Effective as of May 2012
We respect your Privacy
In the course of serving you as an individual or as someone associated with a corporation or institution, Morgan Stanley may collect, hold, use and disclose ('process') information about individuals which may constitute personal data, (including, in certain jurisdictions, sensitive personal data), under the EU Data Protection Directive and implementing laws, and similar laws in other European, Middle East and African countries as well as Switzerland, Russia (EMEA), and countries in Asia excluding Japan (Asia).
What Personal Data do we collect?
If you deal with Morgan Stanley as a private client or otherwise in your individual capacity e.g. relating to a trust or investment vehicle established to invest on your behalf, then typically we collect the following types of personal data about you:
- Personal details, such as name, age, occupation and marital status;
- Contact details such as address, telephone, email, in some cases both private and work related contact details;
- Identification documents, such as your passport, copies which may generally include a head and shoulders photograph from, as applicable, your passport, national identity card or driver's license, as required by laws and regulations addressing due diligence and related matters;
- A personal identifier such as, depending on your country of residence, your Social Security Number, National Insurance Number, Tax File Number, etc.; and
- Extensive financial information, including source of wealth, investment experience and objectives, risk tolerance and, in certain jurisdictions, representations required under applicable law or regulation concerning your financial resources.
- Data obtained during the recruitment process.
If you deal with Morgan Stanley in the capacity of an officer, employee, director and or principal of one of our corporate or institutional clients, the typical personal data we collect about you personally would include:
- Your name and contact details;
- Your role/position/title and area of responsibility; and
- Certain identifying information (e.g. passport photo, etc.) as required by laws and regulations addressing money laundering and related matters.
Of course, you are not required to supply any of the personal data that we may request. However, failure to supply any of the personal data that we may request may result in our being unable to open or maintain your account, provide services to you or your company, discuss any other opportunities with you or deal with other matters. While we make every effort to ensure that all information we hold about you is accurate, complete and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your personal data. We shall not be responsible for the authenticity of any personal data or sensitive personal data or any losses arising from any inaccurate or deficient personal data or sensitive personal data that you supply to us.
How do we collect your Personal Data?
The personal data we collect regarding you come primarily from information that you submit to us during the course of your relationship with us. Typically we obtain personal data about you from the forms and documents used when you apply for an account with us, from your transactions with us, from your access to or use of our products and services or from third parties authorized to provide us with such information. We also collect personal data when we monitor or record our communications with you or through use of certain technology as detailed further below.
What are the purposes for which we use your Personal Data?
We, our associated firms and/or other persons acting on our or their behalf may process and use your personal data to:
- Administer and operate services in accordance with the customer documents, (including authorising or confirming transactions and for billing purposes);
- In the course of the operational support and development of our businesses;
- To carry out credit, money laundering and conflict checks and for fraud prevention purposes, (and this may include consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed);
- To contact you about other services and products we offer;
- To exercise and defend our legal rights;
- In order to comply with legal and regulatory obligations and requests anywhere in the world, (including reporting to and being audited by national and international regulatory, enforcement or exchange bodies and complying with court orders);
- For recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements.
- For any other legitimate business purposes; and
- As otherwise permitted under any applicable law or regulation.
We, our associated firms and/or other persons acting on our or their behalf record or monitor communications, (including email, instant messaging, facsimile, telephone (including mobile phones issued by us) and other electronic communications), with you or your agent(s) to the extent permissible under the applicable law for legitimate business purposes or for purposes permitted by law from time to time, including without limitation:
- to safe guard against the unauthorized and unlawful processing or misuse of our data and that of our employees, clients and vendors;
- establishing the existence of facts (e.g., keeping records of transactions);
- ascertaining compliance with regulatory or self regulatory practices or procedures which relate to Morgan Stanley;
- preventing or detecting crime;
- investigating or detecting unauthorised use of our systems and other materials (e.g., monitoring to ensure compliance with our policies and procedures and to evaluate the quality of customer service);
- ensuring the effective operation of our telecommunications (including telephones, email and internet) systems;
- for security or health and safety purposes; or
- support and administration purposes.
When do we Disclose Personal Data we collect about you?
You should know that:
- Morgan Stanley does not sell, rent, trade your personal data; and
- Between us and our associated firms, a list of which may be referred to in the corporate website of Morgan Stanley http://www.morganstanley.com/contact_us.html;
- To other persons processing your personal data on our or their behalf or otherwise providing us or them with professional or other services;
- To third parties such as settlement agents, overseas banks or exchange or clearing houses to whom we disclose in the course of providing products and services to you;
- To credit reference, fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for credit and money laundering checking and fraud prevention purposes;
- To persons to whom we assign or novate our rights or obligations; and
- To prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- Also to national and international regulatory, enforcement or exchange bodies or courts anywhere in the world as required by applicable law or regulations anywhere in the world or at their request.
These disclosures may involve overseas storage and other overseas transfer, processing and use of your personal data, and disclosure to these third parties, including in or to countries or territories which do not offer the same level of protection of personal data as may be enjoyed within your home country.
How do we Protect the Security and Confidentiality of your Personal Data we collect about you?
Morgan Stanley maintains appropriate physical, technical and procedural safeguards to protect any information that you provide to us from accidental or unauthorised loss, misuse, damage, modification, access or disclosure.
Morgan Stanley has established a global Information Security Office, which leads efforts to:
Third parties who process your personal data on our behalf are required to adhere to appropriate security standards to protect such information against unauthorised access, destruction or loss.
- Safeguard the confidentiality and privacy of information resources;
- Properly classify information resources;
- Meet legal and regulatory obligations concerning the protection of information resources;
- Implement and maintain information security policies and procedures;
- Integrate protection of information resources into the process lifecycles of the business;
- Educate those working for or on behalf of Morgan Stanley on Information Security policies and responsibilities; and
- Authenticate users and limit access to information resources based on authorization that has been granted.
What rights do you have?
If you wish to access a copy of your personal data or you wish to modify any personal data which we hold about you, or you want us to cease processing any of your personal data held by us, subject to applicable law, you can do so by written request to the applicable Privacy & Data Protection Counsel or other named contact at the address set out below.
In the case of a request for access to personal data, we reserve the right to charge an appropriate fee, if applicable. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal data. We will process your request within the time provided by applicable law.
How can you Contact Us?
EMEA Privacy & Data Protection Counsel
Legal & Compliance Division
Morgan Stanley & International plc
20 Bank Street, Canary Wharf
London E14 4AD
German Data Protection Officer
Morgan Stanley Bank AG
Phone: +49 69 2166-2529
Swiss Data Protection Officer
ASIA (ex Japan):
Asia Privacy and Data Protection Counsel
Legal and Compliance Division
Morgan Stanley Asia (Singapore) Pte.
23 Church Street
#16-01 Capital Square
India Grievance Officer
Legal and Compliance Division
Morgan Stanley Advantage Services Private Limited
No. 5, Sector 30,
Mumbai 400 090