SHAREWORKS AND STOCKPLAN CONNECT

PRIVACY POLICY

 

Effective Date: August 2022

1.     Overview

Morgan Stanley Smith Barney LLC through itself and /or its affiliates ("Morgan Stanley", "us", "our" or "we") provides global Services to public and private companies that offer equity and other types of awards through company plans to their employees, directors, and consultants and private companies seeking to track corporate capitalization data, via an internet-based platform, such as at https://www.shareworks.com and any alternative, replicated and/or back up websites made available by or on behalf of us (collectively the “Platform”). The Platform and Services are provided by us based on the Services we have agreed to provide to your current and/or former employer (“Company”).

The “Services” may include the offering and provision of:  

a)              Management of corporate capitalization data, as well as management, administration and execution of share plans and the sale of securities using the Platform or through a software application on a mobile device or by contacting a customer service representative that was made available by or on behalf of us; and/or  

b)              Morgan Stanley at Work which is a broad set of employee benefit solutions, services and offerings made available by Morgan Stanley and designed to help employees realize the full value of their workplace benefits, better understand their equity awards and drive better outcomes in the context of their overall financial goals, including, but not limited to, share plan administration and related support services, financial education and wellness, self-directed and other brokerage accounts, other digital solutions and resources, banking and lending products and services, and wealth management services,

each to the extent we have agreed to provide such Services under the terms of our agreement with your Company.  

In connection with the Services and/or your access and use of the Platform, we will process personal information as a data processor as defined under applicable data protection and privacy laws. In limited circumstances, Morgan Stanley may be deemed to be a data controller as defined under applicable data protection and privacy laws (e.g. where we process personal information to comply with our legal or regulatory obligations or where we collect information about your use of our Shareworks website). This Privacy Policy describes how Morgan Stanley, (acting as a data controller and as a data processor), processes your personal information, including: 

•       How We Collect Your Personal Information;

•       What Personal Information We Collect;

•       What Personal Information Is Obtained from Other Sources;

•       The Purposes for which We Use Your Personal Information;

•       How We Share Your Personal Information;

•       How We Protect Your Personal Information;

•       How We Retain Your Personal Information;

•       Your Rights Under Applicable Law; • How We Update This Privacy Policy; and

•       How You Can Contact Us.

Where the description of our data processing in this Privacy Policy only applies in relation to our processing of personal data as a data controller, we have noted this.

This Privacy Policy does not apply to other information we collect, including information collected on other websites, separate websites operated by us or by our affiliates or business partners that do not post this Privacy Policy, or other information that may be provided to us through other means.

2.     How we collect your personal information 

We collect information provided by your Company or that you provide via forms, applications, surveys or other online fields. There are portions of our online services where we may collect personal information about you for identification purposes, to fulfil your online requests, or where we believe it is reasonably required for ordinary business purposes.

3.     What Personal Information we collect

We collect the following information: 

a)              Identifiers, including the following:

i.            contact information, such as your name, phone number, postal address, email address and your personal and/or work-related contact information;

ii.           government-issued identifiers, such as your Social Security number, passport number, or other similar identifiers as required and permitted by applicable laws and regulations; and

iii.          user name, password and account numbers;

 

b)              Individual Characteristics, such as your age, date of birth, gender, marital status, nationality or citizenship;

c)              Commercial and financial information, such as your source of wealth/income, investment experience and objectives, creditworthiness and credit history, and risk tolerance;

d)              Professional or employment related information, such as current or past job history;

e)              Sensitive personal information such as information relating to political affiliations, criminal convictions, and biometric information, such as a voiceprint (as required and /or permitted by law);

f)               Geolocation data, to the extent you use one of our mobile apps and choose to share location data;

g)              Internet or other electronic network activity information, in relation to your access and use of the Platform and tools therein; and

h)              Family details such as personal details relating to your immediate family members and details relating to any senior political figures (e.g. senior military or government official) to whom you are connected.

While we make every effort to ensure that all personal information we hold about you is accurate, complete and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your personal information. To extent permissible under applicable law, we shall not be responsible for the authenticity of any personal information or sensitive personal information or any losses arising from any inaccurate or deficient personal information or sensitive personal information provided by your Company or that you provide via forms, applications, surveys or other online fields.

4.     What Personal Information Is Obtained from Other Sources?

We also obtain your personal information from our affiliates, agents, or service providers acting on our behalf, from third parties authorized to provide us with such information, such as credit reporting bodies, other credit providers or other agencies used for running due diligence checks, authorized third parties performing identity verification procedures on our behalf and/or from third parties who provide services to you such as your financial adviser, financial planner, dealer group, accountant or other professional adviser. 

The personal information we obtain through these sources include personal details, contact details, identification documents, personal identifier(s), financial account information, and where permitted by applicable law and only to the extent needed, information relating to political affiliations or criminal convictions. 

Where we collect your personal information from other sources, where required under applicable law, we will obtain your consent to do so or you will have provided your consent to those third parties to allow them to share your personal information with us.  Some of this information is collected from publicly accessible and/or independent databases that we access through an authorized third party to whom we disclose your personal information for the purpose of performing required identity verification procedures. 

5.     The Purposes for Which We Use Your Personal Information

Where we are acting as a data processor as defined under applicable law, we will process personal information in connection with the provision of the Platform and Services and our agreement with your Company, including for the following purposes:

a)     To provide operational support, administer and operate the Services, respond to your questions and requests, provide service support and contact you about updates to the

Platform and/or Services;

b)     To conduct research and analytics (for example, regarding the use of the Platform and/or Services), and provide you customized content and communications that we believe may be of interest to you;

c)      To allow you to use certain financial planning tools available on the Platform and/or Services;

d)     To compile transactional tax data;

e)     To allow you to utilize features within the Platform and/or Services by granting us access to information from your device, such as contact lists, when you request certain services;

f)      To maintain measures aimed at detecting and preventing fraud and protecting the security of personal information and the Platform and/or Services; and

g)     To monitor the performance of our online services, diagnose problems and ensure that our online services function properly, make the Platform and/or Services easier and more convenient to use, and otherwise administer the Platform and/or Services.

Where we are acting as a data controller as defined under applicable law, we, our affiliates and service providers will process personal information where we have a valid legal basis as set out below:

a) For our legitimate interests (in each case provided such interests are not overridden by your privacy interests) or as necessary in relation to the Services, including: 

i.            For the development of our businesses including to evaluate customer service, efficiency and cost, as well as risk management purposes;

ii.          To verify/authenticate your identity and/or location in order to allow access to your accounts;

iii.         To investigate suspected fraud, harassment, or other violations of any law, rule, or regulation, the rules or policies of the Platform and/or Services, or the rights of third parties, or to investigate any suspected conduct which we deem improper;

iv.         To comply with laws, regulations, legal processes and law enforcement requirements; 

v.          To otherwise operate our business, or any other purpose that complies with applicable laws and regulations; and

vi.         For internal training purposes. 

b)     To exercise and defend our legal rights anywhere in the world including in relation to any litigation, disputes or contentious matter that we or any of our affiliates anywhere in the world are involved in and/or to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals.

c)     In order to comply with legal and regulatory obligations and requests (including any legal or regulatory guidance, codes or opinions) applicable to us anywhere in the world or for the performance of a task carried out in the public interest, including:

i.          To carry out credit, money laundering and conflict checks and for fraud or financial crime prevention purposes (and this may include consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed); to verify the personal information we collect from you for such credit, money laundering and conflict checks; and

ii.         For reporting (including without limitation transaction reporting) to, and audits by, national and international regulatory, enforcement or exchange bodies and comply with court orders associated with us. 

 

6.     How We Share Your Personal Information

We do not sell, rent or trade your personal information.

We do not disclose your personal information, except as described in this Privacy Policy.

Our processing and use of your personal information, for the purposes specified in this Privacy Policy, includes disclosure of your personal information:

 

•       Between us and our affiliates;

•       To other persons processing your personal information on our behalf or otherwise providing us with professional or other services, including our affiliates and vendors which conduct operational, technology and customer service functions in various jurisdictions;

•       To third parties such as settlement agents, overseas banks or exchange or clearing houses to whom we disclose personal information in the course of providing products and services to you;

•       To credit reference, fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for credit and money laundering checking and fraud prevention purposes;

•       To persons to whom we assign or novate our rights or obligations and those persons continue to use your data for the same purposes;

•       To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets;

•       To national and international regulatory, enforcement or exchange bodies or courts anywhere in the world as required by applicable law or regulations anywhere in the world or at their request; and

•       To any third party to whom you authorize us to disclose your personal information.

 

These disclosures may involve overseas storage and other overseas transfer, processing and use of your personal information, and disclosure to these third parties, including in or to countries or territories where the laws may provide a different level of data protection.  

Specifically, the Platform is controlled, operated and administered by Morgan Stanley and its affiliates, vendors, and third parties (conducting operational, technology and customer service functions), in various jurisdictions, subject to our agreement with your Company, including Australia, Canada, Germany, Japan, Spain, India, the United Kingdom and the United States of America. When personal information is transferred to such countries or territories not recognised under applicable law as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms, where required under applicable law (such as the EU Standard Contractual Clauses), to ensure personal information remains protected. Subject to applicable law, you can obtain a copy of the relevant data transfer mechanism we have put in place to protect personal information by contacting us using the contact details below.

 

 

7.     Cookies and Similar Technologies

We also use cookies and similar technologies to collect information about you when you visit our websites or interact with us online (e.g. via email or other electronic means). To find out more about how we use cookies and similar technologies, how we process the information obtained through cookies, and how to reject cookies, see our Global Cookies Policy at http://www.morganstanley.com/global-cookie-policy.html

8.     Do Not Track Policy

Most browsers can be set to send signals to third party websites requesting them not to track the user's activities. At this time, we do not respond to "do not track" signals. Consequently, our third party service providers such as Adobe Analytics, and other third party websites and online services, may indeed track and collect information about your online activities over time while navigating to, from and on our online services and across those third party websites and online services, notwithstanding any "do not track" signals we may receive.

9.     How We Protect Your Personal Information  

Subject to your obligations under the Terms and Conditions, Morgan Stanley maintains appropriate physical, technical and procedural safeguards designed to protect any information that you provide to us from accidental or unauthorised loss, misuse, damage, modification, access or disclosure.

Morgan Stanley has established a Global Information Security Office, which leads efforts to:

•       Safeguard the confidentiality and privacy of information resources;

•       Properly classify information resources;

•       Meet legal and regulatory obligations concerning the protection of information resources;

•       Implement and maintain information security policies and procedures;

•       Integrate protection of information resources into the process lifecycles of the business;

•       Educate those working for or on behalf of Morgan Stanley on Information Security policies and responsibilities; and

•       Authenticate users and limit access to information resources based on authorization that has been granted.

 

Third parties who process your personal information on our behalf are required to adhere to appropriate security standards designed to protect such information against unauthorised access, destruction or loss.

For further information about how we protect your privacy and access to our GLBA consumer notice, please see our U.S. Privacy Policy at https://www.morganstanley.com/disclaimers/usprivacy-policy-and-notice.html. 

 

 

10.  How We Retain Your Personal Information?

In our capacity as a data controller, we retain personal information in an identifiable form in accordance with our records retention policy which establishes general standards and procedures regarding the retention, handling and disposition of personal information. Personal information is retained as long as necessary to meet legal, regulatory and business requirements. Retention periods will be extended if we are required to preserve personal information in connection with litigation, investigations and proceedings. Upon request, we and/or our affiliates will provide you with more information on the exact retention periods applying to your information in each case.

11.  Your Rights Under Applicable Law  

To the extent provided by applicable law and subject to exemptions thereunder and/or subject to our agreement with your Company, you may have the right to:

•        Request access to and rectification or erasure of personal information; 

•        Obtain restriction of the processing of personal information; 

•        Object to the processing of personal information;  • Withdraw your consent; and 

•        Request data portability. 

 

In order to exercise certain rights with respect to data collected from and processed in the context of the Services provided to your employer, we may ask you to direct such request or obtain confirmation from your Company. 

 

You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal information. We will process your request within the time provided by applicable law. If you consider that we have processed personal information in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with a competent data protection authority.

12.  Updating Your Information

You may review or update certain account information by logging into the Platform. If you cannot change the incorrect information online, or you need to request changes offline, please update such information by contacting the Workplace Solutions Group that provides Shareworks participant support at the number provided on our website. Please note that certain information, such as your name, corporate email address, home address, hire date, and birth date, may only be changed through your Company. 

13.  Mobile Applications

When you connect to the Platform using a mobile application, we may request your permission to access certain information, such as your location. These permission-related features are opt-in and you can turn these features off at any time.

Some mobile applications will utilize analytic tools to help us better serve our customers through improved products, services, and revisions to the mobile applications. This collected information does not identify you to Morgan Stanley. It may, however, let us know anonymously which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.

14.  Links to Other Websites 

This Privacy Policy only applies to the use and disclosure of information in relation to the Platform and/or Services. The Platform may contain links to other websites such as other Morgan Stanley websites and websites belonging to third parties, such as your current and/or former employer. The inclusion of a link on the Platform or application does not imply endorsement of the linked website or service by us. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites or links posted on the Platform. Information you disclose to other parties (including your Company) or through such websites is subject to the privacy and security practices and policies of those parties or websites. We disclaim all liability with regard to your access to such linked websites. Access to any other websites is at your own discretion and we encourage our users to read the privacy statements of each and every website or online services visited, in order to learn how such third parties may treat your information.

15.  Non-Solicitation

Morgan Stanley does not offer the Services to individuals directly, except to the extent required to under applicable law. The Services are provided as a result of our arrangements with your Company. To the extent Morgan Stanley offers other products and services as a result of the Services or otherwise, they may be subject to separate additional terms with you.

The Platform and the Services are made available to you on an unsolicited basis, without any marketing or promotion from Morgan Stanley or its personnel.  

Your access to the Shareworks Platform and use of the Services is as a result of your Company engaging Morgan Stanley to provide the Services in connection with share plans it offers to its employees. 

16.  Protecting Children's Privacy Online

The Platform is not directed to or intended for individuals under 18 years of age.

17.  How We Update This Privacy Policy

We reserve the right to modify or supplement this Privacy Policy at any time. Therefore, we recommend that you review this Privacy Policy, updated and posted on the Platform, regularly for changes. Where required under applicable data protection and privacy laws, we will notify you of any change or update to portions of this Privacy Policy by individual message to you or by posting notice on the Platform or providing notice through an applicable mobile application by which you access the Services. 

The Effective Date of this Privacy Policy, as stated above, indicates the last time this Privacy Policy was revised. Your continued use of the Platform after we have changed the Privacy Policy signifies your acceptance of the revised terms. 

18.  How You Can Contact Us?

If you have any questions in relation to the processing of your personal information or in relation to the Services, you should contact your Company in the first instance.

If you would like to contact us in relation to the processing of your personal information in our capacity as a data controller, including, where you wish to exercise any of your data protection rights or where you wish to raise a complaint or grievance, please use the contact details below.

CONTACT DETAILS:

Our Client Relations Department can address any privacy related inquiries you may have.

 

When contacting us, please provide as much detail as possible including your name, account information, and desired outcome so that we may properly authenticate you and address your request. 

 

Telephone:

(866) 227-2256

Monday - Friday, 9 a.m. - 7 p.m. ET Closed Holidays

Mailing Address:

Morgan Stanley Client Relations

PO Box 95002

South Jordan, UT 84095

OR

Fax:

(801) 519-3455

OR

 

To e-mail us, please use our web form available here. 

Those outside of the U.S. can also send post to: 

Data Protection Officer

Renaissance House, Ground Floor North

9-16 Dingwall Road Croydon CR0 2NA  ENGLAND

For additional contact information, you may also visit the Support pages on the Shareworks and StockPlan Connect websites.