Last Updated: 29 May 2020
Ashton Moss Holdings & Co. and all other related affiliates and subsidiaries (collectively “AMH”, “we” or “us”) respect your privacy and are committed to protecting it.
AMH is the data controller for personal information that we collect through the Sites. We are also the controller for personal data we collect for our key business contacts. For personal data provided in relation to our business products there are times when we are a controller. If you have questions on when we are acting as a controller or questions related to our processing of your personal data (or about any content in this policy), please find our contact details, including the contact details of our Data Protection Officers in the How to Contact Us section at the end of this policy.
Please read this policy carefully. Your use of the Sites and/or the Services, including your disclosure of any personal information into the Sites and/or Services is subject to and governed by this policy.
- Personal information we collect about you;
- Sensitive data;
- How we use and share personal information;
- How we transfer and store personal information;
- How long we keep personal information;
- Your rights;
- Children’s privacy:
- Effective date and policy changes; and
- How to contact us.
Personal information we collect about you
We collect and store information that you voluntarily provide to us, information related to your Sites visit and usage, as well as information provided to us by or through our clients in connection with our Services. We also collect certain information when you:
- submit inquiries via an online form;
- sign up to Services offered by AMH;
- apply for jobs with AMH via our online portal;
- browse our Sites; or
- engage with our electronic marketing communications (also referred to below as emails).
Information that you provide us
Personal information that you provide directly to us will be apparent from the context in which you provide it, for example:
- if you fill out a form on our Sites, you will generally provide your name, contact details and any other information required by the form, such as the content of your inquiry;
- if you sign up to receive electronic marketing communications from us, you will generally provide your name, email address and other contact information, and your product or topic preferences;
- if you sign up for any of the online Services we provide, you will generally provide your name and contact information and any other information necessary to access the feature;
- if you apply for a role with AMH via our online application facility, you will generally provide your name, contact details and a copy of your CV or resume, and if you apply using your LinkedIn profile, you will generally provide information about your LinkedIn account.
- If you are a key contact in a business that has a business account with AMH, we generally have your name, email address, phone number, title and other information relevant to your interaction with AMH on behalf of your employer.
- if you are a person that we hold information on in relation to Services provided by us, we generally have information you have provided to us in order to open and administer your account and or the register of the Fund(s) you own shares of, which could include data to detect and prevent fraud, anti-money laundering and terrorism financing as well as to perform negative news and sanctions screening.
Information that we collect automatically
“Do Not Track” Signals
Your browser settings may allow you to transmit a “Do Not Track” signal to websites and online services you visit. Like many other websites and online services, we do not currently process or respond to “Do Not Track” signals from your browser or to other mechanisms that enable choice.
If you are a client of AMH
In addition to collecting information directly from you, we may collect information from third- party sources to satisfy our due diligence obligations in connection with your new account opening. This third-party data allows us to verify the information you have provided to us, for example, to comply with our legal obligations under “know your customer” laws.
We recognize that certain jurisdictions have enacted laws that require higher protection of certain sensitive personally identifiable information, such as state or national ID numbers, or other information regarding racial or ethnic origin, health or medical records (“Sensitive Data”). As a general rule, we do not collect Sensitive Data from you.
In the limited cases where we do seek to collect such information, we will seek to do so only in accordance with applicable data privacy law requirements.
How we use and share personal information
Information that we collect from you
We may use the personal information you provide for a number of reasons, including, but not limited to:
- To respond to inquiries or service requests and monitor such responses;
- To provide information about and market our products or Services which we believe may be of interest. This includes tailored product, thought leadership, and event communications.
- To manage and improve the Sites and assess their usage and effectiveness;
- To develop our business and to inform our marketing strategy, in particular, by monitoring the effectiveness of marketing campaigns;
- To assess the usage of the Services we provide;
- To operate our business in accordance with industry standards and applicable law, which may include, in addition to supporting the Services; responding to inquiries and requests, prevent fraud; and monitoring and archiving communications; and
- To administer client accounts, including anti-money laundering, sanctions and anti-fraud checks.
We use the personal information for the purposes described above because we have a legitimate interest in operating and improving our business that is not overridden by your interests, rights and freedoms to protect personal information about you. We will only send you direct marketing materials if you have given consent for us to do so, unless such consent is not required, in which case you will be provided the opportunity to opt-out of receipt of direct marketing materials.
Information that we collect automatically
Other uses of your personal information
We also may use the personal information that we collect to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal information for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by law that applies to us.
Mobile Phone Information
In connection with certain of our products and services, we may authenticate instructions which purport to come from you by calling back a telephone number which you have previously provided to us. By providing us with a mobile phone number for call back purposes, or by submitting an instruction, you authorize (on behalf of yourself and any Authorized Person) that the appropriate carrier (AT&T, Sprint, T-Mobile, U.S. Cellular, Verizon or any other branded operator) may disclose to us and our third-party service providers the mobile number, network status, customer type, customer’s role, billing type, mobile device identifiers (IMSI [International Mobile Subscriber Identity] and IMEI [International Mobile Equipment Identifier]) and other subscriber status and device details, if available, solely to verify the caller’s identity and prevent fraud for the duration of the relationship. Please note that this information is used only as part of the call back procedure to verify your instruction, and this information is not retained by us after completion of the verification.
In addition to the uses described above, we may use personal information that you provide to us or that we collect for other purposes. Where this is the case, we will provide an additional privacy notice to you that describes the purposes for which we will use the personal information and our legal basis for doing so.
Sharing your personal information
We do not sell any personal information that we collect about you. We do not disclose any personal information about our current or former clients to anyone, except as described in this policy, as permitted by contract or law and subject to confidentiality obligations that apply in certain jurisdictions.
We may disclose or share personal information about our customers to our affiliates, as permitted by law, for our affiliates to provide services. We also may share your personal information with service providers that perform services on our behalf, such as hosting providers and advisers. All service providers have entered into legally binding agreements requiring them to use or disclose personal information only as necessary to perform services on our behalf or comply with applicable legal requirements. We may share personal information with our affiliates and service providers for a number of reasons, including:
- You have requested information about our affiliates’ products and services;
- We rely on services provided by our affiliates and service providers to provide you with the services you require;
In addition, we may disclose your personal information (i) at the request of a bank or other regulatory agency or in connection with an examination of us by bank or other examiners; (ii) to our internal or external auditors or attorneys; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iv) if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency; (v) if disclosure is necessary to protect the vital interests of a person; or (vi) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).
How we transfer and store personal information
AMH is a global organization; personal information we collect may be transferred internationally throughout the world to countries where we do business, which may not have the same data protection laws as the country in which you reside. We have internal policies and procedures in place to achieve an equivalent level of protection in place across our organization. The transfer of personal information to other countries is based on a business need or to comply with applicable laws. Personal information stored or processed in a foreign jurisdiction may be accessed under a lawful order made in that jurisdiction.
If you are in the European Economic Area (“EEA”), the United Kingdom or Switzerland, we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA, the United Kingdom and Switzerland. In all such cases, we will only transfer your personal information if:
- The country to which the personal information will be transferred to has been granted a European Commission adequacy decision;
- The recipient of the personal information is located in the U.S. and has certified to the EU-U.S. Privacy Shield Framework;
- We have put in place appropriate safeguards in respect of the transfer, for example the EU Model Clauses;
- The recipient of the personal information has adopted Binding Corporate Rules in relation to the personal information transferred; or
- The transfer is otherwise authorized by applicable legal requirements.
You may request a copy of the safeguards that we have put in place in respect of transfers of personal information by contacting us as described in the How to Contact Us section below.
How long we keep personal information
The time period for which we keep personal information depends on the purpose for which we collect it. In all cases we keep it for as long as is necessary to fulfil the purposes for which we collected it. We will then delete or anonymize the personal information, unless we are legally required to retain it or if we need to retain it in order to comply with our legal obligations (for example, for tax and accounting purposes).
Subject to any applicable legal requirements, we typically retain personal information as follows:
- Personal information you provide to us through our Sites: we keep this personal information for as long as necessary to respond to your request, and for a short further period in the event that you send us further requests.
- Personal information you provide when you sign up to receive direct marketing communications: we keep most of this personal information for the duration of our relationship with you until you opt out of receiving future marketing communications or we do not have any contact with you for a long period of time.
- Personal information collected for analytics purposes: we keep this personal information for a short period of time necessary for us to carry out the analytics. We anonymize or aggregate personal information used for analytics once it is no longer required.
- Website logs: we keep audit logs for our Sites, which may contain your personal information, for several months. These logs include access logs (to monitor and maintain the security of our Sites), error logs (to track and record errors), and security logs (to track and record security related events, such as, unauthorized access attempts).
As a person who provides us with personal information, you may inquire as to the nature of the personal information stored at and/or processed by us. You will be provided reasonable access to your personal information held by us and, where appropriate, with the ability to review and correct inaccuracies. We will cooperate in providing such access. All such requests for access may be made by sending a request in writing to: DPO@ashton-moss.com.
If you are in the EEA or Switzerland, you may have the following rights in relation to your personal information that we hold about you:
- To request confirmation of whether we process personal information relating to you and, if so, to request a copy of that personal information;
- To request that we rectify or update your personal information that is inaccurate, incomplete or outdated;
- To request that we erase your personal information in certain circumstances, such as where we collected personal information on the basis of your consent, and you withdraw your consent;
- To request that we restrict the use of your personal information in certain circumstances, such as while we consider another request that you have submitted, for example as a request that we update your personal information;
- Where you have given us consent to process your personal information, to withdraw your consent; and
- To request that we provide a copy of your personal information to you in a structured, commonly used and machine-readable format in certain circumstances.
To help protect your privacy and provide security, we may take reasonable steps to verify your identity before we satisfy your request. We shall respond to such reasonable request made by you within such time period as required under applicable law after your identity has been confirmed.
You also have the right to lodge a complaint with the data protection supervisory authority in your country.
We recognize the need to provide particular privacy protections with respect to personal information that may be collected from children. Our Sites and Services are not aimed at or intended for children.
Effective date and policy changes
How to contact us
By email at: GlobalPrivacy@ashton-moss.com.
In writing at:
Attention: Privacy Officer
50 Post Office Square
Boston, Massachusetts 02110
You may also contact our Data Protection Officers:
By email at: DPO@ashton-moss.com
In writing at:
Attention: Data Protection Officer
Ashton Moss Holdings Luxembourg
80 Route d'Esch, 1470 Luxembourg
Attention: Data Protection Officer
Ashton Moss Holdings
30 Herbert St, Grand Canal Dock, Dublin 2, Ireland