Privacy notice Regulatory Services GmbH
Under this privacy notice (hereinafter the “Notice”), Regulatory Services GmbH (hereinafter “We” or “Us” or “Our”) informs you how We process your personal data. Your personal data means any information relating to you (hereinafter the “Personal Data”), such as name or contact details.
We pay special attention on the processing of Personal Data in accordance with the General Data Protection Regulation EU 2016/679 (“GDPR”) and applicable national data protection laws.
1. Controller
1.1. Our identity and contact details
Regulatory Services GmbH
Mergenthalerallee 61
65760 Eschborn
RRH@regulatory-services.com
1.2. Contact details of our data protection officer
Data Protection Officer
Deutsche Börse AG
60485 Frankfurt am Main
Germany
dataprotection@deutsche-boerse.com
2. Purpose, Categories of personal data, legal basis and retention
We process the following categories of your personal data for the following purposes:
2.1. General contact by e-mail, post or telephone
Name, address, telephone number or e-mail address if you wish to contact us directly. We collect your personal data when you provide it to us via our contact forms or when you contact us directly. Then we process the information that you have provided to us in the course of establishing contact. This includes, in particular, names and contact data provided (address, telephone number or e-mail address), date and reason for contact. The personal data that you collect will only be used to answer and fulfil your specific enquiries.
The legal basis is Art. 6 para. 1 lit. (f) GDPR, which permits the processing of personal data for the purpose of our legitimate interest in processing and answering your enquiry.
Your personal data processed in this respect will be stored by us for as long as it is necessary to carry out our relationship (communication) with you and in accordance with the applicable legal storage regulations.
2.2. Sales and marketing activities including events and invitations
We may use your personal data (name, surname, address, company, phone number, email address) in order to send you information about our services, partners, promotions and events that we believe may interest you. We may contact you via email on the basis of our legitimate interests according to Article 6 (1) lit. f GDPR if we have a direct business relationship with you or a business relationship with the company you are working for and if you have not objected. We may also contact you vie email on the basis of a consent according to Article 6 (1) lit. a GDPR if you have given us your permission. We may contact you via telephone if you have given your consent (Article 6 (1) lit. a GDPR) or based on an alleged consent on the condition that you welcome the call. We may contact you via letter based on our legitimate interests according to Article 6 (1) lit. f GDPR as long as you have not objected. Our legitimate interests in those cases are to inform business partners or potential customers about such services and products that might be of interest for them and thereby support our existing or future businesses.
Your personal data processed in this respect will be stored by us for as long as it is necessary to carry out our relationship (communication) with you and in accordance with the applicable legal storage regulations.
2.3. Services of the Regulatory Reporting Hub
When you or your company subscribes to one of our services such as the EMIR Transaction Reporting, MiFIR Transaction Reporting or MiFID II Reporting personal data such as (name, surname, address, company, phone number, email address, passport number, date of birth) may be processed in order to fulfill the service, creation of accounts (if necessary) or communication in the context of the service. We may also send you notifications on services and interruptions to inform you. The legal basis for the processing of this personal data is Article 6 (1) lit. b GDPR, as the processing is necessary for the fulfillment of a contract between us and the customer. If the user is not also the customer who has concluded the contract with us, but rather the customer's employees or otherwise authorized by the customer to use our services, the legal basis for processing is Article 6 (1) lit. f GDPR, as processing is in the legitimate interest of the customer. The legitimate interest of the customer is to enable the user to use our services in accordance with the contract.
Your personal data processed in this respect will be stored by us for as long as it is necessary to carry out our relationship (communication) with you and in accordance with the applicable legal storage regulations.
2.4. Usage of the Regulatory Reporting Hub member section
We process your name, date of birth, telephone number and e-mail address if you register to access the Member Section portal or if a profile is created for you by one of your internal Central Coordinators / Deputies / Admission Administrators. The individual entry fields determine the data retrieved from the entry masks. Mandatory information fields will be marked accordingly. All other information shall be voluntary. We additionally process your place of birth, nationality, national ID, private address and email, curriculum vitae if you apply for trader admission (Eurex/FWB). The legal basis for the processing of this personal data is Article 6 (1) lit. b GDPR, as the processing is necessary for the fulfillment of a contract between us and the customer. If the user is not also the customer who has concluded the contract with us, but rather the customer's employees or otherwise authorized by the customer to use our services, the legal basis for processing is Article 6 (1) lit. f GDPR, as processing is in the legitimate interest of the customer. The legitimate interest of the customer is to enable the user to use our services in accordance with the contract.
2.5. General use of our websites and online portal
When you use our website and online platform, we will automatically log information about the browser that is used to access the website, such as your IP address, session time, pages viewed from that address and the website from which you are visiting the website. We may also collect device-specific information, such as your hardware model and operating system. We use this information to identify and prevent malpractice and crime and to investigate improper conduct.
The legal basis for the processing of your personal data for these purposes is Article 6 (1) lit. c GDPR in fulfilling our legal obligation to take technical and organizational measures to ensure secure data processing in accordance with Article 32 GDPR and Article 6 (1) lit. f GDPR in order to pursue our legitimate interests in data processing for network and information security.
After the specified period of 30 days, the above data will be deleted. If data is processed for a longer period of time, we will anonymise or delete the data as soon as their storage no longer serves the respective purposes.
3. Retention periods
The retention periods for Personal Data depend on the purpose of the processing. We will retain Personal Data set out under Sec. 2.1 above for as long as (i) necessary for the respective purpose, and/or (ii) required by applicable statutory retention laws. In your case, we will retain personal data that you provide to Us for as long as our business relationship with your firm lasts, plus any applicable retention periods required pursuant to statutory provisions (e.g. based on tax law provisions) or required to pursue our legitimate interests after the termination of the business relationship (e.g. in order to make claims within the statutory limitation periods).
4. Automated decisions
We do not make any automated decisions solely on automatic processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
5. Do you have to provide personal data to us?
The provision of your personal data is necessary in order to access the protected areas of our websites, which are restricted to members of our customer groups, in order to contact us directly or to receive a newsletter. This means that if you use these options, you are required to provide us with your personal information as part of a user registration process or necessary to fulfil a contract with us.
6. Transfer of personal data to third parties
We will not disclose your personal data to third parties unless such disclosure is permitted by law or you have explicitly consented to the transfer.
To provide our contractual services, we use selected service providers (data processing providers) and vicarious agents of the categories listed below who have access to your personal data to the extent necessary and can use it to process the orders placed by us.
We may transfer your personal data to public authorities where this is required by applicable law (e.g. the German Stock Exchange Act (Börsengesetz) or the German Securities Trading Act (Wertpapierhandelsgesetz)). A transfer of your personal data is also permitted if there is suspicion of a criminal offence or the abuse of the services offered on our website. In this event, we shall be entitled to transfer your Personal Data to the criminal prosecution authority.
Otherwise, your personal data will be stored exclusively in our database and on our servers or on those of our commissioned data processing providers. We will only share your Personal Data with other controllers for their own purposes such as cooperation or advertising partners under the condition that you explicitly and voluntarily agreed to such transfer of your Personal Data; in this case, we will obtain your consent separately from this Notice.
Sometimes the recipients to whom We transfers your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country.
In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your personal data. Under these conditions, recipients of your personal data can be for example:
- public bodies and institutions in the presence of a legal or regulatory obligation (eg. financial authorities),
- other companies and service providers (processors) / vicarious agents in the following areas:
- print service providers
- telecommunications service provider
- billing service provider
- financial institutions
- collection agencies
- management consultancies as well as business and tax audit companies
- provider of the online platform
- newsletter provider
7. Usage of cookies
When you visit our website, information is stored on your terminal in the form of a "cookie". Cookies are small files that are stored on your terminal device and store certain settings and data for exchange with our websites via your browser.
Cookies enable us, for example, to adapt a website to your interests or to store your password so that you do not have to re-enter it each time.
If you do not want us to recognize your terminal device, configure your Internet browser so that it deletes all cookies from your device, blocks all cookies or receives a warning before a cookie is stored. See c) for short instructions.
Please note that certain functions of our website may no longer function properly without cookies.
7.1. Types of cookies
Depending on their function and purpose, cookies can be assigned to four categories: required cookies, functional cookies, tracking cookies and cookies for marketing purposes.
7.1.1. Required cookies
These cookies are necessary to ensure the smooth functioning of this website (e.g. session cookies, cookie for storing the set cookie preferences, etc.). These cookies cannot therefore be deactivated.
7.1.2. Functional cookies
Functional cookies are used to ensure the smooth functioning of all tools on the website. Only with the use of functional cookies is the entire functionality of the website available to the user.
7.1.3. Tracking Cookies
The analysis cookies are used for the purpose of constantly improving the quality of this website and its content. This should lead to a higher customer satisfaction among the users.
7.1.4. Cookies for marketing purposes
We use marketing services to provide you with interesting offers and offers from third parties. For this purpose, we serve advertisements through advertising partners or advertising networks that use third-party cookies that are activated when you visit our website and are read only by the respective advertising partner. In this way, we want to ensure that only advertisements that actually interest you are displayed to you.
7.2. Cookies and other technologies on our website
7.2.1. Cookies
Name | Description | Category | Retention |
PHPSES SID | PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user friendliness. Data entered in forms are e.g. B. briefly saved when there is an input error by the user and the user receives an error message. Otherwise all data would have to be entered again. | Required cookies | Session |
BT_ctst | eTracker cookie used to recognize whether cookies are activated in the visitor's browser | Tracking cookies | Session |
BT_sdc | eTracker cookie which contains Base64-encoded data from the current visitor session (referrer, number of pages, number of seconds since the session started), which is used for personalization purposes. | Tracking cookies | Session |
BT_pdc | eTracker cookie which contains Base64-encoded data of the visitor history (is customer, newsletter recipient etc.) for personalization. | Tracking cookies | 2 years |
isSdEnabled | eTracker cookie for detection of whether the visitor scroll depth is measured. | Tracking cookies | 2 years |
_et_coid | eTracker cookie which collects information about how often visitors use the website. The cookie collects the information in an anonymous form. | Tracking cookies | 2 years |
7.2.2. Other technologies
Usage of eTracker: Our website uses the eTracker analysis service. The supplier is eTracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg Germany. From the data, user profiles can be created under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of your Internet browser. The cookies allow you to recognize your browser again. The data collected with the eTracker technologies are used based on our legitimate interest in improving our website.
You can object to the data collection and storage at any time with future effect. In order to object to the collection and storage of your visitor data in the future, you can obtain an opt-out cookie from etracker under the following link, which means that no visitor data from your browser will be collected and stored by etracker in the future: https://www.etracker.de/privacy?et=V23Jbb
This sets an opt-out cookie with the name "cntcookie" from etracker. Please do not delete this cookie as long as you want to maintain your objection.
7.3. Cookies and other technologies on our portal
7.3.1. Cookies
Name | Description | Category | Retention |
cs | Token to enable single sign on | Required cookies | Session |
7.4. Cookies and other technologies on our GUI
7.4.1. Cookies
Name | Description | Category | Retention |
cs | Token to enable single sign on | Required cookies | Session |
JSESSIONID | Session identifier | Required cookies | Session |
7.5. Manage Cookies
We have compiled links where you can find detailed information on how to deactivate cookies in common browsers:
8. Your Rights
Under applicable data protection laws, you have rights
- of access to, rectification of, and/or erasure of your Personal Data;
- to restrict or object to its processing;
- to tell Us that you do not wish to receive marketing information; and
- (in some circumstances) to require certain of your Personal Data to be transferred to you or a third party, which you can exercise by contacting Us at the details set out at the beginning of this Notice.
To the extent Our processing of your Personal Data is based on your consent, you also have the right to withdraw your consent, without affecting the lawfulness of Our processing based on your consent before its withdrawal.
To exercise your rights, you can contact Us as set out in Section 1.1 above. You can also lodge a complaint about Our processing of your Personal Data with a data protection authority. A list and contact details of the local data protection authorities can be found here.
Share this page