This Privacy Statement explains how SIX Digital Exchange AG and SDX Trading AG (hereinafter collectively “SDX”) collect, use and disclose (hereinafter referred to together as “processes”) personal user data (hereinafter “Personal Data”) of visitors to this website (hereinafter “User”), and the means by which this is done. This Privacy Statement also describes how SDX safeguards the confidentiality of the Personal Data processed.
The User agrees to SDX processing Personal Data in accordance with the Privacy Statement. Legal or contractual duties to maintain confidentiality to which SDX is subject in relation to the User's Personal Data are not affected by this Privacy Statement.
SDX may amend the Privacy Statement unilaterally at any time. The most recent version is published online by SDX.
1. Data Protection @ SDX
The activity of SDX as a member of SIX Group, who is an infrastructure provider for securities, payments and financial information, requires us to obtain and process a large amount of data. Thus, data protection is a central issue for us. The basic principle is that wherever data is processed, a high level of data protection and security must be guaranteed. This applies to data from customers and business partners as well as to employee data. Because privacy is above all protection of the person. That is why we attribute such a high priority to compliance with the applicable laws and to protecting privacy and the private sphere of affected persons in order to adhere to national and international legal requirements.
2. Type of collected Personal Data
SDX processes Personal Data about the User if the latter visits websites of SDX, applies for or uses products or services offered by SDX online; this includes, in particular, registration for specific services or web content only accessible by means of a personal login and subscriptions to print media or online newsletters, obtains, installs and/or uses apps of SDX from the relevant app stores, or takes part in a competition or survey.
In selected cases, Personal Data is processed if SDX records telephone calls with Users, whether this be to meet its own legal obligations or for training or quality assurance purposes.
SDX processes the personal data (such as name, gender, address, e-mail address, telephone and fax number) that the user expressly and actively makes available to SDX. This also applies if the user takes part in events of SDX (online or in person). The web server of SDX automatically records details of the user's visit (such as IP address, browser type and version, operating system used, originating website, pages accessed, date, length of visit).
3. Usage of Personal Data and legal basis
By processing Personal Data according to this Privacy Statement, SDX is able to improve the quality of its products and services.
Personal Data is processed for the following purposes in particular:
- technical management as well as research and further development of websites,
- user administration and marketing,
- user information on the services and products rendered by SDX, provided the User has given their consent for this,
- selecting competition winners and awarding prizes,
SDX processes your Personal Data according to the applicable laws. Depending on the processing purpose, the legal basis for the processing of the User’s Personal Data will be one of the following:
(a) necessary for the legitimate interests of SDX, without unduly affecting your
fundamental rights and freedoms,
(b) necessary for taking steps to enter into or executing a contract with the User for the services or products requested or for carrying out our obligations under such a contract,
(c) User’s consent.
Examples of the ‘legitimate interests of SDX’ referred to above are:
- pursuing certain of the above mentioned purposes
- exercising rights of SDX, including the freedom to conduct a business and right to property,
- providing products and services and assuring a consistently high service and keeping our customers, employees and other stakeholders satisfied, and
- meeting our accountability and regulatory requirements.
In each case provided such interests are not overridden by the User’s privacy interests.
4. Data transfers
The User authorizes SDX to transmit Personal Data to other entities of SIX Group, employees, agents or other third parties within or outside the country where the User lives in order to provide services and for the purposes indicated above. Employees, agents and other third parties which have access to Personal Data are required by SDX to ensure compliance with all applicable data protection provisions. Any person who authorizes SDX to access their Personal Data as defined in this Privacy Statement will be made aware of the data security and data protection implications. When Personal Data of the User are transferred to other countries, SDX will ensure data protection by granting the protection level required by the applicable law, e.g. by adopting EU Standard Contractual Clauses (SCC) or similar safeguards.
SDX reserves the right to disclose Personal Data to regulatory and supervisory authorities, as well as, pursuant to this Privacy Statement, to Analysis Service Providers. In so doing, SDX will comply at all times with applicable regulations, laws, court orders or official requests.
5. Data protection measures
SDX protects Personal Data with appropriate physical, electronic and process-related security measures, such as firewalls, personal passwords, encoding and authentication technologies. Personal Data collected via a website owned by SDX will be encrypted during transmission using SSL Secure Sockets Layer (SSL) technology, which currently provides the best-available security for data transfers.
6. Data Subject’s Rights
Users whose Personal Data are processed within the scope of this Privacy Statement have the following rights:
- to receive information on whether SDX may save Personal Data and what form this Personal Data may take (which categories of data, recipients or categories of recipients, retention periods for Personal Data or criteria governing retention periods)
- to receive a copy of the Personal Data
- to request the rectification of Personal Data if it is incorrect
- to request the deletion of Personal Data
- to request restrictions on processing Personal Data
- to receive Personal Data in a structured, accessible and machine-readable format (if available)
- to submit an objection to processing, especially for the purpose of direct advertising.
The rights specified above may be denied or restricted if the interests, rights and freedoms of third parties take precedence or if processing is necessary to establish, exercise or defend legal claims of SDX.
Queries in relation to processing Personal Data are to be directed to the Data Protection Officer of SIX Group:
SIX Group Services Ltd.
Data Protection Officer
SDX will only retain your Personal Data for as long as necessary to fulfil the purpose for which they were collected or to comply with legal or regulatory requirements.
The websites of SDX may contain hyperlinks to other websites which are not operated or monitored by SDX. Third-party websites are not subject to this Privacy Statement. SDX is not responsible for their content or how they handle Personal Data.
9. Social Media Buttons
Functions (plugins) of third-party providers or social media platforms (LinkedIn, Facebook, Twitter, Google+, etc.) are embedded into the websites of SDX. These plugins enable the User to share content on the social networks mentioned. The interfaces are deactivated by default when the website is accessed. This means that no Personal Data is transmitted to the respective third-party providers without intervention on the part of the User. Once the User has activated the interfaces, data (incl. also Personal Data) is automatically transmitted to the relevant third-party providers by the plug-ins. If the User is simultaneously logged in to the network of the respective third-party provider when they visit the website, the third-party provider can assign the visit to the User's network account. SDX has no influence on this. The purpose and scope of such a form of data collection and the further processing and usage of Personal Data are outlined in the data protection guidelines of the individual social networks. Users can also obtain information there on rights and settings options in relation to protecting their privacy.
10. Data Controller
SIX Digital Exchange AG
11. Right to withdraw consent in respect of data protection
Anyone affected by the processing of Personal Data can withdraw their consent to this effect at any time. This must be done in writing or by e-mail to the Data Protection Officer of SIX (contact see above).
Cookies particularly serve the following purposes:
- save the User's preferred language and country settings
- perform a statistical analysis of the number of users and of their usage habits
- improve the loading speed of the individual pages
The User can control cookie specifications via their browser settings. The relevant browser options and instructions on use can generally be found in the browser manual or help file. If the User rejects, blocks or deactivates cookies, this may restrict the availability of the services offered via the website. In addition, parts of the website may not work correctly under certain circumstances.
13. Web analysis
SDX analyses how its websites are used with the help of third-party analysis tools, such as Google Analytics (hereinafter «Analysis Service Providers»). SDX assumes no responsibility or liability for any data processed by Analysis Service Providers.
SDX may use customized electronic marketing technology based on “tracking pixels” provided by LinkedIn, Facebook, Twitter, and Google. A tracking pixel collects information from the header of a webpage, such as a visitor’s IP address or browser, which is forwarded to an advertiser (Facebook, Google, etc.) for the purpose of providing advertising to its customers that is based on their personal interests. SDX may use tracking pixels to investigate the effectiveness of advertising for statistical and market research purposes. The data that is collected cannot be used to identify the User as it is anonymous. However, above advertisers do store and process this data. More information on how they process data can be found in the privacy policies of LinkedIn, Facebook, Twitter, and Google.