Last updated: 10 October 2024
Privacy and cookie notice
- What is purpose of this notice?
- Lawful bases for processing your personal data
- What categories of personal data do we collect and use?
- Why do we collect personal data, and what personal data do we collect?
- Cookies – an overview
- How long is personal data kept for?
- How is your personal data collected?
- Who do we share your personal data with?
- What are your rights regarding your personal data?
- What about data security and quality?
- How often do we update this notice?
- Questions or concerns?
This notice contains important information on the collection and usage of your personal data (which means data that can be used to identify you as an individual, whether directly, like your name, or indirectly, like information about the company that you work for/represent) whenever you (referred to in the notice as “you”, “your”) use Euroclear websites (euroclear.com and my.euroclear.com - referred to collectively in the notice as “Websites”) and associated marketing channels (such as e-mails) maintained by Euroclear SA/NV, which processes your personal data on behalf of the relevant Euroclear group companies listed below, with their registered addresses listed in Section 12 of this notice (they shall be collectively referred to from this point on as “Euroclear”, “we” or “our”):
Euroclear SA/NV;
Caisse Interprofessionnelle de Dépôts et de Virements de Titres SA/ Interprofessionnelle Effectendepositen Girokas NV (C.I.K.) (commercial name Euroclear Belgium);
Euroclear France SA;
Nederlands Centraal Instituut voor Giraal Effectenverkeer B.V. (commercial name Euroclear Nederland);
Euroclear UK & International Limited;
Euroclear Bank SA/NV;
Euroclear Holding SA/NV;
Euroclear RE SA;
Euroclear Sweden AB;
Euroclear Finland Oy;
MFEX Mutual Funds Exchange AB;
MFEX France SA;
MFEX Luxembourg S.A.;
Global Fund Watch AB;
MFEX Suisse SA.
This notice explains what categories of personal data are collected about you, why we collect it, how we use it and with whom we share it. We also provide you with an explanation of your rights in relation to your personal data. Furthermore, we aim to provide you with comprehensive information about cookies that are used by us.
Specific Euroclear group companies are the controllers of the personal data that is processed about you, as per GDPR1 and (where relevant) UK GDPR2, which means that they are responsible for deciding how they collect and use your personal data in accordance with these regulations as well as with applicable local laws.
It is important that the personal data we hold about you is accurate and up-to-date. Please note that you can amend it yourself via our public website or your MyEuroclear account. You can also contact us using the details in Section 12 of this notice.
Depending on the processing activity and the purpose we are pursuing, we may rely on the following lawful bases for the processing of your personal data under the GDPR and (where relevant) under the UK GDPR:
Article 6(1)(a) - your consent (e.g. when you allow optional cookies from our Websites or when you subscribe to our marketing feeds).
Article 6(1)(b) - necessity arising from the fact that we have entered into a contract with you and we need to ensure its performance (e.g. when you register a MyEuroclear account).
Article 6(1)(c) - our legal obligation (e.g. we need to comply with data disclosure requests from regulators).
Article 6(1)(f) - our legitimate interests, which are our pursuits that are not legal obligations, but are, at the very least, allowed by the law and other regulations that we follow (e.g. when we defend against/pursue legal claims or perform direct marketing).
Below you will find categories of personal data that we may process in accordance with local law whenever you use the Websites and associated marketing channels. Keep in mind that this is not an exhaustive list and that we do not necessarily process all of these categories of personal data in every case. We only process the data if needed in view of the processing activities listed in Section 4.
Device data: such as IP address, information contained in HTTP headers or other internet transfer protocol signals, device type and version, operating system, user-agent strings, screen resolution, browser type and version.
Business card data: first and last name, professional e-mail address and phone number, job title, employer (or company name), business address.
Account data: first and last name, Euroclear account or company registration number, Euroclear group company name, title, login, submission of registration and forms, preferred language, business e-mail address, telephone number, function, department, name of the employer (or company name) and its address and domain, type of agent and agent account number.
Behavioural data: such as information about usage of the Websites and associated marketing channels, webpages clicked on the Websites, content areas visited, date and time of activities, the web search you used to locate and navigate to the Websites, search terms entered into our Websites’ search function, files downloaded.
Below you can find details on:
What personal data about you we process,
Why we process it,
The legal bases to do so under the GDPR and (where relevant) UK GDPR.
Categories of Personal Data3
Cookies are small text files which are placed on your device by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
If you wish to learn more about cookies, please visit allaboutcookies.org.
We use cookies to guarantee the proper functioning of our Websites and to make them easier to use, as well to provide you with a more personalised experience based on your interests and needs.
We also use cookies to collect anonymous statistics that enable us to understand how and how frequent you use our Websites and to help us provide better customer service.
These cookies are essential for the Websites to function and cannot be switched off in our systems, for example cookies that allow a user to access secure areas of the Websites. Because these cookies are strictly necessary, a user cannot refuse them without impacting how our Websites function.
These cookies are used to enhance your experience on our Websites. They enable the sites to remember your settings. You can activate or deactivate these cookies at any time.
These cookies collect information about how you use our Websites, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymised. Their sole purpose is to improve our Websites’ functions. This can include cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited. You can freely update, decide to activate or deactivate these cookies.
First-party cookies are set by the web server of the visited page (i.e. Euroclear). They share the same domain.
Third party cookies are stored by a different domain to the visited page's domain (e.g. www.youtube.com). This can happen when the webpage references a file, such as JavaScript, located outside its domain.
When entering our Websites, you will be immediately introduced to the Euroclear cookie notice. Through it you can accept, manage or reject the cookies we use.
Please be aware that refusing the use of cookies may have an impact on the functionality of our Websites. Some of our services, including logging into our secured area, require cookies in your browser to view and use them.
You always have the possibility to adjust your browser settings to accept or block cookies, or to notify you before you receive a cookie. Each browser has a different procedure for disabling the use of cookies. The Help function within your browser tells you how you can modify your settings.
Alternatively, you may wish to visit aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on this site on how to erase cookies from your computer or mobile device as well as more general information about cookies.
A complete list of all cookies used on our Websites can be found here. You can opt out of cookies that are not required to enable core site functionality.
As a general rule, we are only allowed to process your personal data for no longer than it is necessary to fulfil the purpose for which we have collected it for.
For example, if you gave us your consent for the purpose of receiving marketing information only about a specific product, but we have later decided to remove it from our offer, we would, ordinarily, have to cease sending you marketing information about this specific product, since that purpose would no longer exist.
However, you should keep in mind that even if we have achieved a certain purpose (or if it is no longer possible to do so) for which we have collected and used your personal data, it is possible that we could still process your personal data for other purposes.
For example, we cannot process your personal data for the purpose of managing your MyEuroclear account if you delete it. But we could continue processing it for other purposes, for example:
Exercising our right to defend against and pursue legal claims in connection with your activities linked to your MyEuroclear account;
Conducting an investigation into a fraud attempt connected to your MyEuroclear account.
Aside from having to follow a purpose, we also need to have a legal basis in order to be able to process your personal data (you can find more details in Section 2 of this notice). We cannot pursue our stated purposes if we do not have legal bases that would allow us to do so or if they cease to be valid, which might happen when:
Consent: you withdraw it or it expires (if the consent form specifies a duration).
Contract: it expires or is terminated.
Legal obligation: the obligation no longer stays in effect.
Legitimate interest: you exercise your right to object (subject to conditions described in Section 9 of this notice).
For example, we use cookies to track your browsing activity on our Websites because you have given us your consent to do so for the purpose of receiving personalised advertising. However, if you later decide to withdraw your consent, we can no longer continue this processing activity. Although we still have a purpose we wish to fulfill, i.e. providing you personalised advertisement, we now lack the legal basis to do so without your consent.
When you give one of our representatives your business card or share your data with them in any other manner.
When you visit our Websites – we collect your data via cookies and similar tracking technologies.
When you register an account on MyEuroclear.
When you use an application provided to you by us.
When you contact us through e-mail or web form.
When you register for an event.
When you subscribe to our marketing newsletter.
When you complete a form in order to access certain documents (such as white papers) on our Websites.
We use embedded pixels in e-mails to provide information on when the e-mail was opened to track marketing campaign responsiveness. Information collected using these technologies may be associated with the recipient's e-mail address.
We receive personal data from our partners or event organisers you have authorised to transfer your personal data to us. These parties are responsible for managing their use of personal data.
We receive personal data from third party permission-based lists. On occasion, we use such lists to send communications about Euroclear products and services, expert views and opinions on the topics relevant to our industry. These lists, which are maintained by third parties, include users eligible under GDPR and (where relevant) UK GDPR and local applicable laws to receive e-mails from other companies such as Euroclear. When we use such lists, the communications will include mechanisms to opt out of receiving our marketing communications.
Failure to provide us any mandatory information may mean that:
It will not be possible to create your MyEuroclear account (and as such, to perform the associated contract).
You might not be able to use certain functions of our Websites.
We will not be able to respond to your queries regarding our Websites and associated marketing channels.
You will not be informed about our events or invited to participate in them.
You will not be able to access certain documents on our website (such as white papers).
You will not receive information regarding important changes to our service.
You will not receive legally mandated information.
You will not receive marketing materials.
We may transfer your personal data to other Euroclear affiliated entities4 or to our business partners (e.g. joint venture companies).
We may disclose your personal data to our third-party vendors, service providers and partners who provide services to us (e.g. IT platform management or support services, infrastructure and application services, data analytics, security agents, co-hosts of our events) or who otherwise process personal data for purposes that are described in this notice or are notified to you when we collect or share your personal data.
We may provide your personal data to any competent law enforcement or regulatory body, governmental agency, court or other third party such as, but not limited to the police, the financial supervisory authorities, tax and social security agencies, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights.
We may also disclose your personal data to our auditors, advisors, lawyers and similar agents in connection with the advisory services that they provide to us.
Finally, we may disclose your personal data to a potential buyer, seller or joint venture (and its agents and advisers) in connection with any proposed purchase, merger, acquisition or transaction.
It is possible that in some circumstances we may transfer, in the course of our activities, personal data outside the European Economic Area (EEA) and United Kingdom (UK). In this context we take appropriate safeguards as required by applicable data protection laws - transferring the personal data:
to a recipient in a country that the European Commission and/or the UK has recognised that it provides adequate protection of personal data,
to a recipient that has executed standard contractual clauses adopted or approved by the European Commission or International Data Transfer Agreements for UK entities, or on the basis of binding corporate rules, with an additional data transfer impact assessment performed by us as necessary,
or, in exceptional cases, relying on the derogations under the applicable data protection law.
If you would like to see a copy of the appropriate safeguards we rely on, please contact us using the details in Section 12 of this notice.
This section summarises the rights you have as a “data subject” (which means the person who the personal data relates to) under the GDPR and (where relevant) the UK GDPR.
The exercise of these rights is subject to conditions which are set out in the GDPR/UK GDPR and while they are wide-ranging, in limited circumstances it may not be possible to fully exercise them e.g. you request that your personal data should be deleted, but the law requires us to keep it.
You have the right to access your personal data. You may also request a copy of it – this, however, cannot adversely affect the rights and freedoms of others.
If you think your personal data is incomplete, inaccurate or out of date, please let us know and we will rectify it as appropriate.
Under the conditions provided by the GDPR/ UK GDPR, you have the right to request that Euroclear erases your personal data in certain cases.
You have the right to ask Euroclear to restrict processing of your personal data. If certain conditions are met, we are only permitted to store your personal data without further processing (unless you give us your consent or when it’s necessary for the establishment, exercise or defence of legal claims).
You have the right to request the transfer of your personal data you provided to us back to you or to a third party of your choice in a machine-readable format, but only if we process it on the basis of your consent or contract, the processing is carried out by automated means and it does not adversely affect the rights and freedoms of others.
You have the right to object when processing is based on our legitimate interests. We will then stop the processing, except if the law authorises us to pursue this processing activity or our interests override your interests, rights and freedoms or when we need to continue with the processing because it’s necessary for the establishment, exercise or defence of legal claims.
Whenever we process your personal data on the basis of your consent, you have the right to withdraw it at any time. The validity of our processing of your personal data prior to that withdrawal will not be affected.
You have the right to complain to your local data protection authority about our collection and use of your personal data if you feel that Euroclear has not sufficiently addressed your concerns or complaints. For more information, please contact your local data protection authority. You can find contact details for many data protection authorities in Europe and beyond here.
If you would like to exercise one of the above rights, please send your request using the contact details listed in Section 12.
Where possible, we would be grateful if you could please provide the following additional information along with your request to help facilitate it:
An explanation of the specific documents and/or files you are requesting,
Your relationship with Euroclear (i.e. client’s representative, former client’s representative, agent etc.),
Your full name and (e-mail) address, and
Proof of your identity. If your identity cannot be confirmed with the use of less inconvenient means (e-mail address, phone number, verification questions), you can be asked to submit any documents that can reasonably confirm your identity (e.g., an electricity bill). If there are no other means or all previous means lead to reasonably doubts regarding your identity, a copy of a valid identification document, e.g., passport, ID card, driving license can be requested as last resort, with unnecessary information blanked out.
Secure operating environments - We store your data in secure operating environments and only accessible to Euroclear staff and on a need-to-know basis. Euroclear also follows generally accepted industry standards in this respect.
Encryption - We use industry-standard encryption to provide protection for information that is transmitted to us via the Websites.
Prior authentication for account access - We require our Websites’ users registered on MyEuroclear to verify their identity (e.g. login ID and password) before they can access or make changes to their account. This is aimed to prevent unauthorised accesses.
This notice and the Websites contain links to other websites. Euroclear is not responsible for the privacy practices or the content of those other websites.
We may update this notice in response to any legal, technical or business changes/developments, and where we make material updates, we will take appropriate steps to bring these to your attention. You can see when the notice was last updated by checking the “last updated” date displayed at the top of this page.
If you have any questions or concerns regarding this notice, please address them to the:
Data Protection Officer
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
If you have any other privacy questions arising from your relationship with one of Euroclear group companies, please address them to the relevant Data Protection Officer or a point of contact specified below:
Data Protection Officer
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Data Protection Officer
Euroclear Belgium
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: eses.compliance@euroclear.com
Data Protection Officer
Euroclear France SA
10 Place de la Bourse
F-75002 Paris
Mail to: eses.compliance@euroclear.com
Data Protection Officer
Euroclear Nederland
Herengracht 469
NL-1017 BS Amsterdam
Mail to: eses.compliance@euroclear.com
Data Protection Officer
Euroclear Bank SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: EB.compliance@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Data Protection Officer
Euroclear Sweden AB
PO Box 191
101 23 Stockholm
Mail to: ES.DPO@euroclear.com
Data Protection Officer
Euroclear Finland Oy
PO Box 1110
00101 Helsinki
Mail to: DPO.Finland@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
Point of contact
Euroclear SA/NV
1 Koning Albert II-laan / 1 Bld Roi Albert II
B-1210 Brussels
Mail to: ESAdataprotection@euroclear.com
1 General Data Protection Regulation No. 2016/679.
2 UK Data Protection Act 2018 and UK General Data Protection Regulation.
3 As defined in Section 3 of this notice.
4 To learn about Euroclear group and our interests in other respective entities you can consult the relevant section of the latest Euroclear Holding consolidated financial statements available on Euroclear.com.