With this privacy notice, the Eurex Group (hereinafter "We" or "Us") informs you how we process your personal data. Personal data is any information that concerns you, your employees or other individuals (hereinafter: "Personal Data").
We pay special attention on the processing of Personal Data in accordance with the General Data Protection Regulation EU 2016/679 (“GDPR”) and applicable national data protection laws.
1 Joint Controllers
1.1 Our identity and contact details
Joint controllers (“Eurex Group”) according to Article 4 Paragraph 7 and Article 26 GDPR are Eurex Frankfurt AG, Eurex Clearing AG and Eurex Repo GmbH (Mergenthalerallee 61, 65760 Eschborn, Germany).
The Eurex Group strives to provide uniform support for customers and interested parties and therefore works together for the purposes mentioned under 2.1, so that the individual Eurex companies act as jointly responsible. The Eurex Group has concluded an agreement for this joint responsibility in accordance with Article 26 GDPR. We will inform you of the essential content of this agreement under point 6.
We have set up the following contact point for your questions and suggestions:
Eurex Frankfurt AG
Mergenthalerallee 61
65760 Eschborn
info@eurex.com
1.2 Contact details of our Data Protection Officer
Our Data Protection Officer is:
Data Protection Officer
Eurex Frankfurt AG
Mergenthalerallee 61
65760 Eschborn
dataprotection@eurex.com
2 Purpose, Categories of personal data, legal basis and retention
2.1 Categories of your personal data, purposes of our processing and their legal basis
We process the following categories of your personal data for the following purposes:
2.1.1 General contact by e-mail, post or telephone: Name, address, telephone number or e-mail address if you wish to contact us directly. We collect your personal data when you provide it to us via our contact forms or when you contact us directly. Then we process the information that you have provided to us in the course of establishing contact. This includes, in particular, names and contact data provided (address, telephone number or e-mail address), date and reason for contact. The personal data that you collect will only be used to answer and fulfil your specific enquiries. The legal basis is Art. 6 para. 1 lit. (f) GDPR, which permits the processing of personal data for the purpose of our legitimate interest in processing and answering your enquiry. Your personal data processed in this respect will be stored by us for as long as it is necessary to carry out our relationship (communication) with you and in accordance with the applicable legal storage regulations.
2.1.2 Sales, Marketing and invitations: We may use your personal data (name, first name, address, company, telephone number, e-mail address) to send you information about our services, partners, promotions and events that we think may be of interest to you. We may contact you by e-mail based on our legitimate interests under Article 6 para. 1 lit. (f) of the GDPR if we have a direct business relationship with you or with the company for which you work, and if you have not objected. We may contact you by telephone if you have given your consent (Article 6 para. 1 lit. (a) GDPR) or on the basis of a presumed consent on the condition that you will welcome the call. We may contact you by post on the basis of our legitimate interests under Article 6 para.1 lit. (f) GDPR as long as you do not object. In such cases, it is our legitimate interest to inform business partners or potential customers about such services and products that may be of interest to them and thus to maintain our existing or future business relationship. Your personal data processed in this respect will be stored by us for as long as it is necessary to carry out our relationship (communication) with you and in accordance with the applicable legal storage regulations.
2.1.3 Newsletter: Eurex companies offer circulars, readiness newsflashes and product newsletters to keep you regularly informed about ongoing initiatives and upcoming projects and any future updates or news about products and events. You can register for the categories you would like to subscribe to on our website by entering your email address. After entering your data, you will receive an e-mail in which you can confirm your registration in order to activate the newsletter. You can unsubscribe from this service in every newsletter and withdraw your consent with effect for the future. With regard to the processing of your personal data, the relevant legal basis is your consent in accordance with Article 6 Paragraph 1 lit. a in connection with Article 7 GDPR.
2.1.4 Competitions: Personal data of the participant that is collected in connection with competitions are used exclusively for the performance of the competition, i.e. for the determination of the winners and delivery of the prizes, used and then deleted. Any further use of the data will only take place if the participant agrees. The required personal data result from the input fields. Mandatory fields are marked with an asterisk, all other fields are voluntary. With regard to the processing of your personal data, the relevant legal basis is your consent in accordance with Article 6 Paragraph 1 lit. a in connection with Article 7 GDPR.
2.1.5 Events: If you apply for an event and/or participate in our events, we process your participant data (e.g. name, job title, company name, country, contact data, e-mail address, billing data) for the application to, organisation and execution of the respective event. In order to carry out and organise the event, your data may also be passed on to other parties involved in the event if this is necessary (e.g. for admission control). In order to help structure the discussion your name, job title, company name and country may be shared with speakers and individuals supporting their preparation prior the event. The legal basis for the application procedure is Art. 6 para. 1 lit. (f) of the GDPR, permitting the processing of Personal Data for the purposes of Our legitimate interests in allowing access to participants within the relevant financial sector. Selection is required due to number of participant restrictions. The period for which your Personal Data will be stored by Us is as long as necessary to process the application, so until your application is fully processed and you were selected as a participant or not. The legal basis for your participation is Art. 6 para. 1 lit. (b) of the GDPR, permitting the processing of Personal Data for the purposes of the performance of a contract. General information regarding data protection and events can be found at the end of this website. Further information may be provided in a privacy notice for the specific event, if this is necessary. Your personal data processed in this respect will be stored by us as long as it is necessary to maintain our relationship (participation in the event) with you and as long as it is necessary in accordance with the legal retention periods.
2.1.6 Webinars: With the Eurex Webinars, you can participate in interactive presentations and live discussions and exchange views with renowned experts on current topics in the derivatives markets. If you would like to participate, you can apply online for a webinar and we process your participant data (e.g. name, job title, company name, country, contact data, e-mail address, billing data) for the application, and execution of the respective webinar. If you participate in the webinar with questions or comments, these will be saved. In order to help structure the discussion your name, job title, company name and country may be shared with speakers and individuals supporting their preparation prior the webinar. The legal basis for the application procedure is Art. 6 para. 1 lit. (f) of the GDPR, permitting the processing of Personal Data for the purposes of Our legitimate interests in allowing access to participants within the relevant financial sector. Selection is required due to number of participant restrictions. The period for which your Personal Data will be stored by Us is as long as necessary to process the application, so until your application is fully processed and you were selected as a participant or not. The legal basis for your participation is Art. 6 para. 1 lit. (b) of the GDPR, permitting the processing of Personal Data for the purposes of the performance of a contract. Your personal data processed in this respect will be stored by us for as long as it is necessary to maintain our relationship (participation in the webinar) with you and in accordance with the applicable legal retention periods.
2.1.7 Applications: Data protection information on the application process can be found directly in the privacy notice on our careers page. The sole responsible body is the respective Eurex company to which you are submitting an application.
2.1.8 Performance of contracts and services: If you or your company want to be authorized as a customer of one of our services, we collect your personal data (first name, last name, contact data, company) to register you to our service and for the usage of our service. The sole responsible body is the respective Eurex company with which a contract is concluded or occurs in the case of pre-contractual measures. The purposes of personal data processing are determined by the specific service or product. This may include especially assessments, consultation, trading activities, and the execution of business accounting and tolls. The legal basis for processing this personal data is Article 6 (1) lit. b GDPR, as processing is necessary to fulfill a contract or for pre-contractual measures between us and the customer. If the user is not the customer who concluded the contract with us, but an employee of the customer or otherwise authorized by the customer to use our services, the legal basis for processing is Article 6 (1) lit. f GDPR, as the processing is in the legitimate interest of the customer. The legitimate interest of the customer is to enable the user to use our services in accordance with the contract. Your personal data processed in this regard will be stored by Us as long as it is necessary to carry out Our relationship (registration and use of our service) with you and required by applicable statutory retention laws.
2.1.9 Data processing of Eurex Deutschland and its exchange bodies: This data processing is not subject to the joint responsibility described here. Information on data protection at Eurex Deutschland and its exchange bodies can be found directly in the Eurex Deutschland privacy notice at the end of this page.
2.1.10 General use of our website: When you use our website and online platform, we will automatically log information about the browser that is used to access the website, such as your IP address, session time, pages viewed from that address and the website from which you are visiting the website. We may also collect device-specific information, such as your hardware model and operating system. We use this information to identify and prevent malpractice and crime and to investigate improper conduct. The legal basis for the processing of your personal data for these purposes is Art. 6 para. 1 lit. (c) GDPR in fulfilling our legal obligation to take technical and organisational measures to ensure secure data processing in accordance with Article 32 GDPR and Article 6 para. 1 lit. (f) GDPR in order to pursue our legitimate interests in data processing for network and information security. After the specified period of 30 days, the above data will be deleted. If data is processed for a longer period of time, we will anonymise or delete the data as soon as their storage no longer serves the respective purposes.
2.2 Do you have to provide personal data to us?
The provision of your personal data is necessary in order to access the protected areas of the website, which are restricted to members of our customer groups, to contact us directly or to receive a newsletter. This means that it is necessary that you give us your personal data in the context of e.g. to provide a user registration process or contract.
2.3 Do We make automated decisions on you?
We do not make any automated decisions solely on automatic processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
2.4 Retention periods
The retention periods for personal data depend on the purpose of the processing. We will store the personal data mentioned under 2.1 above as long as (i) this is necessary for the respective purpose and / or (ii) this is required in accordance with the applicable statutory retention laws. We will keep personal data that you provide us for as long as our business relationship with you or with your company exists, plus all applicable retention periods that are in accordance with the statutory provisions (e.g. based on tax regulations) or to the extent they are necessary to pursue our legitimate interests after the end of the business relationship (e.g. to assert claims within the statutory limitation periods).
3 Transfer of personal data
We will not disclose your personal data to third parties unless such disclosure is permitted by law or you have explicitly consented to the transfer.
To provide our contractual services, we use selected service providers (data processing providers) and vicarious agents of the categories listed below who have access to your personal data to the extent necessary and can use it to process the orders placed by us.
We may transfer your personal data to public authorities where this is required by applicable law (e.g. the German Stock Exchange Act (Börsengesetz) or the German Securities Trading Act (Wertpapierhandelsgesetz)). A transfer of your personal data is also permitted if there is suspicion of a criminal offence or the abuse of the services offered on our website. In this event, we shall be entitled to transfer your Personal Data to the criminal prosecution authority.
Otherwise, your personal data will be stored exclusively in our database and on our servers or on those of our commissioned data processing providers. We will only share your Personal Data with other controllers for their own purposes such as cooperation or advertising partners under the condition that you explicitly and voluntarily agreed to such transfer of your Personal Data; in this case, we will obtain your consent separately from this Notice.
Sometimes the recipients to whom we transfer your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your personal data.
Under these conditions, recipients of your personal data can be for example:
- public bodies and institutions in the presence of a legal or regulatory obligation (eg. financial authorities),
- other companies and service providers (processors) / vicarious agents in the following areas:
- print service providers
- telecommunications service provider
- billing service provider
- financial institutions
- collection agencies
- management consultancies as well as business and tax audit companies
- provider of the online platform
- newsletter provider
4 Cookies and similar technologies
When you visit the website and Our online platform, information is stored on your terminal device in the form of a "cookie." Cookies are small files that are stored on your terminal device and save certain settings and data to exchange with our websites via your browser.
For example, cookies enable us to tailor a website to better match your interests or to store your password so that you do not have to re-enter it every time. As a general rule, we never collect personal data via cookies, unless you have given us your express permission to do so.
If you do not want us to recognize your terminal device, please configure your Internet browser to erase all cookies from your device, to block all cookies or to receive a warning before a cookie is stored. You will find brief instructions on how to do this below.
Please note that certain functions of our website may no longer work, or not correctly, without cookies.
4.1 Types of Cookies
Cookies can be assigned to four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
4.1.1 Absolutely necessary cookies: Are needed for you to navigate within websites and operate basic website functions, such as the issuance of anonymous Session IDs for bundling several related queries to a server.
4.1.2 Performance cookies: Collect information on the usage of our websites, including for example the Internet browsers and operating systems used, the domain name of the website which you previously visited, the number of visits, average duration of visit, and pages called up. These cookies do not store any information that would make it possible to personally identify the user. The information collected with the aid of these cookies is aggregated and is therefore anonymous. Performance cookies serve the purpose of improving the user friendliness of a website and therefore enhancing the user’s experience. You can block the use of such cookies by creating an exclusion cookie (see “managing cookies” below)..
4.1.3 Functional cookies: Enable a website to store information the user has already entered (such as user ID, language selection, or the user’s location), in order to offer improved, personalized functions to the user. Functional cookies are also used to enable requested functions such as playing videos and to make a user’s decision to block or disable a certain function (e.g. web analysis) - “opt-out cookies”..
4.1.4 Cookies for marketing purposes: are used to offer more relevant content to users, based on their specific interests. They are also used to limit the display frequency of an ad and to measure and control the effectiveness of advertising campaigns. They register whether users have visited a website or not, and which contents were used. This information may possibly also be shared with third parties, such as advertisers, for example. These cookies are often linked to the functions of third-party websites. You can block the use of such cookies by creating an opt-out cookie (see “Managing cookies” below).
4.2 Types of used cookies
4.3 Managing cookies
You can change your cookie preferences at any time by clicking on the ‘Cookies Preference Manager’ link. You can then adjust the available sliders to ‘On’ or ‘Off’, then clicking ‘Save and close’. You may need to refresh your page for your settings to take effect.
Please note: Not all of the cookies mentioned above will necessarily be used when you browse our website using a mobile terminal device.
In the following you will find a summary of links that provide detailed information on the deactivation of cookies in commonly used browsers.
- Mozilla Firefox (https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored)
- Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)
- Google Chrome (https://support.google.com/accounts/answer/61416?hl=en)
- Safari (https://support.apple.com/en-en/guide/safari/sfri11471/mac)
4.4 Usage of Matomo
Subject to your consent, we use Matomo (formerly known as PIWIK) to analyse your visit on our website. Matomo is an open-source tool for web analytics. During its use, none of your data will be sent to servers outside our control.
Matomo also uses cookies which are stored on the hard drive of your PC and give us no clue whatsoever on your identity.
Provided your consent to the analysis via Matomo, the following data will be processed:
(1) 2 bytes of the IP address of the user's calling system.
(2) The accessed web page
(3) The web page from which the user has reached the accessed web page (referrer)
(4) The subpages that are called up from the called-up website
(5) The time spent on the website
(6) The frequency with which the web page is accessed
(7) The Klicks and Actions during the visit
The software solely runs on our servers, which is the sole place of storage for your personal data. That data will not be transferred.
4.5 YouTube
The online platform uses integrated videos from YouTube, a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). As soon as you call up a page of our website equipped with an embedded video, a connection is established to YouTube's servers and they are informed which website you are currently on. You may also be connected to the Google DoubleClick network. If you start the video, this could trigger further data processing processes. We have no control over this. For more information about privacy at YouTube, please see their privacy policy at: policies.google.com/privacy.
5 Your rights
Under applicable data protection laws, you have rights
- of access to, rectification of, and/or erasure of your Personal Data;
- to restrict or object to its processing;
- to tell Us that you do not wish to receive marketing information; and
- (in some circumstances) to require certain of your Personal Data to be transferred to you or a third party, which you can exercise by contacting Us at the details set out at the beginning of this Notice.
To the extent Our processing of your Personal Data is based on your consent, you also have the right to withdraw your consent, without affecting the lawfulness of Our processing based on your consent before its withdrawal.
To exercise your rights, you can contact Us as set out in Section 1.1 above. You can also lodge a complaint about Our processing of your Personal Data with a data protection authority. A list and contact details of the local data protection authorities can be found here. https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
6 Joint responsibility of the Eurex companies
The controllers are responsible for keeping a record of processing activities, carrying out data protection impact assessments or consulting the supervisory authorities. The controllers have commited to take appropriate technical and organizational security measures for the data to be processed in order to ensure and be able to prove that the processing is carried out in accordance with data protection regulations. The security measures must ensure a level of protection appropriate to the risk and are checked and updated if necessary. The technical and organizational measures must also ensure that the data is processed in accordance with the legal requirements. The responsible controllers inform each other immediately about disruptions in the operational process that pose a risk to the data as well as suspected data protection violations in connection with the personal data. The responsible controllers agree on the content of the report and keep themselves informed about the communication with the supervisory authority. This also applies if there is a legal obligation to inform you as a person of a data protection breach.
If you exercise one of your rights as a person vis-à-vis one of the responsible controllers, this controller will immediately inform the other controllers of this in writing. The responsible controller for fulfilling the rights of the data subject is, who is contacted directly by you.
The controller in charge contacted by you takes on e.g. communicating with you, gathers the necessary information, checks the asserted right and implements it accordingly. The controllers are obliged to support each other in fulfilling such requests. They keep themselves informed about this on an ongoing basis and intend to reach agreement on all essential steps. You can exercise your rights against all responsible parties. Should measures become necessary in accordance with the asserted right of data subjects (e.g. correction, deletion, restriction, notifications to recipients, transfer and access), those responsible will implement this independently.
- Eurex Frankfurt AG
- Eurex Clearing AG
- Eurex Repo GmbH