Last Updated: January 2021
Brown Brothers Harriman & Co. and all other related affiliates and subsidiaries (collectively “BBH”, “we” or “us”) respect your privacy and are committed to protecting it.
Websites and Services Covered by This Privacy Policy
This privacy policy applies to our privacy practices for handling information relating to your use of bbh.com and other websites operated by us from which you are accessing this privacy policy (collectively referred to as the “Sites”), as well as our online services on the Sites and services related to our business products (the “Services”). We also describe the rights you may have and how you can contact us about our privacy practices.
The privacy policy does not apply to those websites or communications that have their own privacy policies or to websites of other companies or entities that are linked to this website. To learn about the privacy policy of a linked site, please refer to the privacy policy for that site.
BBH is the data controller for personal information that we collect through the Sites. We are also the controller for personal data we collect for our key business contacts. For personal data provided in relation to our business products there are times when we are a controller. If you have questions on when we are acting as a controller or questions related to our processing of your personal data (or about any content in this policy), please find our contact details, including the contact details of our Data Protection Officers in the How to Contact Us section at the end of this policy.
Please read this policy carefully. Your use of the Sites and/or the Services, including your disclosure of any personal information into the Sites and/or Services is subject to and governed by this policy.
What this Privacy Policy covers
- Personal information we collect about you;
- Sensitive data;
- How we use and share personal information;
- How we transfer and store personal information;
- How long we keep personal information;
- Your rights;
- Children’s privacy;
- Effective date and policy changes; and
- How to contact us.
Personal information we collect about you
We collect and store information that you voluntarily provide to us, information related to your Sites visit and usage, as well as information provided to us by or through our clients in connection with our Services. We also collect certain information when you:
- submit inquiries via an online form;
- sign up to Services offered by BBH;
- apply for jobs with BBH via our online portal;
- browse our Sites; or
- engage with our electronic marketing communications (also referred to below as emails).
Information that you provide us
Personal information that you provide directly to us will be apparent from the context in which you provide it, for example:
- if you fill out a form on our Sites, you will generally provide your name, contact details and any other information required by the form, such as the content of your inquiry;
- if you sign up to receive electronic marketing communications from us, you will generally provide your name, email address and other contact information, and your product or topic preferences;
- if you sign up for any of the online Services we provide, you will generally provide your name and contact information and any other information necessary to access the feature;
- if you apply for a role with BBH via our online application facility, you will generally provide your name, contact details and a copy of your CV or resume, and if you apply using your LinkedIn profile, you will generally provide information about your LinkedIn account.
- If you are a key contact in a business that has a business account with BBH, we generally have your name, email address, phone number, title and other information relevant to your interaction with BBH on behalf of your employer.
- If you are a person that we hold information on in relation to Services provided by us, we generally have information you have provided to us in order to open and administer your account and or the register of the Fund(s) you own shares of, which could include data to detect and prevent fraud, anti-money laundering and terrorism financing as well as to perform negative news and sanctions screening.
Information that we collect automatically
Our web servers may log information such as your device type, operating system type, browser type, domain, the website from which you were referred to our Sites (if any), and other system settings, as well as the language your system uses and the country, city, and time zone where your device is located. The web server logs may also record information such as the address of the web page that referred you to our Sites and the IP address of the device you use to connect to the Internet. They may also log information about your interaction with the Sites, such as which pages you visit. To control which web servers collect information by automated means, we may place tags called “web beacons” – small files that link web pages to particular web servers and their cookies. We may also collect information from your browser, such as your browsing history on the Sites, and use it in conjunction with data gathered from forms and emails to help understand and respond to your needs. See our Cookie Policy for more information.
“Do Not Track” Signals
Your browser settings may allow you to transmit a “Do Not Track” signal to websites and online services you visit. Like many other websites and online services, we do not currently process or respond to “Do Not Track” signals from your browser or to other mechanisms that enable choice, other than through Managing Cookies.
Both we and our service providers who provide the technology platforms which support elements of the Services (e.g., video clips) may collect personal information about our visitors’ use of the Services online. Other than collection of information as described in this Privacy Policy, we will not collect personal information about you when you use the Sites or the Services, unless you choose to directly provide such information to us when contacting us via email or other method. We will use your personal information to process your request and, when applicable, respond to you.
If you are a client of BBH
In addition to collecting information directly from you, we may collect information from third- party sources to satisfy our due diligence obligations in connection with your new account opening. This third-party data allows us to verify the information you have provided to us, for example, to comply with our legal obligations under “know your customer” laws.
Sensitive data
We recognize that certain jurisdictions have enacted laws that require higher protection of certain sensitive personally identifiable information, such as state or national ID numbers, or other information regarding racial or ethnic origin, health or medical records (“Sensitive Data”). As a general rule, we do not collect Sensitive Data from you.
In the limited cases where we do seek to collect such information, we will seek to do so only in accordance with applicable data privacy law requirements.
How we use and share personal information
Information that we collect from you
We may use the personal information you provide for a number of reasons, including, but not limited to:
- To respond to inquiries or service requests and monitor such responses;
- To provide information about and market our products or Services which we believe may be of interest. This includes tailored product, thought leadership, and event communications.
- To manage and improve the Sites and assess their usage and effectiveness;
- To develop our business and to inform our marketing strategy, in particular, by monitoring the effectiveness of marketing campaigns;
- To assess the usage of the Services we provide;
- To operate our business in accordance with industry standards and applicable law, which may include, in addition to supporting the Services; responding to inquiries and requests, prevent fraud; and monitoring and archiving communications; and
- To administer client accounts, including anti-money laundering, sanctions and anti-fraud checks.
We use the personal information for the purposes described above because we have a legitimate interest in operating and improving our business that is not overridden by your interests, rights and freedoms to protect personal information about you. We will only send you direct marketing materials if you have given consent for us to do so, unless such consent is not required, in which case you will be provided the opportunity to opt-out of receipt of direct marketing materials.
Information that we collect automatically
We use certain limited personal information that we collect automatically through cookies, non-cookie-based tokens, web beacons, and other automated means for purposes such as customizing and enhancing our visitors’ experience on the Sites, facilitating use of the Sites, collecting statistics about your visits to the Sites, and understanding the way in which our visitors browse the Sites. We also use the information to help diagnose technical and service problems, administer the Sites, and, in some cases, to identify visitors to the Sites who are subscribed to receive communications from us. We use clickstream data to determine how much time visitors spend on web pages of the Sites, how visitors navigate the Sites, and how we may tailor the Sites to better meet the needs of our visitors. We use the personal information for the purposes described above because we have a legitimate interest in operating and improving our Sites that is not overridden by your interests, rights and freedoms to protect personal information about you. See our Cookie Policy for more information.
We also collect personal information when you engage with our email communications. This includes email open and click information, and any responses submitted to our event communications. We use personal information for these purposes because we have a legitimate interest in growing our business and developing our marketing strategy. See our Cookie Policy for more information.
Other uses of your personal information
We also may use the personal information that we collect to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal information for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by law that applies to us.
Mobile Phone Information
In connection with certain of our products and services, we may authenticate instructions which purport to come from you by calling back a telephone number which you have previously provided to us. By providing us with a mobile phone number for call back purposes, or by submitting an instruction, you authorize (on behalf of yourself and any Authorized Person) that the appropriate carrier (AT&T, Sprint, T-Mobile, U.S. Cellular, Verizon or any other branded operator) may disclose to us and our third-party service providers the mobile number, network status, customer type, customer’s role, billing type, mobile device identifiers (IMSI [International Mobile Subscriber Identity] and IMEI [International Mobile Equipment Identifier]) and other subscriber status and device details, if available, solely to verify the caller’s identity and prevent fraud for the duration of the relationship. Please note that this information is used only as part of the call back procedure to verify your instruction, and this information is not retained by us after completion of the verification.
In addition to the uses described above, we may use personal information that you provide to us or that we collect for other purposes. Where this is the case, we will provide an additional privacy notice to you that describes the purposes for which we will use the personal information and our legal basis for doing so.
Sharing your personal information
We do not sell any personal information that we collect about you. We do not disclose any personal information about our current or former clients to anyone, except as described in this policy, as permitted by contract or law and subject to confidentiality obligations that apply in certain jurisdictions.
We may disclose or share personal information about our customers to our affiliates, as permitted by law, for our affiliates to provide services. We also may share your personal information with service providers that perform services on our behalf, such as hosting providers and advisers. All service providers have entered into legally binding agreements requiring them to use or disclose personal information only as necessary to perform services on our behalf or comply with applicable legal requirements. We may share personal information with our affiliates and service providers for a number of reasons, including:
- You have requested information about our affiliates’ products and services;
- We rely on services provided by our affiliates and service providers to provide you with the services you require;
In addition, we may disclose your personal information (i) at the request of a bank or other regulatory agency or in connection with an examination of us by bank or other examiners; (ii) to our internal or external auditors or attorneys; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iv) if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency; (v) if disclosure is necessary to protect the vital interests of a person; or (vi) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).
How we transfer and store personal information
BBH is a global organization; personal information we collect may be transferred internationally throughout the world to countries where we do business, which may not have the same data protection laws as the country in which you reside. We have internal policies and procedures in place to achieve an equivalent level of protection in place across our organization. The transfer of personal information to other countries is based on a business need or to comply with applicable laws. Personal information stored or processed in a foreign jurisdiction may be accessed under a lawful order made in that jurisdiction.
If you are resident in the European Economic Area (“EEA”), the United Kingdom or Switzerland, we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA, the United Kingdom and Switzerland. In all such cases, we will only transfer your personal information if:
- The country to which the personal information will be transferred to has been granted a European Commission adequacy decision;
- We have put in place appropriate safeguards in respect of the transfer, for example the EU Model Clauses;
- The recipient of the personal information has adopted Binding Corporate Rules in relation to the personal information transferred; or
- The transfer is otherwise authorized by applicable legal requirements.
You may request a copy of the safeguards that we have put in place in respect of transfers of personal information by contacting us as described in the How to Contact Us section below.
How long we keep personal information
The time period for which we keep personal information depends on the purpose for which we collect it. In all cases we keep it for as long as is necessary to fulfil the purposes for which we collected it. We will then delete or anonymize the personal information, unless we are legally required to retain it or if we need to retain it in order to comply with our legal obligations (for example, for tax and accounting purposes).
Subject to any applicable legal requirements, we typically retain personal information as follows:
- Personal information you provide to us through our Sites: we keep this personal information for as long as necessary to respond to your request, and for a short further period in the event that you send us further requests.
- Personal information you provide when you sign up to receive direct marketing communications: we keep most of this personal information for the duration of our relationship with you until you opt out of receiving future marketing communications or we do not have any contact with you for a long period of time.
- Personal information collected for analytics purposes: we keep this personal information for a short period of time necessary for us to carry out the analytics. We anonymize or aggregate personal information used for analytics once it is no longer required.
- Website logs: we keep audit logs for our Sites, which may contain your personal information, for several months. These logs include access logs (to monitor and maintain the security of our Sites), error logs (to track and record errors), and security logs (to track and record security related events, such as, unauthorized access attempts).
Your rights
As a person who provides us with personal information, you may inquire as to the nature of the personal information stored at and/or processed by us. You will be provided reasonable access to your personal information held by us and, where appropriate, with the ability to review and correct inaccuracies. We will cooperate in providing such access. All such requests for access may be made by sending a request in writing to: DPO@bbh.com.
If you are resident in the EEA, the United Kingdom, or Switzerland, you may have the following rights in relation to your personal information that we hold about you:
- To request confirmation of whether we process personal information relating to you and, if so, to request a copy of that personal information;
- To request that we rectify or update your personal information that is inaccurate, incomplete or outdated;
- To request that we erase your personal information in certain circumstances, such as where we collected personal information on the basis of your consent, and you withdraw your consent;
- To request that we restrict the use of your personal information in certain circumstances, such as while we consider another request that you have submitted, for example as a request that we update your personal information;
- Where you have given us consent to process your personal information, to withdraw your consent; and
- To request that we provide a copy of your personal information to you in a structured, commonly used and machine-readable format in certain circumstances.
To help protect your privacy and provide security, we may take reasonable steps to verify your identity before we satisfy your request. We shall respond to such reasonable request made by you within such time period as required under applicable law after your identity has been confirmed.
You also have the right to lodge a complaint with the data protection supervisory authority in your country.
Children’s privacy
We recognize the need to provide particular privacy protections with respect to personal information that may be collected from children. Our Sites and Services are not aimed at or intended for children.
Effective date and policy changes
Each time you use our Sites, the current version of the Privacy Policy will apply. This policy is subject to change from time to time. The ‘Last Updated’ section at the top of this policy indicates when the policy was last updated. If we change it, we will post the current privacy statement on this page. Any changes to this statement will be effective as of the day they are posted. Use of the Sites following these changes signifies acceptance of the revised Privacy Policy.
Unless stated otherwise, our current Privacy Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of your privacy without your consent.
How to contact us
If you have questions or comments about this Privacy Policy, or about how your personal information is processed you may contact us:
By email at: GlobalPrivacy@bbh.com.
In writing at:
Attention: Privacy Officer
50 Post Office Square
Boston, Massachusetts 02110
You may also contact our Data Protection Officers:
By email at: DPO@bbh.com
In writing at:
Attention: Data Protection Officer
Brown Brothers Harriman Luxembourg
80 Route d'Esch, 1470 Luxembourg
Or
Attention: Data Protection Officer
Brown Brothers Harriman
30 Herbert St, Grand Canal Dock, Dublin 2, Ireland
California Consumer Privacy Act Disclosures
Last Updated: 21 May 2020
The California Consumer Privacy Act (“CCPA”) requires that we disclose certain information regarding our collection, use, and disclosure of personal information of California residents. These California Consumer Privacy Disclosures (“Disclosures”) supplement the Brown Brothers Harriman Privacy Policy above and apply solely to California consumers. These Disclosures do not apply to Brown Brothers Harriman personnel. Sections 2-4 of these Disclosures do not apply to Brown Brothers Harriman job applicants.
1. Notice of Collection and Use of Personal Information
Depending on the nature of your relationship with us, we may collect (and may have collected during the 12-month period prior to the effective date of these Disclosures) the following categories of personal information about you:
- Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers
- Additional Data Subject to Cal. Civ. Code § 1798.80: signature, state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, and other financial information, medical information
- Protected Classifications: characteristics of protected classifications under California or federal law, such as national origin, age, sex, gender, sexual orientation, marital status, medical condition, disability, citizenship status, and military and veteran status
- Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
- Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
- Geolocation Data
- Sensory Information: Audio
- Employment Information: professional or employment-related information
- Education Information: education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)
- Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We may use (and may have used during the 12-month period prior to the effective date of these Disclosures) your personal information for the purposes described in our Privacy Policy and for the following business purposes specified in the CCPA:
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service that is owned, manufactured, manufactured for, or controlled by us.
- Managing career opportunities with Brown Brothers Harriman.
2. Sources of Personal Information
Depending on the nature of your relationship with us, during the 12-month period prior to the effective date of these Disclosures, we may have obtained personal information about you from the following categories of sources:
- Directly from you, such as when you enter your personal information on our Site or contact us
- Your devices, such as your online activity when you visit our Site, including how you interact with our Site
- Our affiliates
- Vendors who provide services on our behalf
- Our joint marketing partners
- Online advertising services and advertising networks
- Data analytics providers
- Government entities
- Operating systems and platforms
- Social networks
- Data brokers
3. Sharing of Personal Information
Depending on the nature of your relationship with us, during the 12-month period prior to the effective date of these Disclosures, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:
Category of Personal Information | Category of Third Party |
---|---|
Identifiers | Data analytics providers, government entities, operating systems and platforms |
Additional Data Subject to Cal. Civ. Code § 1798.80 Law | Government entities |
Protected Classifications | Government entities |
Commercial Information | Government entities |
Online Activity | Data analytics providers, operating systems and platforms |
Sensory Information | Government entities |
Employment Information | Government entities |
Education Information | Government entities |
Inferences | Government entities |
As noted in our main Privacy Policy, we do not sell any personal information, including but not limited to personal information of minors under sixteen (16) years of age.
4. Specific Rights under the CCPA
Under the CCPA, California residents have certain specific rights with respect to their personal information. The following describes these rights:
Right to Request Information
You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months.
Right to Request Deletion of Personal Information
You also have the right to request that we delete certain personal information that we have collected from you.
Opt-Out of Sale
You have the right to opt out of the sale of your personal information. As noted in our main Privacy Policy, we do not sell any personal information, including but not limited to personal information of minors under sixteen (16) years of age.
How to Exercise Your Rights
We offer three methods by which you may submit a request for information or for deletion of your personal information:
- You may submit a request using the dedicated request form on our website;
- You may submit a request via email to GlobalPrivacy@bbh.com; or
- You may call us toll-free at 800-672-1818 and ask to speak to the BBH Privacy Officer.
Please note that for us to act on your request, we must verify that you are the individual to whom the request relates. The procedure for verifying your request will vary depending on the nature of your request and your relationship with us but will typically involve requiring you to provide us with two or more pieces of identifying information matching your personal information already in our records. In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. We will notify you if we are unable to verify your request as required by the CCPA.
To submit a request as an authorized agent on behalf of an individual, you must provide us with written and signed permission from the individual to submit requests on their behalf, in addition to any other information which would be necessary if the individual were making the request directly.
Right of Non-Discrimination
We will not discriminate against you because you have exercised any of your rights under the CCPA. This includes, but is not limited to, denying you goods or services, charging you different prices or rates for goods or services, providing you with a different level or quality of goods or services, or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services because you have exercised any of your rights under the CCPA.
5. Contact Information
If you have questions or concerns about our privacy policies and practices, please contact us as described in the “How to contact us” section of our main Privacy Policy.