The Triodos Investment Management B.V. (hereafter “Triodos IM”) Privacy Statement sets out your rights and the measures Triodos IM takes to protect your personal data in line with the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. This includes how we use your information, what rights you have and how the law protects you as an individual.
Triodos IM reviews and amends this privacy statement from time to time.
Who holds your personal data?
Your personal data is held by Triodos IM (and/or the investment funds managed by Triodos IM), having its office at Arnhemse Bovenweg 140, 3708 AH Zeist in The Netherlands.
Triodos IM has appointed Brenda van der Stappen as Data Protection Officer (DPO) and any data privacy queries which cannot be resolved through the information provided on our website can be directed to the Data Protection Officer via e-mail: TIMcompliance@triodos.nl.
For what purpose is your personal data required?
Triodos IM requires your personal data for several purposes including:
- keeping and managing the shareholders’ registers of the funds;
- processing the subscription requests, repurchases and conversions of units of the funds;
- determination of dividends by investors and payment of dividends to the investors;
- determination of the amount of repurchase in case of liquidation and payment to the investors;
- processing in relation to the accounting and determination of the commission of subscription/repurchase/conversion for providers;
- managing the clients’ requests for information and claims management;
- control of the respect of the regulations requirements and notably the laws and regulations against money laundering;
- identification and verification;
- compliance with the law implementing the Foreign Account Tax Compliance Act (FATCA);
- compliance with the law implementing the Common Reporting Standard (CRS);
- process automatic and mandatory tax exchanges;
- as a result of our relationship with you;
- keeping you informed of our products, events and business updates;
- as a result of how you use our website.
Triodos IM only processes your personal data for the reasons it was provided for.
How does Triodos IM use your personal data?
GDPR only allows the processing of personal data if one or more conditions are met; these are known as a lawful basis for processing. Triodos IM only processes your personal data where there is a lawful basis for processing allowing this. Triodos IM processes personal data based on the following lawful bases of processing:
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the Triodos IM and/or the funds managed by it is/are subject;
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the purposes of the legitimate interests pursued by Triodos IM, such as marketing and visitors’ information.
What personal data does Triodos IM use?
We use different types of personal data:
Marketing and cookies
From time to time we send you information about our products and services and the projects we finance. If you are not yet a customer of Triodos IM and want to receive marketing information, you can request this through email, our website or by calling our Sales Department.
We are careful not to send you information if you do not want it. You can choose what information you want to receive when you open a product or service with us or at any other time by clicking the "Subscribe preference" link in communications we send you. We do not give your personal data to anyone else for marketing purposes.
Personal data used for marketing purposes consists of the personal data we have received from you, and data we have collected when you invest in our products. We only use your personal data to send you marketing messages if we have either a legitimate interest or your consent.
A legitimate interest in a marketing context means that we only send you marketing information on products or services that may be of interest to you based on what we already know about you. Our legitimate interests are always balanced with your interests, and you can ask us at any time to stop sending you marketing messages.
Where is your personal data obtained from?
Triods IM collects personal data that you provide when:
- interacting with Triodos IM, via telephone, website, in person or e-mail;
- subscribing to our newsletters or other marketing messages;
- registration of your online activities via cookies etc;
- take part in interviews, customer surveys or promotional activities.
- We may also obtain your personal data from other companies if there is a lawful ground to do so. This could include the following:
- external service providers, for example when a natural person subscribes to one of the products we manage;
- companies that introduce you to us;
- public information sources such as Chamber of Commerce.
Who do we share your personal data with?
Triodos IM only shares your data if there is a lawful basis to do so. Triodos IM does not provide your personal data to other companies for commercial reasons.
We treat all your personal data as private and confidential. Information we hold about you is not shared with anyone unless:
- we are legally required to disclose the information. This includes sharing your information with tax authorities, fraud prevention, law enforcement agencies, depositaries or regulators;
- we need to disclose the information in connection with any legal proceedings, or for obtaining legal advice, or the disclosure is otherwise necessary for the purposes of establishing, exercising or defending legal rights;
- disclosure is required to protect our interests, or someone else's interests (for example, to prevent fraud);
- activities are outsourced to third party service providers (e.g. registrar and transfer agents, administrators and distributors). We take steps to ensure that the service providers protect your personal data in the same way that we do by signing data processing agreements;
- the disclosure is made with your consent.
Does Triodos IM share your data outside the European Economic Area?
Triodos IM’s default position is that we share personal data to organisations only inside the European Economic Area. Triodos IM only shares data outside the European Economic Area when working with service providers that make use of services outside the European Economic Area. Before sharing the information, Triodos IM investigates the processing of personal data and makes sure that the data is protected at the same level as within the European Economic Area by using one of these safeguards:
- transfer data to organisations in non-European Economic Area countries with privacy laws in place providing the same level of data protection as within the European Economic Area;
- transfer data to organisations that are part of “Privacy Shield” which is an international framework that sets privacy standards at a similar level as those of the European Economic Area;
- putting a contract in place with the recipient ensuring that they process the data with the same level of data protection as within the European Economic Area.
If you choose not to provide your personal data
We may need to collect personal data by law (such as your identity documents) or under the terms and conditions of a contract we have with you. If you choose not to provide us with or restrict us to process the required personal data, it may prevent us from meeting our contractual obligations and providing you with the product you have applied for. This situation could result in the termination of our contract with you.
When you sign up for a newsletter or other marketing activities, you are asked to provide us with your contact details and to give your consent to use your data. Data that has been collected on the basis of consent is optional and you are free to withdraw your consent whenever you want without it having contractual or service delivery consequences other than the services you choose not to make use of.
How long does Triodos IM keep your personal data for?
Triodos IM does not keep your personal data for longer than is reasonably necessary for the provision of its services and to comply with the obligations under applicable laws and regulations. After this period, the personal data will be erased from our systems to the best of our capability.
What are your rights?
GDPR entitles you to a number of rights in relation to your personal data. You may exercise these rights by contacting the Triodos IM Data Protection Officer via: TIMcompliance@triodos.nl.
The right to access your data and correct mistakes and inaccuracies
It is important that any personal data we use is accurate, up to date and relevant. To ensure that your data is correct you have the right to access, correct or update your personal data at any time. If you think your data is incorrect or incomplete and you wish to correct your data or privacy settings, please contact us.
Before providing access to your personal data we ask you to verify your identity to protect you from identity theft and financial crime. We may also need to ask you some questions to ensure we have understood your request correctly.
The right to data portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format. We are looking at the best way to achieve this for our customers and will provide more information when available.
The right to the deletion of your personal data
You have the right to request that we delete your personal data if:
- your personal data is no longer needed in relation to the purposes for which was collected;
- you withdraw your consent and there are no other legal grounds to process your personal data;
- you object to us processing your personal data for direct marketing purposes;
- you object to us processing your personal data for the legitimate interests of Triodos IM;
- you feel that your personal data is not being processed lawfully; and
- your personal data needs to be deleted to comply with the legal requirements.
- Please take notice of our data retention periods which we deem necessary to provide you with our services and to be compliant with legal requirements regarding data retention.
The right to restrict processing
You have the right to restrict processing of your personal data if you think that the personal data we have about you is:
- not correct;
- not being processed legally; or
- processing is no longer needed for the purposes we collected it for.
The right to object to processing
Please let us know if you are unhappy or do not agree with how we process your personal data. You have the right to object.
The right to complain
Please contact us if you have any concerns with how we use your personal data.
You also have the right to lodge a complaint directly with the Dutch Data Protection Supervisory Authority (Autoriteit Persoonsgegevens); please visit their website for further details on how to do this.