EU DATA PROTECTION & PRIVACY POLICY
(“the Policy”)
- INTRODUCTION
In connection with the legal and regulatory compliance requirements of EquiLend Holdings LLC and its affiliates (together “EquiLend”or “we”), EquiLend has adopted the Policy in order to ensure compliance with applicable data protection laws. The Policy should be read in conjunction with EquiLend’s Terms and Conditions relating to the access and use of its website and in connection with any user or customer agreement.
The Policy describes how we process [1] personal data [2] regarding individuals (“Personal Information”) residing in the European Union (“EU Persons”) (together “Data Subjects”). The Policy is applicable to external EU Persons only and does not apply to EquiLend employees, prospective employees or temporary workers engaged by EquiLend based in the European Union (together “Employees”).
For the avoidance of doubt, Personal Information and its use by EquiLend may vary depending upon the EquiLend products and services you use, your relationship with EquiLend and that of your institution.
- WHO WE ARE
EquiLend is comprised of a number of separate legal entities that includes EquiLend LLC, EquiLend Canada Corp, EquiLend Clearing LLC, EquiLend Europe Limited, EquiLend Limited, EquiLend Asia Limited, DataLend LLC and Automated Equity Finance Markets, Inc (together “the Affiliates”), along with EquiLend Holdings LLC (“the Parent”). The Affiliates are wholly owned by the Parent. Together, they make up EquiLend.
For the purposes of the Policy, EquiLend is a Processor [3] of Personal Information relating to Data Subjects.
If you have any questions, or want further information as to how we process your Personal Information, you can email EquiLend at [email protected].
- HOW WE PROCESS PERSONAL INFORMATION
3.1 Groups of Personal Information
EquiLend may process, in the normal course of its business, the following types of Personal Information in order to provide services to you and your employer.
- Contact Information – Details such as address and means of contact;
- Socio Demographic Information – Details about work, profession, nationality and education;
- Open Data and Public Sources – Details available in public records and data that is openly available on the internet;
- Contractual Information – Details about the products and services we provide;
- Locational Information – Details associated with geography such as an email address;
- Communication – Information derived from emails, letters and conversations;
- National Identifiers - A number or code issued by a government agency used to identify you;
- Special Types of Data – Data related to criminal convictions and offences or related security measures.
3.2 Specified and Lawful Purposes
EquiLend may process Personal Information, in the normal course of its business, to;
- administer, support, improve and obtain feedback on its products and services;
- detect, prevent and remedy technological faults;
- service and / or enforce contractual terms;
- manage fees and charges due on client accounts;
- assess the suitability and appropriateness of its products and services;
- ensure compliance with any requirements of law, regulation, associations or codes EquiLend may choose to adopt, from time to time;
- validate certain disclosures made to EquiLend, which may comprise the use of third parties engaged by EquiLend as well as publicly available information acquired through regulatory and statutory sources including law enforcement agency sanctions lists;
- manage security, risk and prevent crime (together “Specified Purposes”).
EquiLend may only process Personal Information where there is a lawful basis to do so. In relation to the Specified Purposes, we will process Personal Information associated with Data Subjects where;
- It is necessary for the performance of a contract;
- It is necessary for compliance with a legal obligation to which we are subject;
- It is necessary for the pursuance of EquiLend’s legitimate interests except where such interests are overridden by the interests or fundamental rights and freedoms of Relevant Individuals.
For the avoidance of doubt, EquiLend does not seek to rely on the consent of Data Subjects for the processing of their Personal Information. Where we do require consent, such as in the processing of data relating to criminal convictions and offences, Data Subjects or their organisation will be approached.
Where we provide services that may involve the disclosure of Personal Information on behalf of a client, it shall be the responsibility of the client to ensure that it has all the necessary rights to permit EquiLend to process and disclose such information accordingly.
3.3 Marketing
EquiLend may, from time to time, contact you about its services and / or products which may be of interest. For example, we may invite you to attend a seminar or working group, or contact you in order to provide updates to our services and products or to advise you of new EquiLend publications (together “Marketing Communications”). Such contact may be by email, post or, from time to time, by telephone.
You have the right to opt out of receiving Marketing Communications by following the instructions enclosed with them. If you do so, you will no longer receive, inter alia, invitations, product information or access to new EquiLend publications.
- WHERE WE COLLECT PERSONAL INFORMATION FROM
EquiLend may process Personal Information about you and your employer from across all of its product lines and any of the following sources;
- When you use any EquiLend product or service requiring registration or are permitted access to such services by your employer as proffered by EquiLend;
- When you communicate directly with Employees, by email, telephone or in person during the normal course of business, including the reporting and tracking of service related incidents;
- Specific information required by EquiLend in order to comply with its regulatory, statutory or legal obligations;
- Suppliers and third parties EquiLend may engage for the pursuance of its legitimate interests and legal obligations.
- TO WHOM AND WHERE PERSONAL INFORMATION MAY BE DISCLOSED
5.1 Within your own organisation
We may transfer or disclose your Personal Information to your employer where they;
- Have subscribed to receive services or products from EquiLend on behalf of their institutional users; and
- Have a legitimate reason to receive the information.
If you are the contact person within your organisation for an EquiLend service or product we may pass your contact details to those within your organisation for this purpose.
5.2 Within EquiLend
We may disclose Personal Information to Employees in order to manage and administer obligations under a contract or proposed contract with clients.
5.3 Third Parties
We may disclose Personal Information to third parties [4] that supply services to EquiLend, in the normal course of business, and where we are required to by law.
In the context of providing services, we may disclose Personal Information to other EquiLend clients by means of the shared trade ticket and / or during the course of trade matching activities.
5.4 Internal Transfer of Personal Information
Personal Information may be made available internationally, including in countries which may not have the same level of legal protections for Personal Information, including EquiLend entities based in the United States.
We seek to require those entities to whom we permit access to your Personal Information to protect it appropriately. We use binding corporate rules and certain model clauses recognised by the European Commission, in EquiLend intercompany agreements (“the Agreements”). The Agreements set out the terms and obligations of both the Parent and the Affiliates in relation to the provision of its services and the fiduciary duty owed to its clients on a global basis.
In addition, EquiLend has developed internal policies and procedures concerning the oversight and governance of its information technology and security systems. These policies and procedures address areas such as regression, performance, end to end and system testing as well as data capacity monitoring, penetration and vulnerability testing, business continuity and back up standards etc.
- RECORD KEEPING
6.1 Monitoring of Communications
We may monitor email and other communications [5] addressed to Employees in order to ensure regulatory compliance, that electronic systems are operating effectively and for the detection and prevention of crime.
In the case of emails, we may reject, delay or remove content or attachments which may disrupt systems or pose security concerns such as viruses. We may also filter out emails which contain certain content on the basis that the content is offensive or if the email is unwanted or spam. Unfortunately, in limited cases, this may result in innocuous communications being affected. EquiLend works actively to reduce such occurrences.
6.2 Storage and Duration
EquiLend will retain your Personal information for as long as you are registered to use its services and / or your employer is a client of EquiLend.
We may retain your Personal Information for a reasonable period if we cannot delete it for legal, regulatory or technical reasons. The reasons we may do this are:
- To respond to a complaint or contractual query, or to show that we have acted in our client’s best interests;
- To develop and provide new services and products; and
- To act in accordance with regulatory record keeping retention requirements.
EquiLend will only use your Personal Information for these purposes and will ensure that your privacy is protected.
- PROCESSING PERSONAL INFORMATION
7.1 Data Subject Rights
To the extent provided under the General Data Protection Regulation 2016/679 (“GDPR”), you are entitled to access your Personal Information, obtain information on the processing of your Personal Information, have your Personal Information rectified or erased, or exercise your right to data portability. You are also entitled to withdraw any consent that you might have given to the processing of your Personal Information, including any consent to receive Marketing Communications, with future effect.
7.2 Restrictions on Processing
You may request that we;
- Restrict where there is a problem with the underlying legality of the processing of your Personal Information; and
- Remove your Personal Information if there is no need to retain it and subject to EquiLend’s record retention requirements, as may be amended from time to time.
For the avoidance of doubt, where Personal Information is restricted or withdrawn we may not be able to perform or manage obligations under a contract with your employer. We may also not be able to remove your Personal Information for legal or other official reasons. If this is so, we will inform you and your employer.
If you would like to exercise your rights under the GDPR or learn more about the details of the processing of your Personal Information you can contact EquiLend by emailing [email protected]. We will respond to your request as soon as reasonably practicable within the legally permitted timeframe.
- COMPLAINTS
If you have any concerns regarding the processing of your Personal Information you can contact EquiLend, in the first instance, by emailing [email protected]. We take complaints seriously and will always recognise a complaint as requiring resolution, whether made in writing or orally directly to EquiLend or to its Employees.
If you believe that your concerns have not been adequately addressed then you may raise your concerns with the Information Commissioner’s Office at www.ico.gov.uk
- CHANGES TO THE POLICY
Future changes to the Policy will be posted to EquiLend’s website.
[1]Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
[2]Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online data or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
[3]Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
[4]Third party means a natural or legal person, public authority, agency or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
[5]Communications will ordinarily include, but are not exclusive of, emails, appropriate messenger software and social media channels used by EquiLend during the normal course of business.