Privacy Policy for Global X Management Company LLC
1. Overview
1.1 This is the Privacy Policy of Global X Management Company LLC which is referred to as “Global X”, “us” or “we”throughout this Privacy Policy. This Privacy Policy provides details of the way in which we process personal data in line with our obligations under applicable data protection law, including Regulation 2016/679 of 27 April 2016 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”), the UK GDPR, the California Consumer Privacy Act of 2018, and any other applicable law.
2. Information We Obtain
2.1 Global X may obtain personal information from you through the site globalxetfs.com or globalxetfs.eu as applicable, including but not limited to information you provide when you:
(a) Download marketing or research collateral;
(b) Contact us with questions or requests for information
(c) Register for our Model Portfolio content; or
(d) Register for any Continuing Education credits
2.2 We may also obtain information through third parties, including but not limited to, third party investor relations managers with whom you have shared your information for receiving investment opportunities.
2.3 For purposes of this privacy policy, “personal data” includes information that can be used to identify you, such as your name, address, company affiliation, e-mail address, phone number, or investor type. The types of personal data we collect, use, store and transfer include:
(a) Identity Data: including your first and last name, title and gender.
(b) Contact Data: including your email address, telephone number and business contact information.
(c) Technical Data: including your internet protocol (IP) address, browser type and version, location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
(d) Usage Data: including information about how you use our website and services.
(e) Marketing and Communications Data: including your preferences in receiving marketing communications from us and our third party partners.
2.4 We do not collect or process any special categories of personal data about you as defined in Article 9 GDPR, nor do we collect any information about criminal convictions and offences.
3. Collection of Information Using Cookies and Other Tools
3.1 Global X may use “cookies” or other electronic tools to collect information such as:
(a) IP address;
(b) Browser type;
(c) Operating system;
(d) Computer platform;
(e) Information about your mobile device;
(f) Geo-location data; and
(g) The state or country from which you accessed the site
3.2 Global X uses first party and third party cookies. A cookie is a small text file placed on your device that provides us with information about the device. Where used, cookies are downloaded and stored on your device. A full list of all cookies used on our website, as well as the duration and purpose of the cookies, can be found here.
3.3 We use both essential and non-essential cookies. Essential cookies are strictly necessary for the functioning of the website and cannot be turned off. They are crucial for the basic functions of the website and the website will not work in its intended way without them. These cookies do not store any uniquely identifiable data. Most browsers are set to accept essential cookies by default. If you prefer, you can usually set your browser to disable such cookies, or to alert you when cookies are being sent. Likewise, most mobile devices allow you to disable the ability for geo-location information to be collected from your mobile device. However, if you disable cookies or refuse to accept a request to place an essential cookie, it is possible that some parts of the site, such as certain pages for which you need to log in, will not function properly.
3.4 We also use non-essential cookies to collect information about how visitors use our website. These provide metrics on the number of visitors, time spent on the website, the web browser used and other similar information. We will always seek your consent before the placement of non-essential cookies, and such consent may be withdrawn at any time. You can change your cookie preferences at any time by altering your preferences here on our website.
4. How We Use Your Information
4.1 Global X will only use your personal data when permitted by law, and generally in the following circumstances:
(a) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
(b) Where we need to perform a contract we have entered into with you; or
(c) Where we need to comply with a legal or regulatory obligation.
4.2 Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message or for the placement of cookies on your device as explained above. You have the right to withdraw consent to marketing at any time by contacting us (see Contact Us).
4.3 Personal data is processed by us for the following purposes:
| Purpose of Processing | Lawful Basis under GDPR |
|---|---|
| To enhance your experience with the site. | Necessary for our legitimate interest to assess how visitors use our site, to develop our business and inform our marketing strategy
|
| To provide you with the services or information that you request. | Necessary for our legitimate interest to develop our services and grow our business
|
| To communicate with you (e.g., to provide information about products or services in which you have indicated an interest). | Necessary for our legitimate interest to develop our services and grow our business
|
| To combat fraud. | Necessary to comply with a legal obligation
|
| To fulfil any other purpose for which you provided the information. | Performance of a contract with you. Necessary for our legitimate business interests |
| To conduct research and analysis (anonymously and in the aggregate). | Necessary for our legitimate interests (to define types of users for our services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy)
|
To provide information promotions to you regarding our products and services.
| Necessary for our legitimate interests (to develop our services and grow our business)
|
To assist us with the uses described in this privacy policy, information we have collected from or about you through the site may be combined with or enhanced by other information about you that we have from other online or offline sources, including from our service providers.
| Necessary for our legitimate interests (to develop our services and grow our business, and to provide our services to you)
|
4.4 Where we use your personal data for marketing and advertising purposes, you may opt-out of receiving such communications at any time. We will get your express opt-in consent before we share your personal data with any company outside Global X and its affiliates for marketing purposes. You can unsubscribe or choose not to receive promotional materials from Global X by following the specific instructions in the e-mail or other communication you receive or by e-mailing us at info@globalxetfs.com. Please note that it may take some time to process your request, consistent with applicable law.
5. How We Share Your Information
5.1 Global X may share your personal information with our affiliates and subsidiaries under narrow circumstances, including but not limited to:
(a) With our service providers that help us to operate our business (e.g., to deliver the information or services requested by you; to perform other activities related to such information or services; and to provide you with promotions from Global X);
(b) In connection with any proposed or actual sale or other transfer of some or all assets of Global X, and/or any proposed or actual sale or merger of Global X (including in the event of a reorganization, dissolution or liquidation);
(c) With our affiliate entities to allow us to deliver our services to you, including marketing information about investment opportunities;
(d) As otherwise required or permitted by law; and/or
(e) Any other sharing to which you consent.
5.2 We may also disclose personal data to our professional advisors, regulatory bodies, auditors, technology providers and any of the respective related, associated or affiliated companies of the foregoing for the same or related purpose(s).
6. Global X and Data Processors
6.1 Global X will engage certain service providers to perform certain services on its behalf which may involve the processing of personal pata. To the extent that such processing is undertaken based on the instructions of Global X and gives rise to a data controller and data processor relationship, Global X will ensure that such relationship is governed by a contract which includes the data protection provisions as required by applicable data protection law.
7. Your Legal Rights:
7.1 If you are based in the EEA or the UK you have certain rights under GDPR and UK GDPR (as appropriate), including the following:
(a) the right to receive detailed information on how we process your personal data;
(b) the right of access to your personal data;
(c) the right to amend and rectify any inaccuracies in your personal data;
(d) the right to request your personal data be erased (right to be forgotten);
(e) the right of data portability;
(f) the right to restrict processing;
(g) the right to object to processing;
(h) the right to object to automated decision making, including profiling;
(i) the right to withdraw your consent at any time where we are relying on consent to process your personal data; and
(j) the right to make a complaint to the appropriate data protection regulatory authority.
7.2 These rights will be exercisable subject to limitations as provided for under the applicable data protection law. You may make a request to Global X to exercise any of these rights by contacting us (see Contact Us). Requests shall be dealt with in accordance with applicable data protection law.
8. Data Retention
8.1 We will only retain your personal data for so long as is necessary to fulfil the purposes we collected or obtained it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate period for retention of your personal data, we will consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your personal data, and the purposes for which we process your personal data. Details of retention periods for your personal data are available by contacting us (see Contact Us).
9. Security
9.1 We take precautions to protect your personal data against unauthorised loss, access, use, alteration or destruction. Only employees who need the information to perform a specific job are granted access to personal data. The computers/servers in which we store personally identifiable information are kept in a secure environment.
10. Data Transfers outside the EEA
10.1 Global X may transfer your personal data to countries outside the EEA or the UK which may not have the same or equivalent data protection laws. If such transfer occurs, Global X will ensure that such processing of personal data is in compliance with applicable data protection law including GDPR and UK GDPR, and, in particular, that appropriate measures are in place such as entering into Model Contractual Clauses (as published by the European Commission).
11. Social Media
11.1 Global X and select employees maintain profiles and/or pages on various social media sites, including Twitter, Facebook, YouTube, and LinkedIn. If you choose to “Follow” Global X on Twitter, Facebook, YouTube or LinkedIn or take any similar action on another social media site, you are providing your consent to receive informational updates, including solicitations, from Global X. To stop receiving this information from Global X on a social media site, you must follow the procedure established by the site. For example, on Twitter, you must click “Unfollow” on Global X’s profile page.
11.2 The information contained in Global X’s social media profiles and pages is current as of the date of publication (or such earlier date as referenced) and is subject to change without notice. Global X has no obligation to update any or all of such information. Additionally, Global X personnel other than the author(s) may provide oral or written market commentary or investment ideas to Global X’s clients or prospects that differ from the views expressed.
11.3 All amounts, market value information, and estimates have been obtained from outside sources where indicated or represent the good faith judgment of Global X. Where such information has been obtained from outside sources, Global X cannot guarantee its accuracy or completeness. Past performance is not a guarantee or reliable indicator of future results. Global X’s social media profiles and pages are not intended to be an offer or solicitation with respect to the purchase or sale of any security or other financial instrument or any investment management services. They are provided for information purposes only, do not constitute investment advice, and should not be used as the basis for any investment decision. They also do not purport to provide any legal, tax, or accounting advice.
11.4 Twitter, Facebook, YouTube, and LinkedIn are owned by third parties unaffiliated with Global X. Global X is not responsible for the terms of use or policies of any of the social media sites on which it maintains a profile or page or any third-party sites to which they are linked, and you use these sites at your own risk. Global X is not responsible for and does not endorse any content, advertising, products, advice, opinions, recommendations, terms of use or privacy policies, or other materials on or available from third parties.
11.5 While Global X may monitor postings by third parties on its profiles and pages, Global X is not able to review them before they are displayed, and any such postings are the views and responsibilities of the posters. Global X does reserve the right to edit or remove any post for any reason and to block followers to the extent permitted by the sites. If Global X does not remove a third-party post, it is not an endorsement of the content.
11.6 Global X does not provide customer service, conduct financial transactions, or accept customer complaints through its social media profiles and/or pages. Never disclose account or other personal financial information on any of our social media profiles or pages.
12. Links to Third-party Websites
12.1 The site may include links to third-party websites. Since we do not control third-party websites and are not responsible for any information you may provide while on such sites, we encourage you to read the privacy policies on those websites before providing any of your information on such sites.
13. California Residents
13.1 The California Consumer Privacy Act of 2018 (CCPA) provides California Residents with specific privacy rights. These rights are further discussed in this Notice and should be read in conjunction with our general privacy policy.
14. Questions Regarding this Online Privacy Policy
14.1 If you have questions regarding this privacy policy, please contact us at info@globalxetfs.com.
14.2How to contact our EU / EEA and UK representatives:
We have appointed Grant Thornton as our EU/EEA/UK privacy representatives in compliance with both EU GDPR Article 27 and UK GDPR Article 27.
If you are based in the EU/EEA or UK, Grant Thornton gives you an easy way to exercise your GDPR Privacy related rights such as:
• Your right to be informed of what we do with your data
• Your right of access to your data
• Your right to rectify your data
• Your right to erasure (right to be forgotten)
• Your right to restrict processing
• Your right to data portability
• Your right to object to processing
• To exercise your rights in relation to automated decision making and profiling
If you would like to contact us via our representative, please email
• EU/EEA GDPR Data Subjects: eurepresentative.globalx@ie.gt.com
• UK GDPR Data Subjects: ukrepresentative.globalx@ie.gt.com
You also have the right to lodge a complaint with the relevant supervisory data protection authority. We hope we can deal with any complaint in advance of you taking this action. Should you wish to lodge a complaint directly with the supervisory authority in your region please find contact details https://edpb.europa.eu/about-edpb/about-edpb/members_en
15. Updates
15.1 Our privacy policy may change from time to time and all updates will be posted on this page. If you questions about this privacy policy, you should contact us via telephone at 1-888-493-8631 or info@globalxetfs.com.
Last Updated: November 29, 2021
Privacy Policy for Global X ETFs iCAV
1. INTRODUCTION
1.1 This Data Protection Policy (“Policy”) applies to Global X ETFs iCAV (the “Fund”) in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and applicable supplemental national data protection laws in Ireland, which consist primarily of the Data Protection Acts 1988 to 2018, will be collectively referred to as the “Data Protection Legislation” that apply to the Fund.
1.2 As a regulated entity, the Fund and its delegates and affiliates have to collect, store and process certain Personal Data about investors, beneficial owners, directors, employees, trustees, service providers and other third parties for the purposes of its operations and adhering to its legal and regulatory obligations. Such data is collected from employees, investors, service providers and includes (but is not limited to), any information relating to an identified or identifiable natural person. For example, 'Know Your Client' documentation which may include personal data such as residential addresses, email addresses, places of birth, dates of birth, bank account details and details relating to investor investment activity, including business and personal information of individuals to the extent relevant to such activity, name, address, email address, data of birth, IP address, identification numbers, private and confidential information, sensitive information and bank details.
1.3 The Fund operates on a delegated model under which the Fund’s Service Providers are appointed to provide certain services to the Fund. In the provision of the services to the Fund, the Fund Service Providers process personal data on behalf of the Fund and as a result constitute “processors” of the Fund. It is the Fund’s policy to ensure that such Processors have implemented appropriate technical and organisational measures to ensure there are appropriate safeguards to comply with the GDPR.
1.4 This Policy with guidelines for processing of personal data, constitutes the overall framework for processing of personal data with the Fund.
2. POLICY STATEMENT
2.1 The Fund has developed policies, procedures, controls and measures to ensure maximum and continued compliance with the data protection laws and principles, including staff training, procedure documents, and ongoing monitoring. Ensuring and maintaining the security and confidentiality of personal data is one of our top priorities.
2.2 The Data Protection Manager to the Fund is Sinead Phelan. The Data Protection Manager will work to ensure that all processes, systems, key Processors engaged by the Fund and staff are operating compliantly and within the requirements of the data protection laws and its principles.
3. PURPOSE
The purpose of this policy is to protect the rights and freedoms of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge and ensure the Fund meets its legal, statutory and regulatory requirements under the data protection laws.
3.1 The data protection laws include provisions that promote accountability and governance and as such the Fund has put comprehensive and effective governance measures into place to meet these provisions. The aim of such measures is to ultimately minimise the risk of breaches and uphold the protection of personal data.
4. DEFINITIONS
4.1 General Definitions:
a. "Controller" means any natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data. The Fund generally acts as a Controller of personal data.
b. "Processor" means a natural or legal person who processes personal data on behalf of the controller, such as a fund administrator, distributor and/or other delegates of the Fund.
c. "Data Subject" means an individual who is the subject of personal data, such as an investor in the Fund.
d. "Processing" means performing any operation or set of operations on personal data, whether or not by automatic means, including collecting, recording, organising, structuring, storing, amending, using, retrieving, disclosing, erasing or destroying it.
4.2 Personal Data
4.2.1 Information protected under the GDPR is known as “personal data” and is defined as:
Any information relating to an identified or identifiable natural person; For example, 'Know Your Client' documentation which may include personal data such as residential addresses, email addresses, places of birth, dates of birth, bank account details and details relating to investor investment activity, including business and personal information of individuals to the extent relevant to such activity.
4.2.2 The Fund will ensure that any Personal Data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is being processed.
4.2.3 Under Article 9 of the GDPR, where the Fund processes any special categories of Personal Data (such as health data), it must have a legitimising condition for doing so under Article 9 or relevant provisions of the Data Protection Act 2018. The Fund generally does not collect or process any special categories of Personal Data, except limited quantities of health data in relation to the Fund’s own personnel to the extent that this is relevant to their relationship with the Fund (e.g. in connection with absence from work due to illness). Where the Fund processes special categories of Personal Data, it does so incompliance with applicable provisions in the GDPR and the Data Protection Act 2018.
5. GDPR PRINCIPLES
5.1 The Fund collects and uses personal data for the purposes of its operations and adhering to its legal and regulatory obligations.
5.2 As per Article 5 of the GDPR the Fund adheres to core data protection principles, namely that Personal Data shall be:
a) processed fairly, lawfully and transparently;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) limited to what is required for the stated purpose or purposes;
d) accurate, complete and up to date;
e) retained for not longer than is necessary for the stated purpose or purposes;
f) kept confidential, safe and secure;
g) provided to a Data Subject on request; and
h) not transferred to people or organisations situated in countries without adequate protection.
5.3 The Fund adheres to the accountability principle, by taking responsibility for, and being able to demonstrate compliance with, obligations under applicable Data Protection Legislation.
6. LEGAL BASIS FOR PROCESSING PERSONAL DATA
6.1 Pursuant to Article 6 of the GDPR, the Fund can process Personal Data lawfully to the extent that at least one of the following applies:
a) where the Data Subject has given consent to the Processing;
b) where this is necessary for the performance of the contract with the Data Subject;
c) where this is necessary in order to protect the vital interests of the Data Subject or another natural person;
d) where this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
e) where this is necessary for compliance with a legal obligation to which the Fund is subject; and/or
f) where this is necessary for the purposes of the legitimate interests of the Fund or a third party and such legitimate interests are not overridden by the Data Subject's interests, fundamental rights or freedoms.
6.2 The Fund generally relies on performance of a contract, legal obligation and legitimate interests as its main lawful bases for Processing of Personal Data. Where relying on legitimate interests, the Fund will conduct a balancing exercise to ensure that the legitimate interests pursued should not be overridden by the Data Subject's interests, fundamental rights or freedoms. The Fund generally does not intend to rely upon consent as the lawful basis for the processing of personal data.
6.3 The Fund will only collect and process Personal Data for purposes that are specific, explicit and for legitimate purposes. The Fund generally processes Personal Data for the following purposes;
a) where this is necessary for the performance of the contract to purchase shares in the Fund;
b) where this is necessary for compliance with a legal obligation to which the Fund is subject (such as the anti-money laundering obligation to verify the identity of the Fund's customers (and, if applicable their beneficial owners) or the prevention of fraud); and/or
c) where this is necessary for the purposes of the legitimate interests of the Fund or a third party (such as direct marketing and analysing Personal Data for quality control, business and statistical analysis, tracking fees and costs, training and related purposes). Such legitimate interests are not overridden by a Data Subject's interests, fundamental rights or freedoms.
6.4 The Fund will not process Personal Data in a manner that is incompatible with those communicated with Data Subjects. If the Fund is considering any new activity or implementing any new initiative that will involve changing the way that the Fund processes Personal Data, it will decide whether a data protection impact assessment or privacy impact assessment should be carried out in accordance with Data Protection Legislation and related guidance.
7. DISCLOSURE AND TRANSFER OF PERSONAL DATA
7.1 The Fund as Controller
7.1.1 The Fund is a Controller and takes appropriate measures to comply with its obligations as such under Data Protection Legislation. The Fund often engages third parties to process Personal Data on behalf of the Fund and when they do so, such third parties generally act as Processors. When Processing Personal Data, there may also be times where service providers to the Fund (for example, the administrator) will be required to use Personal Data for their own purposes, in which case they will be characterised as other Controllers of that Personal Data
7.2 Other Data Controllers
7.2.1 The Administrator and Depositary shall each be separate data controllers of the personal data of shareholders, applicants for shares, beneficial owners, directors and officers of shareholders and applicants for shares which they obtain as a result of their respective contracts with the Fund:
(i) to the extent that it is necessary for either of them, respectively, to comply with their own obligations under anti-money laundering legislation (on the basis of their respective legal obligations); and
(ii) in the case of the Depositary, in the discharge of its statutory oversight and monitoring obligations (on the basis of its legal obligations)
7.3 Company Service Providers
7.3.1 The Fund operates on a delegated model under which the Fund’s Service Providers are appointed to provide certain services to the Fund. In the provision of the services to the Fund, the Fund Service Providers process personal data on behalf of the Fund and as a result constitute “processors” of the Fund.
7.3.2 It is the Fund’s policy to ensure that such Processors have implemented appropriate technical and organisational measures to ensure there are appropriate safeguards to comply with the GDPR.
7.3.3 The Fund ensures that it has a written agreement with each Company Service Provider that acts as a Processor on behalf of the Fund which contains appropriate contractual provisions governing the processing of Personal Data by that Company Service Provider on behalf of the Fund as required under Data Protection Legislation. These provisions include a contractual right to obtain all relevant information from that Company Service Provider which is necessary in order for the Fund Service Provider to demonstrate its compliance with the data protection obligations set down in the contract. Furthermore, the Fund may carry out an audit or inspection of the relevant Company Service Provider for such purposes.
7.4 Transferring Personal Data to a country outside the EEA
7.4.1 Under Data Protection Legislation, Personal Data generally may not be transferred outside the European Economic Area unless an exception to this general prohibition can be relied on. The permitted exceptions include: (a) where the third country to which the Personal Data is to be transferred is the subject of an adequacy decision by the European Commission, which allows the free flow of Personal Data from the EEA to that third country, or (b) where the transferring Controller or Processor has provided appropriate safeguards for Personal Data and there are enforceable Data Subject rights and effective legal remedies available to Data Subjects; or (c) where limited derogations apply, such as where the explicit consent of the Data Subject has been obtained, or where the transfer is necessary for the performance of a contract with the Data Subject, or for the exercise of legal claims or for important reasons of public interest.
7.4.2 The Fund anticipates transferring Personal Data to entities located both within and outside of the EEA and authorised delegates such as the Fund’s administrator, investment manager, distributor and their respective affiliates, some of which may include entities located outside of the EEA. Any transmission of Personal Data by the Fund outside the EEA shall be in accordance with the requirements of the Data Protection Legislation.
8. RIGHTS OF The DATA SUBJECTS and rights to access
8.1 Rights to Access
8.1.1 A Data Subject has the right to obtain confirmation from the Fund as to whether or not Personal Data concerning them is being processed. Where the Fund is Processing their Personal Data, the Data Subject has the right to access such Personal Data and the following information:
a) the purpose of the Processing;
b) the categories of Personal Data concerned;
c) the persons or categories of persons to whom the Personal Data may be disclosed, in particular recipients in third countries or international organisations;
d) the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request rectification or erasure of the Personal Data or restriction of Processing of Personal Data concerning the Data Subject or to object to such Processing;
f) the right to lodge a complaint with the Data Protection Commission or another competent data protection authority;
g) where the Personal Data is not collected for the Data Subject, any available information as to their source; and
h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for the Data Subject.
8.1.2 Where Personal Data is transferred to a third country outside of the EEA or an international organisation, the Data Subject has the right to be informed of the appropriate safeguards relating to the transfer.
8.1.3 The Fund will not charge a fee for complying with a Data Subject's access request, unless it can be demonstrated that the cost will be excessive. In such cases, a reasonable fee may be applied.
8.1.4 The information shall be provided without delay and within one month. Where requests are complex, the Fund may extend the deadline for providing the information to three months. However, it shall in any event respond to the request within a month, explaining why the extension is necessary.
8.1.5 A request may be made by an individual, such as an investor or a director of a Company and may be made in electronic format as well as by written request to the privacy contact at the Fund.
8.2 Rights to be forgotten
8.2.1 A Data Subject has the right for their Personal Data to be erased without undue delay in certain contexts including, but not limited to, where the Personal Data has been Processed unlawfully or where the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise.
8.2.2 The Fund will comply with any valid request for erasure, subject to applicable exemptions provided for in Data Protection Legislation.
8.3 Rights to the restriction of Processing
8.3.1 A Data Subject has the right to require that the Fund restricts Processing of their Personal Data in certain circumstances including, but not limited to, where the Personal Data is inaccurate, is no longer required in light of the purposes of the Processing or the Data Subject has exercised their right to object.
8.3.2 Where Processing has been restricted, such Personal Data shall, with the exception of storage, only be processed with the Data Subject's consent and the Fund is required to inform the Data Subject before the restriction of Processing is lifted.
8.3.3 The Fund will comply with any valid request for restriction of Processing, subject to applicable exemptions provided for in Data Protection Legislation.
8.4 Rights in relation to automated decision making
8.4.1 Data Subject has the right not to be subjected to processing which is wholly automated and which produces legal effects or otherwise which significantly affects an individual, unless one of a limited number of exemptions applies. The Fund does not envisage engaging in any such automated decision making.
8.5 Rights to object
8.5.1 A Data Subject has the right to object, on grounds relating to their particular situation, at any time to Processing of Personal Data concerning them where the Processing is based on legitimate interests pursued by the Fund or a third party.
8.5.2 In such circumstances the Fund shall no longer process the Personal Data unless it demonstrates compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
8.5.3 The Fund will comply with any valid objection to the Processing of Personal Data, subject to applicable exemptions provided for in Data Protection Legislation.
9. Personal data Records
9.1 Keep accurate and up-to-date
9.1.1 The Fund will take reasonable steps to ensure that the Personal Data held is accurate and kept up to date. The accuracy of any Personal Data will be checked at the time of collection and at regular intervals or triggers thereafter. The Fund will take all reasonable steps to amend inaccurate or out-of-date Personal Data without delay after becoming aware of this.
9.2. Storage Limitation
9.2.1 The Fund will not keep Personal Data longer than is necessary for the purpose or purposes for which it was collected. It will take all reasonable steps to erase all Personal Data which is no longer required. The Fund will be clear when informing the Data Subject about how it determines the length of time for which Personal Data will be kept and the reason why the information is being retained. The Fund will take into account any required statutory retention periods that give rise to an obligation to retain a Data Subject's Personal Data for fixed periods and ensure that Personal Data is retained in line with such statutory requirement(s).
9.3 Kept safe and secure
9.3.1 Processing will be conducted in a manner that ensures appropriate security and confidentiality of Personal Data. The Fund must secure Personal Data from unauthorised access by third parties, alteration, disclosure, accidental loss, destruction or any form of computer corruption. The Fund will seek assurances from any service providers that act as Processors for the Fund that they have implemented appropriate information security measures which may include, but are not limited to:
a) Access to IT servers are restricted in a secure location to a limited number of staff;
b) Access to systems are password protected;
c) A back up procedure is in operation;
d) Manual files containing Personal Data, financial information or Company confidential information are not be viewable; and
e) A strong emphasis is placed on the security of Personal Data when it is held on portable devices.
10. Personal Data breaches
10.1 Definition of Personal Data Breach
10.1.1 The GDPR defines a personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
10.1.2 Article 34 of the GDPR requires that any Personal Data Breach that is likely to result in a high risk to the rights and freedoms of the affected Data Subjects must be communicated to those individuals without undue delay.
11. CONTACT
11.1 If you have any questions regarding the content of this Policy, please contact the privacy contact at the Fund (europe@globalxetfs.com).
USE OF COOKIES
Cookies are small files that collect anonymous information about how visitors use our site, which is then used to help improve the site. The information collected includes the number of site visitors, where visitors come to the site from and the pages they visited. For further information visit www.aboutcookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.
Use of this website is subject to our Terms of Use.