This policy describes how Sagard SAS collects, uses, shares, stores and protects personal data. It has been prepared in accordance with the EU General Data Protection Regulation no. 2016/679 of 27 April 2016 (GDPR).
Sagard SAS takes data protection very seriously.
1. Who is responsible for the personal data we collect?
Sagard SAS is the Data Controller within the meaning of the GDPR. We collect personal data from our investors and professional contacts in the course of our business.
2. What personal data do we collect?
We collect data about the identity (surname, first name, title, address, etc.), professional life and financial position of our investors and professional contacts. This information may be provided to us directly by our investors and professional contacts, obtained through public sources, or provided by authorised intermediaries involved in the relevant financial transactions (e.g., advising lawyers).
3. How and why do we use your personal data?
We use the data we collect for the following purposes:
- to manage your investment;
- to comply with a legal or regulatory requirement, such as the prevention of money laundering and terrorism financing or a reporting requirement under French tax regulations, the Foreign Account Tax Compliance Act (FATCA), the automatic exchange of information in the field of taxation (DAC) or the Common Reporting Standard (CRS);
- the legitimate interests of Sagard SAS (in particular managing relations with our investors and professional contacts, and for reasons connected with the investments or divestments made by the funds we manage).
We need to collect a certain amount of personal data to do our work as an asset management company. Without these data, we would be unable to fulfil our contractual and regulatory obligations.
4. How do we protect the personal data we collect?
We have the appropriate organisational structure and technical resources in place to protect the confidentiality of your personal data and to prevent them from being altered, damaged, destroyed or disclosed to unauthorised third parties. The data we collect is only accessible to authorised members of our staff and to our service providers when needed by them to perform their services. However, although we take all reasonable measures to protect your personal data, no transmission or storage technology is totally infallible.
In accordance with the GDPR, in the event of a personal data breach likely to result in a high risk to individuals’ rights and freedoms, we undertake to notify the competent control authority and, when required by the GDPR, the relevant data subjects (individually or collectively as appropriate).
Notwithstanding the foregoing, it is your responsibility to take sensible precautions to prevent any unauthorised access to your personal data and your devices (computer, smartphone, tablet, etc.).
5. With whom do we share the personal data we collect?
Your personal data are used only by Sagard SAS and will not be sold to or shared with third parties. However, you should be aware that we may have to use or disclose your personal data if so required by the law or regulations, or disclose them to certain service providers, such as our custodians, when needed by them to perform their services.
Some of these recipients may be located outside the European Union and have access to all or part of the personal information we collect. Where this is the case, we guarantee that your data will be protected to the very highest standards, including through the procedures defined in the applicable regulations.
6. How long do we keep your personal data?
We only keep your personal data for as long as necessary for the purposes for which it was collected.
The retention period therefore varies depending on that purpose, as well as on any applicable legal provisions stipulating a specific retention period for certain types of data, any statute of limitation periods, and the recommendations of the CNIL (Commission nationale de l’informatique et des libertés) for certain types of data processing.
7. What are your rights and how can you exercise them?
As required by the personal data protection regulations, you can exercise your rights to access, rectify, erase, object to or restrict the processing of your personal data at any time, as well as your right to data portability.
You may also object to your personal data being processed for marketing or other commercial purposes.
You can exercise your rights by sending us a letter enclosing a copy of your proof of identity either by e-mail to firstname.lastname@example.org by post to Sagard SAS, Service Direction des Risques et Contrôle Interne, 49/51, Avenue George V, 75008 Paris, France.
You may also complain to the CNIL in the event of a breach of the applicable personal data protection regulations and, in particular, the GDPR.
Sagard SAS reserves the right to update this policy at any time.