www.esma.europa.eu
Open in
urlscan Pro
18.66.147.50
Public Scan
Submitted URL: https://www.esma.europa.eu/data-protection
Effective URL: https://www.esma.europa.eu/about-esma/governance-structure/legal-notice-data-protection
Submission: On December 18 via api from UA — Scanned from PL
Effective URL: https://www.esma.europa.eu/about-esma/governance-structure/legal-notice-data-protection
Submission: On December 18 via api from UA — Scanned from PL
Form analysis 1 forms found in the DOM
GET /search/site
<form action="/search/site" method="get" id="search-block-form" accept-charset="UTF-8">
<div class="js-form-item form-item js-form-type-search form-type-search js-form-item-keys form-item-keys form-no-label">
<label for="edit-keys--2" class="visually-hidden">Search</label>
<input title="Enter the terms you wish to search for." data-drupal-selector="edit-keys" type="search" id="edit-keys--2" name="keys" value="" size="15" maxlength="128" class="form-search form-control">
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper" id="edit-actions--2">
<input data-drupal-selector="edit-submit" type="submit" id="edit-submit" value="Search" class="button js-form-submit form-submit btn btn-primary">
</div>
</form>Text Content
This site uses cookies. Visit our cookies policy page or click the link in any
footer for more information and to change your preferences.
Accept all cookies Accept only essential cookies
Skip to main content
Search
* About ESMA Toggle submenu
* Governance Structure Toggle submenu
* Board of Supervisors
* Management Board
* Senior Management
* Joint Committee
* CCP Supervisory Committee
* CCP Resolution Committee
* Standing Committees
* Board of Appeal
* Ethics and Conflicts of interest
* Legal Notice and Data Protection
* Internal Organisation Toggle submenu
* Strategy and Work Programme
* Working Methods
* Diversity, Equity and Inclusion
* Procurements
* International Cooperation
* Stakeholder Engagement Toggle submenu
* Stakeholder Relations
* SMSG
* Consultations
* Hearings
* Speaking Requests
* Transparency and Access to Documents
* Whistleblowers
* Agenda
* News
* Speeches
* Careers
* ESMA's Activities Toggle submenu
* Investors and Issuers Toggle submenu
* Benchmark Administrators
* Credit Rating Agencies
* External Reviewers of European Green Bonds
* Fund Management
* Issuer Disclosure
* Investment Services and Crowdfunding
* Markets and Infrastructure Toggle submenu
* Central Counterparties
* Data Reporting Services Providers
* Trading
* Consolidated Tape Providers
* Post-trading
* Market Integrity
* Short Selling
* Central Securities Depositories
* Securitisation
* Trade Repositories
* Risk Analysis Toggle submenu
* Risk Monitoring
* Topical Analysis
* Sustainable Finance Toggle submenu
* Climate benchmarks and ESG disclosure
* CRAs and Sustainability
* Investment Services and Fund Management
* Sustainability Reporting
* Digital Finance and Innovation Toggle submenu
* Digital Operational Resilience Act (DORA)
* DLT Pilot Regime
* Markets in Crypto-Assets Regulation (MiCA)
* Supervision and Convergence Toggle submenu
* Investigations and Inspections
* Supervisory Convergence Tools
* Sanctions and Enforcement
* Enforcement Convergence Initiatives
* Breach of Union Law
* New supervisory and oversight mandates
* Data Toggle submenu
* Data Reporting
* Databases and Registers
* Statistical Information
* Listing Act
* Investor Corner Toggle submenu
* Is the firm regulated?
* Get ready to invest
* Frauds and Scams
* Publications for Investors
* Product Intervention
* Make a complaint
* Cost of Investment Products
* Publications Toggle submenu
* Documents
* Interactive Single Rulebook
* Guidelines, Recommendations and Technical Standards
* Peer Reviews
* Risk Monitoring and Analysis
* Questions and Answers
* Glossary
* Contact & Help Toggle submenu
* Contact Information
* Media Corner
* Speaking Requests
* Newsletter
* FAQs
EN
* BG
* CS
* DA
* DE
* EL
* ES
* ET
* FI
* FR
* HR
* HU
* IT
* LT
* LV
* NL
* PL
* PT
* RO
* SK
* SL
* SV
Breadcrumb
1. Home
2. About ESMA
3. Governance Structure
4. Legal Notice and Data Protection
LEGAL NOTICE AND DATA PROTECTION
The protection of individuals with regard to the processing of personal data by
ESMA is based on Regulation (EU) 2018/1725 of the European Parliament and of the
Council of 23 October 2018 on the protection of natural persons with regard to
the processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, and repealing Regulation (EC) No
45/2001 and Decision No 1247/2002/EC as implemented by ESMA in implementing
rules adopted by its Management Board.
PERSONAL DATA PROTECTION
Although you can browse through most of the ESMA website without giving any
information about yourself, in some cases, personal information is required in
order to provide the e-services you request. Pages that require such information
treat it according to the policy described in the Regulation mentioned above.
In this respect:
* For each specific e-service, a controller determines the purposes and means
of the processing of personal data and ensures conformity of the specific
e-service with the privacy policy.
* ESMA's Data Protection Officer ensures that the provisions of both the
Regulation and the Implementing Rules are applied and advises controllers on
fulfilling their obligations (see in particular Chapter IV, Section VI of the
Regulation).
* For all EU institutions and bodies, the European Data Protection Supervisor
(EDPS) acts as an independent supervisory authority (see Chapter VI of the
Regulation).
* ESMA maintains records of processing activities in accordance with Article 31
of the Regulation.
white_background
primary_grey_background
RECORDS REGISTER
ESMA has the legal obligation to keep a central register of records of
activities processing personal data (Article 31 of Regulation 2018/1725).
The register shall contain at least the following information:
* name and contact details of the controller, the data protection officer and,
where applicable, the processor and the joint controller;
* the purposes of the processing;
* description of the categories of data subjects and of the categories of
personal data;
* the categories of recipients to whom the personal data have been or will be
disclosed;
* where applicable, transfers of personal data to a third country or an
international organisation and the documentation of suitable safeguards;
* where possible, the envisaged time limits for erasure of the different
categories of data;
* where possible, a general description of the technical and organisational
security measures to protect those personal data;
* information about data subjects’ rights and on how to exercise those rights
The list of records of ESMA’s activities processing personal data, with
hyperlinks to the relevant record, follows:
Record Number Activity Description 1 Subscribers to ESMA's news items 2
Selection of members for ESMA groups 3 Mentoring scheme for ESMA staff 4 Pay and
Pension 5 Leave and Absences 6 Recruitment of Temporary and Contract Agents 7
Recruitment of Trainees, Seconded National Experts and Temporary
Workers-Interims 8 Administrative enquiries and Disciplinary procedures 9
Prevention of Harassment 10 Missions Management 11 Emergency Notification of
Staff members (BCP) 12 Distribution list of ESMA's Risk Analysis Reports 13
Learning and Development 14 Post Office management Services 15 Health Services
16 Internal mobility 17 Staff appraisal, renewal and promotion 18 Emergency
contact list 19 Public consultations 20 Enforcement procedure 21 Exchange of
information within CSDR SFD and T2S networks 22 Professional secrecy 23
Whistleblowing 24 Access to documents 25 Breach of Union Law Complaints and
Investigations 26 Conflicts of interest and ethics 27 Security Logging and
Auditing 28 Security Awareness and Training 29 Inter Agency Volunteer Support
Groups 30 Covid-19 31 Video Security System 32 Reporting on infringements in the
areas of UCITS, CRAs and TRs 33 ESMA’s Physical Access Controls (ACS) 34 ESMA
Social Committee 35 Audio and Video Communication and Collaboration services 36
Finance Activity Based Management 37 Identity and Access Management Services 38
Visitor Management Service 39 ICT Infrastructure Managed Services 40 Microsoft
O365 services 41 Direct Supervision
white_background
primary_grey_background
WHAT IS AN E-SERVICE?
An e-service on this website is a service or resource made available on the
internet in order to improve the communication between citizens and businesses
on the one hand and ESMA on the other hand.
Three types of e-services are or may be offered by the ESMA:
1. Information services that provide users with easy and effective access to
information, thus increasing transparency and understanding of the
activities of ESMA.
2. Interactive communication services that allow better contacts with ESMA's
target public thus facilitating consultations, and feedback mechanisms, in
order to contribute to the shaping of policies, activities and services of
ESMA.
3. Transaction services that allow access to all basic forms of transactions
with ESMA, e.g. procurement, financial operations, recruitment, event
enrolment, etc.
white_background
primary_grey_background
THIRD PARTY WEBSITES
ESMA’s website provides links to third party sites. Since we do not control
them, we encourage you to review their privacy policies.
white_background
primary_grey_background
BASIC PRINCIPLES
As a general principle, ESMA only processes personal data for the performance of
tasks carried out in the public interest on the basis of the Treaty on the
Functioning of the European Union, on the basis of the relevant legislation or
in the legitimate exercise of official authority vested in ESMA or in a third
party to whom the data are disclosed.
All processing operations of personal data are duly notified to ESMA's Data
Protection Officer and, if the case arises, to the European Data Protection
Supervisor.
ESMA guarantees that the information collected is processed and/or accessed only
by the members of its staff responsible for the corresponding processing
operations.
ESMA does not take any decisions based solely on automated processing, including
profiling, without human involvement, which produces legal effects concerning
natural persons or which similarly affects natural persons.
Unless specified differently in the Records Register, all natural persons
providing personal information to ESMA by means of paper or electronic form are
deemed to have unambiguously given their consent for the subsequent processing
operations in application of article 7 of Regulation. Natural persons have the
right to withdraw their consent at any time. Such withdrawal of consent will
have no bearing on the lawfulness of any previous processing.
Data subjects have the right to receive information about the processing of
their personal data, to access the personal data and to correct any inaccurate
or incomplete personal data, as well as to request the erasure, restriction of
processing or to object to the processing of their personal data on written
request to be addressed to the controller (specific contact details can be found
in the relevant record, as published in the Records Register). Data subjects
may at any time consult ESMA's Data Protection Officer or have recourse to the
European Data Protection Supervisor.
white_background
primary_grey_background
HOW ARE DATA PROCESSED BY ESMA?
Further information on how your data are processed by ESMA, what are your Rights
and how you can exercise them, may be found in the relevant record, as published
in the Records Register. In particular, the following information will be
included:
* What information is collected and for what purpose. ESMA collects personal
information exclusively to the extent necessary to fulfil a specific purpose.
The information will not be re-used for an incompatible purpose.
* How long your data is kept. ESMA only keeps the data for the time necessary
to fulfil the purpose of collection or further processing.
* To whom your information is disclosed. ESMA will only disclose information to
third parties if that is necessary for the fulfilment of the purpose(s)
identified above and to the mentioned (categories of) recipients. ESMA will
not divulge your personal data for direct marketing purposes.
* Information about international transfers of personal data, where relevant.
* Information about how you can exercise your rights, including on possible
applicable restrictions, which may apply and a point of contact if you have
queries or complaints.
* The security measures taken to safeguard your information against possible
misuse or unauthorised access.
white_background
primary_grey_background
WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM?
You are entitled to access information relating to your personal data processed
by ESMA, verify its accuracy and, if necessary, correct it in case the data is
inaccurate or incomplete. If your personal data is no longer needed for the
purpose of the processing, if you withdraw your consent or if the processing
operation is unlawful, you have the right to request the erasure of your
personal data.
Under certain circumstances, such as if you contest the accuracy of the
processed personal data or if you are not sure if your personal data is lawfully
processed, you can ask the Data Controller to restrict the personal data
processing. You may also object, on compelling legitimate grounds, to the
processing of your personal data.
Additionally, you have the right to data portability which allows you to make a
request to obtain the personal data that the Data Controller holds on you and to
transfer it from one Data Controller to another, where technically possible.
You may exercise your rights by contacting the Data Controller (specific contact
details can be found in the relevant record, as published in the Records
Register). Exemptions might be applicable in accordance with Regulation (EU)
2018/1725.
In some cases, your rights might be restricted in accordance with Article 25 of
Regulation (EU) 2018/1725, ESMA’s Internal Rules and other relevant legal
provisions, such as ESMA’s obligation not to disclose confidential information
pursuant to professional secrecy, or to prevent prejudice or harm to the
supervisory or enforcement functions of a third country authority acting in the
exercise of the official authority vested in it. This may include functions
relating to the monitoring or assessment of compliance with applicable laws,
prevention or investigation of suspected infringement; for important objectives
of general public interest, or for the supervision of regulated individuals and
entities.
In each case before applying a restriction, ESMA will assess whether the
restriction is appropriate. The restriction should be necessary and provided by
law, and will continue only for as long as the reason for the restriction
continues to exist.
white_background
primary_grey_background
DECISION ON INTERNAL RULES CONCERNING RESTRICTIONS OF CERTAIN RIGHTS OF DATA
SUBJECTS
Decision on Internal rules concerning restrictions of certain rights of data
subjects
* In accordance with the requirements of Article 25 of Regulation (EU)
2018/1725, ESMA adopted a Decision laying down Internal rules on restrictions
of certain rights of data subjects in relation to processing of personal data
in the framework of the functioning of ESMA (OJ L 303, 25.11.2019, p. 31–36,
“the Decision”). Pursuant to this Decision, ESMA may apply restrictions to
certain rights of data subjects (such as the right to be informed, right of
access, rectification, erasure, restriction of processing etc.).
* In each case, ESMA will assess whether the restriction is appropriate. The
restriction should be necessary and provided by law, and will continue only
for as long as the reason for the restriction continues to exist.
▸ Decision on Internal rules concerning restrictions of certain rights of data
subjects
white_background
primary_grey_background
DO WE TRANSFER ANY OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL
ORGANISATIONS (OUTSIDE THE EU/EEA)?
ESMA will transfer personal data outside of the EU/EEA only where necessary and
appropriate to fulfill its obligations in the context of international
cooperation in accordance with Article 33 of the ESMA Regulation, as may be
further amended, repealed or replaced.
The transfers will be done in accordance with Chapter V of the Regulation (EU)
2018/1725, i.e. where there is a Commission’s adequacy decision recognising a
third country as ensuring an adequate level of protection of personal data, or
for important reasons of public interest, as recognised in Union or Member State
law.
In the absence of an adequacy decision adopted by the Commission, where these
transfers are made in the usual course of business or practice, your personal
data might be transferred only to third country authorities that are signatories
to the IOSCO-ESMA Administrative Arrangement (AA) for the transfer of personal
data between EEA and non-EEA securities regulators adopted in accordance with
Article 48(3) of the Regulation.
In particular, the following safeguards are provided to personal data exchanged
under the AA:
* ESMA will only transfer personal data that are relevant, adequate and limited
to what is necessary for the purposes for which they are requested by a
third-country authority (TCA);
* The (TCA) receiving personal data from ESMA will have in place appropriate
technical and organisational measures to protect personal data that are
transferred to it against accidental or unlawful access, destruction, loss,
alteration, or unauthorised disclosure;
* The TCA will retain personal data for no longer than is necessary and
appropriate for the purpose for which the data are processed;
* No decision will be taken by the TCA concerning a natural person based solely
on automated processing of personal data, including profiling, without human
involvement;
The TCA will not divulge your personal data for other purposes, such as for
marketing or commercial purposes.
In the context of international transfers, your Rights might be exempted or
restricted in particular to prevent prejudice or harm to the supervisory or
enforcement functions of a TCA under the AA, acting in the exercise of the
official authority vested in it, as indicated in the previous section (“What are
your Rights and how can you exercise them?”).
If you believe that your personal data have not been handled consistent with the
safeguards set out in the AA, you can lodge a complaint or claim at ESMA, at
the TCA or both Authorities: for doing so, you can contact the Data Controller
(specific contact details can be found in the relevant record, as published in
the Records Register. In such event, ESMA and the TCA will use best efforts to
settle the dispute or claim amicably in a timely fashion.
In the event where the matter is not resolved, other methods can be used, by
which the dispute could be resolved unless the request is manifestly unfounded
or excessive. Such methods include participation in non-binding mediation or
other non-binding dispute resolution proceedings initiated by the natural person
or by the ESMA or the TCA concerned.
If the matter is not resolved through cooperation by the Authorities, nor
through non-binding mediation or other non-binding dispute resolution
proceedings, in situations where you raise a concern and ESMA is of the view
that the TCA has not acted consistent with the safeguards set out in the AA,
ESMA will suspend the transfer of personal data to the TCA until it is of the
view that the issue is satisfactorily addressed by the TCA, and will inform you
thereof.
white_background
ADMINISTRATIVE ARRANGEMENT FOR THE TRANSFER OF PERSONAL DATA BETWEEN EEA AND
NON-EEA AUTHORITIES
* In the absence of an adequacy decision adopted by the Commission, where
the transfers of personal data are made in the usual course of business or
practice, ESMA will transfer personal data only to third country authorities
that are signatories to the IOSCO-ESMA Administrative Arrangement (AA) for
the transfer of personal data between EEA and non-EEA securities regulators
adopted in accordance with Article 48(3) of the Regulation(EU) 2018/1725;
* The European Data Protection Supervisor (EDPS) authorised ESMA to use the
administrative arrangement as ensuring appropriate safeguards for the
transfer of personal data to public bodies in third countries not covered by
a European Commission adequacy decision, on the basis of the positive opinion
of the European Data Protection Board (EDPB) (opinion 4/2019).
List of IOSCO signatories to the AA | EDPB opinion | EDPS Authorisation
Decision | Administrative Arrangement
primary_grey_background
primary_grey_background
HOW DO WE TREAT E-MAILS YOU SEND US?
Some pages on ESMA's websites have a link to our contact mailboxes, which
activates your e-mail software and invites you to send your comments. When you
send such a message, your personal data is collected only to the extent
necessary to reply. If the management team of the mailbox is unable to answer
your question, it will forward your e-mail to another service. If you have any
questions about the processing of your e-mail and related personal data, do not
hesitate to include them in your message.
white_background
primary_grey_background
LEGAL NOTICE
COPYRIGHT NOTICE
ESMA owns the copyright for all material on this website. This copyright does
not extend to any legislative text which is publicly available or to other third
party’s materials.
ESMA's name, abbreviation and logo are the exclusive property of the European
Securities and Markets Authority and are protected under the Paris Convention
for the Protection of Industrial Property of 20 March 1883 and national laws
implementing the Convention.
ESMA's logo and other images may not be used without prior permission except
when reproducing ESMA material containing the logo or other images.
Where copyright vests in a third party, permission for reproduction must be
obtained from this copyright holder.
Reproduction of all information on this site (ESMA Library) is authorised except
as otherwise stated, provided the source is acknowledged and:
1. where the original material is incorporated in documents that are sold
(regardless of the medium), the publisher must inform buyers that it may be
obtained free of charge through ESMA website;
2. if the original material is transformed by the user (e.g. by making a
summary of it or by translating it) and republished, this must be stated
explicitly through the following disclaimer:
* ‘This document has been drafted using material downloaded from ESMA’s
website’ (or alternatively ‘This document constitutes a translation of a
document downloaded from ESMA’s website’);
* ESMA does not endorse this publication and in no way is liable for copyright
or other intellectual property rights infringements nor for any damages
caused to third parties through this publication’;
3. when linking to the ESMA website from business sites or for promotional
purposes, the ESMA website content and its source must be clearly identifiable
separately from any other content;
4. any document in which this material is displayed does not:
* in any way imply that ESMA is endorsing a firm, journal or publication or any
particular products, services or communications;
* present false or misleading information concerning ESMA;
* contain content that could be construed as distasteful, offensive or
controversial;
* infringe any intellectual property or other rights of any person or otherwise
not comply with any relevant law or regulation.
white_background
DISCLAIMER
1. ESMA tries to ensure that the information on this website is timely and
accurate.
2. The information on this website is of a general nature only and is not
intended to address the specific circumstances of any particular individual
or entity.
3. The information on this website can under no circumstances be regarded as
professional or legal advice. If you need specific advice, you should
consult a suitably qualified professional.
4. ESMA accepts no responsibility or liability whatsoever with regard to the
information on this website. ESMA is not liable for any damage arising from
use or inability to use this website, for any material contained in it, or
from any action or decision taken as a result of using this website or any
such material.
5. This disclaimer is neither intended to limit the liability of ESMA in
contravention of any requirements laid down in applicable law nor to exclude
its liability for matters which may not be excluded under that law.
6. This website offers links to other websites. ESMA has no control over the
linked websites and is not responsible for the contents of any linked
website or for any problems incurred as a result of using any linked
website. Offering links to other websites should not be taken as an
endorsement of any kind from ESMA.
7. By accessing any part of this website, you will be deemed to have accepted
the terms of this legal notice.
primary_grey_background
primary_grey_background
primary_grey_background
CONTACT
For any questions on legal notice, you may contact info@esma.europa.eu.
DPO CONTACT
If you have questions or concerns, please contact: DPO@esma.europa.eu.
RIGHT TO RECOURSE
You have the right to lodge a complaint with the European Data Protection
Supervisor (edps@edps.europa.eu) if you consider that your rights under the
Regulation (EU) 2018/1725 have been infringed as a result of the processing of
your personal data by ESMA.
main_blue_background
ESMA is an authority of the European Union
* Careers
* ESMA Documents
* Contact & Help
* Media Corner
* Cookie Policy
* Data Protection
SOCIAL MEDIA
*
*
*