DTCC Privacy Policy

DTCC Privacy Policy

Last Updated: December 16, 2022

This statement sets forth the Depository Trust & Clearing Corporation (“DTCC”) privacy policies (“Privacy Policy”) and applies to DTCC and its subsidiaries (“we,” “us” and “our”) with respect to the use and disclosure of certain personal information we gather on our website (this “Site”) or in connection with the provision or potential provision of services. There may be additional terms provided when you procure certain services or additional information required in order for you to log into our portal to access our services. DTCC and its subsidiaries are listed in the “Businesses & Subsidiaries” page of this Site.

1.    Information We Collect

We collect information in connection with the provision or potential provision of services, including, for example, transaction records, trade repository, clearance, settlement, custody and asset servicing, transaction processing services, or other services provided by our subsidiaries (collectively, the “DTCC Services” or “Services”). DTCC Services may be provided to customers, participants and members (collectively, “Customers”). DTCC Services are generally provided directly to businesses and the information we gather generally relates to these business customers. We collect, store, and use the following personal information related to Customers and prospective Customers, including business representatives, agents, employees, administrators, and users of our Services, for our business purposes:

• Identifiers, such as your real name, alias, login credentials, home or other physical address, email address, phone and fax number, username, password;
• Professional or employment-related information, such as employer name, job title, areas of business coverage, organization, department, and business contact information;
• Internet or other electronic activity information, such as browsing history, search history, and information about your interactions with the Site;
• Contact preferences;
• Other information voluntarily provided to us; and
• Inferences drawn from the categories of personal information described above.

Collection of such business contact information is required to enable us to provide Services to our Customers. Other information may be required to enable us to verify the identity or authority of Customer, or its representatives, agents, employees, administrators, and users or for “Know your customer” purposes, where applicable.

We collect personal information from the following sources:

• Directly from you. We collect personal information that you provide to us, for example, when you send us communications or fill out a web form on the Site.
• Automatically through the Site. When you visit the Site, we may collect certain information automatically through cookies, pixels, and other tracking technologies. The Site does not respond to “Do Not Track” signals sent by Internet browsers.

2.    Additional Online Information Gathering

When visiting or using our websites or online services (collectively, “Websites”) we may collect certain information through automatic means, such as logging. This may include Internet or other electronic network activity information such as IP address, type of browser and operating system used, information regarding internet service provider or the type of device used to access our Websites, date and time of such access, navigation to and through our site, search terms, bookmarks, document downloads, how long a web page is visited, and other sites visited that link to or from our Websites and may be tied to an individual when logged into our systems.

We may also collect Internet or other electronic network activity information through the use of cookies, local shared objects (e.g., “Flash cookies”), clear gifs or “pixel tags,” device identifiers, or other identifiers or technologies, including as those technologies may evolve over time (collectively, “Data Technologies”). We may use Data Technologies to identify and track visits and use of our Websites, to customize experience on our Websites, to “remember” passwords, and for storing information or settings. This information allows us to evaluate our users’ use and navigation of the site on an aggregate basis, including the number and frequency of users to each webpage, and the length of each visit, to carry out our legal obligations, to protect our website and network from viruses or other threats, and to fulfill our regulatory requirements. We may use other third-party analytics tools that collect information about visitor traffic on our Websites. This information may be shared among DTCC and its subsidiaries, and their third party service providers.

Users of our Websites may be able to modify their browser’s settings to decline certain Data Technologies, such as cookies. If you disable Data Technologies, some features or functions of our Websites may not operate properly. If you set your browser to not accept cookies, you may still have access to public portions of the Sites. The acceptance of cookies is required for access to protected areas of the sites including access to DTCC’s products and services. For more information on our use of cookies, visit our Cookie Preferences center.

For convenience, we may provide links to websites, apps, or online services that are not operated by us. We are not responsible for the privacy practices of any websites, apps, or online services that we do not provide or operate. We recommend reviewing the privacy notices or policies of these third-party websites, apps, or online services in order to understand their information practices.

3.   How We Use Information

We may use the personal information we gather for the following business purposes:

• to provide and support DTCC Services, including uses or disclosures that are usual or customary to carry out the DTCC Services for which the information was given, or a related transaction;
• to communicate with Customers or provide more relevant communications, for example, in response to requests, questions, comments, or other site activities (e.g., whitepaper downloads, event registration);
• to maintain and manage accounts;
• to operate, evaluate and improve our DTCC Services, Websites, and our business (including diagnosing technical and service problems; administering our Websites; identifying users of our Websites; developing new products and services; managing our communications; determining the effectiveness of our sales, marketing and advertising; analyzing and enhancing our products, services and Websites; and performing accounting, auditing, billing, reconciliation and collection activities);
• to perform data analyses (including market research, trend analysis, and financial analysis);
• to comply with law or for other legal purposes, including retaining information to comply with law or regulations or disclosing information to a court, regulator, or other third party in response to a valid request;
• to protect ourselves or others, including protecting against malicious, deceptive, fraudulent, or illegal activity; or protecting our rights and those of our Customers or investors and defending any claims made against us; and
• with your consent, to inform a prospective Customer and current Customers, or its representatives, agents, employees, administrators, and users about products, services, or opportunities that may be of interest to them.

We may also use the personal information we gather in other ways for which we provide specific notice at the time of collection. In addition, we may use your personal information with your consent or as approved by you from time to time.

4.    How We Disclose Personal Information

Information we gather may be shared among DTCC and its subsidiaries and their service providers in order to support the purposes for which we may use information. We may entrust, delegate, and otherwise share information with the following third parties:

Corporate Affiliates: We may share information we gather with our Affiliates for their everyday business purposes, to provide services or to perform marketing.

Service Providers: We may share information with third party service providers who help us provide, develop and offer products and services. If you choose to use a particular feature within some of our products, you may be presented with a link directing you to a third-party provider which may have privacy policies or notices that differ from ours. Other service providers process data at our direction and in accordance with this policy.

Regulators: We may share information and records we maintain with financial or other regulators and in response to requests by courts or government authorities, such as law enforcement agencies and officials.

Law enforcement, government agencies, courts, or other third parties: We may share information to protect ourselves, our employees, or others, to investigate fraud, or as required by law, such as to comply with a subpoena or similar legal process.

Third Parties in Connection with a Sale or Merger: We may share information we have gathered in connection with the sale or merger of our business, affiliates, or the transfer of assets.

Any Other Third Party with your Prior Consent.

This Privacy Policy does not apply to anonymized or aggregated data which by itself does not allow an individual to be located or contacted. We may use and share such anonymized or aggregated data with third parties.

5.    Information Safeguarding

We maintain an information security program setting forth standards for maintaining administrative, technical and physical safeguards to protect the personal information provided by our Customers against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

6.    Data Transfers

We may transfer the information we collect to countries other than the country in which the information originally was collected (“Originating Country”). Personal information may be stored in the United States, and in other countries with different data protection standards than the Originating Country. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy, through adherence to our intra-company or other contractual agreements, and/or in accordance with applicable law. The following list represents the countries where DTCC has registered legal entities and jurisdictions that are material to DTCC’s operations:

Canada

Germany

Hong Kong

India

Ireland

Japan

Netherlands

Philippines

Singapore

United States

United Kingdom

7.   Data Retention

The personal data you submit to us will only be retained for as long as is required for the purposes for which it was collected. Contact information about individuals such as mailing list information is kept until a user unsubscribes to a publication or requests that we delete that information.

8.   Individual’s Rights

Customers have the right to request details of the information that DTCC holds about them such as their email address, contact information, or other personal information. Any requests for access to correct, rectify, or erase any inaccurate information gathered by DTCC or its subsidiaries can be directed to [email protected].

9.    Updates to Our Privacy Policy

This Privacy Policy may be updated periodically and, where permitted by law, without prior notice to reflect changes in our information practices. We will indicate at the top of the notice when it was most recently updated.

10.   Your California Privacy Rights

If you are a resident of California, the California Consumer Privacy Act of 2018 (“CCPA”) grants certain rights to residents of California to access or delete the personal information that we have collected about you. We do not sell or share the personal information we collect to third parties. Once we receive your request and confirm your identity, we will disclose to you the information we have collected about you, as required by the CCPA. Contact us at our address below for this information.

If you are a California resident, you may have the following rights with respect to your personal information, subject to applicable exceptions:

• Right to access. You may be entitled to request that we disclose to you the specific pieces of your personal information that we have collected about you in a portable and, to the extent technically feasible, readily usable format.

• Right to Know. You may have the right to confirm that we have collected personal information about you and know what personal information we have collected about you, including, as applicable, the categories of personal information we have collected, the sources from which we collected that personal information, the business or commercial purposes for which we collected, sold, and shared that personal information, the categories of personal information that we sold, shared, or disclosed to third parties for business purposes and the categories of third parties to whom we sold, shared or disclosed personal information.

• Right to Deletion. You may be entitled to request that we delete the personal information that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep such information, such as for our legitimate business purposes or to comply with applicable law.

• Right to Limit the Processing of Sensitive Personal Information. DTCC does not process sensitive personal information on our website (this “Site”) or in connection with the provision or potential provision of services.
• Right to Correct. You may request that we correct personal information that we hold about you.
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy law.

If you would like to exercise one of your rights or exercise rights on behalf of someone else, please contact us at [email protected] or 1-888-382-2721 and provide us with a description of the information we require to address your rights request, including your name, email address, phone number, and the nature of your request.

To process your requests to Know, Access, Delete, or Correct Personal Information, we must be able to verify your identity to a reasonable degree of certainty. To verify your identity, we will ask you to provide your contact information and additional identifiers based on your relationship with us. Before we process your request, we will match these data points with data points we currently maintain to verify your identity and your relationship with us.

The table below describes the categories of personal information that DTCC collects and the categories of third parties to whom, in the preceding 12 months, we have disclosed personal information for a business purpose.

11.   Notice on Information Collected as Part of Proposed Rule Filings

If any written comments are received to our proposed rule filings, they will be publicly filed as Exhibit 2 to the filing, as required by Form 19b-4 and the General Instructions. Persons submitting comments are cautioned that, according to Section IV (Solicitation of Comments) of the Exhibit 1A in the General Instructions to Form 19b-4, the Commission/SEC does not edit personal identifying information from comment submissions. Commenters should submit only information that they wish to make available publicly, including their name, email address, and any other identifying information.

12.   Unsubscribe

Individuals may object to their information being used for the purposes stated in this privacy policy by sending an email to [email protected]. Individuals may also opt-out of DTCC communications at any time by following the links provided in the respective communication.

13.   How to Contact Us