Last Updated: February 2023
Morgan Stanley recognizes its obligations in relation to the processing of its personnels’ personal information under applicable data protection and privacy laws. This U.S. Personnel Privacy Notice (this “Notice”) provides information in relation to the collection, storage, access, use, and disclosure (“processing”) of your personal information by Morgan Stanley entities based in the U.S. that you are employed by (the “Firm”), including:
- Types of personal information the Firm collects and processes;
- How the Firm collects your personal information;
- The purposes for which the Firm processes your personal information;
- The monitoring the Firm conducts;
- Use of artificial intelligence and machine learning;
- When the Firm discloses your personal information;
- How the Firm protects your personal information;
- How the Firm retains your personal information;
- Notice to California residents; and
- Changes to this Notice
This Notice applies only to U.S. resident employees, job applicants, contingent workers, and consultants. This Notice describes the rights you have over your personal information held by us.
1. TYPES OF PERSONAL INFORMATION THE FIRM COLLECTS AND PROCESSES
The Firm and its authorized service providers may collect and process information about you, which constitutes personal information, some of which may also be deemed to be sensitive personal information, under applicable data protection and privacy laws, including, but not limited to:
- Personal details, such as your name, unique personal identifier, current and previous address, telephone number, email address;
- Government-issued identifiers, such as, your Social Security Number, state identification number, driver’s license number, passport number, or other similar identifiers as required and as permitted by law;
- Any categories of Personal Information as described in state or federal law, including your ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation, criminal offences or proceedings, age, date of birth, gender, marital status, details related to your family members, country of residence, immigration status and citizenship;
- Financial information, including bank account details (bank account number, IFSC code, bank statements);
- Information about your emergency contacts, dependants and beneficiaries;
- Professional or employment-related information, including your occupation and prior work experience, role/position/title and area of responsibility, employee ID;
- Education information;
- Audio, electronic, or visual information, including an image of your passport or driver’s license which generally includes a head and shoulders photograph, and other photographic and video images of you (e.g., on Corporate Directory or on Firm issued security passes);
- Biometric information;
- Your credit report if a credit check requirement applies to your position;
- CCTV footage and other information obtained through electronic means such as swipe card records; and
- Information about your use of our information and communications systems and location of employment or workplace.
2. HOW THE FIRM COLLECTS YOUR PERSONAL INFORMATION
The Firm and/or its authorized service providers may collect and record your personal information from a variety of sources as further specified in this section.
- From you or as a result of the employment relationship.
- From unaffiliated third party(ies) for limited use to a particular purpose(s) to fulfil limited purpose(s) or as may be permitted or required by law such as:
- Running pre-employment checks, in compliance with the Fair Credit Reporting Act (“FCRA”) where applicable,
- Processing references on behalf of the Firm,
- Health service providers, in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) where applicable,
- Pension and benefits administrators,
- Learning and development organizations,
- Data analysis and survey companies,
- Citizenship / immigration status verification companies,
- Payroll processing companies, and
- Any other services related to Human Resources.
- From government, legal regulatory, supervisory, or other authorities under applicable laws or regulations.
The personal information we obtain through these sources will include your personal details, contact details, identification documents, personal identifiers, and financial account information.
Some of the information we collect about you will be publicly accessible and some will be gained from reliable and independent databases that we access through authorized third parties.
The Firm shall not be responsible for the authenticity of any personal information or any losses arising from any inaccurate or deficient personal information or sensitive personal information that you supply to us.
3. THE PURPOSES FOR WHICH THE FIRM PROCESSES YOUR PERSONAL INFORMATION
The Firm and/or service providers and/or third parties acting on our or their behalf, may process information for the following business purposes:
- Auditing related to interactions with consumers and auditing compliance with this specification and other standards, including
- For reporting (including without limitation transaction reporting) to, and audits by, national and international regulatory, enforcement or exchange bodies and complying with court orders associated with us;
- For Monitoring purposes as defined within and in the Global Monitoring Notice, subject to applicable law; and
- To provide operational support, development of our businesses and improve our services, including to evaluate customer service, efficiency and cost, as well as for risk management purposes.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity, including
- For security and risk management purposes, including to enable the Firm to identify you and to manage your access to Firm premises and interactions with clients, colleagues and other third parties; to manage conflict of interests, outside business interests and conduct risk; and
- To carry out money laundering and conflict checks and for fraud, market abuse, tax evasion, insider trading, financial crime prevention and identification purposes (and this includes consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed).
- Performing services on the Firm’s behalf as a business, including
- To the extent reasonably necessary to manage and administer the employment relationship and the policies and procedures relating to the employment relationship including for: payroll, benefits, tax and time management; performance assessments and evaluations; sickness and absence management; workplace health and safety; disciplinary and grievances; flexible work and leave requests; internal reporting; learning and development; compensation decisions; internal mobility, licensing and registration requirements, and the provision of employment references;
- To manage and administer the Firm’s Diversity Program which enables the Firm to measure its progress with regards to the composition of our employee base and the effectiveness of our diversity and inclusion strategy, to promote Diversity Networks or to invite you to training or career advancement opportunities (all of these being our legitimate interests);
- For recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements;
- For internal training purposes; and
- To contact you about services and products we offer (with your prior consent where required by applicable law).
- As otherwise necessary under law, including
- To exercise and defend its legal rights anywhere in the world; and
- To assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals in connection with any reorganizations, consolidations, liquidations or other any transactions changing the corporate form of the Firm.
We only use sensitive personal information for purposes not subject to use limitation rights under applicable law.
4. THE MONITORING THE FIRM CONDUCTS
The Firm engages in monitoring of employee use of Firm Systems.
“Profiling” that includes any form of systematic and extensive processing of personal information to evaluate, analyze or predict personal aspects concerning individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. For further information on how the Firm conducts Profiling of employees refer the Global Monitoring Notice.
You should not use Firm Systems for personal use if you do not wish your personal use and communication to be monitored. While you are permitted to use Firm Systems for limited personal use, all information stored on or transmitted through the use of the Firm Systems and all recordings and transcripts of telephone conversations are the Firm’s property.
5. USE OF ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING
Generally, our use of Artificial Intelligence (“AI”) and Machine Learning (“ML”) does not result in automated decisions about you which produce legal or similar effects concerning you. In the event our use of AI and/or ML has such an effect, we will provide you with specific notification as required under applicable data protection and privacy laws.
Morgan Stanley does utilize automated methods of processing, such as AI and ML, which are a set of technologies that enable computer systems to perform tasks that traditionally have required human intelligence. We use AI and/or ML in various scenarios. For example, we use AI and ML to analyze data from publicly available sources and/or information you already provided to us to help us identify jobs we think you may be interested in or to determine what types of skills, experience, titles, etc. may be relevant to jobs you have applied for where you are engaging with us as an applicant.
Morgan Stanley personnel involved in the development and/or deployment of AI and ML processing tools are required to review the outcomes of such technologies, to mitigate risks that may be caused by bias decisions. In addition, Morgan Stanley provides training to personnel on how to recognize and to take reasonable steps to mitigate such bias decisions and prevent such events from occurring.
6. TO WHOM THE FIRM DISCLOSES YOUR PERSONAL INFORMATION
To the extent permitted by applicable law, the Firm may process your personal information, for the purposes specified in this Notice, and disclose such personal information:
- Within the Morgan Stanley Group of companies;
- To our service providers, processing your personal information on our behalf or otherwise providing the Firm with professional or other services, including Morgan Stanley affiliates and vendors which conduct administrative, legal, operational, technology and customer service functions in various jurisdictions or third parties who offer services directly to employees/consultants via a corporate arrangement;
- To third parties, such as clients and prospective clients, trading venues, exchange or clearing houses, with whom you interact on behalf the Firm;
- To fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for money laundering checking and fraud prevention purposes;
- To persons to whom we give our rights or obligations;
- To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal information held by us about our employees will be one of the transferred assets;
- To national and international regulatory, enforcement or exchange bodies or courts anywhere in the world or at their request;
- As required by applicable law or regulations; and
- To any third party to whom you authorize us to disclose your personal information.
7. HOW THE FIRM PROTECTS YOUR PERSONAL INFORMATION
The Firm maintains appropriate physical, technical and procedural safeguards designed to protect any information that you provide to us from accidental or unauthorized loss, misuse, damage, modification, access, or disclosure.
8. HOW DOES THE FIRM RETAIN YOUR PERSONAL INFORMATION
We store your personal information in an identifiable form in accordance with our Global Information Management Policy which establishes general standards and procedures regarding the retention, handling and disposition of our records, including personal information. Your personal information is retained as long as necessary to meet legal, regulatory, and business requirements. Retention periods may be extended if the Firm is required to preserve your personal information in connection with litigation, investigations, and proceedings.
9. Notice to California Residents
This section describes your rights under the California Privacy Rights Act and how to exercise those rights.
1. Description of Your Rights
Subject to certain exceptions and limitations, you have the following rights with respect to your personal information.
- Right to request access to personal information. You have the right to request the following information from us.
- Specific pieces of personal information we have about you;
- Categories of personal information we have collected about you;
- Categories of sources from which the personal information is collected;
- Categories of personal information sold, shared, or disclosed, if any;
- Categories of third parties with whom the personal information was sold, shared, or disclosed; and
- The purpose(s) for collecting, sharing, or selling the personal information.
- Right to delete personal information. You have the right to request that we delete the personal information we have collected about you.
- Right to correct inaccurate personal information. You have the right to request that we correct inaccurate personal information that we maintain about you.
- Right not to be discriminated against for exercising the rights identified above. You have the right not to be denied goods or services, charged different prices or rates for goods or services, or receive a differing level of quality of goods or services as a result of exercising the above rights.
2. How to Submit a Request
You or your authorized agent may submit a California rights request by:
- Telephone: +1 (844) 846-9408
- Web Form: morganstanleydsr.ethicspoint.com
In order to provide a response, we may ask that you provide clarifying or identifying information to verify your request. We will respond to authorized requests within the timeframe required by law. The above rights are subject to our ability to reasonably verify your identity and authority to make these requests.
You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.
Agents who make requests on behalf of individuals will be required to verify their authority to make the request by submitting written authorization from the individual.
Your California privacy rights are subject to various exclusions and exceptions under the law. Under certain circumstances, we may be unable to implement your request, pursuant to applicable law. We will advise you of any reason for denying or restricting a request to the extent permitted by law.
We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health insurance or medical identification numbers, account passwords or security questions and answers, or other specific pieces of personal information if the disclosure presents an unreasonable risk to the security of personal information, customer accounts or our systems and network security.
10. CHANGES TO THIS NOTICE
We reserve the right to modify or supplement this Notice at any time. We encourage you to periodically review this Notice to learn about updates to our privacy practices. The Last Updated Date of this Notice, as stated above, indicates the last time this Notice was revised.