(A) This Policy
This Policy is provided by Piper Sandler Limited and its Affiliates (together, “Piper Sandler”, “we” or “us”), and is addressed to individuals outside our organisation who interact with us in their own capacity or as a presentative of an institution (together, “you”). Defined terms used in this Policy are explained in Section (J) below.
For the purposes of this Policy, Piper Sandler is the Controller.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
(B) Processing Your Personal Data
Collection of Personal Data: We may collect or obtain Personal Data about you as follows:
- If you are a current, former or pending client of Piper Sandler, we collect your Personal Data to perform services for you and to comply with legal and regulatory requirements.
- We may obtain your Personal Data when you provide it to us (e.g., where you contact us via email or telephone or by any other means).
- We may receive your Personal Data from another Piper Sandler entity, to the extent that they provide it to us.
- We may receive your Personal Data from third parties who provide it to us.
- We may collect or obtain your Personal Data when you visit any Piper Sandler website (a “Site”) or use any features or resources available on or through a Site. When you visit a Site, your device and browser will automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data and some of which may be retained by Piper Sandler.
Personal Data you provide about others: In some circumstances, you may provide us with Personal Data about others. Whenever you provide any such Personal Data, we rely on you to ensure that you have a lawful basis for providing such Personal Data to us, and that you have complied with applicable law and with the terms of this Policy. If you are unable to do so, please refrain from providing the Personal Data of third parties to us.
Categories of Personal Data: The categories of Personal Data about you that we may Process include:
- Personal details: given name(s); preferred name; gender; date of birth/age; nationality; photograph; marital status; job title; employer entity; and evidence of your identity and/or your social security number (or equivalent) to the extent necessary to provide our services to you or satisfy our regulatory obligations.
- Contact details: address; telephone number; and email address.
- Financial data: your income information and employment information.
- Credit check: details provided by credit reference agencies, in accordance with applicable law and/or to comply with legal and regulatory obligations (and, where required by applicable law, subject to your prior consent).
- Account details: details of your accounts (and any other accounts to which you have access or for which you are responsible), account numbers, account balances and transaction history.
Processing your Sensitive Personal Data: We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:
- the Processing is required by applicable law (e.g., to comply with our diversity reporting obligations);
- the Processing is necessary for the detection or prevention of crime;
- the Processing is necessary for the establishment, exercise or defence of legal rights;
- if you are or were a client of Piper Sandler, the Processing is necessary to perform services for you and/or to comply with legal and regulatory obligations relating to the provision of services to you; or
- in accordance with applicable law, we have obtained your prior consent before Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used in relation to Processing that is necessary or obligatory in any way).
Purposes for which we may Process your Personal Data: The purposes for which we may Process Personal Data are:
- Provision of services to you: providing services to you (e.g., when you apply for or open an account, or when you seek advice about your investments); attending meetings with you; attending telephone calls with you; and otherwise communicating with you in relation to those services.
- Managing legal, regulatory and industry self-regulatory requirements: compliance with tax reporting, fraud detection and prevention, anti-money laundering and anti-terrorist financing requirements.
- Operating our Sites: operating and managing our Sites; providing content to you; displaying information to you; and communicating and interacting with you via our Sites.
- Communications and IT operations: management of our communications systems; operation of IT security; and IT security audits.
- Financial management of our business: sales; finance; corporate audit; and vendor management.
- Retaining business records for reasonable periods and in compliance with legal and regulatory requirements.
- Improving our services: identifying issues with existing services; planning improvements to existing services; creating new services.
- Future planning: succession and organizational planning, including budgeting.
(C) Disclosure of Personal Data to Third Parties
We may disclose your Personal Data to:
- other Piper Sandler entities, for legitimate business purposes (including providing services to you) in accordance with applicable law;
- third parties such as financial institutions, security issuers and transfer agents to enact your requests for services or transactions;
- law enforcement agencies and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, lawyers and other outside professional advisors to the Piper Sandler entities, subject to binding contractual obligations of confidentiality and data protection;
- third party Processors, located anywhere in the world, with whom we engage to provide services on our behalf (such as services for account processing, administration, billing, payroll, reporting, compliance, information technology, and other purposes), subject to the requirements noted below in this Section (C);
- any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
- any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
- any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
- if our Sites use third party plugins or content and if you choose to interact with any such plugins or content, your Personal Data may be shared with the relevant third party provider. Piper Sandler is not responsible for such third party providers. If you do not wish to disclose your Personal Data to such third party providers, please do not interact with their content.
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our instructions and with applicable laws; and (ii) use appropriate measures to protect the confidentiality and security of your Personal Data.
(D) International Transfer of Personal Data
Because of the international nature of our business, we may need to transfer your Personal Data to other Piper Sandler entities, and to third parties as noted in Section (C) above, in connection with the purposes set out in this Policy. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located, subject always to compliance with applicable laws. We will implement appropriate measures to protect the confidentiality and security of your Personal Data.
(E) Data Security
To protect your Personal Data from unauthorized access and Processing, we use security measures that comply with applicable law. These measures include computer safeguards and secured files and buildings.
You are responsible for the ensuring that any Personal Data that you send to us are sent securely.
(F) Data Retention
We will keep copies of your Personal Data, in a form that permits identification, only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law or regulation requires a longer retention period.
(G) Your Legal Rights
Subject to applicable law and regulation, you may have a number of rights regarding the Processing of your Personal Data, including one or more of the following:
- the right to request access to, or copies of, your Personal Data that we Process or control;
- the right to request rectification of any inaccuracies in your Personal Data;
- the right to request, on legitimate grounds:
- erasure of your Personal Data that we Process or control; or
- restriction of Processing of your Personal Data that we Process or control;
- the right to object, on legitimate grounds, to the Processing of your Personal Data;
- where we Process your Personal Data on the basis of your consent, the right to withdraw that consent; and
- the right to lodge complaints regarding the Processing of your Personal Data with a Data Protection Authority.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section (I) below. This Section (G) does not affect your statutory rights.
(I) Contact Details
If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data by Piper Sandler, please contact us via email or at Piper Sandler, Attn: Privacy Officer, 800 Nicollet Mall, Suite 1000, Minneapolis, MN 55402.
- ‘Affiliate’ means, in relation to the Company, entities that control, are controlled by, or are under common control with, Piper Sandler Limited.
- ‘Controller’ means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
- ‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
- ‘Personal Data’ means information that is about any individual, or from which any individual is identifiable. Examples of Personal Data that we may Process are provided in Section (B) above.
- ‘Personnel’ means any current, former or prospective employee, consultant, temporary worker, intern, other non-permanent employee, contractor, secondee or other personnel.
- ‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- ‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
- ‘Sensitive Personal Data’ means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.