Privacy and cookie notice

Last updated: 10 October 2024

Related information

Table of contents

1. What is the purpose of this notice?

This notice contains important information on the collection and usage of your personal data (which means data that can be used to identify you as an individual, whether directly, like your name, or indirectly, like information about the company that you work for/represent) whenever you (referred to in the notice as “you”, “your”) use Euroclear websites (euroclear.com and my.euroclear.com - referred to collectively in the notice as “Websites”) and associated marketing channels (such as e-mails) maintained by Euroclear SA/NV, which processes your personal data on behalf of the relevant Euroclear group companies listed below, with their registered addresses listed in Section 12 of this notice (they shall be collectively referred to from this point on as “Euroclear”, “we” or “our”):

  • Euroclear SA/NV;

  • Caisse Interprofessionnelle de Dépôts et de Virements de Titres SA/ Interprofessionnelle Effectendepositen Girokas NV (C.I.K.) (commercial name Euroclear Belgium);

  • Euroclear France SA; 

  • Nederlands Centraal Instituut voor Giraal Effectenverkeer B.V. (commercial name Euroclear Nederland);

  • Euroclear UK & International Limited;

  • Euroclear Bank SA/NV;

  • Euroclear Holding SA/NV; 

  • Euroclear RE SA;

  • Euroclear Sweden AB;

  • Euroclear Finland Oy;

  • MFEX Mutual Funds Exchange AB; 

  • MFEX France SA;

  • MFEX Luxembourg S.A.;

  • Global Fund Watch AB;

  • MFEX Suisse SA. 

 

This notice explains what categories of personal data are collected about you, why we collect it, how we use it and with whom we share it. We also provide you with an explanation of your rights in relation to your personal data. Furthermore, we aim to provide you with comprehensive information about cookies that are used by us.

Specific Euroclear group companies are the controllers of the personal data that is processed about you, as per GDPR1 and (where relevant) UK GDPR2, which means that they are responsible for deciding how they collect and use your personal data in accordance with these regulations as well as with applicable local laws.

It is important that the personal data we hold about you is accurate and up-to-date. Please note that you can amend it yourself via our public website or your MyEuroclear account. You can also contact us using the details in Section 12 of this notice.

2. Lawful bases for processing your personal data

Depending on the processing activity and the purpose we are pursuing, we may rely on the following lawful bases for the processing of your personal data under the GDPR  and (where relevant) under the UK GDPR: 

  • Article 6(1)(a) - your consent (e.g. when you allow optional cookies from our Websites or when you subscribe to our marketing feeds). 

  • Article 6(1)(b) - necessity arising from the fact that we have entered into a contract with you and we need to ensure its performance (e.g. when you register a MyEuroclear account). 

  • Article 6(1)(c) - our legal obligation (e.g. we need to comply with data disclosure requests from regulators). 

  • Article 6(1)(f) - our legitimate interests, which are our pursuits that are not legal obligations, but are, at the very least, allowed by the law and other regulations that we follow (e.g. when we defend against/pursue legal claims or perform direct marketing).  

3. What categories of personal data do we collect and use?

Below you will find categories of personal data that we may process in accordance with local law whenever you use the Websites and associated marketing channels. Keep in mind that this is not an exhaustive list and that we do not necessarily process all of these categories of personal data in every case. We only process the data if needed in view of the processing activities listed in Section 4.

  • Device data: such as IP address, information contained in HTTP headers or other internet transfer protocol signals, device type and version, operating system, user-agent strings, screen resolution, browser type and version.

  • Business card data: first and last name, professional e-mail address and phone number, job title, employer (or company name), business address.

  • Account data: first and last name, Euroclear account or company registration number, Euroclear group company name, title, login, submission of registration and forms, preferred language, business e-mail address, telephone number, function, department, name of the employer (or company name) and its address and domain, type of agent and agent account number. 

  • Behavioural data: such as information about usage of the Websites and associated marketing channels, webpages clicked on the Websites, content areas visited, date and time of activities, the web search you used to locate and navigate to the Websites, search terms entered into our Websites’ search function, files downloaded.

4. Why do we collect your personal data, and what personal data do we collect?

Below you can find details on:

  • What personal data about you we process,

  • Why we process it,

  • The legal bases to do so under the GDPR and (where relevant) UK GDPR. 

Purposes of the Processing

Examples of processing activities

Categories of Personal Data3

Legal bases

MyEuroclear Account Management

We maintain your MyEuroclear account.

 

  • We maintain the account that you have registered. 

  • We give you access to content personalization.

  • We inform you about important changes to our services.

  • We provide you with legally mandated information. 

  • We give you access to applications.

  • We allow you to register to events and trainings.

  • Account data
  • Necessity to perform the contract.

  • Consent.

Website analytics

We gather information about the way our Websites and associated marketing channels are used to further improve their functionality.

  • We use cookies to store your consent about statistical cookies. 

  • We analyse browsing behaviour to improve the Websites.

  • We track e-mail marketing campaigns’ responsiveness.

  • Device data

  • Behavioural data

  • Name of the employer (or company name)

  • E-mail address 

Legitimate interest: we need to assess the way our Websites and associated marketing channels are interacted with in order to be able to ensure their continuous improvement.

Management of requests and queries

We respond to your queries and requests related to the functioning of our Websites and associated marketing channels. 

We receive and process any queries you have about our Websites and associated marketing channels.

  • Business card data

  • Account data

  • Necessity to perform the contract.

  • Consent.

Direct Marketing

We communicate through our Websites and associated marketing channels.

  • We keep you informed about latest business, service and market developments.

  • We promote our services and products.

  • We engage with the market through thought leadership to build brand awareness. 

  • Business card data

  • Account data

  • Legitimate interest: we wish to keep you informed on the topics that we believe are of interest to you.

  • Consent (whenever you actively subscribe to our marketing feeds).

Event communication

We keep you informed about upcoming events such as conferences, webinars and social events.

  • We send e-mail communication to promote and invite you to events.

  • We use dedicated applications to inform you about specific events.

  • Business card data

  • Account data

  • Legitimate interest: we want to promote our events and activities in order to increase client and prospective client engagement. 
  • Consent. 

Fraud and non-compliance prevention

We take steps to investigate and prevent fraud attempts and acts which are non-compliant with law or our policies.

  • We investigate any potential fraud attempts or other acts of non-compliance.
  • Device data

  • Business card data

  • Account data

  • Behavioural data 

  • Necessity to comply with our legal obligations.
  • Legitimate interest: we want to prevent and combat fraud and non-compliance attempts.

Claim management 

We need to manage and respond to legal claims

  • We respond to claims levied against us.

  • We pursue our claims whenever necessary.

  • We keep a record of all the claims.

  • Device data

  • Business card data

  • Account data

  • Behavioural data  

  • Legitimate interest: we need to make sure our legal interests are not infringed upon.

  • Necessity to establish, exercise, or defend against legal claims.

Complying with data disclosure requests

We need to comply with requests to share data with regulators, public authorities and data subjects as required by the law. 

  • We process data subject requests.

  • We answer requests to share your data with regulators and other public authorities.

  • We share your data during investigations conducted by regulators and other public authorities.

  • Device data

  • Business card data

  • Account data

  • Behavioural data 

Necessity to comply with our legal obligations.


5. Cookies – an overview

What are cookies and how do we use them?

Cookies are small text files which are placed on your device by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website. 

If you wish to learn more about cookies, please visit allaboutcookies.org.

Why do we use cookies?

We use cookies to guarantee the proper functioning of our Websites and to make them easier to use, as well to provide you with a more personalised experience based on your interests and needs.

We also use cookies to collect anonymous statistics that enable us to understand how and how frequent you use our Websites and to help us provide better customer service.

Categories of cookies used

Strictly necessary

These cookies are essential for the Websites to function and cannot be switched off in our systems, for example cookies that allow a user to access secure areas of the Websites. Because these cookies are strictly necessary, a user cannot refuse them without impacting how our Websites function.

Functional and Performance

These cookies are used to enhance your experience on our Websites. They enable the sites to remember your settings. You can activate or deactivate these cookies at any time.

Statistics

These cookies collect information about how you use our Websites, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymised. Their sole purpose is to improve our Websites’ functions. This can include cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited. You can freely update, decide to activate or deactivate these cookies.

First-party cookies

First-party cookies are set by the web server of the visited page (i.e. Euroclear). They share the same domain.

Third party cookies

Third party cookies are stored by a different domain to the visited page's domain (e.g. www.youtube.com). This can happen when the webpage references a file, such as JavaScript, located outside its domain.

How do you consent to the use of cookies?

When entering our Websites, you will be immediately introduced to the Euroclear cookie notice. Through it you can accept, manage or reject the cookies we use. 
Please be aware that refusing the use of cookies may have an impact on the functionality of our Websites. Some of our services, including logging into our secured area, require cookies in your browser to view and use them. 

How can you manage cookies in your browser?

You always have the possibility to adjust your browser settings to accept or block cookies, or to notify you before you receive a cookie. Each browser has a different procedure for disabling the use of cookies. The Help function within your browser tells you how you can modify your settings.

Alternatively, you may wish to visit aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on this site on how to erase cookies from your computer or mobile device as well as more general information about cookies.

Overview of all cookies

A complete list of all cookies used on our Websites can be found here. You can opt out of cookies that are not required to enable core site functionality.

Manage your cookies preferences:


6. How long is your personal data kept for?

As a general rule, we are only allowed to process your personal data for no longer than it is necessary to fulfil the purpose for which we have collected it for. 

For example, if you gave us your consent for the purpose of receiving marketing information only about a specific product, but we have later decided to remove it from our offer, we would, ordinarily, have to cease sending you marketing information about this specific product, since that purpose would no longer exist.

However, you should keep in mind that even if we have achieved a certain purpose (or if it is no longer possible to do so) for which we have collected and used your personal data, it is possible that we could still process your personal data for other purposes. 

For example, we cannot process your personal data for the purpose of managing your MyEuroclear account if you delete it. But we could continue processing it for other purposes, for example: 

  • Exercising our right to defend against and pursue legal claims in connection with your activities linked to your MyEuroclear account;

  • Conducting an investigation into a fraud attempt connected to your MyEuroclear account.

Aside from having to follow a purpose, we also need to have a legal basis in order to be able to process your personal data (you can find more details in Section 2 of this notice). We cannot pursue our stated purposes if we do not have legal bases that would allow us to do so or if they cease to be valid, which might happen when:

  • Consent: you withdraw it or it expires (if the consent form specifies a duration).

  • Contract: it expires or is terminated.

  • Legal obligation: the obligation no longer stays in effect.

  • Legitimate interest: you exercise your right to object (subject to conditions described in Section 9 of this notice). 

For example, we use cookies to track your browsing activity on our Websites because you have given us your consent to do so for the purpose of receiving personalised advertising. However, if you later decide to withdraw your consent, we can no longer continue this processing activity. Although we still have a purpose we wish to fulfill, i.e. providing you personalised advertisement, we now lack the legal basis to do so without your consent.

7. How is your personal data collected?

a. Your personal data we collect from you

  • When you give one of our representatives your business card or share your data with them in any other manner.

  • When you visit our Websites – we collect your data via cookies and similar tracking technologies.

  • When you register an account on MyEuroclear.

  • When you use an application provided to you by us.

  • When you contact us through e-mail or web form.

  • When you register for an event.

  • When you subscribe to our marketing newsletter.

  • When you complete a form in order to access certain documents (such as white papers) on our Websites. 

  • We use embedded pixels in e-mails to provide information on when the e-mail was opened to track marketing campaign responsiveness. Information collected using these technologies may be associated with the recipient's e-mail address.

b. Your personal data we collect from other sources

  • We receive personal data from our partners or event organisers you have authorised to transfer your personal data to us. These parties are responsible for managing their use of personal data.

  • We receive personal data from third party permission-based lists. On occasion, we use such lists to send communications about Euroclear products and services, expert views and opinions on the topics relevant to our industry. These lists, which are maintained by third parties, include users eligible under GDPR and (where relevant) UK GDPR and local applicable laws to receive e-mails from other companies such as Euroclear. When we use such lists, the communications will include mechanisms to opt out of receiving our marketing communications. 

c. Consequences of not providing mandatory information

Failure to provide us any mandatory information may mean that:

  • It will not be possible to create your MyEuroclear account (and as such, to perform the associated contract).

  • You might not be able to use certain functions of our Websites.

  • We will not be able to respond to your queries regarding our Websites and associated marketing channels. 

  • You will not be informed about our events or invited to participate in them.

  • You will not be able to access certain documents on our website (such as white papers).

  • You will not receive information regarding important changes to our service.

  • You will not receive legally mandated information. 

  • You will not receive marketing materials.

8. Who do we share your personal data with?

a. Transfer within the Euroclear group or to third parties

  • We may transfer your personal data to other Euroclear affiliated entities4 or to our business partners (e.g. joint venture companies). 

  • We may disclose your personal data to our third-party vendors, service providers and partners who provide services to us (e.g. IT platform management or support services, infrastructure and application services, data analytics, security agents, co-hosts of our events) or who otherwise process personal data for purposes that are described in this notice or are notified to you when we collect or share your personal data.  

  • We may provide your personal data to any competent law enforcement or regulatory body, governmental agency, court or other third party such as, but not limited to the police, the financial supervisory authorities, tax and social security agencies, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights.

  • We may also disclose your personal data to our auditors, advisors, lawyers and similar agents in connection with the advisory services that they provide to us. 

  • Finally, we may disclose your personal data to a potential buyer, seller or joint venture (and its agents and advisers) in connection with any proposed purchase, merger, acquisition or transaction. 

b. International personal data transfers

It is possible that in some circumstances we may transfer, in the course of our activities, personal data outside the European Economic Area (EEA) and United Kingdom (UK). In this context we take appropriate safeguards as required by applicable data protection laws - transferring the personal data:

  • to a recipient in a country that the European Commission and/or the UK has recognised that it provides adequate protection of personal data, 

  • to a recipient that has executed standard contractual clauses adopted or approved by the European Commission or International Data Transfer Agreements for UK entities, or on the basis of binding corporate rules, with an additional data transfer impact assessment performed by us as necessary,

  • or, in exceptional cases, relying on the derogations under the applicable data protection law. 

If you would like to see a copy of the appropriate safeguards we rely on, please contact us using the details in Section 12 of this notice.

9. What are your rights regarding your personal data?

This section summarises the rights you have as a “data subject” (which means the person who the personal data relates to) under the GDPR and (where relevant) the UK GDPR. 

The exercise of these rights is subject to conditions which are set out in the GDPR/UK GDPR and while they are wide-ranging, in limited circumstances it may not be possible to fully exercise them e.g. you request that your personal data should be deleted, but the law requires us to keep it.

The right to be informed

Euroclear provides this notice to keep you informed of what we do with your personal data.

The right to access

You have the right to access your personal data. You may also request a copy of it – this, however, cannot adversely affect the rights and freedoms of others.

The right to rectification

If you think your personal data is incomplete, inaccurate or out of date, please let us know and we will rectify it as appropriate.

The right to erasure

Under the conditions provided by the GDPR/ UK GDPR, you have the right to request that Euroclear erases your personal data in certain cases.

The right to restrict processing

You have the right to ask Euroclear to restrict processing of your personal data. If certain conditions are met, we are only permitted to store your personal data without further processing (unless you give us your consent or when it’s necessary for the establishment, exercise or defence of legal claims).

The right to data portability

You have the right to request the transfer of your personal data you provided to us back to you or to a third party of your choice in a machine-readable format, but only if we process it on the basis of your consent or contract, the processing is carried out by automated means and it does not adversely affect the rights and freedoms of others.

The right to object

You have the right to object when processing is based on our legitimate interests. We will then stop the processing, except if the law authorises us to pursue this processing activity or our interests override your interests, rights and freedoms or when we need to continue with the processing because it’s necessary for the establishment, exercise or defence of legal claims.

The right to withdraw consent

Whenever we process your personal data on the basis of your consent, you have the right to withdraw it at any time. The validity of our processing of your personal data prior to that withdrawal will not be affected. 

The right to complain to a supervisory authority

You have the right to complain to your local data protection authority about our collection and use of your personal data if you feel that Euroclear has not sufficiently addressed your concerns or complaints. For more information, please contact your local data protection authority. You can find contact details for many data protection authorities in Europe and beyond here.


If you would like to exercise one of the above rights, please send your request using the contact details listed in Section 12. 

Where possible, we would be grateful if you could please provide the following additional information along with your request to help facilitate it:

  • An explanation of the specific documents and/or files you are requesting,

  • Your relationship with Euroclear (i.e. client’s representative, former client’s representative, agent etc.), 

  • Your full name and (e-mail) address, and 

  • Proof of your identity. If your identity cannot be confirmed with the use of less inconvenient means (e-mail address, phone number, verification questions), you can be asked to submit any documents that can reasonably confirm your identity (e.g., an electricity bill). If there are no other means or all previous means lead to reasonably doubts regarding your identity, a copy of a valid identification document, e.g., passport, ID card, driving license can be requested as last resort, with unnecessary information blanked out.

10. What about data security and quality?

Technical and organisational measures

Euroclear uses appropriate technical and organisational measures to protect the personal data that we collect and process about you, such as: 
 
  • Secure operating environments - We store your data in secure operating environments and only accessible to Euroclear staff and on a need-to-know basis. Euroclear also follows generally accepted industry standards in this respect.

  • Encryption - We use industry-standard encryption to provide protection for information that is transmitted to us via the Websites.

  • Prior authentication for account access - We require our Websites’ users registered on MyEuroclear to verify their identity (e.g. login ID and password) before they can access or make changes to their account. This is aimed to prevent unauthorised accesses. 

Links to non-Euroclear sites

This notice and the Websites contain links to other websites. Euroclear is not responsible for the privacy practices or the content of those other websites.

11. How often does Euroclear update this notice?

We may update this notice in response to any legal, technical or business changes/developments, and where we make material updates, we will take appropriate steps to bring these to your attention. You can see when the notice was last updated by checking the “last updated” date displayed at the top of this page. 

12. Questions or concerns?

Questions about this notice

If you have any questions or concerns regarding this notice, please address them to the:

Data Protection Officer

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II 

B-1210 Brussels

Mail to: ESAdataprotection@euroclear.com

Other questions

If you have any other privacy questions arising from your relationship with one of Euroclear group companies, please address them to the relevant Data Protection Officer or a point of contact specified below:

Euroclear group company 

Contact details

Euroclear SA/NV (including its branches and representative offices) 

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels 

 

Data Protection Officer

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Mail to: ESAdataprotection@euroclear.com

 

Caisse Interprofessionnelle de Dépôts et de Virements de Titres SA / Interprofessionnelle Effectendepositen Girokas NV (C.I.K.) (commercial name Euroclear Belgium)

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Data Protection Officer

Euroclear Belgium

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Mail to: eses.compliance@euroclear.com

 

Euroclear France SA

10 Place de la Bourse 

F-75002 Paris

Data Protection Officer 

Euroclear France SA

10 Place de la Bourse

F-75002 Paris

Mail to: eses.compliance@euroclear.com

 

Nederlands Centraal Instituut voor Giraal Effectenverkeer B.V. (NECIGEF) (commercial name Euroclear Nederland)

Herengracht 469

NL-1017 BS Amsterdam

Data Protection Officer

Euroclear Nederland

Herengracht 469

NL-1017 BS Amsterdam

Mail to: eses.compliance@euroclear.com

 

Euroclear UK & International Ltd

33 Cannon Street

UK-London EC4M 5SB

 

Data Protection Officer

Euroclear UK & International Ltd

33 Cannon Street

UK-London EC4M 5SB 

Mail to:EUI-compliance@euroclear.com 

 

Euroclear Bank SA/NV (including its branches and representative offices)

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Data Protection Officer

Euroclear Bank SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels 

Mail to: EB.compliance@euroclear.com

 

Euroclear Holding SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

 

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels 

Mail to: ESAdataprotection@euroclear.com

 

Euroclear RE SA

2 rue du Fort Bourbon 

L-1249 Luxembourg

 

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels 

Mail to: ESAdataprotection@euroclear.com

 

Euroclear Sweden AB

Klarabergsviadukten 63

101 23 Stockholm

Data Protection Officer

Euroclear Sweden AB

PO Box 191

101 23 Stockholm 

Mail to: ES.DPO@euroclear.com

 

Euroclear Finland Oy 
Urho Kekkosen katu 5 C

00100 Helsinki

Data Protection Officer

Euroclear Finland Oy

PO Box 1110

00101 Helsinki 

Mail to: DPO.Finland@euroclear.com

 

MFEX Mutual Funds Exchange AB

Box 5378

102 49 Stockholm

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Mail to: ESAdataprotection@euroclear.com

 

MFEX France SA

18 rue du Quatre-Septembre

75002 Paris

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels 

Mail to: ESAdataprotection@euroclear.com

 

MFEX Luxembourg S.A.

2 rue du Fort Bourbon

1249 Luxembourg

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Mail to: ESAdataprotection@euroclear.com

 

Global Fund Watch AB

Att: MFEX Mutual Funds Exchange AB

Box 5378

102 49 Stockholm 

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Mail to: ESAdataprotection@euroclear.com

 

MFEX Suisse SA

Rue de la Rôtisserie 8

1204 Genève

Point of contact

Euroclear SA/NV

1 Koning Albert II-laan / 1 Bld Roi Albert II

B-1210 Brussels

Mail to: ESAdataprotection@euroclear.com

 


1 General Data Protection Regulation No. 2016/679.

UK Data Protection Act 2018 and UK General Data Protection Regulation.

3 As defined in Section 3 of this notice.

4 To learn about Euroclear group and our interests in other respective entities you can consult the relevant section of the latest Euroclear Holding consolidated financial statements available on Euroclear.com.