This Policy will inform you as to how we look after your Personal Data when you contact us or visit our websites (the "Sites") and tells you about your privacy rights and how the law protects you.
This Policy covers the United Kingdom's Data Protection Act 2018 and the European Union's General Data Protection Regulation ("EU GDPR").
Vanguard Asset Management Limited, and its affiliated companies ("Vanguard", "we", or "us") respect your privacy and is committed to protecting your Personal Data. Please read this Policy carefully. By providing information to Vanguard, investing with Vanguard, or visiting or using our Sites, you acknowledge the practices described in this Policy. Your use of our products and services, including our Sites, and any dispute over privacy, is subject to this Policy and our Client Terms (available at www.vanguardinvestor.co.uk), including applicable limitations on damages and the resolution of disputes.
We may collect and retain certain information in order to provide a variety of financial products and services to you, including investment management and financial advice. By providing information to Vanguard, investing with Vanguard, or visiting or using our Sites, you acknowledge the practices described in this Policy.
The Data Controller responsible for your Personal Data is Vanguard Asset Management Limited, an affiliate of The Vanguard Group, Inc. For information about Vanguard-affiliated companies ("Vanguard Affiliates") outside the US, please visit our international site.
Personal data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Special Categories of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.
Vanguard may collect Personal Data directly from you when you request information from us, invest with us, or register to use the Sites. The information we collect about you will depend on the services we provide and our relationship with you. We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
- Identity data - full name, gender, marital status, date of birth, passport number, driving licence number, national insurance number and online identifiers.
- Contact data - home address, telephone number and email address.
- Financial data - bank account and payment card details, account username, password, and security credentials.
- Transaction data - financial account information, payment details to and from you, details of services we have provided to you, details about authorised signatories, agents, or representatives.
- Marketing and Communications data - marketing and communication preferences; tracking data relating to whether you have read marketing communications from us.
- Professional Information data - job title or position, work contact details including address, telephone number and email address.
- Profile data - employment details including annual salary data, username and password for our online services, investments made by you, services requested, your interests and preferences, information about how you use our Site, marketing communications responded to, feedback and survey responses.
- Technical data - your interaction with and use of our online services, your Internet Protocol (IP) address, your log in data, browser type and version, time zone setting and location, browser plug in types and versions, operating system and platform and other technology on the devices you use to access this Site.
- Special Categories of Personal Data - In limited circumstances, and where permitted by law, we may collect information about criminal convictions and offences, when legally required; dietary requirements if we are arranging catering; disability so that we can make reasonable accommodations for you in our buildings; sexual orientation if you provide details of your spouse or partner; political affiliations for us to determine whether you are a politically exposed person.
- Electronic Monitoring data - we may record and monitor your electronic communications with us where permitted by law.
We collect your Personal Data in a number of ways, including:
- Direct interactions. When you give us Personal Data by completing an investment application form, throughout the course of our relationship with you, including where you contact us by telephone, email, online chat, or text message communications. When we record that communication. When you change your details, respond to surveys, provide additional Personal Data, or where the services we are providing to you change. When you are representative of an organisation or entity that is a client or vendor of Vanguard and that organisation or entity provides us with your Personal Data. When you disclose information about authorised signatories, dependents, relatives, potential beneficiaries, employees, agents, or other representatives.
- Third parties or publicly available sources. From various third parties authorised to disclose your Personal Data, such as from companies that provide identification verification services or credit reference agencies. From public sources where you have manifestly chosen to make your Personal Data public, including public profiles on social media.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Site usage data to calculate the percentage of users accessing a specific website feature.We may combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you. This may include information collected online, such as through our email exchanges with you; from publicly available sources, through your company website if you are a financial adviser; from the registrar for our exchange-traded funds so that we can provide information about products or services that may be of benefit; or from offline sources, such as information that we collect when you establish your account with us or call customer service.
We will treat such combined Personal Data in accordance with this Policy. Unless we otherwise indicate that the provision of specific Personal Data is optional, any Personal Data we request is necessary for us to provide you with the products and services requested. If you do not provide the Personal Data requested, we may not be able to provide these products and services. In addition, if we or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide or stop providing the services you have requested.
We may collect Personal Data from you regarding other individuals related to your account. Where you disclose information about authorised signatories, dependents, relatives, potential beneficiaries, employees, agents or other representatives, you warrant that you will only do so in accordance with applicable data protection laws; that you will ensure before doing so, the individuals in question are provided with a copy of this Policy and made aware of the fact that Vanguard will hold information relating to them and may use it for any of the purposes set out in this Policy; and where necessary that you will obtain the other individuals' consent to Vanguard's collection, use, and disclosure of their information as described in this Policy. Vanguard may, where required under applicable law, notify those individuals that they have been provided with their Personal Data and provide a copy of this Policy to them.
In accordance with applicable law, Vanguard may also record and monitor telephone calls for training, quality assurance, security, and customer service purposes.
Purpose and legal basis for processing your Personal Data, and disclosure
We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following.
- Contract - for the performance of our contract or to take steps to enter into a contract with you;
- Regulatory or Legal obligation - where there is a legal or regulatory obligation to do so (for example, where we are required to provide a wide range of data to regulators in order to prevent or detect crime, to undertake vetting to comply with anti-money laundering legislation or to disclose Personal Data to a court or other statutory authority);
- Legitimate interests - where it is necessary for our legitimate interests as a commercial organisation and this is reasonable when balanced against your right to privacy;
- Consent - where you provide your consent to us and agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way;
- Public interest - Where it is in the public interest - we may process your Special Category Personal Data to adhere to government regulations or guidance, such as our obligation to support if you are or become a vulnerable customer.
We use the Personal and Other Data that we collect for the purposes described in this Policy, for the purposes for which it was provided to us, as required by law, and for our business purposes, including:
- To establish and administer accounts and your relationship with us, to fulfil the terms of any agreement you have with us, and to otherwise provide Vanguard's products and services to you;
- To communicate with you, notify you about important updates or changes to Vanguard's products and services, and address relevant inquiries or complaints;
- To comply with our legal obligations and protect our legal rights, including, without limitation, to comply with record-keeping, reporting, and tax obligations under applicable law (such as corporations, tax, and managed investments or securities laws);
- To prevent fraud and money laundering, and to verify your identity; in this regard, we and fraud prevention agencies may also enable law enforcement agencies to process your Personal Data to prevent, detect, and investigate crime;
- For marketing and promotional purposes, in accordance with applicable law. For example, if you consent, we will use your Personal Data, such as your email address, to send you news and newsletters, or to otherwise contact you about Vanguard products or information we think may be of interest to you. Although we hope you will find our promotional communications of interest, you may opt out of receiving them by following the "unsubscribe" instructions at the bottom of each communication;
- To create new products and services or improve our existing products and services;
- To tailor the content, information, and advertising that we may send or display to you, to offer location customisation and personalised help and instructions, and to otherwise personalise your experiences with Vanguard and while using the Sites;
- To count and recognise visitors to the Sites and various Site features and better understand how users access and use our Sites and Vanguard products and services;
- To support Site performance, perform Site analytics, enhance Site navigation, and improve our web design and functionality; and
- For other research and analytical purposes.
To whom do we disclose Personal and Other Data?
We may disclose Personal and Other Data to third parties for the following purposes, as permitted by law. You have certain rights to object to the processing of your Personal Data as described below.
Affiliates: We disclose Personal and Other Data to Vanguard Affiliates for the purposes described in this Policy. Vanguard Affiliates may contact you by email, in accordance with applicable law, to make you aware of Vanguard's product and service offerings.
Service providers: We may disclose Personal and Other Data to our service providers, who use it to perform tasks on Vanguard's behalf. Among other things, these service providers help us provide Vanguard products and services, send disclosures and statements to you, administer your accounts, and manage and improve the Sites. Our service providers may collect, process, and retain information about you, in accordance with the laws of your country, directly on behalf of Vanguard. Vanguard's service providers include:
- Any organisation involved in providing, managing, or administering the Sites, related systems, or other Vanguard services, such as administrators, mail houses, email senders and providers, technology service providers, and third parties that provide analytics and advertising services; and
- Vanguard's auditors, consultants, legal advisers, and other professional advisers.
- Customer agents: We may disclose Personal Data to your agents or representatives, including:
- Your legal or other professional adviser(s);
- Any administrator or trustee for a fund or trust to which your investment balance is to be transferred or rolled over;
- Your legal representative or attorney; and
- Other financial institutions that hold an account in your name or on which you are authorised to act, for example, where amounts have been transferred to or from that account.
Legal purposes: We may use and disclose information about you as we believe reasonably necessary to protect the rights and property of Vanguard and Vanguard Affiliates, including to establish legal claims or defences, to obtain legal advice, to defend our legal rights, to protect our rights or property and those of Vanguard Affiliates, to protect against fraud and abuse, to protect other users of our services and our Sites, and to protect the life, body, or property of others (individuals or entities). We also may disclose information about you in order to comply with the law, judicial proceeding, court order, or other legal process, such as in response to a court order or direction. We use and disclose Personal Data to undertake checks for purposes of preventing fraud and money laundering and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to process your Personal Data to detect, investigate, and prevent crime. Additional information concerning how the information held by fraud prevention agencies may be used will be provided in writing upon request.
Sale or other transfer of the company: We reserve the right to disclose information to facilitate the licensing, merger, sale, assignment, acquisition, financing, securitisation, insuring, bankruptcy, or other transfer of our technology or business, or a portion thereof, to third parties, in accordance with applicable law.
Market research: We provide information to market research companies or Vanguard Affiliates for the purpose of assessing information about our business or client base. We may provide our clients' or prospective clients' contact details to market research companies to undertake research on behalf of Vanguard, in accordance with applicable law. For example, we may run client satisfaction surveys or run focus groups on proposed products.
Direct sharing through third-party websites and services: The Sites may enable you to share information directly with websites or online services operated by third parties. For example, the Sites contain features that allow you to share articles or content through Facebook, Google Plus, Twitter, LinkedIn, and other services, and to view content through video players and other services (such as the YouTube video player). If you choose to use these features, you may disclose information to those websites or services and their users, and to the public more generally. These websites and services may also set and/or access a cookie on your device. Because these third-party websites and services are not operated by Vanguard, we are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of information through these websites and services will be subject to the privacy policies of the third-party websites or services, and not this Policy.
Competitions, contests, and promotions: Vanguard may use an agency to run competitions, contests, or promotions on the Sites or elsewhere, and if you choose to participate, we or third parties may request your name, address, telephone number, email address, and other information where it is necessary to ensure your eligibility and to comply with lottery and gaming regulations. In compliance with the relevant regulations, it may also be necessary to publish details of the winners of competitions in appropriate news media.
Aggregated information: From time to time, Vanguard may share aggregated information about users of the Sites or Vanguard's products and services, such as sharing reports on the usage of the Sites or Vanguard's services for regulatory reporting or marketing purposes.
International transfers of Personal Data
Vanguard generally maintains centralised servers and systems in Europe and in the United States and may maintain servers and systems elsewhere. These servers and systems are managed by or on behalf of The Vanguard Group, Inc., or Vanguard Affiliates located in or outside the United States. Vanguard also may subcontract the processing of your information to, or otherwise share your information with, other third parties in the United States or countries other than your country of residence. As a result, where the Personal and Other Data that we collect is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the Data receives the same level of protection as if it remained within the UK and the EEA, including entering into data transfer agreements, or using approved standard contractual clauses. You may have a right to details of the mechanisms under which your data is transferred outside the UK or the EEA.
Personal Data quality
Vanguard relies on the accuracy of the information provided by its clients and others. We take reasonable efforts to ensure that Personal Data collected by us or on our behalf is accurate, up to date, and complete, in accordance with applicable law. If any information about you changes or you have any concerns regarding the accuracy of information about you held by Vanguard, you should contact us at the address provided in the Contact us section below.
Personal Data security and retention
We use commercially reasonable physical, electronic, and procedural safeguards to protect your Personal Data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction in accordance with applicable law. Please be aware that despite our best efforts, no data security measures can guarantee 100% security all of the time. If you have online account access, we recommend that you take steps to protect against unauthorised access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your username and password private. For additional information, see our Online Security Policy.
Vanguard retains Personal Data for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as required by law, regulation, or internal policy. We are obliged to retain certain information to ensure accuracy, to help maintain quality of service, and for legal, regulatory, fraud prevention and legitimate business purposes.
Fraud prevention agencies can hold your Personal Data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your Personal Data can be held for up to six years. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us using the details below.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your Personal Data.
Right to access Personal Data
You have a right to request that we provide you with a copy of your Personal Data that we hold, and you have the right to be informed of:
- the source of your Personal Data;
- the purposes, legal basis, and methods of processing;
- the data controller's identity; and
- the entities or categories of entities to whom your Personal Data may be transferred.
Right to rectify or erase Personal Data
You have a right to request that we rectify inaccurate Personal Data. We may seek to verify the accuracy of the Personal Data before rectifying it.
You can also request that we erase your Personal Data in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see Right to object below); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which we are subject.
We are not required to comply with your request to erase Personal Data if the processing of your Personal Data is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise, or defence of legal claims.
Right to restrict the processing of your Personal Data
You can ask us to restrict your Personal Data, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your Personal Data following a request for restriction:
- where we have your consent; or
- to establish, exercise, or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your Personal Data
You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your Personal Data
You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your Personal Data for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your Personal Data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
If you would like Vanguard to stop sending promotional communications to your email address, you may opt out of receiving them by following the "unsubscribe" instructions at the bottom of each communication.
You may opt out of the use of your information for website analytics and online interest-based advertising.
Right to obtain a copy of Personal Data safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
Vanguard's primary supervisory authority for privacy and data protection matters is the UK Information Commissioner's Office.You also have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
If you would like to exercise any of the rights described above, please send us a request at the address or email provided in the Contact us section below. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
The Sites are not directed to children under the age of 18, and Vanguard does not collect information from anyone it knows is under the age of 18 (although information relating to persons under the age of 18 will be collected for the purposes of a Vanguard Junior ISA).We recommend that persons under 18 years of age ask their parents for permission before using the Sites or sending any information about themselves to anyone over the Internet.
If you have any questions relating to this Policy, or concerns about the way in which we have handled information about you, please do not hesitate to send us an email at email@example.com. You may also contact us by sending a message to:
Vanguard Asset Management, Limited
Attn: Data Protection Officer
4th Floor The Walbrook Building
London EC4N 8AF
Changes to this Policy
We will post changes to this Policy on our Personal Investor Site along with the effective date of the changed policy. We recommend that you review this Policy periodically. If we make a material change to this Policy, you will be provided with appropriate notice.
If you raise any concerns about how we have handled your Personal Data, we may request additional details from you regarding your concerns, and may need to engage or consult with other parties in order to investigate and resolve your issue. We will keep records of your request and any resolution of your issue.
Revised July 2023