Privacy policy

Last updated: December 2023

Protecting your personal information is extremely important to LGIM Managers (Europe) Limited (“LGIM”) and its affiliates (the “LGIM Group”). The way we collect and share your information is equally important. Our professional business clients and prospects expect us to manage their information privately and securely. If we do not, they may lose trust in us.

This policy tells you how we collect and process your personal information. Please take a few minutes to read it, and show it to anyone else whose data you have shared with us, or the business relationship.

We are a global asset management business and are at the forefront of global index fund management. We are also leading developments in investment solutions for defined benefit and defined contribution pension schemes. We adhere to applicable data protection regulations in the regions we operate, including those provided under the Data Protection Act 2018, the UK GDPR in the UK, the applicable jurisdictional incorporation of the GDPR in the European Union as well as the legal jurisdiction of other countries included within our range of business operations.

The controller[1] (or equivalent in the relevant jurisdictions) of the personal data processed in relation to the website is LGIM Managers (Europe) Limited, 70 Sir John Rogerson’s Quay, Dublin, 2, Ireland which is a member of the LGIM Group.

In the event of any conflict between the English version of this privacy policy and other language versions, the English version shall prevail.

What does this policy cover?

This privacy policy relates to individuals working for/as businesses who enter into agreements with us as well as prospects, e.g. intermediaries, consultants, trustees and employers, third party administrators and suppliers. Other than in accordance with our cookie policy or information that is collected automatically from all visitors, we do not collect information about individual private investors who visit our website. Any information voluntarily provided by an individual private investor to us (e.g. by filling in contact forms, e-mails or messages) will be managed to deal with and respond to that individual’s request.

What is personal information?

When we talk about “personal information” or “personal data” in this policy, we mean information related to an individual that can identify them directly or indirectly, in combination with other available information that is recorded electronically or otherwise, excluding anonymized information, such as their name, identity card number, address, e-mail address, telephone number, IP address and financial details. It can relate to customers, employees, shareholders, business contacts and suppliers. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.

As our products and services do not target minors, we will not collect, use, or store personal information of minors. If you are under the age of 18, you should obtain the written consent of your guardian before using our product and/or services. It can relate to customers, employees, shareholders, business contacts and suppliers. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.

What information do we hold?

We may collect and process the following personal information about you. In most cases this will be limited to business information that relates to you, how these have an impact on our products and services that may be of interest to you and how we manage our relationship:

Type of data	Description	Examples of how we use it
Contact	Who you are: name Where you live: country How to contact you: address, e-mail address, telephone number	Managing and servicing our business relationship Business to Business marketing Enhancing our product and service offering
Personal Details	Age Gender	Managing and servicing our business relationship Business to Business marketing Analysis Fraud Prevention
Transactional	How you may use our products and services	Managing and servicing our business relationship Making sure our products and services are fit for purpose Analysis Enhancing our product and service offering
Contractual	Your creditworthiness (where applicable in the limited circumstances this may be collected)	Managing and servicing our business relationship
Preferences	Ways you want us to market to you	Business to business marketing
Technical	Details on the devices and technology you use	Making sure our products and services are fit for purpose
Documentary data & national identifiers	Company details National Insurance number	Managing and servicing our business relationship Compliance with statutory regulations and to prevent financial crime

In case that the information collected by us for the aforementioned purposes is the data necessary for the performance of agreements or the compliance with relevant applicable laws, if you refuse to provide such necessary information, we may not be able to consider entering into transaction or perform administration in accordance with the agreement with you, as the case may be.

Where do we get our information from?

Information you give us directly (when you fill in forms or contact us by phone, e-mail etc.).

Information we collect about you or receive from other sources. This could be information we collect automatically (when you visit our website), information you provide to us electronically (through our website or an online portal, for example) or information we get from a third party. Where practicable, we collect personal information about you directly from you. For more information on how we use cookies, please check the cookie policy link in the footer of this page.

How do we use your information?

We use information we collect automatically when you visit our website for several purposes. We use this information to be able to deliver the website to your computer. For this purpose, your IP address must be stored for the duration of your visit to the website. We also use this information to ensure and enhance the functionality of the website and to ensure the security of our information technology systems. We will not use the information we collect automatically when you visit our website for marketing purposes.

In accordance with the applicable data protection laws, we use any other personal information that we hold about you to carry out our responsibilities resulting from any business or commercial agreements you have entered into with us, and to provide you with the information, products and services that you have asked from us.

Where permitted by applicable law, we also will use your personal information to provide you with business-to-business marketing information about services and products we offer across the LGIM Group which may be of interest to you.

Additionally, we use this personal information to tell you about changes to our services and products, to comply with any applicable legal or regulatory requirements (including to comply with any applicable regulatory reporting or disclosure requirements) and to run our business. This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance, and audit. We may also use your personal information for any other purpose that we have agreed with you from time to time.

Using your information in accordance with data protection laws

Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the way we describe in this privacy policy. We take these responsibilities extremely seriously. To use your personal information, we will rely on the following conditions, depending on the activities we are carrying out:

Necessary to enter into or perform a contract with you: We will process your personal information to carry out our responsibilities resulting from any commercial agreements or contracts you have entered into with us and to provide you with the information, products and services you have asked from us, which may include online services.
Necessary to perform our legal responsibilities and obligations: We may process your personal information to comply with any legal obligation we are subject to.
Consent: We may process your personal information for different purposes where you have explicitly provided your informed consent to do so (e.g. collecting your preferences when we plan and host conferences and seminars).
Publicly disclosed information: We may process your personal information that is already disclosed by you or otherwise lawfully disclosed, within a reasonable scope in accordance with applicable data protection law.
Legitimate interests: Where permitted under applicable law, to use your personal data for any other purpose described in this privacy policy, we will rely on a condition known in certain jurisdictions as "legitimate interests" (except in Korea). This is where the processing of your information is necessary for us to pursue a legitimate aim associated with running our business but which is not detrimental to you. It is in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our services to you more effectively. We may use your information to:

- Carry out market research and product development.
- Develop and test the effectiveness of marketing activities.
- Develop, test and manage our brands, products and services.
- Study and also manage how our professional business clients use products and services from us and our business partners.
- Manage risk for us and our customers.

Where we seek to rely on the “legitimate interests” condition, we will carry out an assessment of our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws. The outcome of this assessment will determine whether we can use your personal data in the ways described in this privacy policy. We will always act reasonably and give full and proper consideration to your interests in carrying out this assessment.

Consequences of refusal or failure to provide personal information

Please be aware that the personal information you provide to us, and which we collect about you, may be voluntary or mandatory in nature depending on the purposes for which your personal information is collected. Where it is mandatory for you to provide us with your personal information and you fail or choose not to provide us with your personal information or do not consent to this privacy policy:

We may not be able to communicate with you;
You may not be able to enjoy our products or services, either to the same standard or at all;
You may not be able to be provided with information about our products or services that you may want;
We may not process your personal information for any of the purposes stated in this privacy policy; and
We may not be able to comply with any applicable law, regulation, direction, court order, by law, guideline or code applicable to us.

Change of Purpose

We will only use your personal data for the purpose for which it was collected or for reasons that are compatible with the original purpose for which it was collected.

Where we need to use your personal data for another purpose that is unrelated to the original one, we will obtain the necessary consent or notify you, and explain to you the legal basis that allows us to do so in accordance with the applicable data protection laws.

How long do we keep your information for?

We’ll keep your personal information for as long as is necessary for the purposes listed above in accordance with our internal retention policies. We’ll determine the length of time we keep it for based on the minimum retention periods required by applicable law or regulation. We’ll only keep your personal information after this period if there’s a legitimate and provable business reason to do so or for any other reason permitted by applicable law.

Marketing

We may use the information that you provide us with to market and advertise certain products and services to you subject to us complying with all relevant restrictions in applicable data protection laws. We may use your contact data, personal details, preferences and public data to form a view of what products/services we believe that you would be interested in. To the extent permissible under applicable data protection laws, we may market similar products/services to you as you have previously purchased from us where it is in our legitimate interest to market these products/services to you in accordance with this privacy policy. We may also send marketing communications to you where you have consented to us doing so.

You can opt-out of marketing and request us to stop sending you marketing messages at any time by getting in touch with our team as set out in the section below , following instructions provided to you or replying directly to marketing messages.

Who do we share your personal information with?

We will only disclose your information to:

Other companies within the LGIM Group, third-party suppliers, contractors and service providers for the purposes listed under “How do we use your information” above.
Upon their request, regulators, government and law enforcement or fraud prevention agencies.

Additionally, we may disclose your personal information to third parties:

In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our professional business clients will be one of the transferred assets.
If you have been dealing with a financial adviser (e.g. employer broker consultant), we will provide information about your product and, where appropriate, with other information about your dealings with us, to enable your adviser to give you informed advice.
In order to enforce or apply the terms of any contract with you.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
To protect you and LGIM from financial crime, LGIM may be required to verify the identity of new and sometimes existing professional business clients. This may be achieved by using reference agencies to search sources of information relating to you (an identity search). This will not affect your credit rating. If this fails, LGIM may need to approach you to obtain documentary evidence of identity.
In accordance with the terms of business agreement, we may perform credit checks on certain types of professional business clients (e.g. directors of intermediary firms).
Where you have provided your explicit and informed consent to do so.

You can find more detail on how and when we share personal information with third parties below

We transfer personal information overseas as follows:

Recipient (Contact Information)	Country to which Personal Information is to be Transferred	Date and Method of Transfer	Items of Personal Information to be Transferred	Purposes of Use by Recipients	Period of Retention of Use by Recipient
Other companies within the LGIM Group (link)	Please refer to the link	Online network upon collection	Contact Personal Details Transactional Contractual Preferences Technical Documentary data & national identifiers (each as set forth in the “What information do we hold?” section of the privacy policy)	Contractual necessity To comply with our legal obligations Purposes to which you have given your consent Legitimate interests (as set forth in the “How do we use your information?” section of the privacy policy?)	7 years from the date of collection (as set forth in “How long do we keep your information for?’)
Salesforce (link)	Institutional & Retail: London, UK Workplace DC: Paris, France Investment Stewardship: Frankfurt, Germany, Paris, France	Data is either manually entered by sales, service or marketing teams. Some lists are provided by 3rd parties in the form of GDPR compliant client attendee lists, etc.	Organisations (or Companies) – Name, address, region, various classifications, status, website, phone number(s) Then related to these Companies: Contacts – Salutation, First Name, Surname, email address, job title, telephone/mobile, address, email preferences, opt out/in and engagement levels (email/online) Opportunities – Stage, Mandate, Close date, fees, revenue, associated products and Relationship Manager owner Client Account / Sub Account (Institutional / Workplace DC) Activity / meeting notes - calls, product interest/discussed, general queries – any training given to team members to not over-record personal data? Enquiries – client enquiries, reporting, orders, client onboarding workflows Documents – associated with clients, invoices, reporting, onboarding	The purpose is to gather organisation and associated contact information of those individuals linked to new or existing business opportunities or existing accounts/schemes, i.e. pension trustees, consultants, etc. CRM also gathers activity engagement and any communication with clients in relation to products and general marketing.	Until the expiration of the delegation agreement

Recipient

(Contact Information)

Country to which Personal Information is to be Transferred

Date and Method of Transfer

Items of Personal Information to be Transferred

Purposes of Use by Recipients

Period of Retention of Use by Recipient

Other companies within the LGIM Group (link)

Please refer to the link

Online network upon collection

Contact

Personal Details

Transactional

Contractual

Preferences

Technical

Documentary data & national identifiers

(each as set forth in the “What information do we hold?” section of the privacy policy)

Contractual necessity

To comply with our legal obligations

Purposes to which you have given your consent

Legitimate interests (as set forth in the “How do we use your information?” section of the privacy policy?)

7 years from the date of collection (as set forth in “How long do we keep your information for?’)

Salesforce (link)

Institutional & Retail: London, UK

Workplace DC: Paris, France

Investment Stewardship: Frankfurt, Germany, Paris, France

Data is either manually entered by sales, service or marketing teams. Some lists are provided by 3rd parties in the form of GDPR compliant client attendee lists, etc.

Organisations (or Companies) – Name, address, region, various classifications, status, website, phone number(s)

Then related to these Companies:

Contacts – Salutation, First Name, Surname, email address, job title, telephone/mobile, address, email preferences, opt out/in and engagement levels (email/online)

Opportunities – Stage, Mandate, Close date, fees, revenue, associated products and Relationship Manager owner

Client Account / Sub Account (Institutional / Workplace DC)

Activity / meeting notes - calls, product interest/discussed, general queries – any training given to team members to not over-record personal data?

Enquiries – client enquiries, reporting, orders, client onboarding workflows

Documents – associated with clients, invoices, reporting, onboarding

The purpose is to gather organisation and associated contact information of those individuals linked to new or existing business opportunities or existing accounts/schemes, i.e. pension trustees, consultants, etc.

CRM also gathers activity engagement and any communication with clients in relation to products and general marketing.

Until the expiration of the delegation agreement

If you do not wish to have your Personal Data transferred overseas, please contact HelpMeWithPrivacy@lgim.com. Please note, however, that you may no longer be able to access/use the services provided by LGIM as a result of such refusal.

Fraud prevention

LGIM may need to check your details with fraud prevention agencies (e.g. we have to screen at firm and director level of anyone we remunerate). If false or inaccurate information is provided and fraud is identified details will be passed to fraud prevention agencies or law enforcement agencies. Please contact our Financial Crime department if you wish to receive the relevant details of the fraud prevention agencies:

Address: Financial Crime, 7th Floor, Brunel House, 2 Fitzalan Road, Cardiff CF24 0EB

Transferring your data internationally

The data that we collect from you may be transferred to, and stored at, a destination outside your jurisdiction to third-party suppliers, delegates or agents. We will take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this privacy policy.

We will only transfer your data to a recipient outside your jurisdiction in accordance with applicable legal requirements. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

You can find more detail on how and when we transfer personal information internationally here [insert hyperlink to separate page].

How do we keep your personal information secure?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. We limit access to your personal information to those individuals who have a business need to access it. As part of our security measures, we may sometimes require you to give proof of your identity before we disclose personal information to you.

We regularly monitor our systems for possible vulnerabilities and attacks and carry out tests to identify ways to further strengthen our security. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Destruction of Personal Information

We will destroy personal information without delay, in accordance with applicable data protection laws, when personal information becomes unnecessary, such as when the retention period has lapsed or the purpose of processing personal information has been achieved.

If we are required by other laws and regulations to continue to retain personal information even though the personal information retention period consented by you has expired or the purpose of processing such personal information has been achieved, we will transfer the relevant personal information to a separate database or retain such information at a different location.

The procedures and methods of personal information destruction are as follows:

Destruction procedure: We will select the personal information subject to destruction and destroy in accordance with guidance from that jurisdiction’s data protection authority.
Destruction method: We will destroy personal information recorded and stored in electronic files in an irrevocable manner, and shred or incinerate personal information recorded and stored in paper documents.

Your rights

You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on your country Data Protection Authority’s website. If you wish to exercise any of these rights, please get in touch with our team as set out in the section below. Details of all other LGIM websites can be found on our LGIM Group website.

Depending on your location and applicable data protection laws, your rights may include:

The right to be informed if your personal data was collected and the nature of the personal data collected, as well as the purposes and processing activities that will be conducted on your personal data, which are stated in this Privacy Policy.
The right to access the personal data that we hold about you , unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the right and freedoms of other individual.
The right to make us correct any inaccurate personal data we hold about you, or, your right to request a note of contestation is made in relation to the personal data held about you.
The right to make us erase, destroy or anonymise any personal data we hold about you. This right will apply where, for example:
- We no longer need to use the personal data to achieve the purpose we collected it for;
- You withdraw your consent if we use your personal data based on that consent; or
- Where you object to the way we use your data, and there is no overriding legitimate interest.
The right to restrict our processing of the personal data we hold about you. This right will apply where for example:
- You dispute the accuracy of the personal data we hold
- You would like your data erased, but we require to hold it in order to stop its processing
- You have the right to require us to erase the personal data but would prefer that our processing is restricted instead
- Where we no longer need to use the personal data to achieve the purpose we collected it for, but you need the data for legal claims.
The right to object to our processing, or disclosure to third parties, of personal data we hold about you (including for the purposes of sending marketing materials to you).
The right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request. You also have the right to make us transfer this personal data to another organisation by ways of automatic methods or equipment.
The right to withdraw your consent, where we rely on it to use your personal data, given to us at any time, unless the nature of consent does not allow such withdrawal. While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Please also note that withdrawing your consent does not affect our right to continue to collect, use and disclose your personal data before it was withdrawn or where such collection, use and disclosure without consent is permitted or required under applicable laws.
The right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you. We do not carry out any automated processing or profiling.
The right to give us instructions regarding the management of your personal information in the event of your death.
The right to request a note of contestation be made if neither the correctness nor the incorrectness of the personal data in question can be established.
The right to receive compensation from the data controller for damages suffered as a result of an infringement of your country’s data protection laws.
The right to require us to provide the description in an easy-to-access format accompanied by a description in plain language, of your personal data in our possession as well as the purpose for which they are processed.

In certain jurisdictions, as a data subject, you may exercise the above rights through an agent, such as your legal representative or other person authorized by you. In such case, you must submit a power of attorney required under the applicable data protection law.

Contacts and complaints

If you have any questions about this privacy policy or wish to exercise any of your rights, please get in touch with your relationship manager or customer services team. Alternatively, you can use the Contact Us section of our consumer website or the adviser, employer or institutional websites. Details of all other LGIM websites can be found on our LGIM Group website.

Alternatively, you can contact us directly at our department in charge of personal data protection.

Name of Department: Chief Data Office
Telephone Number: 0203 124 2880
E-mail: HelpMeWithPrivacy@LGIM.com

If you have any concerns about the way we process your personal data or are not happy with the way we handled a request by you in relation to your rights, you also have the right to make a complaint to your country’s Data Protection Authority.

[1] The data controller is the entity that determines the purposes for which and the means by which personal data is processed.