T. Rowe Price International Ltd, 5 Paternoster Square, London EC4M 7DX and T. Rowe Price (Luxembourg) Management Sàrl, 35, Boulevard du Prince Henri, L-1724 Luxembourg, Grand Duchy of Luxembourg (individually and collectively, “T. Rowe Price”) have prepared this EMEA T. Rowe Price Associate and Non-Associate Privacy Notice (Notice) to be provided to individuals like you who are either employed by (Associate) or who are providing services (e.g., on a self-employed or contractor basis) (Non-Associate) to either firm. When we say “T. Rowe Price,” “we” or “us” in this document, we mean the T. Rowe Price entity that you work for or with. In addition, you will see a number of references to the “T. Rowe Price family of companies,” which includes other T. Rowe Price entities globally, such as T. Rowe Price Associates, Inc., and T. Rowe Price Group, Inc., both in the United States and their affiliates and subsidiaries1.
This Notice explains the types of personal data we collect; how we use it; who we share it with; how we protect it; and your legal rights. “Personal data” means information that (either in isolation or in combination with other available information) enables you to be identified as an individual directly or indirectly. Please read the following carefully as it explains our practices regarding your personal data and how it is handled.
Where you are employed as an Associate, T. Rowe Price needs to process your personal data in order to enter into our contract of employment with you and to continue to perform crucial aspects of that contract of employment, such as paying you and providing you with benefits (e.g., health care, pension). There are also statutory and other contractual requirements we have to comply with in relation to your employment.
Where you are providing services as a Non-Associate, T. Rowe Price needs to process your personal data in order for you to provide services to us and continue to perform crucial aspects under the contract under which you provide those services, such as paying you for your services.
If we are not able to carry out the processing activities we describe in this Notice, we may not be able to comply with your contract of employment or with the terms of the contract under which you provide services to us, and in certain very exceptional cases, we may not be able to continue your relationship with us. Of course, we hope it would never come to that; this is simply information we are obliged to provide to you as part of this Notice.
In certain limited circumstances, we may need to ask for your specific consent to process your personal data in a particular way, and in circumstances where that happens it will be clear what we are seeking consent for.
1Certain of our affiliated companies, such as Oak Hill Advisors L.P., may have their own human resources privacy notice or policy that applies to you.
We may collect personal data directly from you or it may be supplied to us by another party. In most cases, we only allow other parties to carry out the collection of personal data about you when those other parties are acting as a service provider or contractor to us. The retention, use, and disclosure of your personal data by these companies is subject to our contracts and applicable laws. However, depending on your role, certain third parties may carry out collections of personal data under certain circumstances, such as the following:
We may engage professional consulting services or research firms to collect data for us. For example, if you participate in a survey we sponsor, the other firm will provide you with its contact information and privacy notice before you are asked to provide any personal data to it.
We may also collect personal data from other publicly or commercially available sources. We may create personal data about you, such as records regarding leaves of absence. Creation of personal data about you may occur through traditional means or through artificial intelligence (AI), including generative AI. We may also collect information about you from work colleagues or clients, such as in connection with performance reviews or client satisfaction surveys. In each case, we only collect those data elements that are needed for our legitimate interests.
We may use cookies and other technologies to collect personal data regarding interactions with our digital content, such as our websites, mobile applications, or emails. To learn more about how we use cookies and how you can control your digital experiences (as applicable), please see our Cookie Policy.
When you work on our networks and computer systems, we may use logging and other technologies to collect personal data. We process all data we obtain from you or other sources, including data from your previous employer, or that we create, in accordance with this Notice.
The categories of personal data we may collect, process, maintain, use, and transfer in connection with our current or former work relationships include those set out in the list below. While we have grouped information for Associates and Non-Associates together, not all examples will be relevant and will be dependent on your exact role, for example, the administration of benefits programs and pension plans is relevant for Associates, but it is not relevant for Non-Associates.
In addition to the collection, processing, and use of the types of personal data described above, T. Rowe Price may collect, process, maintain, use, and transfer the following special categories of personal data about you:
We use the personal data we collect from and about you and process it for a variety of purposes related to your role and the running of our business generally, which are based on one or more legal justifications as set out below:
| Purpose | Justification |
|---|---|
| To administer and provide compensation, benefits, and other work-related allowances in accordance with your employment contract, or if you are a Non-Associate to provide payment to you (or your employer) for the services that you provide to us. | Processing your personal data for these purposes is necessary for performing contractual obligations and complying with legal requirements. |
| To administer and manage our workforce, including work hours, leave, and equal opportunity and diversity monitoring and initiatives. | Processing your personal data for these purposes is necessary for complying with legal requirements, performing contractual obligations, and/or as part of our legitimate interests in running our business effectively. |
| To evaluate your performance in your current role and potential suitability for other roles within the T. Rowe Price family of companies. | It is in our legitimate interests to process your personal data to assess your performance in your current role and potential suitability for other roles. |
| To arrange required travel or to pay travel expenses or business expenses in connection with your role. | It is in our legitimate interests to process personal data in order to facilitate travel administration and payment or reimbursement of business expenses. |
| To conduct background checks as part of your proposed or current role. | We will ask for your explicit consent before processing your personal data in this way when required and as allowed by local data protection or other law. In addition, it is in our legitimate interests to carry out the obligations and to exercise the specific rights of T. Rowe Price or you in the field of employment and social security and social protection law as permitted by local data protection or other law and/or a collective agreement. |
| To keep internal records and manage our relationship with you. | It is in our legitimate interests to keep records of your personal details and update these when necessary. It is also in our legitimate interests to keep records of any correspondence with you. |
| To manage our risks and legal rights; to help identify illegal activity; and to monitor compliance with applicable policies, procedures, and laws. | This processing is necessary for the purposes of complying with legal requirements and/or as part of our legitimate interests in managing risks to which our business may be subject or exercising or defending legal rights. |
| To comply with legal and regulatory requirements (such as in connection with required screening programs), including disclosures to tax or other regulatory authorities inside or outside your home country, and employment, service provider, and immigration-related requirements along with the administration of those requirements. | This processing is necessary for the purposes of complying with legal requirements. Sometimes, legal requirements may apply to another company, or product or service offered, within the T. Rowe Price family of companies, and it would be in our legitimate interests to assist in meeting such requirements. |
| To maintain safe, secure, and well-functioning IT and communications systems and equipment, which will include the use of appropriate logging and data loss prevention tools that allow us to track and analyse activities you conduct on systems, networks, and devices we make available to you (including your internet usage and related browsing log files) in order to be able to identify malware or other risks in web surfing traffic and to keep our data secure. | It is in our legitimate interests to monitor how our IT and communications systems and equipment are used to detect and prevent fraud, other crimes, and misuse, as well as to ensure that they are functioning as intended. In some instances, we may need to process information in this way to comply with laws that require us to keep our IT and communication systems and equipment safe, secure, and well functioning. |
| To effectively manage our business, such as concerning the products and services offered by the T. Rowe Price family of companies, service provider management, finance, security, information technology and physical infrastructure, and corporate audit, and negotiating and implementing corporate restructuring, mergers, or acquisitions. | This processing is necessary for the purposes of complying with legal requirements, performing contractual obligations, and/or as part of legitimate interests in managing our business and risks. |
| To help assess, manage, and monitor our premises, including to protect against injury, theft, legal liability, fraud, or abuse, and to protect people and property, such as through CCTV, visitor records, issuing of badges and access devices, and other physical security programs. | It is in our legitimate interests to maintain the security and orderly functioning of our premises. |
| To anonymise personal data or create aggregated datasets, such as for consolidated reporting, research or analytics. | It is in our legitimate interests to undertake internal research and activities related to maintaining and improving our workforce, including changes to our services and benefits. |
| To maintain health and safety information, assessments, and related recordkeeping. | It is in our legitimate interests to effectively manage our premises and operations consistent with health and safety practices. In some instances, we may need to process this type of information in order to comply with law. |
When relying on the legitimate interests basis for processing your personal data, we will balance the legitimate interest(s) pursued by us and any relevant third party with your interest(s) and fundamental rights and freedoms in relation to the protection of your personal data to ensure that it is appropriate for us to rely on legitimate interests and to identify any additional steps we need to take to achieve the right balance.
We may use AI, including machine learning, as part of our business operations for one or more of the purposes set out above, which involve the processing of your personal data. For example, we may use tools powered by AI to assist us with identifying and considering suitable candidates for our vacancies or to assist with our information security programs. When we communicate with you, this may also be powered by or incorporate AI.
Your personal data may also be processed as part of the training, testing, and use of AI to support one or more the purposes set out above. Where we use AI, we do so in accordance with applicable law and our policies and procedures.
Your personal data is intended for T. Rowe Price and may be disclosed within the T. Rowe Price family of companies and, in certain circumstances, to other parties as directed by you.
We may disclose your personal data to:
We may also disclose your personal data to the following types of other organisations:
The personal data that we collect from you may be transferred to, and stored at, a destination outside the jurisdiction in which you are located.
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), this means the personal data may be transferred to, stored at, and accessed from, a destination outside the EEA or UK, including to T. Rowe Price Associates, Inc., in the United States. It may also be processed by staff operating outside the EEA or UK and who work for us, an affiliate, or one of our service providers. If you are located outside the EEA or UK, then in addition to the above, this means that personal data may be transferred to, and stored at, a destination in the EEA or UK.
For transfers to T. Rowe Price entities that are not in the EEA or UK, T. Rowe Price will be bound by the EU Standard Data Protection Clauses (pursuant to Article 46(2)(c) General Data Protection Regulation) or the UK’s International Data Transfer Addendum to such Clauses (as applicable) or other appropriate safeguards to ensure that your data is protected adequately. You can ask for a copy of our appropriate safeguards by contacting us as set out below under "Contact us."
You have various rights in connection with our processing of your personal data, each of which is explained below. If you wish to exercise one or more of these rights, please contact us as stated below under "Contact us," and include your name, email, and postal address, as well as your specific request and any other information you think would be useful in order for us to process your request.
If we need additional information to verify your identity, we will let you know. We will endeavour to respond to a verified request no later than a month after receipt, unless there are grounds for extending our response time frame by up to two further months. In the event of an extension, we will explain to you why the extension is necessary. In some cases, your ability to exercise a right will be limited, as required or permitted by applicable law. If we cannot fulfill your request because we cannot verify your identity or due to exceptions under applicable law, we’ll let you know in our response.
We will only retain your personal data for as long as it is necessary for the purpose for which the data was collected and to the extent permitted by applicable laws. For example, we may retain certain details and correspondence until the time limit for claims arising from the interaction has expired or to comply with regulatory requirements regarding the retention of that data. When we no longer need to use your information, we will remove it from our systems and records and/or take steps to promptly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
We have implemented technical and organisational security measures in an effort to safeguard personal data in our custody and control. Such measures we have implemented include limiting access to personal data only to Associates, Non-Associates, and authorised service providers who need to know such information for the purposes described in this Notice; training for our Associates and Non-Associates; as well as other technical, administrative, and physical safeguards. While we endeavour to always protect our systems, sites, operations, and information against unauthorised access, use, modification, and disclosure, due to the inherent nature of the internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.
This Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version, the English version shall prevail.
If you have questions about this Notice or if you would like to exercise your rights as a data subject, please use one of the following methods (as available to you) to submit an enquiry:
This Notice is the most recent version, and the date it was last updated is located below. We reserve the right to change our Notice from time to time. If we decide to make a material change to our Notice, we will endeavour to make you aware of that fact by, for example, notifying you of these changes via email and/or posting an alert on an internal website. If we make a change that we are required by law to inform you of in other ways (such as by email), we will do so.
Last Updated: 5 February 2025