre 40-42, CH-1207 Geneva, Switzerland) ("Candriam" or "we" or "our") undertake to respect the personal data (the "Personal Data") of the service providers, external consultants and points of contact of our suppliers (the "Service Providers") that they collect as part of the services they provide to Candriam (the "Services").
For the purposes of applying applicable personal data protection laws (including among others, the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”), the Dubai International Financial Centre Data Protection Law (DPL) and the Swiss Federal Data Protection Act, amended or replaced from time to time and to the extent applicable) Candriam acts as the “data controller” of your Personal Data.
Candriam Switzerland has appointed Candriam, a Luxembourg société en commandite par actions (partnership limited by shares) whose registered office is at Serenity - Bloc B, 19-21 Route d’Arlon, L-8009 Strassen Luxembourg, registered on the Luxembourg Trade and Companies Register under number B 37647 as its representative in the European Union for the purposes of the GDPR.
The Personal Data of the Service Providers will be processed and included in personnel management records/systems controlled by Candriam for the purposes of managing the service relationship and as described more fully in this information notice (the "Notice").
By simply providing services to Candriam after receipt of this Information Notice, you acknowledge that you have carefully read this Notice and have unreservedly accepted it. You also acknowledge that you have understood the purposes and grounds on which your Personal Data is processed. You acknowledge that continued use will be considered to represent continued consent.
In case of doubt on the interpretation of the present Notice, the French version will prevail over the other versions.
- Collection of Personal Data concerning Service Providers
- Candriam collects and processes the following categories of Personal Data concerning Service Providers, provided that such Data is adequate, relevant and limited to what is necessary for the purposes for which they are processed:
- Identification data: last name, first name, gender, mother tongue, nationality, voice recording;
- Contact data: work email address, work mobile telephone/landline number, personal email address and personal mobile telephone/landline number may be collected in exceptional circumstances (particularly for imperative health reasons);
- Work-related data: employer, position, salary (for service providers who are individuals).
- Candriam collects and processes the following categories of Personal Data concerning Service Providers, provided that such Data is adequate, relevant and limited to what is necessary for the purposes for which they are processed:
- Purposes of processing
- The legal bases of our Personal Data processing activities are established within the strict limits of the purposes and conditions of Articles 6, 9 and 10 of the GDPR. If your Personal Data is processed on the basis of your consent or a legitimate interest, you may object to this processing at any time. This objection must be sent by e-mail to the e-mail address stated at the end of this Notice.
- Candriam collects, uses and processes the Personal Data of Service Providers for the following purposes:
- Access and facilities management;
- Managing and monitoring the working relationship;
- Compliance with Candriam’s policies and procedures and legal and regulatory requirements;
- Risk management;
- Governance;
- Security and business continuity plan;
- Provision and management of IT services and support.
- Candriam may also, in certain circumstances (including critical health-related situations), collect, use and process Personal Data for the following purposes: i) organising physical and/or digital events in relation to the Service, sending any items relating to the organisation of such events to the Service Provider's home address (e.g. lunchboxes, aperoboxes) and ii) any other purpose directly linked to the purpose set out above.
- Some of these purposes are directly linked to the management of the working relationship, and the processing therefore needs to be carried out in order for the agreement to be performed. Others may be based on the legitimate interests of Candriam, its subsidiaries and/or its branches in managing and marketing their business activities, which is considered by Candriam not to be contrary to the interests, freedoms, rights and fundamental rights of its Service Providers (given that, if Candriam is unable to carry out certain processing activities, the impact on its activities may be high and it is unlikely that the identified risks of harm to the individual’s interests will materialise). If these risks materialise, Candriam has put in place sufficient guarantees in order to mitigate their impact.
- Disclosure of Service Providers’ Personal Data
- A limited number of people in the HR, Legal, Compliance, Finance, Accounting, IT, Marketing and IT Helpdesk departments and certain managers will have access to the Service Providers' Personal Data where necessary in managing the working relationship.
- Candriam may share limited Personal Data about Service Providers to its subsidiaries and/or affiliates through directories, the activation of access passes, the use, on a need-to-know basis, of professional applications or in connection with IT support and business continuity/disaster recovery requirements. Candriam has implemented appropriate measures with its affiliates to ensure that any disclosure of Service Providers’ Personal Data is secure.
- Candriam may also disclose Service Providers’ Personal Data to government agencies and regulators, courts and other tribunals and government authorities to the extent required or permitted by applicable legal or regulatory obligations.
- The Personal Data will only be disclosed within the framework of the legal basis used for the processing of the Personal Data in question, with contractual guarantees that the Personal Data remains secure and confidential.
- International transfers of Service Providers’ Personal Data
- Some of Candriam’s subsidiaries and/or affiliates with whom Candriam shares Personal Data are located in countries outside the European Union whose laws do not offer a level of protection of Personal Data comparable to that provided by the country of origin.
- Where necessary, Candriam may also share Service Providers’ Personal Data with companies established in countries outside the European Union.
- In order to ensure that such transfers are adequately protected, Candriam uses transfer mechanisms recognised by the European Commission, which may include the appropriate entry into standard contractual clauses approved by the European Commission pursuant to Article 46 (2) of the GDPR. To obtain a copy of the transfer mechanism, please contact us using the email address stated at the end of this Notice.
- Retention of Service Providers’ Personal Data
- Candriam will not retain Service Providers’ Personal Data for longer than is necessary to carry out the purposes set out in this Notice or to comply with a legal obligation imposed by applicable laws. For more information on the retention of your personal data, please contact the email address stated at the end of this Notice.
- Candriam will not retain Service Providers’ Personal Data for longer than is necessary to carry out the purposes set out in this Notice or to comply with a legal obligation imposed by applicable laws. For more information on the retention of your personal data, please contact the email address stated at the end of this Notice.
- Your rights
- Unless otherwise provided in the GDPR or any other law, Service Providers, as data subjects, have a number of rights over the use of their Personal Data:
- Access: You have the right to obtain confirmation that your Personal Data is or is not being processed and to obtain access to that Personal Data and to receive certain additional information such as the purpose of the processing, the categories of Personal Data in question, etc. You have the right to request a copy of the Personal Data we hold about you. Please note that there are exceptions to this right. You may be denied access to your Personal Data if, for example, making it available to you involves disclosing the Personal Data of a third party, or if we are prohibited by law from disclosing such information. Please contact us at the email address stated at the end of this Notice.
- Accuracy: We strive to keep your Personal Data up to date and to ensure that it is accurate and complete. We invite you to contact us at the email address stated at the end of this Notice to notify us about any inaccurate Personal Data or changes so that we can update your Personal Data.
- Withdrawal: You have the right to withdraw your prior consent to the processing of your Personal Data. You may withdraw your consent at any time by sending an email to the email address provided at the end of this Notice.
- Objection: In some cases, you also have the right to object to the processing of your Personal Data.
- Limitation: In some cases, you also have the right to restrict the processing of your Personal Data.
- Erasure: In some cases, you also have the right to have your Personal Data erased.
- Portability: You have the right to request that some of your Personal Data be transferred to you or to another data controller, in a commonly used and machine-readable format.
- Complaints: If you consider that your Personal Data protection rights have been breached, you are entitled to lodge a complaint with the competent supervisory authority or to appeal to a court.
- Please note that there are exceptions to these rights if, for example, we are legally required to continue processing your Personal Data.
- Please note that you will be notified of any rectification or erasure of Personal Data or restriction of processing unless such notification proves to be impossible or requires a disproportionate effort.
- If you wish to submit a request to exercise one or more of the rights listed above, you should send an email to the email address stated at the end of this Notice. This request must clearly state which right you wish to exercise and, where applicable, the reasons for exercising the right.
- We will promptly notify you when your request is received. If the request is valid, we will comply with it as soon as reasonably possible and, in any event, within one month of receiving the request. Otherwise, we will inform you of the reasons for refusal within one month of receiving the request.
- When we ask you for Personal Data, we will use every effort to make it clear to you whether such data is necessary or optional.
- You are required to inform Candriam of any changes to or inaccuracies in the Personal Data.
- Unless otherwise provided in the GDPR or any other law, Service Providers, as data subjects, have a number of rights over the use of their Personal Data:
- Questions about the processing of Service Providers’ Personal Data
- If you have any questions about this Notice or wish to: (I) access, transfer, object, cancel, revise, correct or request the deletion of or restrict access to your Personal Data; (ii) make any other request; or (iii) raise a concern in relation to your Personal Data, please contact us at DPO[@]candriam.com.
- Although Candriam hopes to be able to answer any questions that consultants and externals may ask, if your issues are not resolved, you also have the right to complain to the data protection authorities. The competent data protection authority will be the supervisory authority in the country in which Candriam operates.
- An exhaustive list of our subsidiaries and affiliates is available at: Legal Information
- Amendments of this Notice
- Candriam reserves the right to amend this Notice at any time. Any amendments to this Notice will be published on Candriam Privacy Notice webpage. Please check the website regularly for updates or modifications. If we materially amend this Notice, we will notify you and seek your consent where required by applicable law.