Baillie Gifford Privacy Notice
Baillie Gifford is committed to protecting the privacy and security of personal information entrusted to us.
This privacy notice is for individuals connected with, or employed by, institutional investors, financial intermediaries and consultants, and other professional third parties, such as custodians and service providers, with whom Baillie Gifford has a business relationship. We refer to such individuals in this notice as our “Business Contacts”.
This privacy notice describes how we, as a “Data Controller”, collect and use personal information about you during and after your relationship with us, in accordance with the U.K. General Data Protection Regulation (GDPR). It applies to the processing of personal data of our Business Contacts, including those of Baillie Gifford Investment Management (Europe) Limited (BGE) which is subject to the EU GDPR.
This privacy notice is not intended for individuals who previously invested directly with us through our Investment Trust ISAs, Share Plans or Children’s Savings Plans. Neither is it intended for those who subscribe to our marketing, invest directly with us in our range of OEICs, or candidates for recruitment.
- If you are a former direct investor in our Investment Trust ISAs or Plans, please see the former investors privacy notice.
- If you subscribe to our marketing, please see the marketing recipients privacy notice.
- If you invest in an OEIC, please see the OEIC investors privacy notice.
- If you are a candidate for recruitment, please see the candidates privacy notice.
The kind of information we hold about you
We may collect, store, and use the following categories of personal information about you:
- contact details such as name, title, addresses, telephone numbers and email addresses;
- identification details such as signatures, IP address and job titles in order to confirm your identity; and
- CCTV footage if you visit us at our offices.
Where permitted in accordance with local law, we may also in some circumstances record telephone conversations with you.
If you provide us with additional information about you, in particular by email or on telephone calls, we may for regulatory reasons be required to store the record as a whole. This could include, in particular:
- information about your race or ethnicity, religious beliefs, sexual orientation, marital status, and political opinions; or
- information about your health, including any medical condition.
We ask that you do not disclose any such information to us if you are uncomfortable with it being stored on our systems to comply with our regulatory obligations.
How is your personal information collected?
We typically collect personal information about our Business Contacts directly from them, from their employers or from other Business Contacts with whom we share a relationship. For example, our institutional clients will share with us the contact details for their advisers and service providers. We will collect additional personal information in the course of our relationship as a necessary consequence of the services being provided.
How we will use information about you
We will only use your personal information when the law allows us to; this is known as a “legal basis” for processing.
Situations in which we will use your personal information
We may use your personal information to:
- communicate with Business Contacts in relation to, or to facilitate the provision of, our services; the legal basis for this will be for performing a contract we have entered with you personally, or in furtherance of your and our legitimate interests;
- communicate with Business Contacts to provide you with information about Baillie Gifford and relevant events or research organised or produced by us, unless you have indicated to us that you do not wish to receive such information;
- process identification details of certain Business Contacts in order to confirm their identities, which is an anti-fraud measure to comply with our legal obligations;
- check identification details of Business Contacts against databases of individuals who are subject to sanctions, classified as “politically exposed persons”, or have committed crimes and to follow up any suspicions, in order to ensure that we comply with our anti-money laundering and terrorism obligations and to avoid fraud itself; and
- meet our other compliance and regulatory duties, for example to retain certain records.
We may also use your personal information in the following situations, which are likely to be rare: where we need to protect your interests (or someone else's interests, such as a corporate client we have in common); or where it is needed in the public interest or for official purposes.
There may be overlap in the circumstances in which we use the same information about you.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law or regulation.
We may need to share your personal data with third parties, including other Business Contacts, other entities within the Baillie Gifford group and our auditors. Where we share your personal data with another party performing services for us, we require those third parties to respect the security of your personal data and to treat it in accordance with the law.
Which third party service providers appointed by Baillie Gifford will process my personal information?
We may share your contact details with our preferred partners for relevant event invitations such as investment conferences. You may at any time inform us that you no longer wish to receive future invitations from us.
We may also need to share your personal information with a regulator or to otherwise comply with the law.
When might you share my personal information with other entities in the group?
We will share your personal information with other entities in our group in connection with our performance of the services we provide.
We have put in place measures to protect the security of your information. Details of these measures are included in group-wide policies which cover the following:
- management and organisation of information security;
- classification of data which includes data handling rules;
- staff training on responsibilities connected to information security and the reporting of any information security incidents;
- physical and environmental security; and
- systems security, including backups, virus protection and access controls.
Our policies and controls are based on the international standard for information security, ISO27001, to which we have been certified since 2010. We are committed to implementing, maintaining and continually improving an information security management system in accordance with that standard. Our approach supports the enhancement of information security controls and our information governance framework is overseen by our Chief Information Security Officer. That framework includes a cross functional senior management group supported by expert external advice to oversee an effective information security strategy.
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or regulatory requirements.
You will appreciate that as a regulated business, there are record retention obligations on us. We retain your personal data in order to comply with these obligations.
Rights of access, correction, erasure, and restriction
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
You can exercise these rights by contacting your usual Baillie Gifford relationship contact.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
Right to Withdraw Consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact your usual Baillie Gifford relationship contact. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Data Protection Officer
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, or if you are unhappy with how we handle your personal information, please contact the Data Protection Officer at DataProtection@bailliegifford.com or your usual Baillie Gifford relationship contact. If we do not resolve your concerns to your satisfaction, you have the right to make a complaint to the Information Commissioner's Office (ICO), the U.K. data protection regulator. Business Contacts of BGE have a right of complaint to the DPC, the Irish Data Protection Commission.
Changes to this Privacy Notice
We may update this privacy notice from time to time and will communicate such updates through our website. We will not do so where we believe this would materially impact your rights and freedoms: in those circumstances we will expressly notify you. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice, please contact your usual Baillie Gifford relationship contact, who will be happy to assist you.