“Personal Information” means any personal data or details from which a living individual may be directly or indirectly identified whether on its own or in conjunction with any other information we may have or be able to access (e.g., from you directly and/or obtained from others within or outside Epoch).

Examples of the categories of Personal Information we may process include:

• Demographic Information (e.g. name, address, phone number(s), age/date of birth and other contact information)
• Personal Identification Numbers (e.g., Driver’s License, National Insurance, Social Security Number, Tax identification)

"Special categories of personal information" means certain categories of personal information which have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation

Examples of the categories of special categories of personal information we may process include:

• Information about your health (e.g. dietary restrictions, special access requirements) for event and building access.
• Information about criminal convictions and offences to perform Know Your Customer (KYC) checks to comply with applicable Anti-Money Laundering (AML) laws.

“Process” or “processing” means any operation or set of operations which is performed on Personal Information (or sets of Personal Information), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, obtaining, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

As a data controller, Epoch is accountable and has an obligation to ensure that we process your Personal Information in compliance with the EU GDPR, the UK GDPR and the applicable laws which give further effect to the EU and UK GDPR. This means that your Personal Information must be:

• Processed fairly, lawfully and in a transparent way;
• Collected only for specified, explicit and legitimate purposes that are clearly explained to you and not used in any way that is incompatible with those purposes;
• Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
• Accurate and up to date;
• Not kept for longer than is necessary for the purposes explained to you;
• Processed in line with your rights;
• Kept securely; and
• Not transferred to other countries outside the UK and EEA without appropriate safeguards being in place.

Your relationship with us includes our co-ordination of the relationship between us and your company and the resulting processing of your Personal Information, and the collection and sharing of your Personal Information with certain affiliated companies for the application for and management of financial services provided by us and the creation, administration and termination of the terms and conditions of these services.

It includes the administration of legislative programs such as fulfilling regulatory requirements, and tax and other statutory regulations. 

List of Data Controllers covered by this Notice

• Epoch Investment Partners UK, Ltd, 4th Floor, Carrington House, 126-130 Regent Street, London, W1B 5SE, United Kingdom.

During your relationship with us, we will collect and process your Personal Information as outlined in this Privacy Notice or as otherwise notified to you.

You will be the primary source for your Personal Information, for example via an application, subscription, or other forms/material provided by you, but it may also be necessary to collect information from third parties such as cookies and other similar technologies or public available sources. For example, personal information originally available to the public and typically over the internet; or lawfully made available from records, databases, and/or systems of government agencies, departments, divisions or other operating units, in electronic, paper or any other format. In this Privacy Notice, at or before the time of collection, we explain how we intend to use your Personal Information and the legal ground for processing (e.g., legal obligation we are subject to, legitimate interest we have or consent).  For each type of processing where we are relying on Epoch’s legitimate interests, we will list out such interests. For processing requiring your consent, we will provide you with details of the Personal Information we would like and the reason for collecting it, so that you can carefully consider whether you wish to consent.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact your relationship manager or client service representative. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose, or purposes, you originally agreed to, unless we have another legitimate basis for doing so in law.

We may process your Personal Information on other grounds in limited circumstances, in particular without your knowledge or consent:

• Where it is needed for substantial public interest or for official purposes on the basis of the applicable laws
• For an emergency that threatens an individual’s life, health or security, including your own
• If knowledge would compromise the availability or accuracy of the Information and collection is required to investigate a breach of the Guidelines of Conduct or contravention of European law
• If it is publicly available (such as name, address and telephone number of a subscriber in a telephone directory, and
• If we have reasonable grounds to believe the Information could be useful when investigating a contravention of a European or foreign law and the information is used for that investigation.

We will process your Personal Information, including disclosure to third parties or other entities within the same group which Epoch belongs to, for any of the following legitimate business and necessary purposes:

• To fulfil our contractual obligations. For example, if you provide us with Personal Information to open, manage and administer your account, we will use that Personal Information for such purpose
• To comply with a legal obligation that we have, for example where we are required to report to tax authorities, to perform KYC checks to comply with applicable AML laws or to prevent and detect financial crime
• You have provided your consent, for example for a compatible reason as is described to you at the time of collection
• For a purpose that is compatible with the original purpose as is described to you at the time of collection
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
• For our legitimate interest, as a commercial organization, provided our use is proportionate and respects your privacy rights. Such legitimate interests may, for example, include:
  • To administer the client relationship
  • To assist with, manage and improve the operations, including security, of the Epoch entities enterprise-wide
  • To Liaise with appropriate third-party suppliers, in the interest of operational efficiency
  • To undertake business management, reporting and planning, and
  • To protect and exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work 
  • For marketing purposes, such as:
    • providing our clients and prospective clients with our newsletters, event invitations, industry insights and/or other direct marketing materials
    • informing and promoting our products or services which we believe may be of interest to our clients, and 
    • analyzing how Epoch's electronic marketing communications are used by you (including whether you open them and click through to access their contents)
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, fraud, and other security breaches, for the purposes of prevention of crime and fraud to ensure the security of Epoch's systems and further improve its service
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information held by Epoch is among the assets transferred
  • To administer and protect this website and for internal operations, including to keep our website safe and secure, data analysis, troubleshooting, testing, system maintenance, support, reporting and hosting of data, research, statistical and survey purposes, and
  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiences, including to ensure that content from our website is presented in the most effective manner for you and for your device

Some of the above purposes for processing will overlap and there may be several purposes which justify our use of your Personal Information. We will only use your Personal Information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may share your Personal Information with our affiliates (as many of our processes are centralised) and with third parties, where it is necessary for the purpose for which it was collected or where we have another legitimate interest in doing so. When we do so, we will make sure that your Personal Data is used in a manner consistent with this Privacy Notice, or enter into a contract that describes the business purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We may share your personal information with the following external third parties:

• Our affiliates
• Service providers with who we have contracted to perform services on our behalf (such as IT and system administration services providers)
• Marketing and analytics service providers
• Anti-fraud and sanctions database providers
• Financial intermediaries
• Professional advisors, such as accountants, lawyers, auditors and or other consultants;
• Third parties, to whom you, your agents or the company you represent authorize us to disclose your Personal Information in connection with products or services we provide to you
• Regulatory and governmental organizations, and
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Notice

We may be required by law to share your Personal Information, including with any regulatory or other governmental organisation, either in the UK or Europe or in any jurisdiction in which we operate due to the nature of our specific business in that regulator’s jurisdiction. Where reasonable to do so, and subject to the exceptions set out in this Privacy Notice, we will use all reasonable endeavors to notify you prior to sharing Information with third parties and to explain why we are doing so.

We will never rent or sell your Personal Information.

We operate globally and we may share some of your Personal Information, with organizations (including our affiliates and our service providers) who are outside of the jurisdiction in which the Personal Information was collected. These countries may not have similar data protection laws to Europe and the UK.  If the data is going to jurisdictions outside the EEA and the UK and which are not considered to have the same level of data protection as the EEA and the UK, other measures are used to protect your Personal Information to the same level, such as the European Commission’s and UK's Standard Contractual Clauses.

By providing your Personal Information, you are acknowledging that this transfer, storing or processing may take place. If we transfer your information outside of the EEA and the UK, we will take steps to help ensure that appropriate measures are taken to protect your privacy rights, as outlined in this Privacy Notice. You can request more information about any such measures taken from the DPO.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

We have in place a number of technical and organization measures to protect our systems and your Personal Information. These include but are not limited to:

• Personal Information is only accessible by a limited number of relevant staff bound by duties of confidentiality
• All electronic information is held on systems that incorporate firewalls, password- controlled access and virus protection procedures, and
• We audit our procedures and security measures regularly to help ensure that they are being properly administered and that they remain effective and appropriate to the sensitivity of the information

Every employee is responsible for protecting Personal Information to which they have access in their role.  All employees who have access to Personal Information are required, as a condition of employment, to comply with the Epoch's Code of Conduct and uphold Epoch's commitments to protect the integrity and confidentiality of the Personal Information to which they have access in accordance with our internal rules.

For your protection, you should not send confidential or Personal Information to us over the internet (e.g., email) or through any unsecured channel.

We have put in place procedures to manage any suspected data security breach and will notify you, and any applicable regulator, where we are legally required to do s

We keep your Information for no longer than is necessary for the purpose(s) for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). When we no longer require your Personal Information, we will securely destroy and/or delete it from our systems as far as is reasonably and technically possible.

In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us, whether by informing your relationship manager or client service representative.

Under certain circumstances, by law you have the right to:

• Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a set of the Personal Information we hold about you and to check that we are lawfully processing that Information. Please note that there are a number of legal reasons that entitle us to withhold your Personal Information from you, including but not limited to: references to other individuals; legal privilege; confidentiality; and in connection with legal disputes
• Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no longer a purpose for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below)
• Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which may lead to you objecting to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes
• Request the restriction of processing of your Personal Information in specific circumstances. This enables you to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it, and
• Request the transfer of your Personal Information to another party

If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Personal Information, or request that we transfer a copy of your Personal Information to another party, please contact your relationship manager or send your request to Privacy.EAP@tdsecurities.com

You will not have to pay a fee to access your Personal Information or to exercise any of the other rights, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, in particular in relation to repetitive requests. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the Information or to exercise any of your other rights. This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

If you are aware of, or are the victim of, a suspected privacy breach in connection to your relationship with us, you should immediately contact your relationship manager or email us at Privacy.EAP@tdsecurities.com. All suspected privacy breaches are appropriately investigated, and applicable corrective action is taken.

In addition, if you are not content with how Epoch manage your Personal Information, you have the right to lodge a complaint at any time to your relationship manager or client service representative as well as with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where:

• you are resident
• you work, or
• the alleged infringement took place

A list of National Data Protection Authorities in the European Economic Area can be found here. For the Information Commissioner’s Office in the United Kingdom, please visit ico.org.uk/

We reserve the right to update this Privacy Notice at any time, and we will notify you, whether directly or indirectly, for example via our privacy notice webpage or email signatures, when we make any substantial updates. We may also notify you in other ways about the processing of your Personal Information.

If you have any questions about this Privacy Notice, please contact, Epoch’s Chief Compliance Officer at epochcompliancegroup@td.com, or alternatively, the DPO listed above.

Last updated: 07.02.23