Your personal integrity and our handling of your personal data is important to MFEX (“the Company” or “we”, including all MFEX entities). In order for you as a private individual to feel safe, we want to tell you how we handle and process your personal data.
MFEX, and any third-party provider appointed by the Company and acting on our behalf, are committed to protect your personal data and are required to provide you with certain information about how we process your personal data.
This Privacy Notice (“Notice”) explains what personal data we collect from you or that you provide to us, how we use it, with whom we share it, and which rights you have as a data subject.
Personal data is information that can be linked directly or indirectly to one living natural person, for instance, name, national identification number, address, telephone number and e-mail address.
Data subject means a natural person who can be identified, directly or indirectly by using personal data.
Processing includes any operation which is performed with personal data, for instance, collection, registration, and storage.
Controller means the company which determines the purposes and means of the processing of personal data, and has the responsibility for compliance with the GDPR, and other applicable data protection laws, regarding the processing performed.
Processor means the company which processes personal data on behalf of the controller.
What information do we collect about you?
MFEX collect and process personal data which is necessary in order for us to provide you with our products and services. Which personal data we collect, and process depends on your relationship with us and may include:
Identification information (including your name, age, date of birth, marital status, and national identification number)
Personal contact information (including your address, email address and telephone number)
Information regarding your professional title and occupation
Recruitment data (CV and cover letter)
Information regarding your professional title and occupation
Other information you provide in the course of your dealings with us or which we require you to provide in order to provide you with our products and services
MFEX does also collect information about you and how you use our website through cookies on our website.
a) Information that we collect or generate about you
This may include:
Files that we may produce as a record of our relationship with you, including contract history, correspondence records
Any other personal data that you provide during telephone and email communications with us which we may monitor and record in order to resolve complaints, improve our service and in order to comply with our legal and regulatory requirements
b) Information we obtain from other sources
This may include information from publicly available sources, including databases, registers and information obtained through sanction and background screening. In certain circumstances we collect and process special categories of personal data (as defined in GDPR). For example, checks associated with the prevention of money laundering may result in the collection of special categories of personal data. You are not obliged to provide us with your personal data where it is requested, but we may be unable to provide certain products and services or proceed with our business relationship if you do not do so.
How do we collect your information?
The personal data we collect comes from:
Agreements or other material you submit to us
Your interactions with the Company and use of our products and services (including the use of websites)
Your business dealings with the Company, including via email and telephone
Third parties, depending on the products and services you require, when conducting certain activities, such as credit and money laundering checks
Recording and monitoring tools that we use for compliance or security purposes (e.g. recording of telephone calls, monitoring emails)
How do we use your information?
On an ongoing basis during your relationship with us, MFEX may use your information for the following purposes:
To process transactions and to improve the quality of the service that we provide to you
To disclose information to other third parties such as service providers of the company, auditors, regulatory authorities and technology providers for the purposes outlined in this Notice
To update and maintain records
To monitor and record calls and electronic communications
In order to carry out anti-money laundering checks and related actions which are necessary to comply with legal obligations, in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis
For prudential and risk management purposes
To market our products and services
As part of the KYC (know your customer) process
For recruitment purposes
Other reasons compatible with the primary purposes
Please note that we do not carry out automated decision-making or profiling based on your personal data.
On what legal basis do we process your Personal Data?
We process your personal data if it is necessary:
For the performance of a contract with you
To comply with a legal obligation to which we are subject
For the purposes of legitimate interests pursued by MFEX, i.e. to market our products and services
Other processing may only be performed with your express consent.
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that personal data; (ii) you have made the personal data manifestly public; or (iii) the processing is necessary for the establishment, exercise, or defense of legal claims.
How long do we store Personal Data?
We will only keep your personal data for as long as it is required for the purposes set out in this Notice or as long as it is required for us to comply with any legal obligations to which we are subject, being the longest of the following periods:
As long as is necessary for the relevant activity
The length of time it is reasonable to keep records to demonstrate compliance with professional or legal obligations
Any retention period that is required by law
To whom do we transfer Personal Data?
We may share your personal data with other MFEX entities within the group as well as with Euroclear group entities. We may also share your personal data outside of MFEX with the following categories of recipients who may receive it and process it for the purposes outlined in this Notice:
Representatives, agents, custodians, intermediaries and/or other third-party product providers appointed by you
Third party agents and contractors for the purposes of them providing services both to us and to you (for example, professional advisers and IT and communications providers)
Any depositary, stock exchange, clearing or settlement system, counterparties, dealers and others where disclosure of your personal data is reasonably required for the purpose of effecting, managing or reporting transactions on your behalf or establishing a relationship with a view to such transactions
Any regulatory, supervisory, or governmental authorities to the extent we are required by law or regulation to share your personal data, or in other limited circumstances (for example if required by a court order or regulatory authority, or if we believe that such action is necessary to prevent fraud) or to establish, exercise or defend our legal rights
The Company does not undertake marketing activities for third parties, nor does it provide information to third parties for their own marketing purposes.
Your personal data may be transferred to locations outside of EU/EEA. When data is transferred to another country, MFEX will ensure appropriate protection measures are taken in order to ensure a safe transfer, e.g. by using Standard Contractual Clauses with the recipient.
What are your rights as a Data Subject?
In the circumstances where we collect, use, or store your personal data, you have the following rights:
To be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from which it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences)
To request access to or a copy of any personal data which we hold about you
To request rectification of your personal data, if you consider that it is inaccurate or incomplete
To ask us to delete your personal data, if you consider that we do not have the right to hold it (please note that there may be circumstances where you ask us to erase your personal data but we are required or entitled to retain it)
To withdraw your consent to our processing of your personal data (please note that we may still be entitled to process your personal data if we have another legitimate reason for doing so)
To restrict processing of your personal data
Where applicable, to request data portability (moving some of your personal data elsewhere)
To object to your personal data being processed in certain circumstances
To lodge a compliant with the relevant data protection regulator of you think that any of your rights have been infringed by us
Any request for access to or a copy of your personal data must be in writing, and we will endeavor to respond within a reasonable period, and in any event within one month in compliance with the GDPR.
We will correct any incorrect or incomplete information of which we are made aware, and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change.
If you find that the processing of your personal data is in violation of the GDPR, you have the right to file a complaint with the supervisory authority.
How do we protect your information
We ensure that there are appropriate technical, physical, electronical, and administrative safeguards in place to protect your personal data from unauthorized access. MFEX has controls and mechanisms in place designed to detect, respond and recover in case of any adverse events that may arise.
Changes to the Privacy Notice
This Privacy Notice may be amended from time to time without notice. If our Privacy Notice changes in any way, we will place an updated version on the Company's website. Regularly reviewing the Privacy Notice on the Company's website ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.
If you have any questions regarding the contents of this Notice or wish to make any of the above-mentioned requests, please contact us. The postal address to your local MFEX office is available here: Contact Us | MFEX Mutual Funds Exchange.
For further questions regarding data protection and the processing of personal data at MFEX, please contact our Data Protection Officer:
Last updated: Friday, 9th September 2022