GDPR Data Protection Notice
Last Revised May 17, 2018
Thank you for visiting www.factset.com, the Website of FactSet Research Systems Inc. and its affiliates (“FactSet” or “we”). FactSet is a provider of integrated financial information and analytical applications to the global investment community. To protect your privacy better, FactSet wants our customers, suppliers and other relevant parties to know how we collect personal data, the types of personal data we collect, and how we use and share your personal data when we act as the controller of that personal data that is subject to the EU General Data Protection Regulation (GDPR). Hence this notice only applies to personal data which is subject to GDPR and which we collect:
- on this Website;
- on client and supplier facing applications and tools (e.g. Workstations, Starboard and Gateway, Object Reference, Endpoint Reference, Confluence, Jira);
- in email, text, and other electronic messages between you and our employees; when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this notice;
- from customers and suppliers subject to contractual relationships;
from public and third party sources for the purposes of providing and/or administrating our content services;
It does not apply to any other personal data, and notably personal data collected by:
- any third party regardless whether collected through any application; or
- any content (including advertising) that may link to or be accessible from or on the Website.
3. Personal Data that we collect
We collect several types of information and personal data:
- that relates to an identified or identifiable individual, such as name, postal address, email address, telephone number, IP or MAC address etc. and related information, such as the contents of an email ("personal data");
- about your internet connection, the equipment you use to access our Website and usage details (e.g. statistics) regarding our products (“usage information”).
We collect this information and personal data:
- directly from you and/your employees when you or they provide it to us;
- automatically as you and/or your employees navigate through the site and/or use our products. Information and personal data collected automatically may include usage information, IP addresses, and information and personal data collected through cookies, web beacons, and other tracking technologies;
- from public and third party sources.
4. Personal Data You Provide to Us
The personal data we collect may include:
- personal data that you provide by conducting business with us, by filling in forms on our Website, or at a trade show, or anywhere else we conduct business, by subscribing to newsletters or other communications, or by corresponding with us by phone, e-mail or otherwise using our contact details. This includes personal data provided at the time of requesting information or services, soliciting business or performing a service. We may also ask you for personal data when you enter a contract with us, or a contest or promotion sponsored by us, and when you report a problem;
- records and copies of your correspondence (including email addresses);
- your responses to surveys that we might ask you to complete for research purposes;
- your search queries on the Website;
- during the contractual relationship for execution of the supplier or customer contract;
- by using our incident management and project management tools and applications;
- by communicating with our customer care teams for error resolving issues, training and support;
- Your usage of our products and relating tools and applications.
Typically, the personal data you give us may include name, business affiliation, business address, telephone number, and email address, and any personal details required to conduct business with you or to resolve any enquiries or complaints.
We will indicate to you when personal data is required to enter into a contract with you (such as in anticipation of a services agreement) or to perform a contract with you (such as to provide services at your request), and failure to provide any personal data may result in our inability to provide requested services or products.
5. Personal Data We Collect Through Automatic Data Collection Technologies
6. Personal Data We Collect From Public Sources and Third Parties
In order to provide our content services to our customers, we rely on content provided by third party suppliers, as well as content that is available to the public. Some of that content includes general information about names of directors, registered board members, managers, fund managers and other official persons of companies published on public accessible websites, letterheads, prospects, annual financial statements, invitations to shareholder meetings etc.
7. Lawful Grounds for Processing
All processing and use of your personal data is justified by a "lawful ground" for processing. In the majority of cases, processing will be justified on the lawful ground that:
- the processing is necessary to perform a contract with you or take steps to enter into a contract at your request, such as to negotiate a contract with us, to fill an order, or to provide product information that you have requested;
- the processing is necessary for us to comply with a relevant legal obligation, such as keeping accounting records;
- the processing is in our legitimate interests, which are not overridden by the interests and rights of the relevant individual whose personal data is collected; and
- you have consented to the processing.
Where we rely on our legitimate interests to process personal data, those interests are:
- to use supplier, customer and website user data to conduct and develop our business activities and improve our services in order to grow our business and profitability, while limiting the use of their personal data to purposes that support the conduct and the development of our business and the improvement of our services;
- to use third party supplier and publicly available content (which in some instances includes personal data) in order to provide our content services to customers for their business purposes, which may include, but not be limited to taking investment decisions or compliance with applicable laws and regulations such as insider trading regulations and anti-bribery legislation, but which are for our customers to determine and explain in their privacy notices).
8. Why We Collect Personal Data
The following is an overview of our purposes for using your personal data. Additional details on how we process your personal data may be provided to you in a separate notice or contract.
We use the personal data we collect to:
- provide customer services, including products and services; to take, verify, process, and deliver orders and returns; to process payments, technical support, or other similar purposes; and to establish and maintain customer accounts;
- to provide training and after-sales-support on our products and answer to and perform change requests;
- to organize and perform incident management processes;
- to implement projects by working together with customers and their users as part of the project team;
- communicate with customers and suppliers, including responding to requests for assistance and to update them about the status of their orders by postal mail, email, telephone, and/or text message;
- investigate, prevent or take action regarding unauthorized use of our services, illegal activities, suspected fraud or situations involving potential threats;
- to provide you with underlying tools and applications helping to implement projects and solving incidents;
- to discuss, carry out and implement change request and further developments of our products;
- to provide our content services to our customers and to report and administer customers’ users’ usage of third party information products (e.g. real-time data from stock exchanges etc.);
- administer and manage performance of purchase or sales agreements with our suppliers and customers;
- to enhance the experience for our users, we use notes relating to support provided to specific employees, advisors or agents of customers in relation to our products and services for their future use of our services;
- service your account;
- market and promote our products including through email or equivalent electronic means, to send news and newsletters, special offers and promotions, or to otherwise contact customers about products, services or information;
- process, evaluate and complete certain transactions involving the website, and more generally transactions involving FactSet's products and services;
- operate, evaluate, maintain, improve and develop the Website (including by monitoring and analysing trends, tracking user behavior, access to, and use of the website for advertising and marketing);
- engage with you about events, promotions, the Website and FactSet's products and services;
- provide you with documentation or communications which you have requested or which is part of a product;
- correspond with users to resolve their queries or complaints;
- send you marketing communications, where it is lawful for us to do so;
- protect the security of the Website, FactSet confidential and proprietary information (which may include personal data), and FactSet employees;
- manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations;
- share your personal data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets.
FactSet will not sell or rent your personal data you provided to us to third parties.
9. Sharing Your Personal Data
When you have provided personal data to us, we may disclose such personal data to other companies that we have engaged to assist us in providing you goods or services. This may include, but is not limited to, fulfillment houses, billing services, transaction managers, credit verification services, and other third-party service providers. We also may disclose your personal data to third party service providers that assist us in conducting market research for our own purposes. We do not sell personal data to third parties for their own use, but may provide certain usage information to advertisers to help provide you with relevant advertising.
We may also disclose any of your personal data or usage information to law enforcement or other appropriate third parties in connection with criminal investigations, investigation of fraud, infringement of intellectual property rights, or other suspected illegal activities, as may be required by applicable law, or, as we may deem necessary in our sole discretion, in order to protect our legitimate legal and business interests.
We reserve the right to disclose, share and/or otherwise transfer personal data and usage information in connection with a proposed or actual corporate merger, acquisition, consolidation, the sale of a portion of our business or the sale of substantially all of our assets, or other fundamental corporate change, whatever form it may take. You will be notified via a prominent notice on our website prior to a change of ownership or control of your personal data or usage information.
10. Transferring Personal Data
FactSet is a global organization headquartered in the United States, and we may need to transfer your personal data to third party suppliers and to our affiliates for the purposes described above. If your personal data is subject to the GDPR and is transferred outside the EU to other FactSet affiliates or to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU – US Privacy Shield. For transfers of personal data among FactSet affiliates we have put in place European Commission-approved Standard Contractual Clauses and have entered into an Intragroup data transfer agreement. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU, although please note that we may need to redact copies of transfer agreements for reasons of commercial confidentiality, provided that you can retain access to the relevant safeguards.
FactSet reserves the right to share any information that you provide which is not deemed personal data or is not otherwise subject to contractual restrictions.
Our Website uses technologies that enhance user friendliness and engagement, to keep the Website operating as smoothly as possible and to provide web services and functionalities for each visitor. Examples of these technologies are cookies, pixel tags, local storage and scripts:
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information (including personal data) about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. Pages of our Website and our emails may contain small electronic files known as Web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We may collect personal data automatically, and we may tie this personal data to personal data about you that we collect from other sources or you provide to us.
In this Policy, we refer to cookies, flash cookies and web beacons as "cookies".
Cookies are used for a variety of purposes. For example, they calculate web statistics, provide online adversiting and they improve visitor's experience on our Website. As your privacy is important to us, we would like to inform you about which cookies are used on our Website, as well as why we use them. We use the following cookies on our Website:
- Functional cookies: these cookies are essential in order to ensure that our Website operates properly. They are used to save preferences, detect misuse of our Website and services and to distribute the load on our servers, which keeps our Website available. Certain services you may request cannot be provided without these cookies.
- Advertising cookies: our Website may also enable third-party tracking mechanisms to collect data over time and across unaffiliated websites for use in interest-based advertising. For example, third parties may use the fact that you visited the Website to send you online ads for FactSet products on third party websites. In addition, our third-party advertising partners might use information about you to send you targeted advertisements based on your online behavior in general. Information (including personal data) about your visits to, and activity on, this Website and other websites, an IP address, the number of times you have viewed an advertisement, and other such usage information is used, alone or in combination with other information and personal data, to display on your device screen advertisements that may be of particular interest to you. We may use Web beacons, provided by third party advertising companies, to help manage and optimize our online advertising and product performance. Web beacons enable us to recognize a browser’s cookie when a browser visits this Website, and to learn which banner ads bring users to this Website. The use and collection of your information and personal data by these third party service providers, and third party advertisers and their advertising servers is not covered by this Privacy Notice.
To opt out of advertising cookies for Your Online Choices if you are based in the EU, please click here. To opt out of Google Analytics for Display Advertising, please click here. You may also enable the “Do Not Track” setting in your web browser(s) or clear cookies from your browser after each browsing session. Please note that even if you exercise choice for targeted advertising, you will still receive online advertising.
- Matching or connecting cookies: We or our third-party service providers also may use collected information to establish connections among related web browsers and devices (such as smartphones, tablets, computers, and TVs) for targeted advertising, analytics, attribution, and reporting purposes. These third parties may match your browsers or devices if you log into the same online service on multiple devices or if your devices share similar attributes that support an inference that they are used by the same person or household. This means that information about your activity on Website or apps on your current browser or device may be combined with information collected from your other browsers or devices.
- Other cookies: this category includes cookies that do not fit into one of the above cookie categories. One example of this is the bundling of several of the cookies via Google Tag Manager.
How to manage cookies
If you do not want our Website to store cookies on your device, you can change your browser settings so that you receive a warning before certain cookies are stored. You can also adjust your settings so that your browser refuses most of our cookies or only certain cookies from third parties. You can also withdraw your consent to cookies by deleting the cookies that have already been stored.
Please be aware that if you do not want to accept any cookies, we cannot guarantee that our Website will function properly. It may be that several functions will be unavailable to you or that you will even be unable to view certain parts of the Website.
Please note that you will have to change your settings for each browser and device you use. Moreover, such methods will not work with respect to certain non-cookie online tracking technologies.
The procedures for changing your settings and cookies differ from browser to browser. If necessary, use the help function on your browser or click on one of the links below to go directly to the user manual for your browser.
There are also software products available that can manage cookies for you. You can also use www.ghostery.com to accept or refuse each cookie used on our Website.
To find out more about cookies, including how to see what cookies have been set and how to manage or delete them, visit www.allaboutcookies.org.
12. Retention of Your Personal Data
We keep personal data only for as long as required to fulfil the purposes for which it was collected. In general, we retain personal data for a period of time corresponding to a statute of limitation, for example to maintain an accurate record of customer and supplier dealings. However, in some circumstances we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax or accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required in accordance with our document retention policy.
13. Your Rights
We will take steps in accordance with applicable legislation to keep personal data accurate, complete and up-to-date. You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified). You also have the right to request access to your personal data as well as to obtain additional personal data about the processing. In the event the lawful ground (see Lawful Grounds for Processing above) for processing your personal data is your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal. Further, you are entitled to object to the processing of your personal data or to have your personal data erased, under certain circumstances.
As from 25 May 2018, the following rights also apply solely to processing of personal data which is subject to the GDPR. Each right may only apply in certain circumstances, and subject to exemptions under either EU or Member State law:
- Data portability.
- Right to erasure.
- Right to restriction of processing.
- Right to lodge a complaint with the supervisory authority.
- Right to object to processing (including profiling) based on legitimate interest lawful grounds.
- Right to object to direct marketing (including profiling).
Please contact us as indicated in How To Contact Us or using the email-address: DataPrivacy@Factset.com if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal data.
14. Data Security
FactSet takes reasonable precautions to protect personal data from loss, misuse, unauthorized access, disclosure, altercation, and destruction. Unfortunately, while we work hard to ensure the security of your personal data while it is on our systems, no security measures are perfect and data transmitted over the Internet cannot be guaranteed to be 100% secure. We cannot and do not ensure or warrant the security of any personal data you transmit and you do so at your own risk.
15. Links to Other Websites
Our Websites may provide links to other websites for your convenience and information. These websites may operate independently from FactSet. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by FactSet, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
16. Changes to Our Privacy Notice
This Privacy Notice may be amended from time to time. Please review it periodically. Changes to this Notice will be announced on this Website in advance.
17. How to Contact Us
To exercise any of your rights described at Your Rights or to contact us please use the email-address: DataPrivacy@factset.com or if you have any questions or comments about this Privacy Notice, FactSet's privacy practices, or if you would like us to update personal data or preferences you provided to us, please write to us at:
In the US:
Global Privacy Officer
FactSet Research Systems Inc.
601 Merritt 7
Norwalk, CT 06851
FactSet UK Limited
1 Snowden Street
London EC2A 2DQ, UK
For activities related to Germany and the Philippines, we have a data protection officer in each of these countries:
KINAST Rechtsanwaltsgesellschaft mbH
Herr Rechtsanwalt Dr. Karsten Kinast, LLM.
Telephone: +49 221 - 222 183 0
The Philippines DPO:
8/F Commerce and Industry Plaza,McKinley
Town Center Taguig City Metro