Collection and Use of Client Information

AMG Funds LLC and its affiliated businesses, AMG Distributors, Inc. and The AMG Funds Complex, (collectively, “AMG Funds” or “We”) collect only relevant information about our clients that the law allows or requires us to have in order to conduct our business and properly service our accounts. We collect financial and other nonpublic personal information about our clients from the following sources:

  • Directly provided by our clients from investment management contracts and other forms; and
  • Information provided to us by authorized parties acting on behalf of our clients such as accountants, attorneys and investment consultants.

Keeping Information Secure

AMG Funds maintains physical, electronic and procedural safeguards and procedures to protect your financial and other nonpublic personal information, and AMG Funds continuously strives to improve these safeguards and procedures.

Limiting Access to Information

All of AMG Funds’ employees are aware of the importance of maintaining and respecting customer privacy and of the importance of confidentiality. Violations of AMG Funds’ privacy policies may result in disciplinary action.

Accuracy of Information

AMG Funds strives to keep accurate client information records, and AMG Funds takes steps to correct errors as they are found. If there are any inaccuracies in your account statements or in any other communications from AMG Funds, please contact us immediately and the necessary corrections will be made.

Use of Personal and Financial Information by Us and Third Parties

Information about AMG Funds’ clients that is in the firm’s possession is shared with non-affiliated third parties only to the extent necessary for AMG Funds to provide the services for which our clients have hired us, and then only to the extent permitted by law.

AMG Funds typically does not share nonpublic client information with unaffiliated third parties other than as necessary to carry out the actual performance of the investment management services it has been hired to provide. Thus, for example, AMG Funds will share nonpublic client information with brokers and custodian banks in order to buy and sell securities and record those purchases and sales accurately.

AMG Funds may also use such information in the account intake process, which typically includes conducting anti-money laundering screening. As a general rule, AMG Funds does not engage in joint marketing arrangements with unaffiliated third parties that involve the sharing of nonpublic information regarding AMG Funds’ clients, nor does it sell client information to unaffiliated third parties for their own marketing purposes. Any exceptions to these practices are made only with the permission of the particular client for the sharing of information with identified third parties or as otherwise required by law.

As an affiliate of Affiliated Managers Group, Inc. (AMG), AMG Funds also shares with AMG (and certain authorized AMG Affiliates, as applicable) information about AMG Funds’ experiences or transactions with customers or their accounts. AMG and the AMG Affiliates abide by a “No Share” policy whereby this information is not shared with unaffiliated third parties. In certain situations where information is being shared with an AMG Affiliate, AMG Funds has either a “Limited Authorization Form” in place or confidentiality agreements to cover any access to information and limits the sharing of information to that which is referenced in these agreements.

Maintaining Customer Privacy in Business Relationships

AMG Funds does not share client information with anyone who does not agree to keep such information confidential. If you believe AMG Funds has shared your information inappropriately or if you have questions concerning our policy, please contact AMG Funds’ Compliance Department at (203) 299-3500, or write to:

AMG Funds LLC
680 Washington Blvd
Suite 500
Stamford, CT 06901
Attn: Compliance Department

Privacy Policy Concerning Other Persons

During the routine course of business, AMG Funds may also obtain nonpublic personal information from persons other than customers. AMG Funds’ policy is to protect such nonpublic personal information by employing physical, electronic and information destruction safeguards. AMG Funds limits access to such nonpublic personal information, including social security numbers, to only those individuals who need such information to execute their employment duties or to comply with applicable law or regulation. Any other use, access or distribution of nonpublic personal information obtained by AMG Funds is prohibited.

GDPR Privacy Notice

Background

This privacy notice (“GDPR Privacy Notice”) describes how Affiliated Managers Group, Inc. (“AMG”) collects and uses personal data (“GDPR Personal Data”) covered by the European Union’s General Data Protection Regulation 2016/679 (the “GDPR”). AMG is committed to protecting the privacy of those who share their GDPR Personal Data with us, and this notice summarizes the standards we will apply in relation to GDPR Personal Data.

GDPR Personal Data may be collected by AMG or by one of our global distribution offices (each an “AMG Company” and, together with AMG, the “AMG Group”), listed below:

  • Affiliated Managers Group Limited (“AMG UK”)
  • AMG Limited (DIFC Representative Office) (“AMG Dubai”)
  • Affiliated Managers Group (Switzerland) AG (“AMG Switzerland”)
  • Affiliated Managers Group (Hong Kong) Limited (“AMG Hong Kong”)
  • Affiliated Managers Group Pty Limited (“AMG Australia”)
  • AMG Funds LLC (“AMG Funds”)

References to AMG throughout this GDPR Privacy Notice should be understood to reference the AMG entity that collected, or was provided with, your GDPR Personal Data.

1. Collection and Use of GDPR Personal Data

Who we collect GDPR Personal Data about
AMG may collect GDPR Personal Data of current or prospective clients of our Affiliates, through marketing and distribution activities. Where clients are businesses, we may collect GDPR Personal Data about the employees or representatives of those businesses for these purposes. We may also collect relevant GDPR Personal Data of employees of Affiliates.

How we use and share GDPR Personal Data
We may collect, store and use GDPR Personal Data in order to conduct our business as a global asset manager, and to provide support to the business activities of our Affiliates. Due to the global nature of our business, we may share GDPR Personal Data among the entities in the AMG Group and with our Affiliates. GDPR Personal Data of Affiliates’ clients may be shared among the entities in the AMG Group, in connection with marketing activities, or to support strategic business opportunities for our Affiliates.

Similarly, GDPR Personal Data may be shared with third parties who provide professional services to us, such as technology companies who support our computer systems, or to our external auditors or other professional consultants. We may process GDPR Personal Data or make disclosures to third parties or government agencies as required by law, for example, in support of our anti-money laundering (“AML”) controls.

As part of our commitment to confidentiality, we do not share confidential information of employees or partners at our Affiliates, or potential Affiliates, with other Affiliates.

How we collect GDPR Personal Data
AMG may collect GDPR Personal Data from general business and marketing activities with Affiliate clients, as part of investment due diligence processes, from our Affiliates (including in investment agreements), or from AMG Funds plc in relation to AMG UK’s role as sponsor to related funds. AMG may also collect GDPR Personal Data from authorized third parties acting on behalf of our Affiliates, such as accountants, attorneys and consultants.

The types of GDPR Personal Data we may collect directly from Affiliates’ clients are generally limited to contact information. From time to time, we may also collect incidental health or family information for relationship management purposes.

The types of GDPR Personal Data we collect (directly or indirectly) from Affiliates or their authorized agents may include contact information, financial information and, in certain cases, health information and background check information.

The types of GDPR Personal Data we may collect from AMG Funds plc is limited to contact information for the various service providers to the company, and information on the directors of the company required for corporate administration purposes.

Why we collect GDPR Personal Data
We may collect and process GDPR Personal Data for our legitimate interests or the legitimate interests of Affiliates, and third parties to whom we transfer your GDPR Personal Data (provided that such legitimate interests are not overridden by your interests or your fundamental rights and freedoms). Our legitimate interests include the following:

  • enabling collaboration within the AMG Group and with our Affiliates;
  • ensuring business continuity within the AMG Group and with our Affiliates;
  • improving the quality of the services of the AMG Group and of our Affiliates;
  • performing investment related due diligence in connection with potential new investments;
  • ensuring that the AMG Group and our Affiliates comply with applicable laws;
  • enabling the AMG Group and our Affiliates to exercise and defend legal claims; and
  • ensuring the AMG Group and our Affiliates comply with requests from governmental, quasi-governmental and judicial bodies and regulators for information relating to its business.

We also may collect and process GDPR Personal Data in connection with the performance of a contract with you, or in order to take steps at your request before entering into that contract, or to comply with our legal obligations.

2. International Transfers of GDPR Personal Data

The sharing of GDPR Personal Data may require the transfer of the data outside the European Economic Area (“EEA”) (or the UK), including to AMG Companies in Switzerland, the United States, Australia, Hong Kong and the Dubai International Finance Centre, as well as Affiliates in the Channel Islands, the United States, Canada and Hong Kong, and to third party service providers in Ireland, Switzerland, the United States, Australia, Hong Kong, Japan and the Dubai International Finance Centre.

Of these countries, currently only the laws of the Channel Islands and Switzerland have been deemed by the European Commission to provide for an adequate level of protection of GDPR Personal Data. Nevertheless, all transfers are subject to appropriate safeguards, specifically on the basis of contracts with the recipients that include standard data protection clauses adopted by the European Commission (which can be found here).

3. Keeping Information Secure and Limiting Access

AMG has a formal information security program, designed to develop and maintain privacy and data security practices to protect company assets and sensitive third-party information (including GDPR Personal Data). We seek to protect against anticipated threats or hazards to the security or integrity of such information, and against unauthorized access to, or use of, GDPR Personal Data that creates a substantial risk of financial loss, identity theft, fraud or reputational harm.

Our information security protocols comprise internal and external resources designed to identify, protect, detect, resolve, and recover from various threats and attacks of malicious actors. We have documented strategies, policies and procedures in place to protect employee, business, and client data (including GDPR Personal Data) in the event of an emergency or natural disaster. We also have a documented incident response plan, with defined roles and responsibilities that address notification obligations and procedures in the event of a data breach.

4. Retention of GDPR Personal Data

The length of time that we may hold your GDPR Personal Data will vary, depending on the purpose for which we are using it and any applicable legal obligations in the relevant various jurisdictions. Your GDPR Personal Data will be destroyed or erased from our systems when it is no longer required for the purposes set out above, provided that we may retain your personal data in order to comply with applicable laws, rules and regulations.

5. YOUR RIGHTS

You have various rights under data protection laws regarding the processing of your GDPR Personal Data, including, in certain circumstances, those summarized below:

The right of access – Upon request, you are entitled to access a copy of your GDPR Personal Data held by us and to be provided with information in relation to that GDPR Personal Data.

The right to accuracy – Upon request, you are entitled to have inaccurate GDPR Personal Data amended or erased, and to have incomplete GDPR Personal Data completed. We encourage you to contact us if you believe there are any inaccuracies in any communications to you, so that we may promptly make any necessary corrections.

The right to erasure (‘right to be forgotten’) – You have the right to request that we delete your GDPR Personal Data, such as where we no longer require your information or no longer have a lawful basis for processing it. However, there are circumstances where we may not be able to respond to your request due to another overriding regulatory or legal obligation (such as AML obligations).

The right to restrict processing – In certain circumstances, you may request that processing of your GDPR Personal Data be restricted. For example, where the accuracy is contested, you may request a restriction until we verify the data.

The right to object – In certain circumstances, you have the right to object to us processing your GDPR Personal Data (such as, where our processing is on the basis of our legitimate interests and/or where we process for direct marketing purposes).

The right to portability – Where we are processing your GDPR Personal Data on the basis of a contract with you, you have the right to request a copy of your GDPR Personal Data in a machine-readable format for the purposes of transferring it to another data controller and/or for us to transfer your GDPR Personal Data to another data controller.

You may exercise these rights by submitting a request via email or in writing using the contact details provided below. You also have the right to lodge a complaint with a supervisory authority (such as the Information Commissioner’s Office in the UK).

6. CONTACT INFORMATION

If you have any questions concerning this notice, please contact Simon Osborne (AMG Data Protection Specialist) at +44 20 7290 6817, via email at dataprivacy@amg.com, or in writing at Affiliated Managers Group Limited, 35 Park Lane, London W1K 1RB.

May 2018