DTCC Terms for Cross Border Data Transfers
The Depository Trust & Clearing Corporation (“DTCC”) by itself or through any of its subsidiaries, affiliates or joint ventures, together or separately “DTCC” may collect and process Personal Data to onboard individuals from our institutional clients in order to (1) provision access to services provided; (2) to market and offer related products and services to a Customer and its affiliates; (3) to inform Customers of upcoming events, learnings and industry news; and (4) as required to satisfy legal and regulatory obligations. As part of this process, business contact data is collected and DTCC operates as the Data Controller of Personal Data collected in this capacity.
DTCC may act as a Data Processor when providing clearing, settlement, asset servicing, data management, and/or information services to its institutional customers; however, our services generally do not require the collection of Personal Data or special categories of personal data as defined by applicable regulations (i.e., Regulation (EU) 2016/679, Data Protection Act 2018, UK GDPR, and the Act on Federal Data Protection). While there may be instances where Personal Data is provided for processing, this data is not required or requested by DTCC. DTCC advises that its Members, Participants, Users or Clients review and assess the necessity of sharing any Personal Data to DTCC prior to the transfer of such data. To the extent the transfer of Personal Data is necessary and applicable, DTCC has provided the following terms and conditions for the processing of Personal Data transferred from the EU, EEA, United Kingdom, or Switzerland. In this capacity, DTCC would serve as the Data Processor of Personal Data provided by our clients, the Data Controllers.
Cross Border Data Transfers Addendum (April 2023)