We respect your Privacy
Morgan Stanley collects, holds, uses, verifies and discloses (“processes”) information about individuals which may constitute personal data, under PRC data protection and privacy laws.
Unless advised otherwise, all references to Morgan Stanley, "we", or "our" in this Privacy Policy includes, individually and collectively, Morgan Stanley entities locatedin the PRC, that process personal data as processors. A list of Morgan Stanley China firms can be found on the corporate website of Morgan Stanley here.
In connection with specific products or services offered by Morgan Stanley, you will also be provided with additional privacy policies or statements which are relevant to those specific products or services.
This Privacy Policy describes:
· What personal data we collect;
· How we collect your personal data;
· What personal data is obtained from other sources;
· The purposes and legal basis for which we use your personal data;
· The monitoring we conduct;
· When we disclose your personal data;
· How we protect your personal data;
· How we retain your personal data;
· What marketing we conduct;
· Your rights under applicable law;
· How we update this Privacy Policy; and
· How you can contact us.
Please read this Privacy Policy carefully to understand how we process your personal data.
1. What personal data we collect?
If you deal with Morgan Stanley as an individual client or otherwise in your individual capacity e.g. relating to a trust, fund, other investment management product or investment vehicle established to invest on your behalf or services we provide to you, or as a prospective employee, then we may collect the following types of personal data about you:
· Personal details, such as name, age, date of birth, gender, citizenship, occupation, marital status and integrity information;
· Contact details, such as current and previous address, telephone, email, in some cases both private and work-related contact details;
· Identification documents, such as your passport, copies which generally include a head and shoulders photograph from, as applicable, your passport, national identity card or driver's license, as required and permitted by applicable laws and regulations addressing due diligence and related matters;
· A government-issued personal identifier (as permitted by law);
· Personal details relating to your immediate family members and details relating to any senior political figures (e.g. senior military or government official) to whom you are connected;
· Financial information, including source of wealth/funds, investment experience and objectives, risk tolerance and representations required under applicable law or regulation concerning your financial resources; and
· Information relating to political affiliations, trade union membership or criminal convictions (as required and /or permitted by law).
If Morgan Stanley is providing credit to you, we also collect personal information about you that is credit information, including:
· The fact that you have applied for credit, the credit type, the credit provider and the amount;
· If permitted, your credit history with other credit providers, including whether or not you have met obligations to make repayments in the past;
· Default and payment information about you;
· Court proceedings information about you;
· Personal insolvency information about you;
· Publicly available information about you that relates to your creditworthiness; and
· If permitted, an opinion of a credit provider confirming whether or not you have committed a serious credit infringement in relation to consumer credit provided by that provider to you.
If you deal with Morgan Stanley in the capacity of an officer, employee, director and or principal of one of our corporate,institutional or product clients,actualcontroller, shareholder, beneficiary, the personal data we collect about you personally includes:
· Your name, date of birth and contact details;
· Your role/position/title and area of responsibility; and certain identifying information (e.g. passport photo, etc.) as required by applicable law; information on money laundering,financing of terrorism, tax evasionand related matters; non-resident financial account tax related information due diligence; and
· Information relating to political affiliations, trade union membership or criminal convictions (as required and /or permitted by applicable law).
As well as the individuals described above, we may also request sensitive personal data from employees, applicants for employment or individuals wishing to provide services to us.We will only collect and process sensitivepersonal datawhere we have your consent.
Of course, you are not required to supply any of the personal data that we request. However, failure to supply any of the personal data that we request may result in our being unable to open or maintain your account, provide services to you or your company, discuss any other opportunities with you or deal with other matters.
While we make every effort to ensure that all personal data we hold about you is accurate, complete and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your personal data. To extent permissible under applicable law, we shall not be responsible for the authenticity of any personal data or sensitive personal data or any losses arising from any inaccurate or deficient personal data or sensitive personal data that you supply to us.
2. How do we collect your personal data?
The personal data we collect regarding you comes primarily from information that you submit to us or that is otherwise captured during the course of your relationship with us.
For clients, we obtain personal data about you from the forms and documents used when you apply for an account with us, from your transactions with us and from your access to or use of our products and services.
For employees or applicants for employment, we obtain personal data about you from your resume or job application form.
For individuals employed by a company providing service to Morgan Stanley, we request personal data about you from your employer.
We also collect personal data when we monitor or record our communications with you or through use of certain technology as detailed further below.
3. Personal data obtained from other sources
We also obtain your personal data from our agents or service providers acting on our behalf, from third parties authorized to provide us with such information, such as credit reporting bodies, other credit providers or other agencies used for running due diligence checks, authorized third parties performing identity verification procedures on our behalf and/or from third parties who provide services to you such as your financial adviser, financial planner, dealer group, accountant or other professional adviser.
The personal data we obtain through these sources include personal details, contact details, identification documents, personal identifier, financial account information, and where permitted by applicable law and only to the extent needed information relating to political affiliations, trade union membership or criminal convictions. In addition, where Morgan Stanley is offering credit to you and these sources are performing identity verification functions in relation to such credit offering, they will disclose name, date of birth and address to a credit reporting agency if permitted by applicable law. In such instance, the credit reporting agency will perform an assessment of whether the information matches its record, either in whole or part, and provide the assessment results to us. Please inform your Morgan Stanley representative in the event you do not want your personal data verified against credit reporting agency information for identity verification purposes, who will discuss other options available to you.
Some of this information is publicly accessible and/or reliable and independent databases that we access through an authorized third party to whom we disclose your personal data for the purpose of performing required identity verification procedures.
Where you are an individual associated with a corporation or institution with whom Morgan Stanley does business, your personal data will also be provided to us via that corporation or institution. Such personal data includes personal and contact details, financial information, identification documents and, where permitted by applicable law and only to the extent needed, information relating to political affiliations, trade union membership or criminal convictions.
4. What are the purposes and legal basis for which we use your personal data?
We will only process your personal data based on a valid legal ground and subject to any related exemptions under applicable laws. We may (with your prior consent where required by applicable law) process and use your personal data, as applicable:
· To enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract;
· To administer and operate services in accordance with the customer documents (including without limitation authorising or confirming transactions and for billing purposes);
· To provide operational support and development of our businesses including to evaluate customer service, efficiency and cost, as well as risk management purposes;
· To contact you about other services and products we offer (with your prior consent where required by applicable law);
· For monitoring purposes specified section 5 below;
· For recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements;
· In case of employees, to carry out the employment relationship, to fulfill our duties as an employer and to make use of our rights as employer;
· For internal training purposes;
· To exercise and defend our legal rights including in relation to any litigation, disputes or contentious matter we or that of any associated firm are involved in and/or to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals, subject to applicable law;
· In order to comply with legal and regulatory obligations and requests, (including any legal or regulatory guidance, codes or opinions), applicable to us or for the performance of a task carried out in the public interest;
· To carry out credit, money laundering, financing of terrorism, tax evasion and conflict checks, non-resident financial account tax related information due diligence and for fraud, financial crime prevention purposes (and this may include consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed); to verify your personal data we collect from you for such credit, money laundering financing of terrorism, tax evasion and conflict checks, and non-resident financial account tax related information due diligence; and
· For reporting (including without limitation transaction reporting) to, and audits by, national and international regulatory, enforcement or exchange bodies and complying with court orders associated with us subject to applicable law; and for monitoring purposes specified below.
5. What monitoring do we conduct?
To the extent permitted by applicable law, we, access, review, disclose, intercept, monitor and/or record (“Monitor”) (i) verbal and electronic messaging and communications (e.g., telephone, facsimile, sms, instant message, email, Bloomberg and any other electronic or recordable communications) with you and your agent (“Communications”) and (ii) your use of technology owned by or made accessible by us, our associated firms or any other persons on our or their behalf, including but not limited to systems that facilitate Communications with you or your agent, information processing, transmission, storage and access, as well as remote access (collectively “Systems”).
We will only Monitor Communications and Systems to the extent permissible under applicable law from time to time for the following purposes:
a) to establish the existence of facts (e.g., keeping records of transactions);
b) to ascertain compliance with regulatory or self-regulatory practices or procedures which relate to our business;
c) to ascertain or demonstrate standards which are achieved or ought to be achieved by persons using Systems, including compliance with any terms of use associated with use of Communications and Systems;
d) to prevent, detect or investigate crime, money laundering, financing of terrorism, tax evasion, fraud, financial crime and/or other breaches of applicable law;
e) to comply with applicable laws and regulations, this Privacy Policy and any applicable policies and procedures;
f) to safeguard against the loss, theft, unauthorised and unlawful collection, use, disclosure, destruction or other processing or misuse of confidential and proprietary information;
g) to prevent, detect or investigate unauthorised use of Communications and Systems and/or data (e.g., Monitoring to ensure compliance with the our policies and procedures, including without limitation those relating to information security and cyber security);
h) to ensure the effective operation of Morgan Stanley Systems (including telephones, email and internet) systems;
i) for security or health and safety purposes;
j) for support and administration purposes;
k) to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals, subject to applicable law; or
l) for evaluating the quality of customer service, efficiency, cost and risk management purposes.
Monitoring is conducted by us using various methods, including: (i) the use of “intelligent” automated monitoring tools; (ii) IT filtering tools which randomly review Communications and Systems; (iii) through random monitoring of Communications and Systems, e.g. by authorised supervisors randomly joining on-going telephone calls on the sales and trading floors; (iv) specific monitoring of key Communications and Systems e.g. in relation to investigations, regulatory requests, subject access requests, litigation, arbitration or mediation or; (v) data tracking, aggregation and analysis tools that pull data from various disparate data sources to draw linkages and/or detect behavioral patterns, interactions or preferences for analysis (including predictive analysis); and/or (vi) using other similar Monitoring technology that may become available from time to time.
We also use cookies and similar technologies to collect information about you when you visit our websites or interact with us on-line e.g. via email or other electronic means. To find out more about how we use cookies and similar technologies, how we process the information obtained through cookies and how to reject cookies, see Our Global Cookies Policy at https://www.morganstanley.com/global-cookie-policy.html
6. When do we disclose personal data we collect about you?
You should know that:
· Morgan Stanley does not sell, rent or trade your personal data; and
· Morgan Stanley does not disclose your personal data, except as described in this Privacy Policy.
Our processing and use of your personal data, for the purposes specified in this Privacy Policy, includes disclosure of your personal data:
· Between us and our associated firms, a list of which may be referred to in the corporate website of Morgan Stanley here;
· To other persons processing your personal data on our behalf or otherwise providing us or them with professional or other services including our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions;
· To third parties such as settlement agents, overseas banks or exchange or clearing houses to whom we disclose personal data in the course of providing products and services to you;
· To credit reference, fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for credit and money laundering checking and fraud prevention purposes;
· To persons to whom we assign or novate our rights or obligations;
· To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets (in which case, we will notify you in accordance with applicable laws);
· To national and international regulatory, enforcement or exchange bodies or courts as required by applicable law or regulations or at their request, subject to applicable law; and
· To any third party to whom you authorise us to disclose your personal data.
In due course we will publish a list of such recipients to provide notice of the parties that can independently determine processing purposes and methods when processing your personal data, details on what, how and why they process your personal data. Should you require such information in the meantime, please contact ourData Protection Office as described below.
These disclosures, subject to applicable law, involve overseas storage and other overseas transfer, processing and use of your personal data, and disclosure to these third parties, including in or to countries or territories where the laws may provide a different level of data protection. Without limiting the foregoing, your data will be disclosed by us to our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions including China, Hong Kong S.A.R., Hungary, India, Japan, Singapore, United Kingdom and the United States of America and other countries where Morgan Stanley operates (Global Offices). When personal data is transferred to such countries or territories not recognised under applicable law as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms as required under applicable law, (such as the EU Standard Contractual Clauses, and, in due course, clauses approved by the Cyberspace Administration of China), to ensure personal data remains protected. You can obtain a copy of the relevant data transfer mechanism we have put in place to protect personal data by contacting our Data Protection Office as described below.
In due course, we will publish a list of the recipients to whom we transfer personal data outside of mainland China, their contact details and details on what, how and why such recipients process your personal data. Should you require such information in the meantime, please contact ourData Protection Office as described below.
7. How do we protect your personal data we collect about you?
Morgan Stanley maintains appropriate physical, technical and procedural safeguards designed to protect any information that you provide to us from accidental or unauthorised loss, misuse, damage, modification, access or disclosure.
Morgan Stanley has established a global Information Security Office, which leads efforts to:
· Safeguard the confidentiality and privacy of information resources;
· Properly classify information resources;
· Meet legal and regulatory obligations concerning the protection of information resources;
· Implement and maintain information security policies and procedures;
· Integrate protection of information resources into the process lifecycles of the business;
· Educate those working for or on behalf of Morgan Stanley on Information Security policies and responsibilities; and
· Authenticate users and limit access to information resources based on authorization that has been granted.
Third parties who process your personal data on our behalf are required to adhere to appropriate security standards designed to protect such information against unauthorised access, destruction or loss.
8. How do we retain your personal data?
We retain personal data in an identifiable form in accordance with our records retention policy which establishes general standards and procedures regarding the retention, handling and disposition of personal data. Personal data is retained as long as necessary to meet legal, regulatory and business requirements. Retention periods will be extended if we are required to preserve personal data in connection with litigation, investigations and proceedings. Upon request, we and/or our associated firms will provide you with more information on the exact retention periods applying to your personal data in each case.
9. What marketing do we conduct?
If there are any products or services that we or our associated firms believe may be of particular interest to you, whether provided by us, by our associated firms, we or our associated firms will contact you by mail, email, telephone, etc., including, where permitted by applicable law, outside standard working hours or if you are travelling overseas. Where required by applicable law, we will request your prior consent before we or our associated firms use your personal data for marketing purposes. If you do not wish us to use or provide to our associated firms your personal data for marketing purposes, you may notify us at msim-service@morganstanley.com.cn any time or as directed in any marketing materials we send to you. Please note that if you do not wish us or our associated firms to contact you for such purposes, we or our associated firms may need to limit the range of products and services which we or our associated firms will offer to you or we or our associated firms may not be able to open an account for you or continue our relationship with you.
10. What rights do you have?
To the extent provided by applicable law and subject to exemptions thereunder, you have the right to request access to and rectification or erasure of personal data; to obtain restriction of the processing of personal data; to object to the processing of personal data (including direct marketing); to request information about the ways in which and under what rules your personal data has been used by us; and to data portability. If we have collected personal data with your consent, please note that you have the right to withdraw this consent at any time, subject to applicable law and exemptions thereunder. If you wish to exercise any of your data protection rights or if you consider that we have processed personal data in violation of applicable law, please contact our Data Protection Office as described below. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal data. We will process your request within the time provided by applicable law. If you consider that we have processed personal data in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with a competent data protection authority.
In the case of a request for access to personal data, we reserve the right to charge an appropriate fee, if applicable and where permitted under applicable law. If a fee is chargeable we will advise you of the likely fee in advance where required under applicable law.
11. How do we update this Privacy Policy?
We may change or update portions of this Privacy Policy to reflect changes in our practices and or applicable law and regulation. Please check this Privacy Policy from time to time so you are aware of any changes or updates to the Privacy Policy, which may be indicated by a change in the effective date noted at the beginning of the Privacy Policy. Where required under applicable data protection and privacy laws, we will notify you of any change or update portions of this Privacy Policy by individual message or by disclosing the changes to the data processing on a publicly available medium.
12. How can you Contact Us?
If you would like to contact us in respect of any element of this Privacy Policy, including, without limitation and subject to applicable data protection law, where you wish to exercise any of your data protection rights or where you wish to raise a complaint or grievance please contact our Data Protection Office on the details below.
If you make a complaint about a breach of applicable data protection laws by Morgan Stanley, Morgan Stanley will respond as soon as possible to let you know who is responsible for managing your complaint. Morgan Stanley will investigate the complaint and where necessary we will consult with third parties who may be involved in the processing of your personal data. Morgan Stanley will respond to all complaints within such timeframes required under applicable law. If further investigation is required, it will be carried out and then you will be notified of a proposed remedy. This will be confirmed to you in writing.
If you do not receive a response from us within such timeframes required under applicable law or your complaint is not resolved within that time to your satisfaction, you may apply to the applicable data protection authorities to have your complaint heard and determined.
We will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.
Contact Details:
By email: dataprotectionoffice@morganstanley.com