DTCC Privacy Policy
Last Updated: December
16, 2022
This statement sets forth the
Depository Trust & Clearing Corporation (“DTCC”) privacy policies (“Privacy
Policy”) and applies to DTCC and its subsidiaries (“we,” “us” and “our”) with
respect to the use and disclosure of certain personal information we gather on our website (this “Site”) or in connection with the
provision or potential provision of services. There may be additional terms
provided when you procure certain services or additional information required
in order for you to log into our portal to access our services. DTCC and its
subsidiaries are listed in the “Businesses & Subsidiaries” page of this
Site.
1. Information We Collect
We collect information in
connection with the provision or potential provision of services, including,
for example, transaction records, trade repository, clearance, settlement,
custody and asset servicing, transaction processing services, or other services
provided by our subsidiaries (collectively, the “DTCC Services” or “Services”).
DTCC Services may be provided to customers, participants and members
(collectively, “Customers”). DTCC Services are generally provided directly to
businesses and the information we gather generally relates to these business
customers. We collect, store, and use the following personal information
related to Customers and prospective Customers, including business
representatives, agents, employees, administrators, and users of our Services,
for our business purposes:
- Identifiers, such as your real name, alias, login credentials, home or other physical address, email address, phone and
fax number, username, password;
-
Professional or employment-related information, such as employer
name, job title, areas of business coverage, organization, department, and
business contact information;
-
Internet or other electronic activity information, such as
browsing history, search history, and information about your interactions with
the Site;
-
Contact preferences;
-
Other information voluntarily provided to us; and
-
Inferences drawn from the categories of personal information
described above.
Collection of
such business contact information is required to enable us to provide Services
to our Customers. Other information may be required to enable us to verify the
identity or authority of Customer, or its representatives, agents, employees,
administrators, and users or for “Know your customer” purposes, where
applicable.
We collect
personal information from the following sources:
-
Directly from you. We collect personal information that you
provide to us, for example, when you send us communications or fill out a web
form on the Site.
-
Automatically through the Site. When you visit the Site, we may
collect certain information automatically through cookies, pixels, and other
tracking technologies. The Site does not respond to “Do Not Track” signals sent
by Internet browsers.
2. Additional Online Information Gathering
When visiting or using our
websites or online services (collectively, “Websites”) we may collect certain
information through automatic means, such as logging. This may include Internet
or other electronic network activity information such as IP address, type of
browser and operating system used, information regarding internet service
provider or the type of device used to access our Websites, date and time of
such access, navigation to and through our site, search terms, bookmarks,
document downloads, how long a web page is visited, and other sites visited
that link to or from our Websites and may be tied to an individual when logged
into our systems.
We may also collect Internet or
other electronic network activity information through the use of cookies, local
shared objects (e.g., “Flash cookies”), clear gifs or “pixel tags,” device
identifiers, or other identifiers or technologies, including as those technologies
may evolve over time (collectively, “Data Technologies”). We may use Data
Technologies to identify and track visits and use of our Websites, to customize
experience on our Websites, to “remember” passwords, and for storing
information or settings. This information allows us to evaluate our users’ use
and navigation of the site on an aggregate basis, including the number and
frequency of users to each webpage, and the length of each visit, to carry out
our legal obligations, to protect our website and network from viruses or other
threats, and to fulfill our regulatory requirements. We may use other
third-party analytics tools that collect information about visitor traffic on
our Websites. This information may be shared among DTCC and its subsidiaries,
and their third party service providers.
Users of our Websites may be
able to modify their browser’s settings to decline certain Data Technologies,
such as cookies. If you disable Data Technologies, some features or functions
of our Websites may not operate properly. If you set your browser to not accept
cookies, you may still have access to public portions of the Sites. The acceptance of cookies is required for access to
protected areas of the sites including access to DTCC’s products and services.
For more information on our use of cookies, visit our Cookie Preferences center.
For convenience, we may provide
links to websites, apps, or online services that are not operated by us. We are
not responsible for the privacy practices of any websites, apps, or online
services that we do not provide or operate. We recommend reviewing the privacy
notices or policies of these third-party websites, apps, or online services in
order to understand their information practices.
3. How We Use Information
We may use the personal
information we gather for the following business purposes:
-
to provide and support DTCC Services, including uses or
disclosures that are usual or customary to carry out the DTCC Services for
which the information was given, or a related transaction;
-
to communicate with Customers or provide more relevant
communications, for example, in response to requests, questions, comments, or
other site activities (e.g., whitepaper downloads, event registration);
-
to maintain and manage accounts;
-
to operate, evaluate and improve our DTCC Services, Websites, and
our business (including diagnosing technical and service problems;
administering our Websites; identifying users of our Websites; developing new
products and services; managing our communications; determining the
effectiveness of our sales, marketing and advertising; analyzing and enhancing
our products, services and Websites; and performing accounting, auditing,
billing, reconciliation and collection activities);
-
to perform data analyses (including market research, trend
analysis, and financial analysis);
-
to comply with law or for other legal purposes, including
retaining information to comply with law or regulations or disclosing
information to a court, regulator, or other third party in response to a valid
request;
-
to protect ourselves or others, including protecting against
malicious, deceptive, fraudulent, or illegal activity; or protecting our rights
and those of our Customers or investors and defending any claims made against
us; and
-
with your consent, to inform a prospective Customer and current
Customers, or its representatives, agents, employees, administrators, and users
about products, services, or opportunities that may be of interest to them.
We may also use the personal
information we gather in other ways for which we provide specific notice at the
time of collection. In addition, we may use your personal information with your
consent or as approved by you from time to time.
4. How We Disclose Personal Information
Information we gather may be
shared among DTCC and its subsidiaries and their service providers in order to
support the purposes for which we may use information. We may entrust,
delegate, and otherwise share information with the following third parties:
Corporate Affiliates:
We may share information we gather with our Affiliates for their everyday
business purposes, to provide services or to perform marketing.
Service Providers:
We may share information with third party service providers who help us
provide, develop and offer products and services. If you choose to use a
particular feature within some of our products, you may be presented with a
link directing you to a third-party provider which may have privacy policies or
notices that differ from ours. Other service providers process data at our
direction and in accordance with this policy.
Regulators: We may
share information and records we maintain with financial or other regulators
and in response to requests by courts or government authorities, such as law
enforcement agencies and officials.
Law
enforcement, government agencies, courts, or other third parties: We
may share information to protect ourselves, our employees, or others, to
investigate fraud, or as required by law, such as to comply with a subpoena or
similar legal process.
Third Parties in Connection with a Sale or Merger:
We may share information we have gathered in connection with the sale or merger
of our business, affiliates, or the transfer of assets.
Any Other Third Party with
your Prior Consent.
This
Privacy Policy does not apply to anonymized or aggregated data which by itself
does not allow an individual to be located or contacted. We may use and share
such anonymized or aggregated data with third parties.
5. Information Safeguarding
We maintain an information
security program setting forth standards for maintaining administrative,
technical and physical safeguards to protect the personal information provided
by our Customers against accidental, unlawful or unauthorized destruction,
loss, alteration, access, disclosure or use.
6. Data Transfers
We may transfer the information
we collect to countries other than the country in which the information
originally was collected (“Originating Country”). Personal information may be
stored in the United States, and in other countries with different data
protection standards than the Originating Country. When we transfer your
information to other countries, we will protect that information as described
in this Privacy Policy, through adherence to our intra-company or other
contractual agreements, and/or in accordance with applicable law. The following
list represents the countries where DTCC has registered legal entities and
jurisdictions that are material to DTCC’s operations:
Canada
Germany
Hong Kong
India
Ireland
Japan
Netherlands
Philippines
Singapore
United States
United Kingdom
7. Data Retention
The personal data you submit to
us will only be retained for as long as is required for the purposes for which
it was collected. Contact information about individuals such as mailing list
information is kept until a user unsubscribes to a publication or requests that
we delete that information.
8. Individual’s Rights
Customers have the right to
request details of the information that DTCC holds about them such as their
email address, contact information, or other personal information. Any requests
for access to correct, rectify, or erase any inaccurate information gathered by
DTCC or its subsidiaries can be directed to [email protected].
9. Updates to Our Privacy Policy
This Privacy Policy may be
updated periodically and, where permitted by law, without prior notice to
reflect changes in our information practices. We will indicate at the top of
the notice when it was most recently updated.
10. Your California Privacy Rights
If you are a resident of California, the California Consumer
Privacy Act of 2018 (“CCPA”) grants certain rights to residents of California
to access or delete the personal information that we have collected about you.
We do not sell or share the personal information we collect to third parties.
Once we receive your request and confirm your identity, we will disclose to you
the information we have collected about you, as required by the CCPA. Contact
us at our address below for this information.
If you are a California resident, you may have the following
rights with respect to your personal information, subject to applicable
exceptions:
- Right to access. You may be entitled to request that we
disclose to you the specific pieces of your personal information that we have
collected about you in a portable and, to the extent technically feasible,
readily usable format.
- Right to Know. You may have the right to
confirm that we have collected personal information about you and know what
personal information we have collected about you, including, as applicable, the
categories of personal information we have collected, the sources from which we
collected that personal information, the business or commercial purposes for
which we collected, sold, and shared that personal information, the categories
of personal information that we sold, shared, or disclosed to third parties for
business purposes and the categories of third parties to whom we sold, shared
or disclosed personal information.
- Right to Deletion. You may be entitled to
request that we delete the personal information that we have collected from
you. We will use commercially reasonable efforts to honor your request, in
compliance with applicable laws. Please note, however, that we may need or be
required to keep such information, such as for our legitimate business purposes
or to comply with applicable law.
- Right to Limit the Processing of Sensitive Personal
Information. DTCC does not process sensitive personal
information on our website (this “Site”) or in connection with the provision or
potential provision of services.
- Right
to Correct.
You may request that we correct personal information that we hold about you.
- Right to Non-Discrimination. You
have the right not to receive discriminatory treatment if you exercise the
rights conferred to you by applicable privacy law.
If you would like to exercise one of your rights or exercise
rights on behalf of someone else, please contact us at [email protected]
or 1-888-382-2721 and provide us with a description of the information we
require to address your rights request, including your name, email address,
phone number, and the nature of your request.
To process your
requests to Know, Access, Delete, or Correct Personal Information, we must be
able to verify your identity to a reasonable degree of certainty. To verify
your identity, we will ask you to provide your contact information and
additional identifiers based on your relationship with us. Before we process
your request, we will match these data points with data points we currently
maintain to verify your identity and your relationship with us.
The table below
describes the categories of personal information that DTCC collects and the
categories of third parties to whom, in the preceding 12 months, we have
disclosed personal information for a business purpose.
Category
|
Disclosure for business purposes
|
Identifiers.
|
DTCC discloses this category of personal information to third parties
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|
DTCC discloses this category of personal information to third parties.
|
Protected classification characteristics under California or federal law.
|
DTCC discloses this category of personal information to third parties
|
Internet or other similar network activity
|
DTCC discloses this category of personal information to third parties.
|
Professional or employment-related information.
|
DTCC discloses this category of personal information to third parties
|
11. Notice on Information Collected as Part of Proposed Rule Filings
If any written comments are received to our proposed rule filings, they will be publicly filed as Exhibit 2 to the filing, as required by Form 19b-4 and the General Instructions. Persons submitting comments are cautioned that, according to Section IV (Solicitation of Comments) of the Exhibit 1A in the General Instructions to Form 19b-4, the Commission/SEC does not edit personal identifying information from comment submissions. Commenters should submit only information that they wish to make available publicly, including their name, email address, and any other identifying information.
12. Unsubscribe
Individuals may object to their
information being used for the purposes stated in this privacy policy by
sending an email to [email protected]. Individuals may also opt-out of
DTCC communications at any time by following the links provided in the
respective communication.
13. How to Contact Us
Individuals may escalate
concerns or issues with relevant data protection authorities; however, we
encourage questions regarding this Privacy Policy by contacting our Chief
Privacy Officer via email at [email protected].