Privacy Notice
1. Important information and who we are
This Privacy Notice is issued on behalf of Fundsmith LLP (collectively “Fundsmith”, “we”, “our”, “us”), a data controller for the purposes of the UK’s retained EU law version of the General Data Protection Regulation 2016/679 (“UK GDPR”).
This Privacy Notice describes the types of personal data that we may obtain and process, how we may use this data, with whom we may share this data, how long we will retain this data, and your choices regarding our use of your data.
We also describe the measures we take to safeguard personal data and tell you how to contact us about our privacy practices as provided for under applicable data protection legislation and regulation to which we are subject.
The websites www.fundsmith.co.uk, www.fundsmith.com and www.fundsmithetf.us, www.fundsmith.us, www.fundsmith.eu, www.smithson.co.uk, www.fundsmith.co.za (collectively “Websites”, each a “Website”) are not intended for children (any person under the age of 18) and we do not knowingly collect data relating to children.
2. The types of personal data we collect about you
Personal data means any information about an individual from which that person can be identified. We may collect and process various items of personal data about you for the purposes set out in this Privacy Notice.
We may collect, use, store and transfer the following categories of personal data:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender;
- Contact Data includes address, email address and telephone numbers;
- Financial Data includes bank account details and information resulting from “know-your-client” and anti-money laundering checks;
- Transaction Data includes details about transactions you undertake when buying and selling shares in a fund;
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this Website;
- Usage Data includes information about how you interact with and use our Website and the funds;
- Profile Data includes username and preferences, feedback and survey responses;
- Marketing Data includes your preferences in receiving marketing from us.
From time to time, we may aggregate personal data we hold about you such that the data no longer directly or indirectly reveals your identity (and therefore no longer constitutes personal data). For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Websites to help improve the Websites and our service offering.
We may collect special categories of personal data, which include, but are not limited to, information revealing racial or ethnic origin, political opinions, religious or similar beliefs, physical or mental health conditions and sexual orientation. For example, if you are identified as a politically exposed person through client due diligence checks, we may receive information revealing your political opinions.
We may also be required, in connection with the fulfilment of our legal and/or regulatory obligations, to collect information regarding criminal offences or alleged criminal offences that have been committed by you.
3. How is your personal data collected?
We may collect your personal data through a number of different methods including:
- Your interactions with us. For example, when you:
- invest in one of our funds;
- communicate with us by phone, e-mail, online customer support chat, social media, writing or otherwise;
- visit our offices;
- elect to receive marketing communications from us;
- apply for a position with us.
- Websites. As you interact with our Websites, we may collect Technical Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see section 12 for further details.
- Third parties or publicly available sources. We may collect your personal data from various third parties and public sources, including when you:
- engage with an organisation that has a business relationship with Fundsmith, such as a fund’s transfer agent, administrator or our payment service provider;
- are subject to money laundering and “know-your-client” checks;
- are the beneficiary of a trust, the assets of which have been invested in a fund.
4. How we use your personal data
Legal basis
We rely on one or more of the following legal basis when collecting and processing your personal data:
- Performance of a contract with you: We may process your personal data where we need to perform a contract we are about to or have entered into with you.
- Legal obligation: We may process your personal data where it is necessary for compliance with a legal obligation that we are subject to (for example, where we conduct anti-money laundering / “know-your-client” checks to confirm your identity).
- Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose (for example, if you subscribe to receive marketing material from us).
- Legitimate interests: We may process your personal data where it is necessary to conduct our business and pursue our legitimate interests (for example, to enable us to give you the best and most secure customer experience and make improvements to our business). We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by your interests, fundamental rights or freedoms (unless we have your consent or are otherwise required or permitted to by law).
- Substantial public interest: We may process your personal data where there is a substantial public interest in us doing so (for example, to prevent or detect unlawful acts or for the purposes of compliance with a regulatory requirement relating to unlawful acts and dishonesty).
Purposes for which we will use your personal data
We have set out below, in a table format, a description of the purposes for which we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so.
| Purpose/Use | Legal Basis |
|
|
| To manage our relationship with you we will respond to your queries, requests (including complaint handling) and all correlated communications including the provision of investor services. |
|
| Undertaking anti-money laundering / “know your client” checks to confirm your identity in accordance with anti-money laundering and counter-terrorist financing obligations. |
|
| To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). |
|
| To deliver relevant Website content and online marketing to you and measure or understand the effectiveness of the marketing we serve to you. |
|
| To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing. |
|
| To send you relevant marketing communications that may be of interest to you based on your Profile Data. |
|
| Reporting to and/or cooperating with supervisory and regulatory bodies, and/or other authorities pursuant to applicable laws and regulations and complying with general prudential duties. |
|
| To assess the suitability of an individual applying for a position with us. |
|
5. Disclosures of your personal data
Where it is necessary in connection with the purposes set out at section 4 above, we may share your personal data with certain third parties. In particular, we may share your personal data with the following recipients, some of whom will be based outside the UK and/or use sub-processors based outside the UK:
- the depositary and administrator of our funds;
- any of Fundsmith’s affiliated entities;
- suppliers and service providers to our business, including IT and communication services providers, accountants, auditors, tax advisors, lawyers and “know-your-client” / client due diligence verification providers;
- your financial advisor, where you have provided details of their identity;
- banking establishments;
- governmental, judicial or administrative bodies;
- any public register to be used for ultimate beneficial owners’ declarations (as accessible online as the case may be).
We also may disclose information about you: (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena or for tax reporting purposes), (ii) in response to requests by government agencies, such as law enforcement or regulatory authorities, (iii) for the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We also reserve the right to transfer any information we have about you to potential third-party acquirer(s) in the event we sell or transfer all or a portion of a fund’s assets (including in the event of a reorganization, dissolution, liquidation or other corporate event.
6. International transfers
In case of transfers of personal data to entities located outside the UK, such transfers will rely on appropriate safeguards as permitted or required under UK GDPR.
In these circumstances, we will take those steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice and UK GDPR. This means that we will transfer your personal data to third parties: (i) that are located in countries that have been confirmed by the UK Government to provide an adequate level of protection; (ii) that have agreed (by way of a contract or some other form of data transfer mechanism approved by the UK Information Commissioner's Office) to provide all protections to your personal data as required by UK GDPR; or (iii) where you have provided your express consent for us to do so.
7. Data security
We have put in place appropriate security measures intended to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to have such access and are, in each case, subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of any actual personal data breach where we are legally required to do so.
8. How long will you retain my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for (including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements) and in any event for no longer than is permitted pursuant to UK GDPR.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we collected your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see section 9 below for further information.
9. Your legal rights
Within the limits set out in the UK GDPR, you have the right to:
- know what personal data we process about you and access such personal data;
- request any incomplete or inaccurate personal data be corrected;
- require us to delete your personal data and/or otherwise restrict our processing of your personal data in some circumstances;
- object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data and which overrides your right to object;
- object to our processing of your personal data where we send you direct marketing;
- "data portability", which is a right to require us to transfer your personal data to you or to a new service provider in a structured, commonly used and machine-readable format.
If you wish to exercise any of the rights set out above, please contact us through the means outlined at section 10.
10. Contact details
If you have any questions about this Privacy Notice, our use of your personal data or you want to exercise your privacy rights, please contact us on the following:
E-mail: compliance@fundsmith.co.uk
Postal address: 33 Cavendish Square, London, W1G 0PW
Telephone: 020 3551 6337
11. Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection matters (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
12. Data collection technologies / cookies
For more information about the cookies we use on our Websites and how to change your cookie preferences, please see our Cookie Policy.
Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Fundsmith, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
13. Changes to the Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in our personal data practices. By continuing to use the Website, communicate with us, or otherwise provide us with your personal data, you agree to any updated version of this Privacy Notice.
14. U.S. data protection
In compliance with the California Consumer Privacy Act (“CCPA”), in the past twelve months, we may have collected the following categories of your Personal Information (as defined by the CCPA):
| Category |
Examples |
Collected |
|
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
Yes |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. |
Yes |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes |
| D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Yes |
|
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
No |
| F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. |
Yes |
| G. Geolocation data. |
Physical location or movements. |
No |
| H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
Yes |
| I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
Yes |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
| K. Inferences drawn from other Personal Information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes |
We may process Sensitive Personal Information, which includes Personal Information revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status, genetic or biometric data for the purpose of uniquely identifying a natural person, a known child, or precise geolocation data. However, we will never make inferences about other characteristics based on your sensitive personal information.
We may disclose your Personal Information to a third party for a business purpose subject to confidentiality and non-use restrictions. Fundsmith does not sell or share Personal Information for cross-context behavioral advertising.
| Personal Information Category | Categories of Third-Party Recipients | |
| Business Purpose Disclosures | Sales or Sharing for Cross-Context Behavioral Ads | |
|
A. Identifiers. |
Affiliates, Business Partners, Operating Systems & Platforms, data analytic providers, data aggregators |
None |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
Affiliates, Business Partners, Operating Systems & Platforms, data analytic providers, data aggregators |
None |
| C. Protected classification characteristics under California or federal law. |
Affiliates, Business Partners, Operating Systems & Platforms, data analytic providers, data aggregators |
None |
| D. Commercial information. |
Affiliates, Business Partners |
None |
| E. Biometric information. |
None |
None |
| F. Internet or other similar network activity. |
Affiliates, Business Partners, Operating Systems & Platforms, data analytic providers, data aggregators |
None |
| G. Geolocation data. | None | None |
| H. Sensory data. |
Affiliates, Business Partners |
None |
| I. Professional or employment-related information. |
Affiliates, Business Partners |
None |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
None |
None |
| K. Inferences drawn from other Personal Information. |
Affiliates, Business Partners |
None |
Individuals that reside in California may have additional rights (beyond those rights described above) under the CCPA to their Personal Information that we collect and use:
- Right to Know. Individuals residing in California may have the right to request from Fundsmith the categories of Personal Information we have collected about you, the categories of sources from which the your Personal Information was collected, the business or commercial purpose for collecting or selling your Personal Information, the categories of third parties with whom we share the your Personal Information, and the specific pieces of Personal Information Fundsmith has collected about you. You may call us at +1 203 594 1863 or email at compliance@fundsmith.co.uk with “CCPA Right to Know” in the subject line and in the body of the email to exercise this right.
- Right to Deletion. Individuals residing in California may have the right to request that we delete any Personal Information about you which we have collected from the you. You may call us at +1 203 594 1863 or email at compliance@fundsmith.co.uk with “CCPA Right to Deletion” in the subject line and in the body of the email to exercise this right.
- Right to Restrict/Opt-Out. You can request that we restrict the use of your sensitive information (such as your financial account information and Social Security number) when there is no statutory exemption that allows us to use that information. Please note that we only use such sensitive information to provide you with the services you have requested from us.
Fundsmith will not discriminate against you for the exercise of your rights under the CCPA.
There are situations where Fundsmith is not required to comply with a request to know or delete and Fundsmith will notify you if one of those situations arises.
Fundsmith reserves the right to verify the your identity before we process any request relating to your Personal Information. Fundsmith will only request information as is necessary to process your request. Fundsmith cannot respond to your request if it cannot verify your identity or the authority to make the request as an agent of another.
You may use an authorized agent to submit a request to know or a request to delete. To use an authorized agent, you must provide their agent with written authorization and we may require the you to provide proof of their identity. Fundsmith may deny a request from your agent if they do not submit proof that you have authorized them to act on your behalf. Such requirements will not apply where you have provided your authorized agent with power of attorney pursuant to Cal. Prob. Code Sections 4000 to 4465.
Fundsmith will not discriminate against an individual if they exercise any of the rights granted to them under the CCPA. Fundsmith does not discriminate against an individual if the we deny a request to know or delete if we have a legitimate reason for the denial.
Other State Privacy Laws and Rights
Other states may provide (now or in the future) their state residents with rights to:
- Confirm whether we process their Personal Information.
- Access and delete certain Personal Information.
- Correct inaccuracies in their Personal Information, taking into account the information's nature processing purpose (excluding Iowa and Utah).
- Data portability.
- Opt-out of personal data processing for:
- targeted advertising (excluding Iowa);
- sales; or
- profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state. To exercise any of these rights, you may call Fundsmith at +1 203 594 1863 or email us at compliance@fundsmith.co.uk.To appeal a decision regarding a consumer rights request, you may e-mail Fundsmith at compliance@fundsmith.co.uk with “Appeal – consumer rights” in the subject line and in the body of the email to exercise this right.