INTRODUCTION AND DEFINITIONS
We are sending you this Disclosure Notice (“Notice”) because you (a) have a business relationship with Harmonic (as defined below) as Harmonic’s client (‘Client Relationship”); or (b) are an investor (“Investor”) in a fund client of Harmonic for which client Harmonic performs administrator and/or registrar and transfer agent (as relevant) services (“Investor Relationship”); or (c) are employed by or retained by Harmonic as employee, independent contractor or vendor (“Employment/Vendor Relationship”).
In this Notice certain other defined terms appear, whose meaning is as follows:
(i) Any of a Client Relationship, Investor Relationship or Employment/Vendor Relationship (as the context so admits) shall be a “Business Relationship”;
(ii) the “Business Relationship Contract” shall mean:
(iii) “Data Subject” refers to the natural person to whom the Personal Data relates (as defined in the GDPR);
(iv) “EEA” means the European Economic Area, the current members at the date hereof being the European Union Member States, Iceland, Liechtenstein and Norway; and
(v) “Harmonic” means the relevant Harmonic Group operating entity which has the Business Relationship with you.
GENERAL DATA PROTECTION REGULATION AND EFFECT ON HARMONIC GROUP
The European Union recently passed Regulation (EU) 2016/679 (the “GDPR”), which will enter into effect from 25 May 2018. The GDPR will affect any operating entity of Harmonic Group which controls or processes Personal Data (as defined in the GDPR) in the course of its business.
For your information, current operating entities of Harmonic Group and their locations are as follows:
In the course of its business activities Harmonic is required to receive and handle a wide range of data and information. Some of that data and information will be Personal Data and accordingly the GDPR will apply to the collection, use and retention of that Personal Data.
This Notice outlines Harmonic’s data protection obligations and your data protection rights as they relate to your Business Relationship with Harmonic under the GDPR.
Below is Harmonic Group’s policy statement of how Harmonic complies with the GDPR in relation to such Personal Data.
HARMONIC’S COLLECTION AND USE OF PERSONAL DATA
You understand that by virtue of your Business Relationship with Harmonic and your associated interactions with Harmonic (including the recording of electronic communications or phone calls where applicable) or by virtue of you otherwise providing Harmonic with personal information on individuals connected with you (for example directors, trustees, employees, representatives, shareholders, investors, clients, beneficial owners or agents), you will provide Harmonic with certain personal information which constitutes Personal Data. This includes, but is not restricted to, data such as your name, residential address, email address, telephone number, place of birth, date of birth, passport number, social security number, tax ID number, bank account details, personal details required to complete background checks and, in the context of an Investor Relationship, personal details required to complete anti-money laundering and anti-terrorist financing checks (including but not limited to identification verification information, source of funds information and source of wealth information) and details relating to investment activity.
In Harmonic’s use of this Personal Data, Harmonic will be characterised either as a “data controller” or as a “data processor” under the GDPR depending on the Business Relationship.
You understand that Harmonic may only collect, store and use this Personal Data for lawful purposes including, in particular: (i) where this is necessary for the performance of the Business Relationship Contract; (ii) where this is necessary for compliance with a legal obligation to which Harmonic is subject (such as the anti-money laundering and anti-terrorist financing obligation to verify the identity of Investors and Harmonic’s clients (and, if applicable their beneficial owners) and retain copies of materials in respect thereof for such period after the relationship terminates as may be required by applicable law); and/or (iii) where this is necessary for the purposes of the legitimate interests of Harmonic or a third party and such legitimate interests are not overridden by your interests, fundamental rights or freedoms.
It is noted that the GDPR states that the use of Personal Data for direct marketing purposes (that is, providing you with information on products and services that may be of interest) may be regarded as being for the purposes of a legitimate interest. Analysing Personal Data for quality control, business and statistical analysis, tracking fees and costs, training and related purposes are also legitimate interests for using your Personal Data. It should be noted that any such use of your Personal Data in either of these two ways would of course be subject to any relevant overriding prohibitions or restrictions in such use by Harmonic in the Business Relationship Contract.
Accordingly, you understand that Harmonic may use your Personal Data for such purposes as described above, provided that Harmonic is acting in a fair, transparent and accountable manner and has taken appropriate steps to prevent such activity having any unwarranted impact on you and also noting your right to object to such use, as discussed below.
Given the specific purposes for which Harmonic envisages using your Personal Data, under the provisions of the GDPR, Harmonic does not anticipate being required to obtain your consent to do so. Should Harmonic wish to use your Personal Data for other specific purposes that require your consent, Harmonic will of course contact you to request this.
HARMONIC’S PROCESSING, TRANSMISSION AND STORAGE OF PERSONAL DATA
It may be necessary for Harmonic to transfer Personal Data for processing to an agent, delegate, subcontractor or other representative of Harmonic (which may or may not be an affiliate of Harmonic) appointed by Harmonic (pursuant to authority in the terms of the Business Relationship Contract) to carry out sub-processing activities on behalf of Harmonic (each a “Permitted Processor”) under an appropriate written agreement between the Permitted Processor and Harmonic. Harmonic may only transmit Personal Data (a) to Permitted Processors with the prior written consent of the counterparty to the Business Relationship Contract (“Counterparty”); or (b) where required to do so under applicable law. In addition, it may be necessary for Harmonic to transfer Personal Data to certain third parties, upon the instruction of the Counterparty, whose involvement is necessary to carry out all or part of Harmonic’s duties and obligations contemplated under the Business Relationship Contract and in accordance with Harmonic’s internal written procedures. In such instances any such third party will not be a Permitted Processor of Harmonic and will instead be engaged directly by the Counterparty as a processor. Finally, where Harmonic is required to transfer Personal Data to a legal, regulatory or taxation authority under applicable law any such transfer shall not constitute the engagement of a Permitted Processor by Harmonic.
You understand that in certain circumstances Harmonic and/or Permitted Processors may be legally obliged to share your Personal Data and other financial information with respect to your Business Relationship Contract with their local tax authorities and the local tax authorities, in turn, may exchange this information with foreign tax authorities including tax authorities located outside the EEA.
In the case of Personal Data relating to the Data Subjects who are natural persons such Personal Data may be transferred to Harmonic and may be processed by Harmonic and in that particular case, Harmonic and any Permitted Processor shall only act as data processors (within the meaning of the GDPR).
It should be noted that (as set out above) certain Harmonic Group operating entities and Permitted Processors are located within the EEA and so Personal Data will be stored on servers in the EEA and certain Harmonic Group operating entities and Permitted Processors are located outside the EEA and so Personal Data will be stored on servers outside the EEA. For the avoidance of any doubt, as stated above, Personal Data may be transferred for back-up or servicing purposes by Harmonic to Permitted Processors. In such circumstances it should be noted that (i) both Harmonic and Permitted Processor may be located in the EEA; and/or (ii) both Harmonic and Permitted Processor may be located outside the EEA; and/or (iii) Harmonic may be located in the EEA but the Permitted Processor may be located outside of the EEA, or vice versa.
Subject to applicable provisions of the GDPR, the Personal Data shall not be shared by other than as described herein. In this context then, it is important for you to note that Personal Data may be transmitted, stored and processed on systems located outside of Harmonic’s operating jurisdiction, which systems are or may be operated by a Permitted Processor (and therefore authorities including regulatory or governmental authorities or courts in a jurisdiction (including jurisdictions where these parties are established or hold or process Personal Data) may obtain access to Personal Data which may be held or processed in such a jurisdiction or accessed through automatic reporting, information exchange or otherwise in accordance with the laws and regulations applicable in such jurisdiction).
THE DATA PROTECTION MEASURES HARMONIC TAKES
Any transmission of Personal Data by Harmonic to a Permitted Processor outside the EEA shall be in accordance with the conditions in the GDPR.
Harmonic shall apply and shall contractually obligate Permitted Processors to apply appropriate information security measures designed to protect Personal Data in Harmonic’s/Permitted Processors’ possession from unauthorised access by third parties or any form of computer corruption.
Harmonic shall notify you of any Personal Data breach affecting you that is likely to result in a high risk to your rights and freedoms.
YOUR DATA PROTECTION RIGHTS
You understand that you have certain rights regarding Harmonic’s use of this Personal Data such as:
You also have the right to object to the processing of your Personal Data where Harmonic has considered this to be necessary for the purposes of its legitimate interests.
Please note that the right for your Personal Data to be erased (the “right to be forgotten”) that applies in some contexts under the GDPR is not likely to be applicable to most, if not all, of the Personal Data you provide to Harmonic, given the specific nature of the purposes for which Harmonic uses the Personal Data, as described above.
HARMONIC’S RETENTION OF YOUR PERSONAL DATA
Harmonic or Permitted Processors may retain your Personal Data following the conclusion of your Business Relationship with Harmonic for such minimum period as may be required by applicable laws.
AMENDMENTS TO SERVICES AGREEMENTS
Harmonic is legally required under the GDPR to amend its Services Agreements in order to reflect Harmonic’s duties under the GDPR. Accordingly Harmonic will be contacting you shortly with the appropriate GDPR Amendment Agreements for your execution.
GETTING IN TOUCH
As Harmonic does not control or process Personal Data on a large scale, Harmonic Group is not required to designate a data protection officer either Group-wide or per operating entity. However, a member of staff has been designated as Responsible Person Group-wide for each of (i) the receipt of any queries relating to data protection or in the event a Data Subject wishes to discuss his/her data protection rights with Harmonic (“General Queries”), and (ii) communicating with the Lead Supervisory Authority or other relevant supervisory authorities (“Regulatory Communications”). As at the date of this Policy the Responsible Persons for Harmonic Group are:
General Queries: GDPR-Queries@harmonic.ky
ADDITIONAL LEGAL AND REGULATORY DISCLOSURES
For additional legal/regulatory disclosures, please consult: http://harmonicfundservices.com/legal/