1. General

   This Privacy & Cookie Policy (this “Policy”) is in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and sets out how Fisher Investments Luxembourg Sàrl, trading as Fisher Investments Europe, and its branches (collectively, the “Company”), uses Personal Data relating to the following natural people (“Individuals”):

   • prospective clients, clients, and their representatives;
   • website users;
   • business contacts at service providers and vendors; and
   • individuals who agree to participate in market research.

   In this Policy, “Personal Data” means any information about identified or identifiable Individuals. As the controller responsible for the processing of Individuals’ Personal Data, the Company is committed to privacy and will use Individuals’ Personal Data only in accordance with this Policy.

   The Company can be contacted about this Policy using the following details:

   Fisher Investments Luxembourg, Sàrl
   trading as Fisher Investments Europe
   Attn: Data Protection Officer
   2a, rue Albert Borschette
   L-1246 Luxembourg
   privacy@fisherinvestments.lu
   +352 2786 7320

2. Types of Personal Data

   Depending on the processing purpose, the Company processes the following types of Personal Data for relating categories of Individuals:

   1. Prospective clients, clients, and their representatives:
      • The Company uses the name, address and email address of Individuals provided by third party list vendors to provide offers for the Company’s informational materials. Such Personal Data may come from public sources and/or such vendors’ private databases.
      • The Company uses the name, address, telephone numbers, email address, and asset level category of Individuals who provide such information at the time that they request the Company’s informational materials, and at the time that they express an interest in services offered by the Company.
      • When Individuals request that the Company provide a suitability assessment, investment strategy recommendation, or insurance mandate recommendation and/or engage the Company as discretionary investment manager or insurance broker, the Company uses the Personal Data Individuals provide directly, including:
        • Information provided in the client profile document;
        • Information provided in the client agreement, account statements, account opening documents for the custodian, insurance policy subscription documents, and any instruction or mandate form with respect to the Company’s discretionary investment management service or insurance brokerage service;
        • Information provided to employee representatives of the Company in-person and by telephone, including information the Company may request from time to time to assist in providing services to the Individual.
      • To conduct a suitability assessment and design a recommended investment strategy or insurance mandate for Individuals, as well as conduct ongoing suitability assessments for clients, the Company uses information provided by Individuals about their mental and physical health (“Health Data”), including in the context of conducting a proprietary assessment of an Individual’s life expectancy and any impact on the investment time horizon for the Individual’s assets.
      • The Company is required under the EU Directive 2015/849 of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and other applicable anti-money laundering laws and regulations (collectively “AML Laws”) to carry out identity verification, sanctions checks, and anti-money laundering and anti-terrorist financing screens. Accordingly, the Company uses the name, date of birth and address provided by Individuals seeking to become clients of the Company to perform a sanctions and anti-money laundering check using the services of a third party service provider, which may reveal information relating to criminal convictions or offences.
      • The Company is required under the Markets in Financial Instruments Directive 2014/65/EU (“MiFID II”) and Commission Delegated Regulation (EU) 2017/565 (“CDR 2017/565”) to record telephone conversations that relate to activities in financial instruments. Accordingly, certain telephone calls between the Individual and the Company will be recorded.
      • Where an organisation or some other legal entity seeks to become or becomes a client, the Company uses business contact information and other identifying information about the Individuals representing the organisation or legal entity in its dealing with the Company.
   2. Website users:
      • The Company places ads on publishers’ websites or within email content, either directly through the publisher or via a third party. As a result of Individuals interacting with the advertising content, ad server companies will collect Individuals’ domain types, IP address, and clickstream data.
      • The Company’s websites use cookies, such as pixels, tags, and web beacons and other online tracking technologies that collect information about Individuals’ internet browsing habits and history (collectively referred to in this Policy as “cookies”). For more information, please see Section 8
   3. Business contacts at service providers and vendors:
      • In dealing with service providers and vendors, the Company obtains information about the Individual representing the service provider or vendor, including name, title, name, address, telephone and fax numbers and email address.
   4. Individuals who agree to participate in market research:
      • When Individuals agree to participate in market research, the Company uses information about Individuals’ marketing and investment preferences. Such data is provided directly by Individuals to the Company or to a third party service provider engaged by the Company to conduct such market research.

3. Use of Personal Data

   1. Purposes and Lawful Bases

      The Company processes Individuals’ Personal Data for the following purposes, and upon the legal bases set out in the table below.

      Purpose for which the Company uses Personal Data		Legal Basis upon which the Company relies
      Main Purpose	Sub-Purposes
      A. Prospective Client Management	To carry out direct marketing This includes sending mail and emails to Individuals on lists rented from third party list vendors. It also includes following up and sending promotional material by email, phone or mail to Individuals who requested informational materials and ongoing insights on financial and investment matters and related services.	The Company can use Personal Data for marketing to Individuals where Individuals have consented to it. In addition, given the Company’s legitimate interest in promoting its business, the Company can use Personal Data for marketing to: (i) Individuals who previously requested informational materials from the Company or its affiliates (collectively, the “Fisher Group”); and (ii) Individuals representing organisational prospective clients.
      	To optimise marketing This includes analysing website visits to the Company’s websites and the number of clicks through the pages to request informational materials. It also includes using cookies to display the Company’s online advertisements to individuals who may be more likely to be interested.	The Company can use Personal Data for this purpose where Individuals have consented to them. In addition, given the Company’s legitimate interest in promoting its business, the Company can use Personal Data to market to people with interests similar to the individuals.
      	To conduct market research This includes conducting market research to ask Individuals about their marketing and investment preferences.	The Company can use Personal Data for this purpose where Individuals have consented to it. In addition, the Company can also use some Personal Data for this purpose because it is in the Company’s legitimate interest to invite Individuals to participate in market research.
      	To contact Individuals referred to the Company	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to contact Individuals who permitted the referring party to provide their Personal Data to the Company.
      	To suppress Individuals from being contacted	The Company can use limited Personal Data for this purpose because it is in the Company’s legitimate interest to refrain from contacting Individuals who have requested not to be contacted or who the Company believes should not be contacted.
      B. Client Management	To provide discretionary investment management services	The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party. In some cases, the Company has a legitimate interest in using an Individual’s Personal Data for this purpose, such as when communicating with representatives of an organisational client or when a client brings a guest to a Company event.
      	To offer and coordinate third party products or services that supplement the Company’s services	The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party or to take steps at the request of the Individual prior to entering into a contract.
      	To calculate portfolio performance	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to calculate portfolio performance.
      	To assess suitability and design an investment strategy recommendation This includes providing financial analysis.	The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party or to take steps at the request of the Individual prior to entering into a contract. The Company can also use Health Data for this purpose where Individuals have consented to it.
      C. Legal Compliance & Defence	To meet the Company’s obligations under Applicable Law This includes monitoring the advice process, keeping records of telephone calls, verifying identity of individuals, and conducting sanctions and anti-money laundering checks, which may reveal data concerning criminal convictions or offences.	The Company can use Personal Data for this purpose to comply with applicable financial and insurance services laws and regulations (including, without limitation, MiFID II, CDR 2017/565 and laws and regulations of the Commission de Surveillance du Secteur Financier and Commissariat aux Assurances (“Financial Services Laws”)), AML Laws, and other applicable laws and regulations (collectively, “Applicable Law”). In addition, the Company can use Personal Data for this purpose beyond the legally mandated record retention period because it is in the Company’s legitimate interest to keep data for as long as the statute of limitations so that the Company can enforce and defend its legal rights.
      	To share data with regulators and law enforcement officials This includes sharing information with the Commission de Surveillance du Secteur Financier, Commissariat aux Assurances, the National Data Protection Commission, the Luxembourg Inland Revenue, other regulatory, law enforcement, and similar authorities applicable to the Fisher Group, as required.	The Company can use Personal Data for this purpose where required to comply with Applicable Law.
      	To share data with courts and tribunals	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to enforce and defend its legal rights.
      D. Training	To train, monitor, and supervise internal staff This includes training and surveying employees, recording and monitoring certain telephone calls, voicemails, and other computer or telecommunication activities.	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to train and supervise its workforce to offer the best possible service.
      E. Vendor Management	To engage with service providers and vendors This includes making payments and contacting business contacts at service providers and vendors using their business contact information.	The Company can use Personal Data for this purpose for its legitimate interest in engaging with its service providers and vendors.
      F. Security	To enhance security of Company facilities This includes the use of video surveillance equipment, subject to applicable legal restrictions.	The Company can use limited Personal Data for this purpose because it is in the Company’s legitimate interest to secure its facilities.

      Where the Company has relied upon its ‘legitimate interest’ as a legal basis for a particular purpose, it has performed a ‘balancing test’ to ensure that Individuals’ rights and interests are taken into account when their Personal Data is used. Further information on the balancing test can be obtained by contacting the Company’s Data Protection Officer.

   2. If Individuals fail to provide Personal Data

      Where the Company needs to collect Personal Data to comply with a legal obligation, or under the terms of a contract or upon request prior to entering a contract, and the Individual does not provide such data, the Company may not be able to provide services and may need to cancel the contract. Similarly, if an Individual does not consent to providing Health Data for the purpose described above, the Company may not be able to provide services and may need to cancel the contract. The Company will notify the Individual if this is the case at the time. If an Individual requesting informational materials and ongoing insights does not consent to receiving the same, the Company will not be able to provide such materials and insights.

4. Sharing of Personal Data

   1. Who will the Company share Personal Data with?

      The Company will not sell or lease Individuals’ Personal Data to third parties.

      For the purposes listed in Section 3, the Company may share Individuals’ Personal Data with:

      • Fisher Group companies, including:
        • Fisher Investments (“FI”), Fisher Investments Europe’s parent company in the United States;
        • Fisher Investments Europe Limited, trading as Fisher Investments UK (“ FI UK”), a wholly-owned subsidiary of FI in the UK; and
        • Fisher Investments Ireland Limited (“FII”), a wholly-owned subsidiary of FI in the EU.

        FI, FI UK and/or FII (the “Outsourced Fisher Companies”) act as service providers of marketing, human resources, finance, information technology, legal support services, and investment sub-management and trading functions to the Company. In these capacities, the Outsourced Fisher Companies may have access to Personal Data collected and used by the Company.

      • Company-authorised vendors, service providers, contractors and representatives. These organisations are as follows:
        • Custodians that hold custody of clients’ assets managed by the Company, as well as custodians, brokers and dealers that execute trade order instructions for clients of the Company. The custodians holding clients’ assets will also have a direct contractual relationship with each client. Such custodians are generally located in the European Economic Area (“ EEA”) and are subject to laws similar to the Financial Services Laws. If an Individual requests an account held by a custodian located in the United States, the Company will transfer Personal Data in connection with such account only with the explicit consent of the Individual.
        • Regulatory DataCorp, Inc. and Tracesmart Ltd., which carry out the sanctions and anti-money laundering checks on behalf of the Company as described in Section 3.
        • Information technology and security providers, such as communications, internet firewall and malware detection providers.
        • Marketing service providers, including website host companies that collect Personal Data on behalf of the Company from Individuals interested in the Company’s informational materials, social media platforms, merge-purge service providers that ensure mailing lists are accurate, and mailing service providers that send mail to Individuals on behalf of the Company. Providers of third party professional advice, such as lawyers and auditors.
      • Insurance companies that issue Assurance-Vie and/or Contrat de Capitalisation insurance products to Individual clients of the Company. The insurance companies issuing these insurance products will also have a direct contractual relationship with such Individuals. Such insurance companies are generally located in the EEA and are subject to laws similar to the Financial Services Laws.
      • Courts and tribunals, as described in Section 3.
      • Regulators (including the relevant financial regulators), tax authorities, other government agencies, and law enforcement organisations, as described in Section 3.
      • If the Company sells, transfers or merges part or all of its business, or attempts to do so, then third parties may receive Personal Data.
   
   
   2. What safeguards are in place where Personal Data is transferred outside of the EEA?

      Where the Company transfers Personal Data to a data recipient in a jurisdiction outside of the EEA where the laws do not provide an equivalent level of data protection as the EEA, the Company and the data recipient will make the transfer in accordance with standard contractual clauses adopted pursuant to Article 46(2)(c) or (d) of the GDPR including the standard contractual clauses issued by the European Commission (“Model Clauses”).

      Please contact the Company using the contact details in Section 1 with any questions about the legal safeguards in place to protect Personal Data when transferred outside the EEA (including how to obtain a copy or consult these safeguards).

5. Consent

   In accordance with applicable data protection laws, Individuals who consent to the Company using their Personal Data may withdraw that consent at any time. Individuals may do so via the Companies’ online form. If you are a private client, click here. If you are an institutional investor, click here. You can also unsubscribe using the details set out in Section 1.

   When doing so, Individuals should:

   • ensure that a full name and address and/or email address is provided in exactly the form in which it was originally provided to the Company to avoid any possible confusion with a different Individual; and
   • ensure that the particular uses for which consent is being withdrawn are specified. The uses for which the Company relies on consent are set out in Section 3

   Individuals may also unsubscribe from direct email marketing via the Company’s online form. If you are a private client click here. If you are an institutional investor, click here.

6. Individuals’ Rights

   In accordance with applicable data protection laws, Individuals may exercise the following rights in relation to the Personal Data that the Company holds about them:

   • Individuals have the right to obtain confirmation as to whether or not their Personal Data is being processed and, where this is the case, have access to the Personal Data.
   • Individuals have the right to ask the Company to rectify Personal Data about them that they think is inaccurate. They also have the right to ask the Company to complete data they think is incomplete.
   • Individuals have the right to request the erasure of their Personal Data where there is no compelling reason for the Company to keep using the data. This is not a general right to erasure; there are exceptions, e.g., if the Company has a legal obligation to keep the data.
   • Individuals have the right to ask the Company to restrict processing of their Personal Data in certain circumstances.
   • The right to data portability applies only to Personal Data Individuals have given to the Company. Individuals have the right to ask that the Company transfer the data to another organisation or give the data back to the Individual.
   • Where Individuals have provided the Company with consent to process their Personal Data, they have the right to withdraw consent at any time. This will not affect the lawfulness of the processing that has been carried out based on Individuals’ consent prior to the withdrawal.
   • When the Company processes Personal Data for purposes of pursuing a legitimate interest, Individuals have the right to object to such processing at any time. If an Individual objects, the Company will stop the processing unless it has strong and legitimate reasons to continue using the data.

   To exercise these rights, Individuals should contact the Company using the details set out in Section 1. In such case, Individuals should ensure that the full name and address and/or email address are provided in exactly the form in which they were originally provided to the Company to avoid any possible confusion with a different Individual. If Individuals are not satisfied with the way the Company handles the request, they may lodge a complaint with the supervisory authority in the country where that Individual lives or works, or the country where the Individual believes the infringement took place.

7. Security

   The Company is committed to ensuring that Personal Data is secure. In order to prevent unauthorised access or disclosure, the Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure Personal Data collected. The Company also uses encryption when collecting or transferring sensitive data.

8. Cookies

   A cookie is a small text file with an identification tag that is created and downloaded to a user’s computer (or other device) when accessing websites that use cookies. Cookies allow a website to, among other things, store and retrieve information about a user’s online activity and browsing habits. Depending on the information they contain and user behaviour, cookies may be used to identify the user.

   Cookies can be categorised by who places them:

   • First-party cookies: These cookies are downloaded to a user’s computer (or other device) by the publisher of the website whose service the user is requesting.
   • Third-party cookies: These cookies are downloaded to a user’s computer (or other device) by another entity that may be seeking data obtained through cookies.
   
   

   Cookies can also be categorised by their duration:

   • Session cookies: These cookies are designed to collect and store data while the user accesses a website. They are often used to store information for the duration of a visit to the website (e.g. what account user is logged into). Once a user leaves the website, the session cookie is deleted.
   • Persistent cookies: These cookies store data on the user’s computer (or other device) for the duration period set within the cookie’s file, which is determined by the entity controlling the cookie and can range from a few minutes to several years, or until the user manually deletes them.
   
   

   Lastly, cookies can be categorised by the function they serve. The Company uses the following types of first- and third-party cookies:

   • Required: Required cookies are necessary to enable the basic features of this site to function. They keep track of whether or not a user has consented to have other types of cookies placed on their computer (or other device). Required cookies do not collect Personal Data. Required cookies may also include authentication cookies.
   • Statistical: Statistical cookies analyse pseudonymised site statistics. They enable measuring the number of visitors and analysing how users interact with the website. This information is used to improve the website and the products or services offered.
   • Marketing: Marketing cookies are used to understand user interests, provide relevant ads, and make a user’s online experience more enjoyable. They can be used to build a user profile to provide users with content more relevant to their interests. They adapt advertising and the content users see on other websites based on their website browsing habits, as well as how users interact with internet advertising.
   • Preferences: Preferences cookies allow the website to personalise website content, such as the language selected for viewing the page. These also save a user’s cookie preference settings.
   
   

   The Company uses first- and third-party required, statistical, marketing and preferences cookies. The following vendors load cookies on this website:

   • Sitecore
   
   

   For further information on cookies and to manage them, please click here.

   Some browsers have a “Do Not Track” setting that allows users to send a signal to the websites they visit that the user does not wish to be tracked. The Company’s website does not respond to these signals.

9. How Long Data Will Be Kept

   Personal Data relating to Individuals who are clients of the Company (meaning any Individual who has received an investment strategy recommendation or insurance mandate recommendation or has retained the Company as discretionary investment manager or insurance broker) will be kept for the duration of the client relationship plus ten years in order for the Company to satisfy its recordkeeping obligations under applicable Financial Services Laws, as well as to enforce or defend its legal rights. Information on identity verification and sanctions and anti-money laundering checks will be kept for the duration of the client relationship plus five years in order for the Company to satisfy its recordkeeping obligations under applicable AML Laws. Recordings of telephone calls will be retained for a period of five years in order for the Company to satisfy its recordkeeping obligations under applicable Financial Services Laws. Information of prospective clients that are Individuals will be kept for a period of five years from the date the Individual consented to direct marketing or until the Individual requests earlier erasure of their information. However, where an Individual consents to have their information retained by the Company to receive ongoing information and insights (subscription) from the Company, their information will be kept until they opt out unless they did not receive a regular opportunity to opt out in which case such information will be retained for five years from consent. In some cases, such general retention periods may be extended for up to ten years for some Individuals who are in more advanced discussions with the Company or have had regular interactions or meetings with the Company about its investment management services, unless the Individual requests earlier erasure of their information. Information collected for the purposes of conducting market research will be kept for up to two years following such research, unless the Individual requests earlier erasure of their information. Contact information for vendors/service providers and contact information for Individuals on suppression lists (i.e., name, address, email address and/or phone number) will be retained indefinitely.

10. Social Media

    The Company maintains a presence on various social media platforms. The terms and conditions set by the operators of the various platforms apply to the Company and any Individuals who interact with the Company through the platforms. These platforms collect and analyse interests expressed by their users and combine it with information provided by the Company to optimise marketing. More information about each of the privacy practices of these social media platforms is available below, including information about interest-based advertising.

    • Facebook: The Company is subject to an agreement with Facebook Ireland Limited, which determines their respective responsibilities with respect to Personal Data. Facebook Ireland Limited is responsible for enabling Individuals’ rights with respect to Personal Data it stores. Information about how Facebook processes Personal Data is available at https://www.facebook.com/about/privacy. The terms applicable to the various Facebook products set out the purposes for which Personal Data is collected and transmitted. More information on interest-based advertising is available at https://www.facebook.com/settings/ads.
    • LinkedIn: Information about how LinkedIn processes Personal Data is available at https://www.linkedin.com/legal/privacy-policy.
    • Instagram: Information about how Instagram processes Personal Data is available at https://www.instagram.com/legal/privacy. More information on interest-based advertising is available at https://www.linkedin.com/help/linkedin/answer/a1342443.
    • YouTube: Information about how YouTube processes Personal Data is available at https://policies.google.com/privacy. More information on interest-based advertising is available at https://www.youtube.com/intl/ALL_uk/howyoutubeworks/user-settings/ad-settings/.
    • Twitter: Information about how Twitter processes Personal Data is available at https://twitter.com/privacy.
    • Google: Information about how Google processes Personal Data is available at https://policies.google.com/privacy. More information on interest-based advertising is available at https://adssettings.google.com/anonymous?hl=en.

11. Changes to Privacy & Cookie Policy

    From time to time, the Company may use Personal Data for new, unanticipated uses not previously disclosed in this Policy to the extent permitted by law. If its practices regarding Personal Data change at some time in the future, the Company will post the policy changes to https://www.fisherinvestments.com/en-lu/privacy.

Fisher Investments Europe
Employee and Contractor Privacy & Cookie Policy

1. General

   This Employee and Contractor Privacy & Cookie Policy (“Policy”) is in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and sets out how Fisher Investments Luxembourg Sàrl, trading as Fisher Investments Europe, and its branches (collectively, the “Company”), uses Personal Data relating to the following natural people (“Individuals”):

   • prospective employees, current, and former employees, whether permanent or temporary (“Employees”);
   • prospective, current, and former contractors, including tied agents (“Contractors”).

   In this Policy, “Personal Data” means any information about identified or identifiable Individuals. As the controller responsible for the processing of Individuals’ Personal Data, the Company is committed to privacy and will use Individuals’ Personal Data only in accordance with this Policy.

   The Company can be contacted about this Policy using the following details:

   Fisher Investments Luxembourg, Sàrl
   trading as Fisher Investments Europe
   Attn: Data Protection Officer
   2a, rue Albert Borschette
   L-1246 Luxembourg
   privacy@fisherinvestments.lu
   +352 2786 7320

2. Types of Personal Data

   The Company processes the following types of Personal Data for Individuals:

   • records of work history (including internal and external work history and references), education and qualifications (including information provided on an application or CV);
   • contact details (e.g. name, address, email address, telephone number)
   • contact information of spouse / partner / dependent(s) and emergency contact details;
   • date and place of birth and nationality;
   • identification numbers;
   • marital status;
   • background check information, which may reveal data concerning criminal convictions or offences;
   • bank details and account numbers;
   • compensation, fees, bonus or incentive information, tax rates and withholding information (including invoices, amounts paid or withheld, the frequency and currency of payments);
   • expense reimbursements (including receipts and amounts paid)
   • Employee benefits information (e.g. health insurance, pension contributions) (including amounts paid, the frequency and currency of payments);
   • records of performance (including evaluations of competence, ongoing supervision and monitoring under financial services regulations, monitoring activity data as recorded on computer and telecommunication systems, economic viability and ratings, complaints, grievances, and disciplinary records);
   • information relating to Employee absences from work;
   • information relating to Employees’ mental and physical health and mental or physical disabilities (collectively, “Health Data”);
   • general organisational data (such as department, work location, job title and seniority);
   • information technology data (e.g., passwords, access rights and usage data);
   • recordings of telephone calls made by certain representatives of the Company;
   • photographic and video images; and
   • other data that the Individual provides to the Company or its affiliates (collectively, the “Fisher Group”).

   Personal Data are collected mainly from Individuals themselves. In addition, the Company collects reference check information from previous employers of (or companies to which services were provided by) Individuals. Background check information, which may reveal data concerning criminal convictions or offences, is collected from Sterling Talent Solutions UK Limited (“Sterling”), a background checking firm that collects Personal Data from both public and private sources with consent of the Individual.

3. Use of Personal Data

   1. Purposes and Lawful Bases

      The Company processes Individuals’ Personal Data for the following purposes, and upon the legal bases set out in the table below.

      Purpose for which the Company collects and further uses Personal Data		Legal Basis upon which the Company relies
      Main Purpose	Sub-Purposes
      A.	To conduct candidate research This includes conducting market research to ask about recruitment.	The Company can use Personal Data for this purpose when the Company has a legitimate interest in doing so.
      	To manage the recruitment process This includes making decisions about hiring Employees or engaging Contractors, arranging travel, and reimbursing expenses.	The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Individual prior to entering into a contract.
      	To market employment opportunities at the Company This includes contacting candidates by email, phone or mail who have consented to be considered for future employment or engagement opportunities.	The Company can use Personal Data for this purpose with the consent of the Individual.
      	To make decisions about Individuals’ fitness for work This includes making decisions about Individuals’ competence and qualifications to carry out roles, including conducting background checks on candidates for employment or engagements.	The Company can use Personal Data for this purpose where required to comply with legal obligations to which the Company is subject, including the Markets in Financial Instruments Directive 2014/65/EU (“ MiFID II”) and laws and regulations of the Commission de Surveillance du Secteur Financier and Commissariat aux Assurances and other applicable financial services regulators (collectively, “Financial Services Laws”).
      B. Human Capital Management	To administer the Company’s relationship with Individuals This includes administering payroll, processing invoices and reimbursements, providing support services, and, if relevant, pension, medical insurance and similar benefits.	The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party.
      	To fulfilling legal obligations This includes verifying identify and work authorization, complying with social security and tax requirements, and providing information to governmental and quasi-governmental bodies and law enforcement agencies.	The Company can use Personal Data for this purpose where required to comply with its legal obligations under Financial Services Laws and other applicable laws, such as tax, social security, and healthcare laws.
      	To obtain work authorisation or visas for Employees	The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party.
      	To train, evaluate performance and recognise Employees and Contractors This includes training and surveying Individuals, monitoring and analysing performance, carrying out performance reviews, and making decisions about recognition, rewards, discipline and termination.	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to evaluate its Employees and Contractors, and to give Individuals opportunities to improve performance.
      	To administer Employees’ sick leave and absence The Company may ask for, and Employees may need to provide, limited Health Data, where such information directly relates to the Employee’s ability to perform his or her role.	The Company can use Personal Data for this purpose where required to comply with its legal obligations under employment laws and other applicable laws, such as social security and healthcare laws..
      	To monitor Employees and Contractors This includes, subject to applicable legal restrictions, monitoring the advice process, recording and monitoring certain telephone calls, supervising Employees and Contractors, including monitoring emails, voicemails and other activities as recorded on computer, telecommunications and security systems, and carrying out the Company’s compliance plan.	The Company can use Personal Data for this purpose where required to comply with Financial Services Laws. In addition, the Company has a legitimate interest in using Personal Data for the purpose of supervising Employee activity.
      	To use photos and contact information to enable effective communication across the Fisher Group	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to ensure effective communication across the Fisher Group.
      	To provide references to future employers and other third parties This includes providing employment or earnings confirmation letters to banks, mortgage lenders and landlords at the request of the Individual.	The Company can use Personal Data for this purpose where required to comply with Financial Services Laws or with the consent of the Individual.
      C. Data Storage	To keep records	The Company can use Personal Data for this purpose where required to comply with Financial Services Laws and other applicable laws. In addition, the Company can use Personal Data for this purpose beyond the legally mandated record retention period because it is in the Company’s legitimate interest to keep data for as long as the statute of limitations so that the Company can enforce and defend its legal rights.
      D. Legal Defence	To share data with courts and tribunals	The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to enforce and defend its legal rights.
      E. Marketing	To use images and recordings to promote the Company in internal and external materials and advertising	The Company can use Personal Data for this purpose with the consent of the Individual.
      F. Security	To enhance security of Company facilities This includes the use of video surveillance equipment subject to applicable legal restrictions.	The Company can use limited Personal Data for this purpose because it is in the Company’s legitimate interest to secure its facilities.
      	To monitor Company systems used by Individuals This includes, subject to applicable legal restrictions, monitoring emails, voicemails and other activities as recorded on computer, telecommunications and security systems, and carrying out the Company’s compliance plan.	The Company has a legitimate interest in using Personal Data for the purposes of ensuring the Company’s network and information security.

      Where the Company has relied upon its ‘legitimate interest’ as a legal basis for a particular purpose, it has performed a ‘balancing test’ to ensure that Individuals’ rights and interests are taken into account when their Personal Data is used. Further information on the balancing test can be obtained by contacting the Company’s Data Protection Officer.

   
   

   2. If Employees/Tied Agents fail to provide Personal Data

      Failure of an Individual to provide Personal Data to the Company, in whole or in part, could make it impossible for the Company to fulfil some or all of its obligations towards the Individual, such as payment of compensation or fees, calculation of withholdings, or consideration of an employment application.

4. Sharing of Personal Data

   Who will the Company share Personal Data with?

   The Company will not sell or lease Individuals’ Personal Data to third parties.

   For the purposes listed in Section 3 above, the Company may share Personal Data with:

   • Fisher Group companies, including:
     • Fisher Investments (“FI”), the Company’s parent company in the United States;
     • Fisher Investments Europe Limited, trading as Fisher Investments UK (“ FIUK”), a wholly-owned subsidiary of FI in the UK; and
     • Fisher Investments Ireland Limited (“FII”), a wholly-owned subsidiary of FI in the EU.
   
   

   FI, FI UK and/or FII (the “Outsourced Fisher Companies”) act as service providers of marketing, human resources, finance, information technology, legal support services, and investment sub-management and trading functions to the Company. In these capacities, the Outsourced Fisher Companies may have access to Personal Data collected and used by the Company.

   • Company-authorised vendors, service providers, contractors and representatives. These organisations are as follows:
     • Other Contractors of the Fisher Group who have access to Company systems, including email, and receive emails that may include Personal Data of Individuals.
     • Information technology and security providers, including cloud software, communications, internet firewall and malware detection providers.
     • Providers of the Company’s employee benefit programmes.
     • Service providers that carry out checks and assessments at the request of the Company, including Sterling.
     • Service providers that assist Employees with work authorization or visas and/or relocation.
     • Vendors providing training or firm events, which may receive names and/or Company email addresses of Individuals.
     • Photographers and videographers capturing images of Individuals.
     • Providers of third party professional advice, such as lawyers and auditors.
   • Future employers requesting reference checks and third parties (including banks, mortgage lenders and landlords) to which the Individual has requested the Company provide an employment or earnings confirmation letter.
   • Courts and tribunals, as described above in Section 3.
   • Regulators (including the relevant financial regulators), tax authorities, other government agencies and law enforcement organisations, as described above in Section 3.
   • If the Company sells, transfers or merges part or all of its business, or attempts to do so, then third parties may receive Personal Data.
   
   

   What safeguards are in place where Personal Data is transferred outside of the EEA?

   Where the Company transfers Personal Data to a data recipient in a jurisdiction outside of the EEA where the laws do not provide an equivalent level of data protection as the country in which the Individual initially provided the data, the Company and the data recipient will make the transfer in accordance with standard contractual clauses approved by the European Commission (“Model Clauses”). Prior to such transfer, the Company will assess and confirm that the protections of the Model Clauses are effective in light of the legal regime in the data recipient’s jurisdiction and, if necessary, adopt supplementary technical, organisational, or contractual measures. For more information on Model Clauses, please visit  

   https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

   Concerning Personal Data transferred to the United Kingdom, if the European Commission has issued a decision that the UK legal regime provides an adequate level of data protection (an “ Adequacy Decision”), the Company can transfer Personal Data to data recipients in the UK without the need for additional safeguards. In the event the European Commission has not issued an Adequacy Decision for the UK, the Company and the recipient in the UK will make the transfer in accordance with the Model Clauses, as described above.

   Please contact the Company using the contact details in Section 1 with any questions about the legal safeguards in place to protect Personal Data when transferred outside the EEA (including how to obtain a copy or consult these safeguards).

5. Consent

   In accordance with applicable data protection laws, Individuals who consent to the Company using their Personal Data may withdraw that consent at any time. Individuals may do so using the details set out in Section 1 above.

   When doing so, Individuals should:

   • ensure that a full name and address and/or email address is provided in exactly the form in which it was originally provided to the Company to avoid any possible confusion with a different Individual; and
   • ensure that the particular uses for which consent is being withdrawn are specified. The uses for which the Company relies on consent are set out in Section 3 .

6. Individuals’ Rights

   In accordance with applicable data protection laws, Individuals may exercise the following rights in relation to the Personal Data that the Company holds about them:

   • Individuals have the right to obtain confirmation as to whether or not their Personal Data is being processed and, where this is the case, have access to the Personal Data.
   • Individuals have the right to ask the Company to rectify Personal Data about them that they think is inaccurate. They also have the right to ask the Company to complete data they think is incomplete.
   • Individuals have the right to request the erasure of their Personal Data where there is no compelling reason for the Company to keep using the data. This is not a general right to erasure; there are exceptions, g., if the Company has a legal obligation to keep the data.
   • Individuals have the right to ask the Company to restrict processing of their Personal Data in certain circumstances.
   • The right to data portability applies only to Personal Data Individuals have given to the Company. Individuals have the right to ask that the Company transfer the data to another organisation or give the data back to the Individual.
   • Where Individuals have provided the Company with consent to process their Personal Data, they have the right to withdraw consent at any time. This will not affect the lawfulness of the processing that has been carried out based on Individuals’ consent prior to the withdrawal.
   • When the Company processes Personal Data for purposes of pursuing a legitimate interest, Individuals have the right to object to such processing at any time. If an Individual objects, the Company will stop the processing unless it has strong and legitimate reasons to continue using the data.
   • To exercise these rights, Individuals should contact the Company using the details set out in Section 1 In such case, Individuals should ensure that the full name and address and/or email address are provided in exactly the form in which they were originally provided to the Company to avoid any possible confusion with a different Individual. If Individuals are not satisfied with the way the Company handles the request, they may lodge a complaint with the supervisory authority in the country where that Individual lives or works, or the country where the Individual believes the infringement took place.

7. Security

   The Company is committed to ensuring that Personal Data is secure. In order to prevent unauthorised access or disclosure, the Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure Personal Data collected. The Company also uses encryption when collecting or transferring sensitive data.

8. Cookies

   A cookie is a small text file with an identification tag that is created and downloaded to a user’s computer (or other device) when accessing websites that use cookies. Cookies allow a website to, among other things, store and retrieve information about a user’s online activity and browsing habits. Depending on the information they contain and user behaviour, cookies may be used to identify the user. 

   Cookies can be categorised by who places them:

   • First-party cookies: These cookies are downloaded to a user’s computer (or other device) by the publisher of the website whose service the user is requesting.
   • Third-party cookies: These cookies are downloaded to a user’s computer (or other device) by another entity that may be seeking data obtained through cookies.
   
   

   Cookies can also be categorised by their duration:

   • Session cookies: These cookies are designed to collect and store data while the user accesses a website. They are often used to store information for the duration of a visit to the website (e.g., what account user is logged into). Once a user leaves the website, the session cookie is deleted.
   • Persistent cookies: These cookies store data on the user’s computer (or other device) for the duration period set within the cookie’s file, which is determined by the entity controlling the cookie and can range from a few minutes to several years, or until the user manually deletes them.
   
   

   Lastly, cookies can be categorised by the function they serve. The Company uses the following types of first- and third-party cookies:

   • Required: Required cookies are necessary to enable the basic features of this site to function. They keep track of whether or not a user has consented to have other types of cookies placed on their computer (or other device). Required cookies do not collect Personal Data. Required cookies may also include authentication cookies.
   • Statistical: Statistical cookies analyse anonymised site statistics. They enable measuring the number of visitors and analysing how users interact with the website. This information is used to improve the website and the products or services offered.
   • Marketing: Marketing cookies are used to understand user interests, provide relevant ads, and make a user’s online experience more enjoyable. They can be used to build a user profile to provide users with content more relevant to their interests. They adapt advertising and the content users see on other websites based on their website browsing habits, as well as how users interact with internet advertising.
   • Preferences: Preferences cookies allow the website to personalise website content, such as the language selected for viewing the page. These also save a user’s cookie preference settings.
   
   

   The Company uses first- and third-party required, statistical, marketing and preferences cookies. The following vendors load cookies on this website:

   • Sitecore
   
   

   For further information on cookies and to manage them, please click here.

   Some browsers have a “Do Not Track” setting that allows users to send a signal to the websites they visit that the user does not wish to be tracked. The Company’s website does not respond to these signals.

   The websites used by the Company for job postings and submitting applications have their own privacy and cookie policies, which are listed below:

   • Talemetry: Information about how Talemetry processes Personal Data and uses cookies is available at https://www.talemetry.com/privacy-policy.
   • iCIMS: Information about how iCIMS processes Personal Data and uses cookies is available at https://www.icims.com/legal/privacy-notice-website/.

9. How Long Data Will Be Kept

   Personal Data relating to Individuals who have entered into an employment or contractor agreement with the Company will generally be kept for the duration of the employee or contractor relationship plus seven years in order for the Company to satisfy its recordkeeping obligations under Financial Services Laws and other applicable law, as well as to enforce or defend its legal rights. An Individual’s Personal Data that forms part of the records of clients may need to be kept for a longer period to satisfy the Company’s recordkeeping obligations under Financial Services Laws with respect to such client records as set out in the Company’s separate Privacy & Cookie Policy. Recordings of telephone calls will be retained for a period of five years in order for the Company to satisfy its recordkeeping obligations under applicable Financial Services Laws. Personal Data relating to candidates will generally be kept for a period of up to one year from the date of collection or the date of rejection. Where a candidate consents to have Personal Data retained by the Company for consideration for future positions with the Company, it will be kept for five years unless the Individual requests earlier erasure of their information.

10. Social Media

    The Company maintains a presence on various social media platforms. The terms and conditions set by the operators of the various platforms apply to the Company and any Individuals who interact with the Company through the platforms. More information about each of the various platforms is available below.

    • Facebook: The Company is subject to an agreement with Facebook Ireland Limited, which determines their respective responsibilities with respect to Personal Data. Facebook Ireland Limited is responsible for enabling Individuals’ rights with respect to Personal Data it stores. Information about how Facebook processes Personal Data is available at https://www.facebook.com/about/privacy. The terms applicable to the various Facebook products set out the purposes for which Personal Data is collected and transmitted.
    • LinkedIn: Information about how LinkedIn processes Personal Data is available at https://www.linkedin.com/legal/privacy-policy.
    • Instagram: Information about how Instagram processes Personal Data is available at https://www.instagram.com/legal/privacy.
    • YouTube: Information about how YouTube processes Personal Data is available at https://policies.google.com/privacy.

11. Changes to Privacy & Cookie Policy

    From time to time, the Company may use Personal Data for new, unanticipated uses not previously disclosed in this Policy to the extent permitted by law. If its practices regarding Personal Data change at some time in the future, the Company will post the policy changes to https://www.fisherinvestments.com/en-lu/privacy.