Privacy Policy – Protecting your data

Dated: 31 March 2021

1. Who is Orient Capital?

Orient Capital is a global leader in shareholder identification analysis, equity market intelligence, proxy solicitation, webcasting, investor communication and shareholder management technology. We are a wholly-owned, but independent subsidiary of ASX listed, the Link Group, a global share registry and technology services provider.

Orient Capital has been providing investor relations support around shareholder identification analysis, CRM and investor targeting to listed companies and their advisors for over 25 years. We provide services to over 1,800 issuers globally, including corporate clients in the FTSE, ASX, NZX, JSE, Hang Seng, DAX and Euronext.

For more information on Orient Capital, please visit www.orientcap.comOpens in new window or for Link Group, www.linkgroup.comOpens in new window.

Orient Capital’s clients use miraqle®, our proprietary online investor relations system, which integrates ownership data and capital markets intelligence with IR specific functionality to interact with their stakeholders. When such clients record their own information in miraqle we act as their data processors to host and manage such information. The use of such information will be subject to the relevant clients’ own privacy policy; this privacy policy sets out the relevant details concerning when Orient Capital acts as a data controller in relation to personal information.

2. What is this Privacy Policy?

At Orient Capital we collect personal information about you and are committed to protecting this information and your privacy.

Set out below is an explanation of how we use, collect and safeguard your personal information.

3. What personal information do we collect?

In the valid discharge of its functions, Orient Capital may collect and/or hold the following types of information:

  • personal information; and
  • special category / sensitive information,

in relation to relevant individual contacts in investor, compliance and share registration functions, client and supplier personnel, and other individuals with which Orient Capital comes into contact.

These are explained in more detail below.

3.1. Personal Information

Information meeting the following descriptions:

  • name;
  • mailing and/or street address;
  • email address;
  • telephone number;
  • profession, occupation or job title;
  • details of the services an individual has acquired from Orient Capital or its clients or which an individual has enquired about, together with any information necessary to deliver those services and to respond to enquiries;
  • any additional information, relating to an individual, provided to Orient Capital directly or indirectly through Orient Capital websites or online presence or through Orient Capital representatives; and
  • information provided to Orient Capital through its service centres, meetings with Orient Capital representatives or customer surveys.

Orient Capital may also collect personal information from individuals seeking employment with Orient Capital (including contractors and temporary staff) relating to their suitability as an employee as well as employees of Orient Capital, including:

  • age or date of birth;
  • marital status;
  • insurance details (relating to superannuation and pensions);
  • banking details;
  • references from previous employers;
  • employment suitability information obtained from recruitment agencies or related entities acting on Orient Capital’s behalf;
  • information from law enforcement agencies, including whether or not the individual has a criminal record;
  • information from other government entities or third party companies, such as organisations that conduct competency or psychometric tests; and
  • educational or vocational organisations to the extent necessary to verify your qualifications.

Orient Capital may also collect information that is not personal information, because it does not identify you or anyone else, such as anonymous answers to surveys or aggregated information about how users utilise Orient Capital websites.

3.2. Special Category / Sensitive Information

Less commonly, but where necessary for the provision of a service or compliance with the lawful authority, Orient Capital may also collect special category / sensitive information including, but not limited to:

  • Health information;
  • Immigration status;
  • Membership of a trade association and/or trade union; and
  • Details published in Politically Exposed Person (PEP) lists, criminal watch lists, United Nations Sanctions lists and the Australian Department of Foreign Affairs and Trade lists or EU lists of a similar nature (for Anti-Money Laundering Counter-Terrorism Financing and Autonomous Sanctions purposes).

4. How do we collect personal information?

Orient Capital collects some personal information directly from you, or your authorised representative, when you or they interact with us. Orient Capital may collect personal information:

  • through your access to, and use of, Orient Capital websites;
  • during conversations between you and Orient Capital representatives;
  • from written requests, including email;
  • when you complete an application, either on line or hard copy, regarding any of the services or opportunities included in Orient Capital’s websites; or
  • through your provision of identity documents such as drivers’ licence, passport, utility bills etc for the purpose of verifying your identity.

Orient Capital may also collect personal information about you from third parties, including:

  • your employer;
  • government agencies or regulators;
  • Orient Capital and D.F. King client companies, managed investment schemes and other entities whose registers Orient Capital analyses on behalf of those entities;
  • other service providers;
  • publicly available sources.

Orient Capital will only collect special category/ sensitive information about a person with the consent of the individual, except where Orient Capital is required or permitted by law to collect such information without consent.

5. Why do we collect your information?

Orient Capital collects personal information about you so that we can provide services to you or our clients, such as the following

purposes:

  • send you communications (on your request, or if we have a legitimate interest to keep you informed);
  • to update records and keep your contact (and other) details up-to-date (on your request or otherwise in accordance with our legitimate interest to keep our records up to date);
  • to answer your enquiries and provide information or advice about existing and new services (where we have a
  • legitimate interest to deal with you properly and keep you informed);
  • to process and respond to any complaints you may make (where we need to comply with an obligation we have to you, or otherwise in accordance with our legitimate interest to deal with issues efficiently);
  • to provide you with access to protected areas of our websites (where we need to comply with an obligation we have to you, or otherwise in accordance with our legitimate interest to run our services efficiently);
  • to assess the performance and improve the operation of our websites (in accordance with our legitimate interest to manage our sites efficiently);
  • to conduct processing functions including providing new and updated personal information to our related bodies corporate, contractors, service providers or other third parties as part of contracted duties on behalf of those entities (in accordance with our legitimate interest to run our services efficiently);
  • for the administration, marketing (including direct marketing), product or service development, quality control and research, as required by Orient Capital and our related bodies corporate, contractors or service providers (in accordance with our legitimate interest to run our business efficiently); and
  • to comply with any other law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or where a government authority makes recommendations that are not mandatory but which we elect to follow (where we need to comply with law, or otherwise in accordance with our legitimate interest to deal with issues appropriately).

6. How we use your personal information?

We will use the information we hold about you for the following purposes:

  • To provide you with the services, products, and/or information you request from us (where we have your consent, or need to comply with an obligation we have to you, or otherwise in accordance with our legitimate interest to deal with issues efficiently);
  • To check your identity (where we need to comply with a legal obligation we have, or otherwise in accordance with our legitimate interest to run our business properly);
  • To assess any application you make to participate in any service we provide (where we need to comply with a legal obligation we have, or otherwise in accordance with our legitimate interest to run our business properly);
  • Prevent and detect fraud and/or money laundering (where we need to comply with a legal obligation we have, or otherwise in accordance with our legitimate interest to run our business properly);
  • So that we or our Orient Capital clients can communicate with you as necessary (where we have your consent, or need to comply with an obligation we have to you, or otherwise in accordance with our legitimate interest to deal with issues efficiently);
  • To carry out analysis about our services and how we might improve them (in accordance with our legitimate interest to develop our business and services); and
  • To notify you about changes to our services (in accordance with our legitimate interest to keep you informed).

7. Who do we share personal information with?

Personal information held by Orient Capital will only be used for purposes directly related to one or more legitimate functions or activities of Orient Capital in the provision of its services or as otherwise permitted by law.

Orient Capital may disclose your personal information to:

  • any member of the Link Group which means our subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary to perform you with Services or to fulfil our contract with you (in accordance with our legitimate interest to run our business efficiently);
  • our employees as required in order to use your information as set out in part 6;
  • issuers of securities for whom we are contracted to provide ownership analytics and governance advisory services or other services (in accordance with our legitimate interest to provide analytics services);
  • contractors or service providers, for the purposes of the operation of Orient Capital’s business or websites (in accordance with our legitimate interest to run our business efficiently);
  • third parties, in order to fulfil requests by you, and to otherwise provide services to you (e.g. insurers and identity verification) (where we have your consent, or need to comply with an obligation we have to you, or otherwise in accordance with our legitimate interest to deal with issues efficiently);
  • IT systems administrators, web hosting providers, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors (in accordance with our legitimate interest to run our business efficiently);
  • professional advisors such as accountants, solicitors, business advisors and consultants (in accordance with our legitimate interest to run our business appropriately);
  • suppliers and other third parties with whom Orient Capital has a commercial relationship, for business, marketing, and related purposes (where we have your consent, or otherwise in accordance with our legitimate interest to deal with issues efficiently);
  • government organisations with statutory responsibility to regulate various areas of our business operations (in accordance with our legitimate interest to run our business in a compliant manner);
  • law enforcement agencies (in accordance with our legitimate interest to run our business in a compliant manner); and
  • any organisation for any authorised purpose with your consent.

For certain aspects of the processing activities we may transfer Personal Information too countries where privacy laws do not always offer equivalent protection to individual’s personal data. In this scenario we always take steps to ensure that any transfer of Personal Information is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place by putting contractual obligations in place with the party we are sending information to. Transfers within the Link Group  are covered by an agreement entered into by members of the Link Group (an intra-group agreement) which contractually obligates each group company to ensure that your Personal Information receives an adequate and consistent level of protection wherever it is transferred within the group.

In some cases, Orient Capital may be required to disclose your personal information without your consent. Specific instances include where:

  • required or authorised by law. For example, where an entity is subject to a statutory requirement to report certain matters to an agency or enforcement body; or
  • a warrant or notice issued by a court requires Orient Capital to produce records or documents they hold.

Where we refer to our “legitimate interests”, we mean our interests in managing our services and our relationship with you. We will make sure that we take into account any potential impact that such use may have on you. Our legitimate interests will not automatically override your interests, and we won’t use your information if we feel that your interests override ours, unless of course you provide your consent, or we have a contractual or legal obligation to use your information in that way. If you have any questions or concerns, please contact us using the details set out below.

8. How do we keep your information secure?

Orient Capital will take all reasonable steps to ensure your personal information is protected from misuse, loss and unauthorised access, modification or disclosure in accordance with statutory requirements. This includes having security measures and controls in place to protect personal information including limiting access, cryptography, physical and environmental security and audit monitoring.

Orient Capital may hold your information in either electronic or hard copy form, and will destroy or de-identify personal information when it is no longer required or when D.F. King Ltd are no longer required by law to retain it (whichever is the later). In order to maximise the protection of data within our control, the following industry aligned best practice information security controls have been implemented:

  • Information Security Management System certified to an international standard, e.g ISO27001
  • Firewalls on the network perimeters,
  • DMZ to separate the internet from our internal network,
  • Web Application Firewalls (WAF) protecting the Web based application systems,
  • Intrusion Prevention Systems (IPS) on the network perimeter,
  • Data Loss Prevention (DLP),
  • Data Access Monitoring (DAM) on internal database platforms,
  • Secure-System Development Lifecycle (s-SDLC) controlling the internal developments,
  • Log Management and monitoring,
  • Monitoring of Vendor Alerts,
  • Penetration Tests and Vulnerability Assessments (Tenable Nessus) run against the OWASP Top 10 and SANS25 of all externally facing systems;
  • The 24/7 managed IPS solution incorporates threat modelling and intelligence services including DDoS alerting and prevention as do the firewalls.
  • Anti-virus protection with regularly updates virus-definition data,
  • Application of available patches through regular patching cycles.

As Orient Capital websites are connected to the internet, which is inherently insecure, Orient Capital cannot:

  • provide any assurance regarding the security of transmission of information you communicate to us online; or
  • guarantee the information you supply will not be intercepted while being transmitted over the internet.

Accordingly, any personal or other information which you transmit to Orient Capital/D.F. King Ltd online is transmitted at your own risk.

9. How long will we store your information for?

We generally hold your personal data on our systems for as long is necessary to provide Services and/or perform our contract. This is ordinarily up to seven years from the date you cease to use the Services or the termination of our Agreement in order to allow us to refer to your information in correspondence with you, or in connection with legal or regulatory proceedings.

10. Your rights

You have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact us using the contact details listed at section 15 “Who can you speak to at Orient Capital about this Privacy Policy?

  • Right of access – you have the right to know if we are using your information and, if so, the right to access it and information about how we are using it.
  • Right of rectification – you have the right to require us to rectify any errors in the information we hold about you.
  • Right to erasure – in some cases, you have the right to require us to delete your information if our continued use is not justified.
  • Right to restrict processing - in some cases and circumstances, although you may not be entitled to require us to erase your information, you may be entitled to limit the purposes for which we can use your information.
  • Right of data portability – in some cases where we are relying on consent to use your information, you have the right to require us to provide you with a copy of your information in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours).

11. How do Orient Capital & Link Group websites use my Internet Protocol (IP) address and collect cookies?

Each time you use our websites, we will automatically collect certain technical information, including the type of browser you use, the Internet Protocol (IP) address used to connect your computer to the internet, and information about your visit, including the full Uniform Resource Locations (URL), clickstream to, through and from our sites, traffic data and other communication data, the resources that you access, and the information derived from the cookies we place on your mobile device and/or computer. In order to improve the quality of our website and services, we may from time to time send your computer a "cookie". Cookies are text files that identify your computer to our server and are stored on your device. Cookies in themselves do not identify the individual user, just the computer used. Cookies enable us to improve your user experience by avoiding the need for you to enter the same information more than once. They also allow us to analyse user behaviour to improve the functionality and performance of our website.

We comply with the EU cookie regulations as introduced in the UK on 25 May 2011 through the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. There are two types of cookies that can be stored on your device:

  • "session cookies", which only last for the duration of your visit to our website and are automatically deleted from your device when you close your browser; and
  • "persistent cookies", which remain on your device after you have visited our website and are not deleted when you close your browser. Persistent cookies are sent back to our server every time you visit our website.

We make use of session cookies, which are essential to maintain security throughout the site, and are not used for tracking purposes. Session cookies are used to help us remember your movements from page to page, avoiding the need for you re-enter the same information. Session cookies are held in memory and expire when you leave our website.

We never gather other information from your disk or computer. We will collect a copy of the data held by the cookie from inclusion in any analysis. We use full SSL protocols when collecting visitor information on secure pages; this ensures that the site’s security is not compromised. We encrypt all transmitted visitor information (even from non-secure pages), so no-one else can read the information we gather. None of the cookies used on our websites collect, record or store personally identifiable information about you.

By continuing to use this website, you are consenting to us placing session cookies on your device for the purposes detailed above. Most users will be able to adjust their internet settings to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these, of course, means that certain personalised services cannot then be provided to that user. Please note that the websites to which this site may be linked may also make use of their own cookies. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

12. Following links from our websites

Our site may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

13. Does Link Group disclose your personal information to anyone outside Australia?

As part of providing services to you and in Link Group’s capacity as a service provider, occasionally personal information may be stored or processed at different locations.

Link Group may disclose personal information to corporate and third party suppliers, service providers and regulators located overseas for some of the purposes listed above.

Link Group takes all reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations (including GDPR and the Australian Privacy Principles) relating to your personal information. Link Group may disclose your personal information to entities, including to data hosting organisations, IT service providers, and other third party vendor/suppliers that are located overseas. At the date of this policy, the countries that Link Group discloses information to include: Canada, China (Hong Kong), France, Germany, India, Luxembourg, New Zealand, Papua New Guinea, South Africa, Switzerland, the Philippines, the United Kingdom, the United States of America, and United Arab Emirates

14. Changes to this Privacy Policy

Please note that this policy will be reviewed and may be changed from time to time. Any changes we may make to our privacy policy in the future will be posted on this page.

15. Who can you speak to at Orient Capital or the Link Group about this Privacy Policy?

Questions, comments and the exercise of your rights regarding this Privacy Policy and your information are welcomed and should be addressed to the Privacy Officer by email at Privacy.Officer@linkgroup.com or by post to Attention: Privacy Officer Link Group, Locked Bag A14, Sydney South, NSW 1235.If you wish to make a complaint on how we have handled your personal information, you can contact our Privacy Officer. If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You have the right to complain to the ICO about our collection and use of your information. You can contact the ICO via their website – https://ico.org.uk/concerns/Opens in new window - or by calling their helpline – 03031 231113.

You may also be able to refer your complaint to the Office of the Australian Information Commissioner (www.oaic.gov.auOpens in new window) who can be contacted by phoning 1300 363 992 or emailing enquiries@oaic.gov.au.

In France, you can contact the Commission Nationale de l’Informatique et des Libertes (CNIL)

Each individual German state has its own Data Protection Authority who is responsible for the enforcement of data protection laws in the relevant state.

Solutions
Use cases
Features
About us
Contact us
Login to miraqle

© MUFG Pension & Market Services. All Rights Reserved.
Terms & Conditions Privacy Policy