Millennium Online Privacy Notice (UK, EEA and DIFC)
Millennium Capital Management Limited, Millennium Capital Partners LLP, Millennium Operations Limited and Millennium Capital (DIFC) Ltd (collectively, “Millennium” or “we“, “our” or “us“) aim to protect your privacy as far as possible. Millennium is what is known as a “data controller” for the purposes of European and Dubai International Financial Centre (“DIFC”) data protection laws. Contact details are set out below.
Millennium may amend this notice from time to time without prior notification to intended recipients. This notice was last updated on 29 September 2020.
Applicability of this Privacy Notice
This notice describes how we use personal data of individuals in the UK, EEA and the DIFC. It applies to recruitment applicants, former employees, professional contacts, visitors to our website, or others with whom we may communicate.
How we obtain your information
We may collect personal information from you when you use our website or otherwise engage in communication with us including, for example, submitting an employment application, or when you (or any entity you represent) enter into a contractual relationship with us, including, for example, as an employee or service provider.
We collect information about you from a variety of sources, which may include:
- any documents submitted to us, including any application forms;
- our communication or correspondence with you, such as when you contact us by letter,
- telephone, email or any other means of electronic or personal communication;
- your use of the Guest Wi-Fi services on your personal device(s) at our London offices (50 Berkeley Street, London, W1J 8HD and 32 Duke Street, London, SW1Y 6DF); or
- third parties, in connection with potential employment or other contractual engagement.
Please note that, in accordance with regulatory requirements, we record calls made on certain employees’ landline and mobile telephone lines.
The information we collect
Depending on the nature of your relationship with Millennium, we may collect or may have collected the following categories of data about you:
- your name, title, contact details;
- other personalil information such as your age, date of birth and marital status;
- information related to your occupation, such as your job title and CV;
- unique identifiers such as your government-issued social security number, national insurance number, tax file number, IP address and information related to that IP address;
- details from your passport, as required and permitted by applicable laws and regulations addressing due diligence and related matters;
- financial information; and
- other information you or others may provide to us during your communications or relationship with us, for our operational or business purposes.
In limited cases, we may also collect “special categories” of information from you (sensitive data), which may include personal details relating to your immediate family members and details relating to any senior political figures (e.g. senior military or government official) to whom you are connected, information relating to political affiliations or trade union membership, or information about actual or alleged criminal convictions and offences.
You are not obliged to provide us with your information where it is requested but this may affect our ability to continue our dealings with you or employ you.
If you provide personal data on behalf of another person, it is your responsibility to notify that individual that you have provided their information to us and direct them to this notice.
Our use of your information
We process your information because it may be required for contractual or operational reasons, because it may be required by applicable laws or regulations, in our legitimate interests in order to comply with other applicable laws and regulations or for operational business purposes or in order to review and process employment applications, or on the basis of your consent.
Where we process “special categories” of information about you, we do so on one of the following bases: your explicit consent, legal or regulatory requirements, health and safety, monitoring of equality and diversity, prevention or detection of crime or similar misconduct, management of occupational pension schemes, or because the processing is necessary for the establishment, exercise or defence of a legal claim.
How we share your information
We may share your information within Millennium’s group, with our third party business partners, business associates, subcontractors and other third parties for the purposes set out below.
- Within the Millennium group and to our third party service providers: We may disclose your personal information to third parties, including our affiliates, subcontractors, agents and any person who provides professional, legal, tax or accounting advice or other services to Millennium. All such third parties are required to maintain the confidentiality of such information to the extent they receive it.
- Potential buyers, transferees, merger partners or sellers: We may disclose your personal information to a potential buyer, transferee, or merger partner or seller and their advisers in connection with any actual or potential transfer or merger, sale, acquisition, assignment, transfer, or other disposition of part or all of Millennium’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
- Legal reasons: We may also disclose your personal information or any portions thereof (a) as required by, or to comply with, applicable law, regulation, court process or other statutory requirement; and (b) respond to requests from any regulatory, supervisory or governmental authorities
How we transfer your information
Our use of cloud-based technologies and operation in a global marketplace means that your information may be shared by us outside your home jurisdiction (which may be the UK, EEA or the DIFC). Where this is the case, we ensure that an appropriate level of protection is provided to protect your information.
Due to the global nature of our business, your information may be transferred to jurisdictions outside the UK, EEA or the DIFC. Such jurisdictions may not offer the same level of data protection as in your home jurisdiction, and may not be regarded by the European Commission or other relevant regulators as providing an adequate level of data protection.
Where we transfer your information outside of your home jurisdiction, we will ensure that personal data is protected and transferred in accordance with applicable legal requirements, which can be done as follows:
- the country to which we send personal data may be approved by the European Commission or under the UK or DIFC data protection laws (as applicable) as having adequate data protection laws; or
- the recipient may have signed a contract based on standard contractual clauses approved by the European Commission or the Commissioner of Data Protection of the DIFC, obliging them to protect your personal information.
Security and retention of information
We take the protection of your personal information seriously, and have security measures, controls and policies in place.
We will hold your personal information on our systems for the longest of the following periods:
- as long as is necessary for the relevant activity or as long as is set out in any relevant agreement you enter into with us;
- the length of time it is reasonable to keep records to demonstrate compliance with professional or legal obligations;
- any retention period that is required by law; or
- the end of the period in which litigation or investigations might arise in respect of your use of our website or the services that we provide to you.
Data protection laws may provide you with rights to access data, as well as rights for data to be erased, corrected, used for only limited purposes, not used at all, or transferred to you or a third party.
You may have the following rights under data protection laws:
- Right of subject access: The right to make a written request for details of personal data about you held by Millennium and a copy of that personal data.
- Right to rectification: The right to have inaccurate information about you rectified.
- Right to erasure (‘right to be forgotten’): The right to have certain personal data about you erased.
- Right to restriction of processing: The right to request that your personal data is only used for restricted purposes.
- Right to object: The right to object to the use of personal data.
- Right to data portability: The right to ask for personal data you have made available to us to be transferred to you or a third party in machine-readable formats.
- Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal data. If you withdraw your consent, this will not affect the lawfulness of Millennium’s use of your personal data prior to the withdrawal of your consent.
These rights are not absolute: they do not always apply and exemptions may be applicable. We may, in response to a request ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
To exercise any of these rights, or if you have any other questions about our use of your information, please email us at: [email protected].
If you are unhappy with the way we have handled your information you have a right to complain to your local data protection regulator.
- In the UK, your local regulator is the Information Commissioner, whose website is available at https://ico.org.uk
- In the DIFC, your local regulator is the Commissioner of Data Protection at DIFC, who can be contacted at [email protected]
If you have any questions about this privacy notice, or our privacy related practices, you can contact: [email protected].
Supplemental Privacy Notice for EEA Investors and Investors in Cayman Islands Feeder Funds
This notice sets forth the personal data privacy practices of Millennium Management LLC (“MM LLC”; together with various affiliates,1 “Millennium”) with respect to the personal data of investors in any fund for which MM LLC or WMA Global Management LLC (“WMA”) is the investment manager (each such entity, a “Fund”). This notice only applies to the following persons: (a) individuals (i) located in the European Economic Area (“EEA”) the UK or the Dubai International Financial Centre (“DIFC”) who have invested in a Fund, or (ii) who have invested in a Cayman Feeder Fund (“Individual Investors”); and (b) Authorized Persons (as defined below) of legal persons invested in (i) a Fund (where the Authorized Person is based in the EEA, UK or DIFC) or (ii) a Cayman Feeder Fund (such legal persons, “Institutional Investors”).
Individual Investors and Authorized Persons are collectively referred to as “Investor Parties”.
Data We Collect.
Millennium collects personal data of Individual Investors, including: last name, first name, date and place of birth, contact information, bank information, tax identification number(s), country of tax residence(s), residence address (including proof thereof), source of funds, official government-issued identification (such as a passport or national ID), net worth standard qualification, as well as financial information, such as assets held in the account or payments made with respect to the account, account balances, proceeds from the sale or redemption of property paid or credited to the account together with any other information which may be necessary to satisfy our know-your customer obligations or which is required by applicable laws.
Millennium also collects names and identity verification documents of partners, directors, significant shareholders, founders, trustees, beneficiaries and authorized signatories of Institutional Investors (collectively, “Authorized Persons”), as applicable.
Use of Investor Parties’ Personal Data and Legal Basis for Processing.
Millennium will use Individual Investors’ or Authorized Persons’ personal data in the course of business for the purposes of conclusion and performance of contracts with Individual Investors or Institutional Investors, including, specifically: (a) entering into the Subscription Agreement, (b) processing subscriptions, redemptions/withdrawals, transfers and other changes in an investor’s status, (c) maintaining the registers of investors, (d) providing financial and other information to Investor Parties, (e) maintaining global client records and providing centralized administrative and investor relations and related services and (f) complying with applicable anti-money laundering rules, tax reporting requirements and other legal obligations.
In the case of Individual Investors, Millennium processes personal data because it is necessary for the performance of a contract or to satisfy an applicable regulatory or legal obligation, which may arise under applicable laws. In the case of Authorized Persons, Millennium processes personal data on the basis of a legitimate business interest, as a necessary element of entering into and performing contracts with Institutional Investors, or to satisfy an applicable regulatory or legal obligation, which may arise under applicable laws.
Disclosure to Certain Third Parties.
Millennium may disclose certain personal data: (a) to its affiliates and service providers, such as fund administrators, auditors, legal and tax advisors or broker-dealers; (b) to fraud prevention agencies and law enforcement agencies; (c) to courts, governmental and nongovernmental regulators, tax authorities and ombudsmen; (d) to any third party that acquires, or is interested in acquiring, all or part of Millennium’s assets or shares, or that succeeds Millennium in carrying on all or a part of its business, whether by merger, acquisition, reorganization or otherwise; (e) as required or permitted by law, including to comply with a subpoena or similar legal process or government request, or when Millennium believes in good faith that disclosure is legally required or Millennium has a legitimate interest in making a disclosure, such as where necessary to protect Millennium’s rights and property; or (f) as directed or authorized by the subject of the personal data.
Transfer of Personal Data Outside the EEA, DIFC or Cayman Islands.
Investor Party personal data may be transferred to other recipients located in countries outside of the EEA, DIFC or Cayman Islands, which may not have equivalent data privacy laws. We transfer Investor Parties’ data because it is necessary for the provision of the services listed in the “Use of Investor Personal Data” section above. To the extent that Investor Parties initially provide personal data to Millennium within the EEA, DIFC or Cayman Islands, we may transfer such data outside such jurisdiction. If we do so, we will ensure that personal data is protected and transferred in accordance with applicable legal requirements, which can be done as follows:
- the country to which we send personal data may be approved by the European Commission; or
- the recipient may have signed a contract based on standard contractual clauses approved by
- the European Commission (“model clauses”), obliging them to protect your personal information.
Investor Parties may request access to model clauses by contacting Millennium at the email below.
Rights of Investor Parties.
Under applicable data privacy laws, Investor Parties may have a right to:(a) request access to and rectification or erasure of their personal data; (b) obtain restriction on processing or to object to processing of their personal data; and (c) the right to data portability. If you wish to exercise any of these rights you should contact [email protected] Investor Parties also have the right to lodge a complaint about the processing of their personal data with their local data protection authority in the EEA, the Commissioner of Data Protection at DIFC or with the Office of the Ombudsman in the Cayman Islands, as applicable.
Security and Retention.
Millennium will take reasonable steps to protect Investor Parties’ personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held. The length of time for which Millennium will maintain Investor Parties’ personal data will principally depend on (a) how long we need to keep the information for the relevant purpose, and (b) the period of time for which we have to keep your personal information in accordance with any applicable legal or regulatory requirement.
Obligations of Institutional Investors.
Each Institutional Investor must ensure that it has complied, and shall continue to comply, with its obligations relating to personal data that apply to it under the applicable data privacy laws in the EEA, DIFC or Cayman Islands, and any other jurisdiction in which that Institutional Investor has any operations.
Institutional Investors are reminded that it is their responsibility to: (a) provide adequate notice, and obtain valid consents from, Authorized Persons, in each case, to the extent necessary for Millennium to process personal data in connection with anySubscription Agreement that the Institutional Investor and Millennium are parties to (including cases in which the Institutional Investor may transfer personal data to Millennium in Cayman Islands, DIFC and/or countries both within and outside of the EEA); (b) ensure that they shall not, by act or omission, cause Millennium to violate any data privacy law notices provided to, or consents obtained from, individuals as a result of processing personal data for any purpose relating to any Subscription Agreement,a shareholder’s ownership of shares in a Fund or an Institutional Investor’s ownership of interests in a Fund (as applicable); and (c) ensure that Millennium is informed when an Authorized Person is no longer associated with the Institutional Investor.
For any questions regarding this notice, please contact [email protected].
1 The affiliates, for the purposes of this notice, include: Millennium International Management LP (“MIM”), Millennium Capital Partners LLP (“MCP”), MPG Operations LLP (“MPG”), Millennium Capital (DIFC) Ltd (“Millennium DIFC”), WorldQuant LLC (“WQ LLC”), WMA, Millennium International, Ltd. (“MIL”), WMQS Global Equity Active Extension Offshore Fund, Ltd. (“GEAEO”) , WMA International Equity 130/30 Offshore Fund, Ltd. (“IEO”), and WMA US Equity 130/30 Offshore Fund, Ltd. (“USEO”). For the purposes of Regulation (EU) 2016/679 (“GDPR”), The Data Protection Law, 2017 (Cayman Islands) (“DPL”), Data Protection Act 2018 (UK), Data Protection Law DIFC Law No. 5 of 2020, MM LLC, MIM, MPG and MCP are “Data Controllers” with regards to MIL, while MM LLC, MIM, MCP, Millennium DIFC, WQ LLC, and WMA are “Data Controllers” with regard to GEAEO, IEO and USEO. In addition, MIL, GEAEO, IEO and USEO are “Data Controllers” on their own behalf and are collectively referred to as “Cayman Feeder Funds”.