Date of last review: 6 August 2024
Introduction
Climate Fund Managers B.V., each of its direct or indirect subsidiaries, its affiliated entities and CFM managed products (collectively, “CFM” “we”, “us” or “our”) is committed to safeguarding Personal Data and processing Personal Data in line with applicable privacy and data protection laws. CFM functions, as the entity you contract with, as the controller of your Personal Data.
This Privacy Notice sets out the purposes for which we collect, use, and disclose (collectively “Processing”/ “Processed”/ “Process”) Personal Data, and how it is protected. It also sets outs individuals’ rights in relation to the processing of their Personal Data.
There may be additional terms, conditions and commitments that also govern how we collect, use and disclose your Personal Data, including the CFM Privacy Policy, which should be read in conjunction with this Privacy Notice.
In this Privacy Notice you will find the following information:
- What Personal Data do we process
- How do we collect your Personal Data
- Purpose and legal basis for processing your Personal Data
- With whom do we share your Personal Data
- How We Protect Your Data
- How long do we store your Personal data
- What are your rights and how you can exercise them
- Use of cookies in mailings or on our website
- Changes to this Privacy Statement
- Contact
- Complaints
What Personal Data do we process
The nature of the Personal Data that we collect will depend on the services provided, applicable laws and our relationship with you. The following is a non-exhaustive list of the Personal Data we collect:
- Identification Data
Full name, title, gender, marital status, date of birth, passport number, driving license number, national identification number, signature
- Contact Data
Personal address, telephone number, email address
- Electronic Monitoring Data
To the extent permitted by law, we may record and monitor your electronic communications with us, including telephone conversations, emails, instant messaging and any other electronic communications
- Employment Data
Curriculum vitae/résumé; academic background and qualifications; languages spoken; positions held/job titles; work addresses, employment contracts, performance data, salary, bonus and other HR records
- Financial Data
Account number, client reference number, account statements, investment history
- Marketing and Communications Data
Marketing and communication preferences; information about your use of our websites, our portals and platforms as explained below in relation to cookies
- Professional Information Data
Position/job title, business address, business telephone number business email address
- Profile Data
Investments made by you, services requested, marketing communications responded to
- Services Data
Payment details to and from you, details of services you have provided to us, or we have provided to you
- Special Personal Data
In limited circumstances we may collect information about criminal convictions and offences, when legally required; dietary requirements, if we are arranging catering; disability, to make reasonable accommodations for you in our buildings; political affiliations, for us to determine whether you are a politically exposed person
- Technical Data
Your use of and interaction with our online services, your IP address browser type and version, browser plug in types and versions operating system
How do we collect your Personal Data
We will collect Personal Data for specified, explicit and legitimate purposes only and we will not process data that is not necessary in relation to these purposes.
We may collect Personal Data in several ways, including:
- directly from you
- If you are representative of an organization or entity that is a client or vendor of CFM, and that organization or entity provides us with your Personal Data
- from other sources, such as recruitment agencies, career websites, third-party sources such as your (former) employer or colleagues
- from publicly available sources such as LinkedIn or the corporate website of the organization you are working for
- through visits to our websites and social media sites
- by means of cookies.
Purpose and legal basis for processing your Personal Data
The below table sets out the purposes and basis for which we process your Personal Data and the legal bases for these activities, grouped by data subject categories:
For Clients, Prospective Clients, Business Partners and Investors:
Processing Purpose | Category of Personal Data | Basis of Processing |
Provision of our services & administration thereof |
|
|
Promotion of ideas and events relating to services we provide. |
|
|
Accuracy of client records |
|
|
Maintenance of records of communications and management of our business relationship |
|
|
Performing anti-money laundering, anti-terrorism, sanction screening, fraud, KYC and other due diligence checks |
|
|
Prevention and detection of fraud and other illegal activity or misconduct |
|
|
Communication, such as direct marketing, informing clients, reporting requirements, etc. |
|
|
To manage payments, fees, and charges and to collect and recover money owed to us. |
|
|
To interact with governmental or regulatory bodies or other competent national authorities |
|
|
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities |
|
|
For Employees and Potential Employees:
Processing Purpose | Category of PI | Basis of Processing |
Employment management and HR operations, ensuring complete and accurate information within your profile |
|
|
To process your employment application including to identify and contact you; to assess whether you have the professional skills, expertise and experience required for the position applied for; and to make recruitment decisions |
|
|
If you are offered and accept a position, to conduct background screening (as allowed or required by law), including: verification of all information provided; searches with a credit reference agency; criminal record (including fingerprinting); sanctions screening |
|
|
Administrative tasks in preparation for joining once the background screening is successfully completed |
|
|
In relation to vendor services:
Processing Purpose | Category of PI | Basis of Processing |
To engage you or the organization or entity you work for as a new supplier, including performing anti-money laundering, anti-terrorism, sanctions, fraud, and other background checks |
|
|
To manage payments, fees, and charges and to collect and recover money owed to us |
|
|
Where we provide you access to our systems we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, and data hosting |
|
|
With whom do we share your Personal Data
We take appropriate measures to ensure that the Personal Data will be properly Processed in accordance with applicable rules and regulations. When required, Personal Data may also be shared with competent authorities and/or specific CFM advisors (e.g. Depositary Service Provider), within the scope of the purposes explained in the data request. In respect of one or more of the purposes outlined above, we may disclose Personal Data in any jurisdiction to:
- professional advisors, third parties, agents or independent contractors that provide services to CFM (such as IT systems providers, platform providers, financial advisors, brokers, consultants (including lawyers and accountants)
- goods and services providers (such as providers of marketing services where we are permitted to disclose your Personal Data to them), intermediaries, brokers, and other individuals and entities that partner with us
- Intra-group to related affiliates also working on providing you with related services;
- law enforcement agencies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies where CFM is required or allowed to do disclose Personal Data;
- other bodies as required by law or regulation;
- financial institutions such as trustees, custodians and sub-custodians; insurers; fraud protection agencies; and/or similar suppliers or service providers; and
- any person to whom disclosure is allowed or required by local or foreign law, regulation, or any other applicable instrument.
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your Personal Data when disclosing your Personal Data to a third party. For example, we have entered or will enter into data processing agreements with relevant parties (providing for restrictions on the use of your Personal Data and obligations with respect to the protection and security of your Personal Data).
When we share your Personal Data as set out above with other parties located in countries outside the EEA, these countries may offer a lower level of data protection than in the Netherlands. In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your Personal Data in accordance with applicable data protection legislation on the basis of Standard Contractual Clauses, as drafted by the European Commission.
How We Protect Your Data
CFM uses a range of measures to ensure the appropriate level of security to process Personal Data.
Our staff are aware of CFM’s privacy obligations when processing Personal Data and receives training around phishing and password risks. Staff are obliged to handle this information with care and prevent business-critical, privacy-sensitive, or other confidential information from being accessible to unauthorised persons. Specifically, our staff must abide by the following general guidelines in respect of handling sensitive information or any information that CFM has not disclosed or made generally available to the public:
- not make unauthorised disclosures of confidential information or use it for purposes other than those for which it was disclosed except as required by law
- comply with the requirements imposed by a confidentiality agreement or undertaking, imposed by law, or as specified in internal policies, procedures, or rules
- where confidential information is to be provided to another party, ensure that measures are in place to maintain the confidentiality of that information, such as a legally binding confidentiality agreement
- take the appropriate care in handling such information and where a staff member gains access to potentially sensitive information that their manager is not aware of, they must notify them.
CFM employs various security measures to protect Personal Data, including:
- administrative and technical controls to restrict access to Personal Data
- technological security measures, such as firewalls, encryption, and antivirus software
- physical security measures, like building access controls
- external assessments, including security audits and vendor due diligence
- comprehensive cybersecurity defenses, real-time monitoring, and incident management
The security of data transmitted over the internet (including by e-mail) cannot be guaranteed and carries the risk of access and interception. You should not send us any Personal Data by open/unsecure channels over the internet. We endeavour to protect Personal Data but cannot guarantee the security of data transmitted to us or by us.
How long do we store your Personal data
We will process your Personal Data for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting or internal policy requirements but your Personal Data will not be kept on record for longer than required.
What are your rights and how you can exercise them
You may have the following rights in relation to the processing of your Personal Data:
- Access – to request access and information about how we use your Personal Data
- Correction – to request us to rectify your Personal Data where it is incorrect or incomplete;
- Erasure – to request deletion of your Personal Data where CFM does not have a legal obligation or other valid reason to continue Processing it
- Restriction to request that CFM restricts the way of processing of your Personal Data;
- Object – to object to the processing of your Personal Data
- Portability – to receive your Personal Data in a structured, commonly used and machine-readable format and to have your Personal Data transmitted to another organization.
You may exercise your rights at any time by contacting us using the details set out at the bottom of this Privacy Notice. We will respond to your request without undue delay and at least within the time period stipulated in applicable law.
Use of cookies in mailings or on our website
We use cookies to improve the user-friendliness of our website and to adjust the content of our communication. A cookie is a (temporary) text file that is placed on your desktop or mobile device. With cookies, we keep track of the surfing behaviour of our visitors. For example, we could track the duration of your website visit, the number of pages that are visited, geographic information and the browser type. Any information held about individuals as a result will be subject to the above standards of protection. We place the following cookies:
Functional cookies
These are necessary for the proper functioning of our website. We place these functional cookies by default so that the website works properly for you. It is not possible
Analytical cookies
With these cookies, we can keep the statistics of our site anonymously. In Google Analytics we can, for example, register the number of visitors, the page visit and the browser used. With this data, we improve user-friendliness so that visitors can find the information they are looking for faster. That is why the analytical cookies are enabled by default. It is not possible to disable these cookies.
Tracking / marketing cookies
We use these cookies for marketing purposes. With these cookies, we can measure recurring website visits and create a profile of a visitor. In addition, it is possible for us to track visits across different websites and to show targeted advertisements on other websites. You have the option to enable or disable these cookies.
Most web browsers automatically accept cookies, but you can usually customize the settings of your browser so that it refuses cookies. You must set your settings for each browser and on each computer you use.
Changes to this Privacy Statement
From time to time, we may need to change this Privacy Notice. The most recent version of this Privacy Notice is available on our website. We will inform you in case of material changes to our Privacy Notice.
Contact
For privacy-related inquiries or to exercise your rights, please contact:
- Email: governance@climatefundmanagers.com
- Address: Korte Vijverberg 4, 2513 AB, The Hague, The Netherlands
Complaints
You have the right to lodge a complaint with the Dutch Data Protection Authority. For more information, visit the Dutch DPA website. Furthermore, CFM’s Head of Assurance shall ensure appropriate notification to the Dutch DPA and the affected data subject of any Personal Data breaches within 72 hours after having become aware of it.