Effective Date: January 1, 2020
As a global financial services and technology provider and self-regulatory organization, Nasdaq is committed to protecting Personal Data and complying with applicable privacy requirements in a trustworthy, transparent and responsible manner.
We only collect information from you/your representative or about you that is reasonably necessary for us to provide the relevant product or service, business relationship and/or communication consistent with the nature of such product, service, business relationship and/or communication. Based on the specific products, services, business relationship or Sites involved as well as requirements under applicable law, we may collect the following categories of personal information (“Personal Data”) that you or your representative (such as your employer, financial services provider, legal representative, company where you are an officer, director or significant shareholder) provide to us:
We may also automatically collect the following categories of information from devices (e.g., mobile, computer, laptop, tablet) used to visit or use our Sites (“Device Information”):
Certain Device Information may be deemed Personal Data in accordance with applicable law. Personal Data and Device Information are collectively referred to as “information.”
Based on the specific products, services, business relationship or Sites involved (as well as requirements under applicable law), we may collect the following categories of Personal Data on our own or from third parties about you in accordance with applicable law:
The following is an overview of Nasdaq’s purposes for processing Personal Data. Often due to the nature of the product or service involved or the context in which the Personal Data is used, it will be apparent how we intend to use the information. Additional information about processing related to a particular product or service may be separately posted on the relevant Site or contained in the applicable terms and conditions.
We may use the information we collect for the purposes identified below. To the extent required by applicable law, each purpose for the processing of Personal Data is substantiated by one or more lawful bases for processing. Unless otherwise identified with respect to a particular product or service, our processing is done based of one or more of the following:
Provide you (or your employer/represented company) with our services and products and communicate with you about your (or your employer/represented company) accounts or use of our products, services and/or Sites
Process transactions through one of our services including, but not limited to, processing financial transactions initiated by your or your representative
Comply with our obligations as an exchange, clearinghouse, broker-dealer, central shares depository, pension system administrator and/or other regulated/licensed business including, but not limited to regulations applicable to our EEA Regulated Entities such as, for example, the Markets in Financial Instruments Regulation
Perform transaction and regulatory reporting requirements under applicable law
Perform our obligations as a Self-Regulatory Organization, trading venue and/or market operator including, but not limited to, conducting surveillance of issuers and trading activities, conducting disciplinary proceedings and reporting suspected to misconduct to regulators and other authorities
Monitor for security threats and fraud involving the use of our products, services, Sites or physical facilities
Maintain your status as a representative of an exchange or clearinghouse member or certified advisor to issuers
Register or establish an account for you (or the company for whom you are an employee, officer or director) as a customer
Register you (or your employer/represented company) to receive services or information through one or more of our Sites
To the extent permitted by applicable law, identify you (or your employer/represented company) as a prospective customer for products or services and provide you with relevant information and/or invitations to events
Manage our relationship with you (or your employer/represented company) as a customer, business prospect and/or information recipient
To pursue or enforce our legal rights related to our business, products, services or Sites and/or defend against claims made against us
Communicate with you (or your employer/represented company) about your account or use of our products, services or Sites
Create informational materials and statistical extracts for our products and services
Develop, provide content for, operate, deliver, and market our services and Sites
Improve the quality of our Sites and tailor them to your preferences
Implement social networking features you have activated (e.g., Facebook “Like” button and LinkedIn integration)
We also use your information for compliance with our company policies and procedures, for accounting and financial purposes, and otherwise as required or permitted by applicable law. If you do not provide us with information as described above, we may not be able to fulfill the applicable purpose of collection, such as completing a contemplated transaction, responding to your queries or providing access to our Sites to you.
With respect to situations where we process Personal Data based on our legitimate business interest, reflecting that we are generally a business-to-business product and service provider, we typically collect and process limited Personal Data about corporate customer points of contact and individuals acting in their professional capacities as part of our overall effect to reduce the privacy impact on individuals. To the extent required by applicable law, you have the right to object to the processing of your personal data based on a legitimate interest as legal basis. Please see the section below regarding your rights to find out more. Where processing is based on your consent, you have the right to withdraw that consent at any time.
Nasdaq does not engage decision-making based solely on automated processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects an individual.
As part of Nasdaq’s surveillance programs for its exchanges, we utilize certain software that uses machine intelligence and learning to identify situations that potentially constitute market abuse, insider trading, fraud or violations of our published rules. Such software relies on identifying patterns indicating misconduct based on past activity. The conduct involved may include conduct by a corporate member, trading algorithm or individual action. Alerts are referred for investigation by our Surveillance team which determines which actions to take based on our published rules and applicable law.
From time to time, to the extent permitted by applicable law and subject to any contractual limitations on sharing Personal Data set forth in a relevant contract for products and services, we may share your information with our affiliates, subsidiaries, business partners, customers/members (such as where we process your Personal Data in connection with your role with your employer or financial services provider), third party service providers and authorities in the following circumstances:
We may share your information with other parties as directed by you or subject to your consent. We may also share and otherwise process aggregated information or de-identified information that does not identify you individually with other parties. For example, from time to time, we may utilize survey information collected from you on an aggregate, not individually identifiable, basis. We also use this aggregated or de-identified information for our various business purposes, including the creation and sale of other products and services to our clients and potential clients. This aggregate or de-identified information is not traceable to any particular client or user and will not be used by a third party to contact you.
We do not share, sell, rent or trade your information to our service providers or business partners for their own direct marketing purposes, unless we have explicitly given you the option to opt-in or opt-out of such disclosures.
We process Personal Data within the scope of our marketing and market segmentation. With market segmentation, we mean that we categorize our customer base based on professional affiliations and functions, alignment with our services and products and information gathered from public sources of information. For customers or users of our Sites, we may also use information gathered from your use of our products, services and/or Sites for marketing purposes. You always have right to request that we stop using your personal data for direct marketing purposes.
To the extent required by applicable law, you have the right to object to the processing of your personal data based on a legitimate interest as legal basis. You also always have the right to withdraw your consent at any time when we need your consent in order to process your personal data. If you withdraw your consent, you will no longer receive information and offers that are tailored for you. Please see the section below for more information about your rights.
If you no longer wish to receive marketing communications from us, you may opt-out of receiving marketing-related emails by: (1) using the unsubscribe method provided in our communications; (2) if you created an online account when you registered to receive our emails, you may log-in to your account on the applicable Site and make changes to your communication preferences; or (3) you can opt out by updating your preferences in the Email Alert section of our Sites. In particular, you have the right to object our use of your Personal Data for direct marketing and in certain other situations (in accordance with applicable law) by contacting us at firstname.lastname@example.org. If you are having difficulty unsubscribing from our email marketing communications using the above methods, please contact us as at email@example.com.
We will try to comply with your request as soon as reasonably practicable as required by applicable law. Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law. In addition, please note that even if you opt-out of receiving marketing communications from one or all of our Sites, we may need to send you service-related communications.
To the extent required by applicable law, in our capacity as the controller of your Personal Data, we will also provide you with the opportunity to be informed of whether we are processing your Personal Data and at any time to access, correct, update, oppose, delete, block, limit or object to our use of your Personal Data. The foregoing rights will be afforded to you free of charge (except to the extent that your requests are manifestly unfounded or excessive, in which case, we may charge an administrative fee or refuse to meet your request). Please note that legal obligations that apply to our business – for example, financial regulations that apply to our EEA Regulated Business - may prevent us from immediately deleting parts of your information. To exercise your rights, please contact us as detailed under the Contact Us heading below.
To prevent fraudulent activity, we may require you to authenticate your identity when you contact us. We will try to comply with your request as soon as reasonably practicable and within timeframes required by applicable law. Please note that in some instances, due to the nature of the information that we receive, we may require you to provide additional information that will help us identify which information is yours. For requests subject to the European General Data Protection Regulation, we will respond to your request within one month of our receipt of it. We may extend this period by two further months taking into account the complexity of your request or the number of requests that we have received; we will inform you of any such extension within one month of receiving your request along with the reasons for the delay and information about your right to file a complaint with the supervisory authority.
The following sets out a summary of your rights to the extent that your Personal Data is processed subject to the European General Data Protection Regulation:
However, there might be requirements under applicable law, or other compelling reasons, that prevents us from immediately erasing your Personal Data. In such case, we will stop using your Personal Data for any other reasons than to comply with the applicable law, or the relevant compelling reason.
We will take all reasonable and possible actions to notify any recipients of your Personal Data regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you with which third parties we have shared your Personal Data.
We take reasonable technical, administrative and physical security measures to protect your information, including applying generally accepted industry standards to protect the information submitted to us during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage is 100% secure, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed under the “Contact Us” heading below.
Some of the parties with which we may share your information, as detailed in “How We Share Your Information”, may be located in countries that do not provide an equivalent level of protection as your home country. Where required, Nasdaq has implemented appropriate cross-border transfer solutions to provide adequate protection for transfers of certain personal information, including, but not limited to, the European Commission’s Standard Contractual Clauses (available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en). To the extent permitted by applicable law, by using our Sites, and providing us information about you, you consent to the international transfer of information about you to the above parties.
When you use our Sites, we along with our affiliates, subsidiaries and third party service providers may use “cookies” and similar technologies (e.g., log files, clear gifs, pixel tags and Flash LSOs) (collectively, “technology”). This technology may involve placing small files/code on your device or browser that serve a number of purposes, such as remembering your preferences (e.g., language) and generally improving your experience on our Sites. Specifically, we may use such technology for purposes such as to:
To learn more about the technology used on our Sites and how to disable some of the technology, visit our more comprehensive Cookie Statement.
If you choose to use our referral service to tell someone about our products or services or Sites, we will ask you for your friend’s name and email address. We will send your referral a one-time email to invite him/her to access the Site or with information about the product or service, and store his/her email address for the sole purpose of sending this one-time email and tracking the success of our referral program. Your referral may contact us as detailed under the “Contact Us” heading below to request we remove this information from our database.
None of our Sites are targeted for use by children under the age of sixteen. We do not target any of our products or services or Site content/features for use by children of such age.
For California Consumers
If you reside in California, we are required to provide additional information to you about how we use and disclose your information, and you may have additional rights with regard to how we use your information. We have included this California-specific information below.
Office of General Counsel – Privacy Team
805 King Farm Blvd
Rockville, MD 20850
Office of General Counsel – Stockholm Office
For our EEA Regulated Entities, you may also contact our Data Protection Officer:
Cirio Advokatbyrå AB
Box 3294, 103 65 Stockholm
Mäster Samuelsgatan 20
+46 8 527 91 600
Att: Caroline Olstedt Carlström – Nasdaq Data Protection Officer
With respect to Personal Data processing subject to European Union jurisdiction, in addition to contacting our business contacts and Data Protection Officer (for our EEA Regulated Businesses), you may also contact a data protection supervisory authority. Within Europe, Nasdaq’s headquarters is located in Sweden, making the responsible data protection supervisory authority:
The Swedish Data Protection Authority
Telefon: 08-657 61 00
Fax: 08-652 86 52
104 20 Stockholm