Robeco’s Privacy Statement
Privacy and Cookie policy
Robeco Institutional Asset Management B.V. in Rotterdam and/or its related, affiliated and subsidiary companies (hereinafter ‘Robeco’) is responsible for the processing of your personal data as described in this Privacy and Cookie Policy. Robeco’s address is Weena 850, 3014 DA Rotterdam, The Netherlands. We consider it important to ensure that we provide our services in a transparent, personal and reliable manner. Therefore, Robeco handles your personal data with care and ensures that your personal data is always processed in accordance with the EU General Data Protection Regulation. We will not provide any personal data to any other parties without your consent, except if required to do so by law, a government body or a private party in connection with a lawsuit, court decision, investigation or similar proceedings.
For whom
If you are a visitor of our website, an investor, a prospect, a representative or former representative, executive or Ultimate Beneficial Owner of a client or business partner of Robeco, we will process your personal data.
Definitions
Personal data is information relating to an individual, which can be used either alone or with other sources of information to identify that individual. Personal data does not include information where the identity of the individual or the specific detail of the information has been removed and is therefore anonymous. Sensitive personal data is a sub-category of personal data that includes information relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.
Personal data we collect and process about you
The nature of the information that we collect and process will depend on the services we provide and our relationship with you. It can consist of:
identification data: full name, title, gender, date of birth, passport number, national identification number, signature;
professional information: organization, position/job title, work address, telephone number, email address;
electronic monitoring data: to the extent permitted by law, we may record and monitor your electronic communications with us;
marketing and communications data: marketing and communication preferences, tracking data relating to whether you have read marketing communications from us;
technical data: a number of technical details will also be registered including your IP address, the type of connection, the browser you use, your device’s operating system, the pages you visited on the website and your username and password; and/or
sensitive personal data: in limited circumstances, and where allowed by law, we may collect your photo on a copy of your passport or information about your political affiliations for us to determine whether you are a politically exposed person.
How do we collect your personal data
We collect personal data in relation to you in a number of ways, including:
if you are representative of an organization that is a client or business partner of Robeco and that organization provides us with your personal data;
when you provide personal data to us in connection with a Robeco product or service;
from public sources where you have manifestly chosen to make your personal data public, including via public profiles on social media;
from third parties such as seminar/webinar organizers, company registers and online search engines and platforms (open or otherwise accessible); and/or
from visits to our websites.
Unless we otherwise indicate that the provision of specific personal data is optional, any personal data we request is necessary for us to provide you or your organization with the services requested. If you do not provide the personal data requested, we may not be able to provide those products and services to you.
Why do we process your personal data?
If you are a prospect and not in the process of becoming a client, we will process your personal data (including name, contact details and professional data) to build a relationship and provide you with targeted communication about Robeco services that might suit your needs. This processing is based on the legitimate interest of both Robeco and the prospect. In the case of untargeted communication, such as newsletters, Robeco always requests your consent to receive untargeted communication. This consent can be withdrawn at any time.
If you are a prospect in the process of becoming a client, we will process your personal data (including identification data, professional data and in select cases sensitive personal data) as part of our customer due diligence process. This processing activity is necessary to comply with our legal obligations regarding anti-money laundering (AML) and Sanctions.
If you are an investor, representative, executive or Ultimate Beneficial Owner of a client of Robeco, we will process your personal data on the basis of the agreement we have and also to comply with our legal obligations including our anti-money laundering (AML) and Sanctions obligations and those under tax legislation.
When you are visiting Robeco’s website, we process your personal data in order to make the website function properly and to decide what content to show and in which language. Technical personal data is logged for performance and security purposes, which is the legitimate interest of Robeco. When consenting to analytical or marketing cookies, we use your personal data to further improve our communications and services (also see the section “What are cookies” in this statement).
If you are visiting the Robeco website and share your personal data with Robeco through a web form (for instance when signing up for a webinar), we will use the web form or web page to inform you about the purpose of that specific data processing.
Marketing and exercising your right to opt out of marketing
If you are a prospect, we will only use your personal data for marketing purposes if you explicitly gave your consent to do so. This consent can be given in two different ways:
when we receive the personal data directly from you (the data subject) via a form on our website, we will ask for your consent in the associated web form;
when we receive the personal data from external organizations (e.g. from a seminar organizer), we will send you a one-time email asking for your consent to receive marketing materials. This one-time email is sent based on legitimate interest, as the data subject has expressed interest in the services Robeco offers or knowledge that Robeco shares.
We will stop processing your personal data for marketing purposes if you have informed us you do not wish to receive marketing materials anymore. You can request that we stop processing your personal data for marketing purposes at any time by clicking on marketing opt-out links in any electronic marketing materials we send you, by making a request to your usual contact person at Robeco or by using the contact details set out in the “Contacting us” section of this statement.
Third parties
Robeco Holding & ORIX Corporation
To provide global services and in the course of running our business, we may transfer personal data to another company within Robeco Holding B.V. or to another company within ORIX Corporation (Robeco’s parent company) that is based at a location outside of the country where you reside or where services are provided to you or to the organization or entity you work for. Although the country to which personal data may be transferred may not have the same level of privacy and data protection laws, we apply the same level of security and organizational controls to the processing of personal data wherever it is processed.
We only share your personal data with another company within ORIX Corporation if you have expressed interest in one or more services that the external organization offers. In those cases, we will only share your full name, title and professional information.
Other third parties
We do not share your personal data with any other third parties outside ORIX Corporation, except when it’s necessary to execute our professional services, or when we are required to do so by law, a government body or a private party in connection with a lawsuit, court decision, investigation or similar proceedings. This includes our third party service providers, such as our IT systems providers, hosting providers, consultants and other goods and service providers.
Security of personal data
We have measures in place to guarantee that your data is kept up to date and processed safely. Robeco takes appropriate technical and organizational measures to protect your personal data. All employees have signed a confidentiality agreement. Access to your data is limited to what is strictly necessary for the delivery of our services.
Our IT security meets international standards and is constantly adapted to new technical and legal requirements. We require by contract that our third party service providers processing personal data on our behalf comply with Robeco’s standards for processing personal data.
Personal data retention period
We will process your personal data for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting, internal policy requirements or for the establishment or defense of legal claims.
At Robeco, we use the following retention periods:
prospects who did not or not yet give their consent to receive marketing materials: 24 months after their personal data was collected;
prospects who did give their consent to receive marketing materials: 24 months after the revocation of their consent via opt out;
investors, representatives or former representatives, executives or Ultimate Beneficial Owners of a client or business partner of Robeco: 7 years after the termination of the last agreement with the investor, client or business partner. Voice recordings will be deleted 5 years after the recording. In Switzerland the retention period is 10 years after the termination of the last agreement with the investor, client or business partner due to local regulations;
website visits from identified prospects or clients will follow the abovementioned retention periods;
technical data of all other visitors will be deleted 2 months after the visit.
If we process the personal data of a prospect based on a legal basis other than consent (e.g. prior to an agreement or based on legitimate interest), the personal data will not be deleted after 24 months. In that case, we will stop using the personal data for untargeted marketing messages.
Your rights
In certain circumstances you may have the following rights in relation to the processing of your personal data:
right to access: to request a copy of the personal data we process in relation to you and to be informed about how we use and share your personal data;
right to rectification: to request we update your personal data or to correct your personal data that you think is incorrect or incomplete;
right to erasure: to ask that we delete personal data that we process in relation to you where we do not have a legal or regulatory obligation or other valid reason to continue to process it;
right to restriction of processing: to request that we restrict the way in which we process your personal data, for example, if you dispute the accuracy of your personal data or have raised an objection which is under consideration;
right to object to processing: to object to the processing of personal data if (i) we are processing your personal data on the grounds of legitimate interests or for the performance of a task in the public interest (including profiling); or (ii) if we are processing your personal data for direct marketing purposes;
right to data portability: to request a copy of your personal data that you have provided to us in a commonly used electronic format;
right not to be subject to automated decision making: to request manual intervention if you are subject to automated decisions where the decision results in a legal or similar effect to you.
You may exercise your rights at any time by following the instructions set out in the “Contacting us” section in this statement.
To the extent permitted by applicable law or regulation we reserve the right to charge an appropriate fee in connection with you exercising your rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access to the personal data requested, or to exercise any of your other rights.
Contacting us
If you wish to exercise any of your rights, or have questions about the information above, please contact Robeco via your usual contact person at Robeco or contact one of Robeco’s privacy officers at privacy@robeco.com.
Complaints
If you have any concerns or complaints about the way your personal data is processed, please contact Robeco’s Data Protection Officer at DPO@robeco.com.
You also have a right to complain to a data protection or other competent authority with jurisdiction over privacy and data protection laws in the country where you live or work, or in the country where you believe an issue in relation to the processing of your personal data has arisen. Please contact DPO@robeco.com for further details.