Europe, Middle East, and Africa Privacy Statement
Last updated: 14 December 2020
Morningstar is committed to keeping your personal information safe. This Privacy Statement describes how we use personal information, with whom we may share it, how we keep it secure, and your rights relating to your personal information.
This Privacy Statement applies to Morningstar EMEA users and customers (or “you”) who use, order, register, or interact with any Morningstar product or service. This includes customers and subscribers, product users, site visitors, and event attendees. This Privacy Statement applies to all personal information you provide us, whether through our website or otherwise.
Morningstar U.K. is the controller or processor (as explained below) for the personal information collected in accordance with this Privacy Statement.
Morningstar offers a wide range of products and services throughout the world and may use your information in different ways. You can find privacy statements for certain subsidiaries’ products here. In the event of a conflict between the terms of this Privacy Statement and a product-specific privacy statement, the product-specific terms will take precedence.
Depending on the Morningstar products and services you use, Morningstar is either a controller or a processor. Morningstar is a controller (a) in connection with the performance of its legal obligations or exercise of its rights and obligations under a contract it has in place with a customer, supplier, website subscriber, or other third parties, as well as to provide requested services and (b) where it collects personal information for marketing and business-development purposes.
Where a customer subscribes to a Morningstar online tool or service into which they input personal information of their employees, or other third parties for their own purposes, the customer will be the data controller in respect of this personal information. Morningstar is the processor where it hosts personal information inputted into the online tool. The customer should therefore ensure that it and its authorised users are compliant with their obligations as a controller of this personal information and can comply fully with data access requests, have consent (where required) or other legitimate grounds for the processing of the personal information inputted into the online tool or service.
Where Morningstar is a processor, we will process your personal information in accordance with our customers’ instructions and as further agreed in the contract we enter with our customers.
Morningstar is a global company and hosts instances of its online tools outside of the EEA and UK both within Morningstar and with selected third parties that have been selected for their compliance with applicable law. Morningstar ensures it has appropriate security and failover safeguards to ensure its SLAs for availability are met and to protect the integrity of its online tools and the personal information and information inputted by the authorised users.
The below sections of this Privacy Statement explain how Morningstar processes your personal information as a controller.
Certain Morningstar products have specific privacy practices that apply to them. In the event of a conflict between the terms of this Privacy Statement and the product-specific privacy practices, the product-specific privacy practices take precedence. Below, you can find a brief FAQ about how specific Morningstar products use your personal information.
How we collect your information
Morningstar collects your personal information through your interactions with us or from third-party sources. Specifically, we collect your information when:
We may also collect information about you from third parties, including:
Personal information we collect
The types of personal information we collect depend on your interactions with us and may include the following:
How we use personal information
How Morningstar uses your information depends on the product and service that you use and your relationship with us. We use personal information as permitted under applicable law and for the following purposes:
To provide a service that you requested, including to:
In accordance with our legitimate interests, namely to:
To comply with our legal obligations, which include our or third parties’ audit and compliance requirements, such as under tax law and laws governing securities and financial services. Morningstar will produce personal information to a government regulating body or law enforcement only upon a lawful demand for such information.
Where required by law, we obtain your consent before using your data for marketing purposes. This is the case, for example, for third-party advertisements or when you are not an existing customer and want to subscribe to our newsletters.
How we share personal information
Morningstar shares your personal information with other Morningstar companies, our business partners, content providers, customers, service providers, and other third parties with your consent or for the purposes disclosed above in this Privacy Statement. Where required by applicable law, Morningstar puts in place appropriate contractual safeguards to ensure that service providers only process personal information pursuant to our instructions and implement appropriate technical and organizational safeguards to keep your personal information secure.
Links to other websites and services
Where applicable, Morningstar may provide links to one or more third-party sites within our products or services. This Privacy Statement does not apply to those sites. We encourage you to read any third-party site’s privacy statements, policies, or other disclosures before providing any of your personal information to them.
How we protect, store, and transfer your personal information
Morningstar maintains a comprehensive information security program intended to keep your information safe. We have technical, physical, and organizational measures in place to protect against unauthorised access to or unauthorised alteration, disclosure, or destruction of personal information. The measures we use are appropriate to the nature, scope, and purpose for which we use the personal information we collect. Only Morningstar staff that need access to personal customer data to perform their roles have access to it and do so in accordance with this Privacy Statement.
Our security and privacy policies are periodically reviewed and enhanced as necessary.
Morningstar companies, its operations, workforce, and service providers are located throughout the world. Depending on how you interact with us, your personal information may be handled and stored in, accessed from, or transferred to different countries. These countries may include the United States, Canada, China, India, Australia, Singapore, and others. These countries may not guarantee the same level of protection for personal information and judicial redress as the country in which you reside. We put in place contractual transfer contracts (such as EU Model Clauses) with the data recipients to ensure that your personal information remains protected when it leaves the EEA and/or UK.
If you would like to receive more information about, or a copy of, our transfer contracts, please contact us through one of the methods listed below in the section Contact Us.
In accordance with applicable law, you have certain rights in respect to your information, such as a right of access, rectification, restriction, erasure, opposition, and portability. Where you gave us your consent to process personal information, you have a right to withdraw that consent for the future at any time. You also have a right to lodge a complaint with the Supervisory Authority for data protection in your country. To exercise those rights, please contact us at email@example.com.
Morningstar will respond to an access request as soon as possible and no later than 30 days of the request. In some cases, there may be reasons why Morningstar cannot accede to a particular request, for example where local retention periods require the holding of personal information for a certain period of time or such data is required to perform our obligations or exercise our rights under an Order Form and/or Agreement. If we cannot accede fully to a data subject access request, we will respond as soon as possible with reasons.
If you request that we erase your personal information and we process that request, we may still retain certain elements of your personal information as permitted by law, including to comply with legal, regulatory, or our own policy requirements.
We won’t discriminate against our customers that choose to exercise their rights to access, control, or delete their personal information. Some of our products and services, however, may require your personal information. If you choose not to provide your personal information or erase your personal information, you may not be able to use those products or services.
Morningstar retains personal information only for as long as necessary to fulfil our contractual or legal obligations or for the amount of time necessary to fulfil the purposes we have set out above. Individual jurisdictions have different tax, accounting, regulatory, and legal retention requirements and Morningstar is bound to keep certain personal information in accordance with these local requirements.
If you access our website to inquire about employment with a Morningstar company, we may collect the following personal information: your name, physical and email addresses, phone number(s), and any additional employment-related information that you choose to provide.
If you are submitting an employment application through our site, we may also collect your username and password.
We use this information to process and manage your application for employment with Morningstar. We may also use candidate personal information to fulfil reporting requirements as required by law.
Morningstar does not separately identify or collect any information that is specific to children.
Cookies and similar technologies
Certain Morningstar affiliates may offer products and services that have specific privacy policies that apply to them. In the event of a conflict between the terms of this Privacy Statement and the product-specific privacy statement, the product-specific statement takes precedence. Please view our product-specific statements below.
How we revise this statement
Our business frequently changes, and we may need to update this Privacy Statement to reflect those changes. When we make changes to this Privacy Statement, we’ll revise the “last updated” date at the top of this page. If we make material changes to this Privacy Statement, we’ll notify you directly as required by law.
If you have a concern, complaint, or question about how we handle your personal information, please contact us by using our web form, call us toll-free at (+44) 020 3107 0000, or write us at the following mailing address:
Morningstar UK Limited
1 Oliver’s Yard
55-71 City Road
EC1Y 1HQ – London
You can contact our data protection officer at firstname.lastname@example.org.