Privacy Statement
1. |
WHO ARE WE? |
1.1 | The International Stock Exchange Group Limited (Guernsey registered company 57524) (“TISEG”) wholly owns The International Stock Exchange Authority Limited (Guernsey registered company number 57527) (“TISEA”). |
1.2 | Together, these companies are the “TISE Entities”, both with a registered office at Helvetia Court, Block B, Third Floor, Les Echelons, St Peter Port, Guernsey GY1 1AR. |
1.3 | TISEA is licensed by the Guernsey Financial Services Commission to operate an investment exchange under the Protection of Investors (Bailiwick of Guernsey) Law, 1987, as amended. The International Stock Exchange (the “Exchange”) is an investment exchange which is operated and regulated by TISEA. |
2. |
TO WHOM DOES THIS PRIVACY STATEMENT APPLY? |
2.1 |
This Privacy Statement (the “Statement”) sets out how the TISE Entities, as joint data controllers, collect, process and retain personal data. 'Personal data' means any information relating to an identified or identifiable natural person. |
2.2 |
This Statement applies to you as a:
|
3. |
HOW DO WE COLLECT PERSONAL DATA? |
3.1 | We collect personal data when you browse or fill in forms on our Website, use the TISE Portal, send us documentation or correspond with us by phone, e-mail or otherwise. We will collect additional personal information in the course of service-related activities throughout the period of providing services to you. The personal data which we collect, process and retain will vary depending upon your relationship with the TISE Entities. |
4. |
WHAT PERSONAL DATA DO WE COLLECT? |
4.1 |
Casual browsers of our Website |
4.1.1 |
When you browse our Website we may automatically collect the following:
|
4.1.2 | Google Analytics places a cookie, which is only accessible by Google, on your computer to identify you as a unique user the next time you visit our Website. Google's use of this cookie is governed by their Google Analytics Terms of Service (https://www.google.com/analytics/terms/) and their Google Privacy Policy (https://www.google.com/intl/en-GB/policies/privacy/). |
4.1.3 | We do not combine the information collected through our use of Google Analytics with any other information which may identify you personally. |
4.2 |
Subscribers to our market and research material |
4.2.1 | The TISE Entities will only collect, process and retain your personal data (including where appropriate your name, email address and any other relevant information you provide to us) for marketing purposes or market and opinion research, where you have provided your consent for us to do so. You may at any time withdraw your consent and unsubscribe from receiving such information by selecting unsubscribe. |
4.2.2 | We will not disclose personal data collected for marketing purposes to any third parties without notifying you of the identity of the third party together with details of what data is being shared and how it will be processed. |
4.3 |
Members and prospective Members of the Exchange |
4.3.1 | TISEA is required to collect, process and retain personal data (including where appropriate your name, postal address, email address, employment history and any other relevant information that you provide to us or that we collect) relating to Members and prospective Members of the Exchange in order to satisfy its legal and regulatory obligations. |
4.3.2 | It is the responsibility of Members or prospective Members of the Exchange to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA. |
4.3.3 | Members of the Exchange are responsible for ensuring that personal data provided to TISEA is processed correctly and accurately. |
4.4 |
Issuers and prospective Issuers for listing on the Exchange |
4.4.1 | TISEA is required to collect, process and retain personal data relating to Issuers and prospective Issuers for listing on the Exchange in order to satisfy its legal and regulatory obligations. Where appropriate TISEA collects names, postal addresses, email address and any other relevant information you provide to us or that we collect for this purpose. |
4.4.2 | Where a Member is acting as a sponsor to an issuer or prospective issuer for listing on the Exchange, it is the responsibility of the Member to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA. |
4.4.3 | Members of the Exchange are responsible for ensuring that personal data relating to issuers provided to TISEA is processed correctly and accurately. |
4.5 |
Users of the TISE Portal |
4.5.1 | TISEA is required to collect, process and retain personal data relating to users of its TISE Portal (“Contributors”) in order to satisfy its legal and regulatory obligations. TISEA collects where appropriate names, email addresses and mobile numbers for this purpose. |
4.5.2 | It is the responsibility of the Contributor to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA. |
4.5.3 | Contributors are responsible for ensuring that personal data relating to Contributors provided to TISEA is processed correctly and accurately. |
4.6 |
Shareholders |
4.6.1 |
In addition to the requirements under law for the TISE Entities to maintain records of their shareholders, we may collect, retain and process personal data (including where appropriate your name, postal address, email address and any other relevant information that you provide to us or that we collect) for:
|
4.7 |
Potential Employees |
4.7.1 |
As part of our recruitment process we collect, retain and process personal data (including where appropriate your name, residential address, personal contact details, your CV and any covering letter, previous and relevant work experience, qualifications, skills and any other relevant information that you provide to us or that we collect) for:
|
5. |
HOW WE WILL USE INFORMATION ABOUT YOU? |
5.1 |
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
|
5.2 |
We may also use your personal information in the following situations, which are likely to be rare:
|
5.3 |
The situations in which we will process your personal information are listed below.
|
5.4 | If you fail to provide certain information when requested, we may not be able to perform the agreement we have entered into with you (if applicable) or we may be prevented from complying with our legal obligations. |
5.5 | We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. |
5.6 | Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. |
6. |
HOW WE USE SENSITIVE PERSONAL DATA |
6.1 |
'Sensitive personal data' is referred to under the law as 'Special Category Data'. Special Category Data requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
|
6.2 | Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public. |
6.3 | Save where you have given explicit consent, we may only use information relating to the commission or alleged commission of a criminal offence by an individual where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy. |
7. |
AUTOMATED DECISION-MAKING |
7.1 | We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes. |
8. |
DATA SHARING |
8.1 | We may have to share your data with third parties, including third-party service providers and other entities in the group. We require third parties to respect the security of your data and to treat it in accordance with the law. |
8.2 | We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. |
8.3 | "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers: IT system management, banking, share registration, marketing and archiving. |
8.4 | We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. |
8.5 |
We may also need to share your personal information with:
|
8.6 |
An authorised jurisdiction is (a) the Bailiwick of Guernsey, (b) a Member State of the European Union, (c) any country, any sector within a country, or any international organisation that the Data Protection Commission has determined ensures an adequate level of protection within the meaning of Article 45(2) of the GDPR (or the equivalent article of the former Directive), and for which the determination is still in force, or (d) a designated jurisdiction which is (i) the United Kingdom, (ii) a country within the United Kingdom, (iii) any other country within the British Islands, or (iv) any sector within a country mentioned in (i), (ii) or (iii) (Authorised Jurisdictions). An unauthorised jurisdiction is a jurisdiction which is not an Authorised Jurisdiction (Unauthorised Jurisdiction). We may transfer the personal information we collect about you to Authorised Jurisdictions. Save as permitted by law we will not transfer the personal information we collect about you to Unauthorised Jurisdictions. |
9. |
STORAGE AND SECURITY OF YOUR PERSONAL DATA |
9.1 | The TISE Entities will collect and process personal data in accordance with this Statement and the law. |
9.2 | We will hold your personal data securely and will only keep it for as long as is reasonably necessary. The TISE Entities have implemented reasonable organisational and technical measures to protect your personal data. These measures include policies and procedures, physical and software security, and an employee training programme. |
9.3 | Whilst we have taken measures to protect your personal data, the transmission of data over the internet or other networks cannot be guaranteed as being secure. The TISE Entities do not make any warranties, express or implied, about the security of your personal data in this regard. |
9.4 | We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. |
10. |
DATA RETENTIONWe will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our Data Protection Officer. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. |
11. |
LINKS TO OTHER WEBSITES |
11.1 | Our Website may contain links or references to websites operated by external parties. This Statement does not apply to those websites and you should check the privacy policy of each website you visit. |
11.2 | We have no control over or responsibility for those other websites or the way in which they collect, process or retain your personal data which may be different from the way in which we collect, process and retain your personal data. |
11.3 | By including references, hyperlinks or other connections to other websites we do not imply any endorsement of them or any association with their owners or operators. |
12. |
RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION |
12.1 | It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. |
12.2 |
Under certain circumstances, by law you have the:
|
12.3 | If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer in writing. |
12.4 | You will not have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if a repeated request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. |
12.5 | We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. |
12.6 | In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. |
13. |
ENQUIRES AND COMPLAINTS |
13.1 | Any questions relating to this Statement or the personal data which we hold on you, should be referred to our Data Protection Officer. |
13.2 | Should you wish to exercise any of your rights under the data protection law, or submit a complaint regarding our compliance with the exercise of such rights, please contact our Data Protection Officer. |
13.3 | If you are dissatisfied with the way in which we have dealt with or handled your complaint, you have the right refer your complaint to your local data protection authority, and to appeal the outcome of your complaint. |
14. |
DATA PROTECTION OFFICER |
14.1 | Mr John Inderwick |
14.2 | Address: Helvetia Court, Block B, 3rd Floor, Les Echelons, St Peter Port, Guernsey GY1 1AR |
14.3 | E-mail: data.protection@tisegroup.com |
14.4 | Telephone: +44 (0) 1481 753000 |
15. |
DATA PROTECTION REGISTRATION |
15.1 | The TISE Entities are registered as data controllers with the Data Protection Commissioner (Guernsey):
|
15.2 | The TISE Entities are registered as data controllers with the Information Commissioner (Jersey):
|
15.3 | The International Stock Exchange Group Limited is registered as a data controller and data processor with the Information Commissioner (Isle of Man):
|
16. |
CHANGES TO OUR PRIVACY STATEMENT |
16.1 | Please read this Statement carefully and re-visit the relevant sections of it each time you visit our Website or provide us with any personal data. Changes may be made to this Statement at any time and without notice. |
16.2 | This Statement was last updated on 21 October 2019. |