DTCC.com
Information Privacy Policies & Procedures
Information Privacy Policies and Procedures of The Depository Trust & Clearing Corporation (DTCC) and Subsidiaries
As of October 30, 2007
I. Scope and Applicability of Privacy Policies and Procedures
This statement of policies and procedures (collectively, the "Privacy Policy") applies to DTCC and the subsidiaries of DTCC listed below (each a "Subsidiary" and collectively, the "Subsidiaries"):
- DTCC Deriv/SERV LLC
- DTCC Solutions LLC
- European Central Counterparty Limited ("EuroCCP")
- Fixed Income Clearing Corporation
- National Securities Clearing Corporation
- The Depository Trust Company
The Privacy Policy sets forth the general policies and procedures of DTCC and the Subsidiaries with respect to the use and disclosure of "non-public personal information" received by DTCC and/or the Subsidiaries in connection with the provision of certain services, including, without limitation, clearance, settlement, custody and asset servicing and transaction processing services (collectively, the "DTCC Services") to customers, (including employees, contractors, agents or officers of customers) participants and members, as applicable, of DTCC and/or the Subsidiaries (collectively, "Customers"). For purposes of this Privacy Policy, the term "non-public personal information" means any information (i) a consumer provides to obtain a financial product or service; (ii) about a consumer resulting from any transaction involving a financial product or service; or (iii) that is otherwise obtained about a consumer in connection with providing a financial product or service to that consumer (collectively, "Personal Information"). "Non-public personal information" also includes any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any Personal Information that is not publicly available. "Non-public personal information" is referred to herein for convenience as "NPI". For purposes of the UK Data Protection Act 1998 ("DPA"), which applies when processing takes place in the United Kingdom, DTCC and/or its Subsidiaries may also receive "Personal Data" from Customers (as defined in the DPA). In addition, for the purposes of the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), which applies when processing takes place in Hong Kong, DTCC and/or its Subsidiaries may also receive "Personal Data" from Customers (as defined in the PDPO). For the purposes of this Policy, Personal Data that DTCC and/or its Subsidiaries collect shall be limited to names, work email addresses, telephone numbers, business addresses and job titles of the representatives of Customers who deal with DTCC.
In addition to private information about individuals, this Privacy Policy also applies to confidential Customer information and data ("Customer Information") that DTCC and/or its Subsidiaries may receive from Customers in the course of providing DTCC Services.
As described herein, it is the policy of DTCC and the Subsidiaries not to use NPI, Personal Data (as defined under the DPA and the PDPO) and Customer Information (all together referred to as "Confidential Information") they receive from Customers except in connection with the provision of the DTCC Services (or otherwise in accordance with law) and to safeguard Confidential Information that they receive from Customers. DTCC may change this Privacy Policy from time to time, including as necessary or appropriate based on (i) results of testing and monitoring, (ii) changes to the business and operation of DTCC or the Subsidiaries or to the DTCC Services, and (iii) changes to regulations/laws.
II. Non-Disclosure of Confidential Information
It is the policy of DTCC and the Subsidiaries not to use or disclose Confidential Information received from Customers except in connection with the DTCC Services. Such uses or disclosures may include, for example, those that are usual, appropriate, or acceptable to carry out the DTCC Service for which the information was given or a transaction related thereto, to maintain accounts, to provide confirmations and statements, to provide access to data services and for record keeping purposes. DTCC and the Subsidiaries may also disclose Confidential Information as permitted or required by law. It is the policy of DTCC and the Subsidiaries not to disclose Confidential Information to third parties for marketing purposes.
III. Contact Information
DTCC has designated its Chief Privacy Officer (the "CPO") responsible for privacy practices of DTCC and the Subsidiaries, including periodic review of this Privacy Policy. The CPO should be contacted for further information regarding this Privacy Policy at privacyoffice@dtcc.com.
IV. Information Safeguarding
DTCC has established an information security program setting forth standards for maintaining administrative, technical and physical safeguards to (i) ensure the security and confidentiality of Confidential Information; (ii) protect against anticipated threats or hazards to the security of Confidential Information; and (iii) protect against unauthorized access to or use of Confidential Information. These standards are applied across the Subsidiaries. Security protections use technology consistent with current industry standards as existing from time to time. DTCC periodically tests the security protections of its information systems and monitors the effectiveness of its information security controls, systems and procedures. DTCC also periodically reviews foreseeable internal and external risks to information security with key operations, management and risk control personnel in all areas of operation of DTCC and the Subsidiaries.
It is the policy of DTCC to restrict access to Confidential Information to those employees who need to know such information in order to provide DTCC Services or as otherwise appropriate and consistent with this Privacy Policy. Any employee who is authorized to have access to such information in connection with the performance of such employee's duties and responsibilities is required to keep such information secure and confidential. Employees are instructed to review materials setting forth policies and procedures of DTCC and Subsidiaries and to comply with procedures that are designed to address administrative, technical and physical safeguards for the protection of such information. DTCC will use commercially reasonable best efforts to advise Customers of breaches involving NPI, if any.
V. Additional Considerations where Personal Data is Processed in the UK
This Section V applies where Personal Data is being processed either by (i) a UK subsidiary of DTCC; or (ii) by DTCC or a non UK subsidiary where such information is processed on equipment situated in the UK.
DTCC and its Subsidiaries may from time to time, in accordance with this Privacy Policy, use Personal Data to inform (either by post or email) a Customer about products and services that DTCC expects may be of interest to a Customer. Individuals may object to their Personal Data being used for marketing purposes by sending an email to privacyoffice@dtcc.com.
DTCC and/or its Subsidiaries will only use and disclose Customer’s Personal Data to selected third parties (i.e., service providers who provide services in connection with DTCC and the Subsidiaries’ products and services) for the purpose for which it was disclosed to DTCC and/or its Subsidiaries or a compatible purpose, or as required by duly authorized regulators or as required or permitted by law.
DTCC and its Subsidiaries may, for the purposes set out in this Privacy Policy, transfer Personal Data overseas to any office of DTCC, any of its Subsidiaries or any of the third parties referred to above. Some of DTCC's offices and those of its Subsidiaries or third party service providers are located in countries outside the European Economic Area that do not have such protective data protection legislation when compared to European law. By submitting Personal Data as set forth on the applicable membership/contact forms related to the application/membership processes of the Subsidiaries, the Customer agrees to the transfer, storing or processing of Personal Data outside of the European Economic Area.
DTCC has a legal obligation to ensure that Personal Data is kept accurate and up to date. DTCC kindly requests its Customers to assist DTCC to comply with this obligation by informing DTCC of any changes to Personal Data. Customers have the right to request details of the Personal Data that DTCC holds about the Customer’s representatives and to delete or rectify any inaccurate Personal Data about the Customer by sending a written request to privacyoffice@dtcc.com.
EuroCCP is the data controller with respect to personal data that is provided to EuroCCP. DTCC is the data controller with respect to personal data that is provided to DTCC. DTCC and its Subsidiaries will share data within the DTCC group of companies.
VI. Additional Considerations where Personal Data is Processed in Hong Kong, or outside Hong Kong but in relation to Personal Data that has some connection with Hong Kong
This Section VI applies where Personal Data is being processed by (i) a Hong Kong subsidiary of DTCC; or (ii) by DTCC or a non Hong Kong subsidiary of DTCC in relation to Personal Data that has some connection with Hong Kong (e.g., Personal Data that relates to individuals in Hong Kong, or Personal Data that is processed on equipment situated in Hong Kong, or Personal Data that is used or intended to be used in Hong Kong).
DTCC and its Subsidiaries may from time to time, in accordance with this Privacy Policy, use Personal Data to inform (either by post or email) a Customer about products and services that DTCC expects may be of interest to a Customer. Individuals may object to their Personal Data being used for marketing purposes by sending an email to privacyoffice@dtcc.com.
DTCC and/or its Subsidiaries will only use and disclose Customer’s Personal Data to selected third parties (i.e., service providers who provide services in connection with DTCC and the Subsidiaries’ products and services) for the purpose for which it was disclosed to DTCC and/or its Subsidiaries or a compatible purpose, or as required by duly authorized regulators or as required or permitted by law.
DTCC and its Subsidiaries may, for the purposes set out in this Privacy Policy, transfer Personal Data overseas to any office of DTCC, any of its Subsidiaries or any of the third parties listed above. Some of DTCC's offices and those of its Subsidiaries or third party service providers are located in countries outside Hong Kong that do not have such protective data protection legislation when compared to the PDPO. By submitting Personal Data as set forth on the applicable membership/contact forms related to the application/membership processes of the Subsidiaries, the Customer agrees to the transfer, storing or processing of Personal Data outside of Hong Kong.
DTCC has a legal obligation to ensure that Personal Data is kept accurate and up to date. DTCC kindly requests its Customers to assist DTCC to comply with this obligation by informing DTCC of any changes to Personal Data. Customers have the right to request details of the Personal Data that DTCC holds about the Customer’s representatives and to delete or rectify any inaccurate Personal Data about the Customer by sending a written request to privacyoffice@dtcc.com.
VII. Privacy Statement as it relates to DTCC's public websites1
This website (the "Website") is provided for information purposes only. DTCC does not collect personal information (that is, information from which an individual may be identified) from visitors to the Website, other than information sent by visitors who elect to subscribe to receive information by completing and submitting a form on the Website. This information will be used by DTCC solely for the purpose of fulfilling and administering the subscriptions requested.
This Website uses cookies and we collect and share this information only in aggregated, non-personally identifiable format. We may also use a services that collects data remotely by using tags embedded in our site's content. The aggregate data we collect includes which operating system and browser you use, IP addresses, how you navigate to and through our site, and how long you stay on our web pages, among other information. This information is anonymous and does not include your name, e-mail address, or any other contact information, unless you have completed a form described in the previous paragraph of this Privacy Statement. We share this information within DTCC and with DTCC’s subsidiaries, DTCC’s joint ventures and our third party vendors, such as WebSideStory. These vendors give us reports of aggregated, anonymous data. We use this data to improve our site by responding to our users' interests and providing more relevant and useful information. To learn more about WebSideStory's privacy standards and to opt out of receiving WebSideStory cookies, please visit:
http://www.websidestory.com/privacy/privacy-policy.html.
If you would like to prevent the use of cookies, please see www.allaboutcookies.org/manage-cookies.
Individuals outside the United States who submit personally identifiable information via this Website acknowledge and agree that the information submitted will be forwarded to the United States or another jurisdiction for processing in connection with the purposes for which it has been supplied. These jurisdictions do not have such protective data protection legislation when compared to European law.
Please note that when you link to any other website from this Website, the operator of such other website (whether DTCC, a DTCC subsidiary, a DTCC joint venture or a third party) may collect information about you, including through cookies or other technologies. In addition, your Internet or other service provider(s) may collect information about or submitted by you while you use the Website, or any other website. You acknowledge that information collection or privacy practices of any other party are not monitored or controlled by DTCC and DTCC is not responsible for such websites. Links on the Website to other websites are provided only as a convenience, and the inclusion of such links does not imply endorsement of the linked site. You should review the privacy policies of any other website that you visit to understand how your information is collected and used.
Notwithstanding the information policies stated above, the right to store and disclose to third parties any information under the following circumstances is reserved: when the law permits it; to legal advisors; and to protect the rights, property, safety or security of DTCC, DTCC’s subsidiaries, DTCC’s joint ventures, Website visitors or the public.
Section VII of this Policy applies solely to online information collection and use practices in connection with this Website. DTCC reserves the right to make changes to this section from time to time, which will be provided to you by posting the revised draft of this document on this Website.
1This privacy statement applies to the public information available on each of DTCC’s websites, which are as follows: http://www.dtcc.com, http://acats.nscc.com, http://derivserv.dtcc.com, http://euroccp.co.uk, http://formats.nscc.com, http://funds.dtcc.com, http://insurance.dtcc.com, http://learning.dtcc.com, http://smart.dtcc.com, https://www.dtc.org, http://www.ficc.com, and http://www.nscc.com.