U.S. Privacy Notice
This privacy notice (“U.S. Privacy Notice”) describes how Affiliated Managers Group, Inc. (“AMG”) collects, uses, and discloses information that can be associated with your identity (“Personal Data”). AMG is committed to protecting the privacy of those who share their Personal Data with us, and this notice summarizes the standards we will apply in relation to Personal Data. You agree to the practices regarding your personal information described in this U.S. Privacy Notice when you use the AMG website or other AMG services, whether online or offline or otherwise provide personal information to us.
References to AMG throughout this U.S. Privacy Notice should be understood to reference AMG only; this U.S. Privacy Notice is not intended to supersede or replace any policies or rights that may be in effect in other jurisdictions or nations, including the European Union’s General Data Protection Regulation 2016/679 (“GDPR”).
Personal Data collected by our global distribution offices (each an “AMG Company” and, together with AMG, the “AMG Group”), may be covered by a separate privacy notice, depending on the relevant entity and jurisdiction. See GDPR Privacy Notice
1. COLLECTION AND USE OF PERSONAL DATA
AMG does not sell Personal Data to third parties.
Who we collect Personal Data about
AMG may receive Personal Data of current or prospective clients of our Affiliates. Where clients are businesses, we may receive Personal Data about the employees or representatives of those businesses. We may also receive relevant Personal Data of employees or partners of Affiliates
Types of Personal Data Received
The types of Personal Data we may receive directly from Affiliates’ clients are generally limited to contact information, such as postal or email address and phone number. From time to time, we may also receive incidental health or family information for relationship management purposes.
The types of Personal Data we receive (directly or indirectly) from Affiliates or their authorized agents may include contact information, financial information and, in certain cases, health information and background check information.
The types of Personal Data we may receive from the AMG Group is typically limited to contact information for the various service providers to the company, and name and contact information on the directors of the company required for corporate administration purposes.
AMG may also receive Personal Data in connection with the performance of a contract, or in order to take steps before entering into that contract, or to comply with our legal obligations.
How we use and share Personal Data
We do not sell Personal Data.
We may receive, store, and use Personal Data in order to conduct our business as a global asset manager, and to provide support to the business activities of our Affiliates. Due to the global nature of our business, we may share Personal Data among the entities in the AMG Group and with our Affiliates. Personal Data of Affiliates’ clients may be shared among the entities in the AMG Group, in connection with marketing activities, or to support strategic business opportunities for our Affiliates.
Similarly, Personal Data may be shared with third parties who provide professional services to us (“Service Providers”), such as technology companies who support our computer systems, or to our external auditors or other professional consultants. Service Providers may only use the Personal Data that we share with them for AMG business purposes, as we direct, and cannot otherwise store, use, or disclose Personal Data they receive from AMG. We may use Personal Data or make disclosures to third parties or government agencies as required by law, for example, in support of our anti-money laundering (“AML”) controls.
We may share Personal Data to cooperate with regulators during periodic regulatory examinations or in accordance with law enforcement requests, court orders, or other judicial or administrative proceedings; where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our policies, or as evidence in litigation in which we are involved or as otherwise permitted or required by law or regulation; to another company if we are acquired by or merged with another company or if our assets are transferred to another company; and in connection with the making, management or disposition of any investment by an Affiliate’s client.
As part of our commitment to confidentiality, we do not sell or share confidential information of employees, partners or clients at our Affiliates, or potential Affiliates, with other Affiliates.
How we collect Personal Data
AMG may receive Personal Data through the general business and marketing activities of the AMG Group, as part of investment due diligence processes, or from our Affiliates. AMG may also receive Personal Data from authorized third parties acting on behalf of our Affiliates, such as accountants, attorneys, and consultants.
2. KEEPING INFORMATION SECURE AND LIMITING ACCESS
AMG has a formal information security program, designed to develop and maintain privacy and data security practices to protect company assets and sensitive third-party information (including Personal Data). We seek to protect against anticipated threats or hazards to the security or integrity of such information, and against unauthorized access to, or use of, Personal Data that creates a substantial risk of financial loss, identity theft, fraud, or reputational harm.
Our information security protocols comprise internal and external resources designed to identify, protect, detect, resolve, and recover from various threats and attacks of malicious actors. We have documented strategies, policies, and procedures in place to protect employee, business, and Affiliate client data (including Personal Data) in the event of an emergency or natural disaster. We also have a documented incident response plan, with defined roles and responsibilities that address notification obligations and procedures in the event of a data breach.
AMG retains Personal Data for as long as necessary to fulfill the purposes for which such Personal Data was collected or to comply with its legal obligations, resolve disputes or enforce agreements. The criteria used to determine the retention periods include: (i) how long the Personal Data is needed to provide the services and operate the business; (ii) the type of Personal Data collected; and (iii) whether AMG is subject to a legal, contractual or similar obligation to retain the data.
3. YOUR RIGHTS
- The right to request that we disclose to you (i) the categories of Personal Data we collected about you and the categories of sources from which we collected such information; (ii) the specific pieces of Personal Data we collected about you; (iii) the business or commercial purpose for collecting Personal Data about you; and (iv) the categories of Personal Data about you that we shared or disclosed and the categories of third parties with whom we shared or to whom we disclosed such information, in accordance with applicable law.
- The right to request that we delete Personal Data we collected from you subject to certain exceptions, including where there is another overriding regulatory or legal obligation (such as AML obligations).
- The right to opt-out of marketing communications and to object to certain other processing.
- The right to not be discriminated against as a result of exercising any of the aforementioned rights.
You may exercise these rights by submitting a request by phone, email, or in writing using the contact details provided below.
When you submit a request, we may need to obtain information about you or your request to verify your identity before we can process your request. You may submit requests through an authorized agent, in which case we will need to verify the agent’s identity, your identity, and their authority to act on your behalf before we can process the request.
4. CONTACT INFORMATION
If you have any questions concerning this notice, please contact Shari Marshall (AMG Data Protection Specialist) at 1.800.345.1100, via email at firstname.lastname@example.org, or in writing at Affiliated Managers Group, Inc., P.O. Box 1000, Prides Crossing, MA 01965.
5. CHANGES TO THIS U.S. PRIVACY NOTICE
AMG may change or update this U.S. Privacy Notice from time to time. When we do, we will post the revised U.S. Privacy Notice to this page.