Fundsmith is committed to protecting and respecting your privacy including when you visit our Website. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
When using the website, Fundsmith collects personal information about the user and in certain circumstances personal information of third parties related to the user (the “data subjects”). We process personal information in accordance with the legislation and regulations applicable to the protection of personal data in Luxembourg and in particular Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”) and any other national or supranational statutory law applicable to us (collectively the “Data Protection Law”).
For the purposes of GDPR, Fundsmith is to be considered as the data controller with respect to the personal information processed by us in relation to a data subject’s use of our Website.
This privacy notice aims at informing you about what personal information we collect and receive, how we process it, why we do so and the legal basis for doing so, when we share it with others and the rights data subjects have in that respect as well as how to exercise them.
- The information that we collect from you.
- The information that we receive from other people.
- Our use of your information.
- How we share your information.
- Our security and data retention measures, and any transfers we make outside of the EEA.
- Your rights in respect of your information and third-party websites.
- Data Retention.
- Accessing and updating your information.
- Our contact information and withdrawal of consent.
1. INFORMATION THAT WE COLLECT FROM YOU
When you visit or otherwise use the Website we may collect and process the following data about you:
- details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access;
- information that you provide by filling in forms on the Website.
- details of transactions you carry out through the Website; and
- if you contact us, we will keep a record of that correspondence.
Some of this information is collected and processed so that the contract with you can be performed, some for the purpose of legal compliance and some for the purposes of our legitimate interests (subject to your rights), namely, to analyse the use of our Website and services in order to continually improve our business and services.
2. INFORMATION THAT WE RECEIVE FROM OTHER PEOPLE
We work closely with third parties who may collect personal information from you and pass it on to us. Where this is the case the third party is responsible for obtaining the relevant consents from you to ensure you are happy with the ways in which your personal data will be used.
3. USE OF YOUR INFORMATION
We will use your personal information:
- to ensure that the content of the Website is presented in the most effective manner for you and for your computer;
- to carry out our obligations arising from any contracts entered into between you and us;
- to allow you to participate in interactive features of our services, when you choose to do so;
- to communicate with you (including the mailing, in physical or electronic format, of periodical reports, notices or other communications that are necessary for the functioning of our relationship);
- to facilitate our internal administration processes;
- for any other purpose which you have specifically consented to when providing the information;
- to notify you about changes to our products or services; or
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where you have consented at the time we collected your data, or where we otherwise have a right to do so, we may use your information to let you know about our products and services that may be of interest to you and/or inform you about important changes or developments to our services, by post, telephone, mobile messaging (e.g. SMS, MMS etc.) as well as by e-mail.
If you change your mind about us using your data in the ways described in this policy, please let us know by contacting us using the details set out in section 9 below. You may also opt out of receiving marketing from us by following the instructions outlined in the relevant communication.
4. SHARING YOUR INFORMATION
In order to provide our services to you we have to share your information with certain third parties such as:
- where you have notified us of your financial or investment adviser, the personal information provided to us may be shared with that adviser. You should notify us if you no longer wish personal information to be shared with your adviser or of any change in the adviser.
- if we undergo a group reorganisation or are sold to a third party, the personal information provided to us may be transferred to that reorganised entity or third party and used for the purposes above,
- our data processors providing security, email security, data governance, archiving and other IT business and support services, analytics and search engine providers that assist us in the improvement and optimisation of our website, or service providers, support services and organisations that help us market our services and third parties instructed to enable us to fulfil our contractual obligations, and/or
- if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation. This includes exchanging information with public authorities or other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may also disclose your personal information to any member of our group to the extent that it is necessary for us to provide our services to you.
We may use the information that you provide to us if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation; or in order to enforce the terms of any agreement; or to protect the rights, property, or safety of Fundsmith, its employees or others. This includes exchanging information with other companies and other organisations for the purposes of fraud and/or money laundering protection and prevention.
5. SECURITY, DATA TRANSFERS OUTSIDE THE EEA AND DATA RETENTION
We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. We will only keep your information for as long as we reasonably require and, in any event, only for as long as Data Protection Law allows.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk.
Depending on the circumstances, transfers outside the EEA will take place for the performance of a contract or the taking of pre-contractual measures at the request of the date subject or with the data subject’s consent.
We have put in place security procedures, such as passwords, plus other technical and organisational measures that we consider appropriate to safeguard your personal information and which are intended to guard against unauthorised or unlawful access to, alteration, disclosure or destruction of personal data and against accidental loss or destruction of or damage to personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. YOUR RIGHTS AND THIRD-PARTY WEBSITES
Should you have any queries or complaints in relation to how we use your information, please contact us via the details set out at section 9 below. Should you wish to take any complaints or queries further, you have the right to contact the Luxembourg Commission nationale pour la protection des données regarding such issues.
Our Website may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or their related policies. Please check these policies before you submit any personal information via these websites.
In certain circumstances you may have the following rights in relation to the processing of your personal information:
- Access. To request a copy of the personal information we process in relation to you and to be informed about how we use and share your personal information.
- Object. To object to the processing of your personal information if (i) we are processing your personal information on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your personal information for direct marketing purposes.
- Correction. To request that we update the personal information we process in relation to you, or to correct personal information that you think is incorrect or incomplete.
- Erasure. To ask that we delete personal information that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it.
- Restriction. To request that we restrict the way in which we process your personal information, for example, if you dispute the accuracy of your personal information or have raised an objection which is under consideration.
- Portability. To request a copy of your personal information that you have provided to us in a commonly used electronic format such as through the completion of an application form
- Automated decision making. To request manual intervention if you are subject to automated decisions where the decision results in a legal or similar significant effect to you.
You may exercise your rights at any time by using the details set out in section 9. To the extent permitted by applicable law or regulation we reserve the right to charge an appropriate fee in connection with you exercising your rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access to the personal information requested, or to exercise any of your other rights. This is to ensure that personal information is not disclosed to any person who does not have authority to receive it. We may also request further information in relation to your request to help us to locate the personal information processed in relation to you, including, for example, the nature and location of your relationship with us.
We aim to respond to all legitimate requests within one calendar month. If we think it may take us longer than one calendar month, (such as where your request is particularly complex or you have made a number of requests), we will notify you and keep you updated.
You will not be disadvantaged in any way by exercising your rights in relation to the processing of your personal information.
7. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Such information may be retained after our client relationship has ceased, and for client identification purposes in accordance with our data retention procedures. You may ask us for further information on these.
To determine the appropriate retention period for personal data, we consider the amount, nature, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law, we have to keep basic information about our customers (including contact, identity) for a period of time after they cease being customers for regulatory and/or tax purposes.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Withdrawal of consent, notices and contact information
Where we process your personal data on the basis that you have provided your consent for us to do so for a purpose set out in this policy, you may withdraw your consent to this processing at any time or file notices relating to the protection of your personal data to Fundsmith at firstname.lastname@example.org.
If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time.
Users may also refer to the Luxembourg Commission nationale pour la protection des données (National Commission for Data Protection), headquartered at Boulevard du Jazz 15, L-4370 Belvaux.
 Such as the use of Standard contractual clauses. Please note that, as of today, option (b) should cover any entity based in the UK (such as Fundsmith LLP), since no adequacy decision has been taken yet by the Commission with regard to the UK. Despite this, standard contractual clauses are not required to transfer personal data of EU based data subjects to the UK.