EMEA Privacy Notice
EMEA Privacy Notice
We take your privacy seriously and value transparency at the highest possible standard. For more than half a century, we have continued to operate inside of the Europe, Middle East and Africa region and to meet the privacy needs of our clients.
This notice sets out how members of the Northern Trust group (collectively and individually, "Northern Trust", "we" or "us") will process personal information as a controller or joint controller in connection with the:
The entity which shall be deemed controller or joint controller of your personal data is as per the applicable entity in the final section of this notice “Northern Trust Entities”.
And in this notice, "you" means:
If you have any questions about our use of your personal information, please contact our Data Protection Officer at Privacy_Compliance@ntrs.com.
We may amend this notice from time to time to keep it up to date with applicable legal requirements and our global operating model. If we make material changes to this notice, we will aim to notify you by way of including notice of change in this notice or as part of our established correspondence with you. We encourage you to check this page from time to time to review the latest version of this notice.
How and why we obtain your personal data may depend on the capacity in which you interact with us.
We will obtain some of your personal information directly from you, such as when you are a customer for our products and services or you complete a form, sign up for marketing or choose to give us personal information as part of the Northern Trust Matrix, including in connection with the security features of the Northern Trust investor portal forming part of the Northern Trust Matrix ("Matrix Portal").
We will also obtain some of your information indirectly from Northern Trust clients, from Funds, from an investor in the Fund(s) (each an "Investor"), or from a Manager, where you have been appointed by that client, Investor or Manager to access and use Northern Trust products and services, including the Northern Trust Matrix, on its behalf. Where you are an investor in a Fund, references to Investor in this notice should be read as references to you.
We will also obtain some of your information indirectly when we provide the following services to our institutional clients:
We will receive information about you when Northern Trust acts as a service provider to its institutional clients and where you represent or are employed by such an institutional client or where you are an underlying investor, shareholder, settlor, beneficiary, director, officer or beneficial owner of such institutional client. We also obtain information about you from our service providers and business partners where you work with us in the course of their business.
We will also collect some information from you when you interact with our websites or visit our premises.
The types of personal information collected by Northern Trust.
Northern Trust Matrix and Other Services
The types of personal information collected by Northern Trust include, without limitation:
Operation of the Business
Northern Trust will also collect and use information in the day-to-day operation of our business, including:
Operating our Electronic Infrastructure
Northern Trust will collect information through your use of our website or other online services such as applications, including:
Northern Trust may process your personal information for the following purposes:
Relationship Management and Administration
The legal bases for this processing are:
Development and Management of our Services
Northern Trust may process your personal information for the following purposes:
The legal bases for this processing are:
Crime Prevention and Detection
Northern Trust may process your personal information for the following purposes:
The legal bases for this processing are:
Exemptions under A9/10 GDPR;
Other Legal and Regulatory Obligations
Northern Trust may process your personal information for the following purposes:
The legal bases for this processing are:
Protection and Administration of our Physical and Electronic Infrastructure
Northern Trust may process your personal information for the following purposes:
The legal bases for this processing are:
Northern Trust Matrix
We may use personal information which you provided in connection with an investment in a Fund, or which we have received from a Fund or Manager as a result of services which we provide to that Fund or Manager, for the purposes of the services provided via the Matrix Portal. We may also use this information for the purposes of providing services to other Funds (or their Managers) in which you have invested or in respect of which an Investor has appointed you to access the Matrix Portal.
Northern Trust may process your personal information in connection with the Northern Trust Matrix:
Where an Investor has agreed to Northern Trust’s centralised AML procedures, and your personal data is required in connection with that Investor’s AML due diligence checks, Northern Trust, may process your personal data as a controller by:
• Retaining AML and other records of individuals to assist with the subsequent screening and ongoing AML customer due diligence and monitoring of Investors by Northern Trust and its affiliates, including in relation to other funds or clients of Northern Trust or any of its affiliates.
Where you have subscribed to use Matrix Portal Northern Trust, as a controller, will additionally use your personal data for:
The legal bases for this processing are:
Northern Trust will not at any time be acting as a joint controller with its institutional clients or a Fund.
While this notice sets out how Northern Trust will use your personal data as controller (and as joint controller with other members of the Northern Trust group), you should also note that where Northern Trust provides services to a Fund or other institutional client, Northern Trust will continue to act as a processor for that institutional client, Fund and / or its Manager, which will act as controller(s). You should refer to the relevant controller's data protection notice to understand how your personal information will be used in connection with that institutional client or investment in that Fund by you or the Investor that has appointed you to act on its behalf. Northern Trust will not at any time be acting as a joint controller with its institutional clients or a Fund.
Northern Trust may disclose your personal information as follows:
We maintain a global operating model to provide services and products to clients globally.
Northern Trust maintains a global operating model which enables delivery of our services and products to our international client base. The disclosure of personal data to third parties, including Northern Trust affiliates, set out above may therefore involve the transfer of your personal data to the USA, India, the Philippines and other countries or territories outside the European Economic Area (“EEA”), the U.K. or your country of residence. Such transfers are made in accordance with locally applicable data protection laws.
Some of the countries to which Northern Trust transfers personal data to are deemed by the European Commission, or under locally applicable data protection law, to provide an adequate level of data protection. However, you should be aware that data protection laws in other countries to which Northern Trust transfers personal data may be considered less protective than those in your country of residence.
Where we are required to do so under applicable data protection laws, we take appropriate steps to implement appropriate technical and organisational safeguards, such as the European Commission’s Standard Contractual Clauses, or their equivalent applicable in the U.K. to ensure your data continues to be adequately protected and your privacy rights respected.
We also assess the overall level of protection offered in the context of specific transfers and, where necessary, our use of appropriate safeguards is supplemented by additional measures that support an adequate level of data protection. We apply these safeguards to transfers of personal data to third parties as well as to the Northern Trust affiliates.
In limited circumstances, Northern Trust may rely on a derogation from the obligation to ensure an adequate level of protection, meaning that we transfer personal data without the use of appropriate safeguards. This may be the case where, for example, a transfer of your personal data is necessary for important reasons of public interest, or to establish, exercise or defend legal claims.
Please contact Privacy_Compliance@ntrs.com for copies of appropriate safeguards, including Standard Contractual Clauses, that have been entered into by Northern Trust. Please be aware that appropriate safeguards may be redacted for reasons of commercial confidentiality.
Northern Trust will retain your personal information for as long as required for Northern to perform the services.
In general terms, we will retain your personal information for the length of time we perform the services (including the Northern Trust Matrix) or the service to the institution you represent. We may maintain different retention periods for different products and services.
We will also retain your personal information for the period as required by tax and company laws, or other regulations such as anti-money laundering and know-your-customer regulations, to which we or your institution are subject, and as long as necessary for you to be able to bring a claim against us and for us to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws.
In certain circumstances, information may need to be retained for a longer period of time, for example where we are in ongoing correspondence or there is a continuing claim or investigation.
Northern Trust will retain your personal information for as long as required for us to perform the services.
Northern Trust will use reasonable efforts to keep your personal information up to date. However, you will need to notify Northern Trust without delay in the event of any change in your personal circumstances, or those of the others mentioned above, so that Northern Trust can keep the personal information up to date. You should do this through Matrix Portal or by contacting Privacy_Compliance@ntrs.com.
You have the following rights, in certain circumstances and subject to certain exceptions, in relation to your personal information:
Where you have provided your consent to processing (e.g. to receive information about products and services which may be of interest to you or the institution you represent), you may withdraw your consent at any time. You can withdraw your consent or exercise your rights by contacting Privacy_Compliance@ntrs.com
Where Northern Trust requires your personal information to comply with AML or other legal requirements, failure to provide this information means Northern Trust will not be able to provide services to you or the institution you represent, facilitate dealings in the Fund(s) (whether electronic or otherwise) or the provision of information in relation to the Funds to you via the Matrix Portal.
You have the right to lodge a complaint in relation to Northern Trust’s processing of your personal data:
If you have any questions about our use of your personal information, please contact our Data Protection Officer at Privacy_Compliance@ntrs.com, and/or:
Northern Trust entities acting in a controller capacity.
*These entities also act as joint controller for the purposes of providing Northern Trust Matrix services.
- Last updated, August 2023