ISDA Member and Non-Member Representative Privacy Notice – International Swaps and Derivatives Association

Introduction
International Swaps and Derivatives Association, Inc. (ISDA, “we”, “us” and “our”) operates in a number of countries. We are committed to protecting your privacy. This Notice explains how we collect, use and disclose the personal information relating to individuals employed or engaged by ISDA’s members (“member representatives”) and other individuals employed or engaged by organisations who are not ISDA members and who are either (i) users or recipients of ISDA’s products and services; or (ii) prospective users or recipients of ISDA’s products or services (“non-member representatives”), whether current or former.
ISDA (including its branches in London and Brussels) is the “data controller” of your personal information. This means that we are responsible for deciding how we hold and use personal information about our current and former member representatives and non-member representatives. This Notice is applicable to the processing by ISDA of all personal information. We are required under data protection legislation to notify you of the information contained in this Notice.
This Notice may change from time to time. You are advised to review this Notice periodically.
If you have any questions, feel free to get in touch via one of the methods set out in the “Contact us” section below.
The following definitions are used throughout this Notice:
“personal information” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier; and
“sensitive personal information” means personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

What personal information do we collect about you?
- We may collect and generate information about you relating to your relationship with ISDA. This information may include (but is not limited to):
  - basic information relating to your identity – such as your name (including title / prefix (Dr.; Hon; Miss; Mr.; Mrs.; Ms.; Rev), first name, middle initial, last name and informal name) and gender;
  - any unique identification number or other similar numerical or coded identifier;
  - professional information – such as your organisation’s name and your job title;
  - business contact information – such as your work address, email address, and phone/fax number(s);
  - individual profile information – including, but not limited to, whether you are your organisation’s primary ISDA contact, online library contact, legal opinion contact, regional contact, billing contact, proxy, committee key contact, non-member committee contact, ISDA legal counsel contact (including whether you are a lawyer and the jurisdictions you cover), whether you are a member of the ISDA board of directors, a custodian or an ISDA speaker, your secretary/PA name, phone number and email, whether you have recently moved roles or organisation, areas of interest, the date when your ISDA account was created;
  - personal email preferences – including, but not limited to, whether you have opted to receive emails relating to conferences, news, memos, blogs, SwapsInfo, evaluation forms, protocol, IQ Magazine, and whether you have opted out of any of the above emails or unsubscribed from all emails;
  - purchase information – including, but not limited to, payment-related information, shipping information and products and services purchased; and
  - correspondence – when you contact us, including, but not limited to, making an enquiry or a request, and any correspondence relating to any such enquiries or requests.

How do we obtain your personal information?
- We collect your personal information during the course of your interactions with ISDA whether as a member representative or non-member representative. For example, information submitted through ISDA’s websites or any mobile applications utilised by ISDA from time to time, email correspondence, your attendance and participation at ISDA’s conferences and events or records generated when you engage with our Conferences and Membership functions. Otherwise, we gather information about you when you provide it to us or when we collect it from others (such as your colleagues or employer).
- We may collect your personal information when you visit our websites or use any mobile applications utilised by ISDA from time to time. For example, we automatically receive information from your web browser or mobile device when you use ISDA’s websites or any mobile applications utilised by ISDA from time to time. Monitoring will only be carried out to the extent permitted or required by local law. Although our websites use cookies to personalize the content that you see on our websites, by keeping your ISDA username in a cookie file after you log in for the current session or longer if you check the ‘Remember Me’ box. We also use Google Analytics, a third party tool that uses cookies to identify the areas of our websites that have been accessed by users and also to collect information about user devices (IP address, browser, operating system, requested resources etc.). For more information about our use of cookies and third party tracking tools, please see our Website and Mobile Application Privacy Policy.
- We combine information that we have about you from various sources, including the information that you have provided to us.
How do we use your personal information?
- We may use your personal information for the following purposes:
  - to enable us to provide you (either directly or through a third party service provider) with information pertinent to the derivatives market;
  - to enable you to use ISDA’s websites and any mobile applications utilised by ISDA from time to time;
  - to help us identify you and any accounts you hold with us;
  - to inform you of relevant upcoming conferences, boards and committees and related meetings, working groups and working group meetings, documentation releases and other ISDA and/or industry events;
  - to administer conferences and events;
  - to process transactions through ISDA’s websites or any mobile applications utilised by ISDA from time to time (including taking payment for purchases you may make) and to assist with any inquiries about your transaction;
  - for billing purposes and to confirm prior transactions;
  - to record your purchase of ISDA products and services and attendance at events;
  - to allow us to communicate with you and respond to your queries;
  - to prepare working group lists, board and committee participation lists, mailing lists based on email preferences, delegate lists or other similar group participation or distribution lists;
  - to send surveys to relevant contacts;
  - to send information about ISDA, membership of ISDA and membership renewal to members and/or non-members;
  - to analyse member and non-member trends and insights;
  - to inform your firm of activities you have participated in, such as your membership of working groups;
  - to operate our business, including for internal purposes such as auditing, data analysis, statistical and research purposes and troubleshooting to help us improve our products and services;
  - to comply with legal, regulatory and other requirements; and
  - to monitor activities as permitted and/or required by local law and/or regulation.
- Some of the purposes of processing may overlap and there may be several grounds which justify our use of your personal information.
- We collect, use, process and disclose personal information in accordance with applicable data protection and privacy laws. We do not collect, use, process, or disclose personal information for any purpose or in any way other than as described in this Notice (or, to the extent permitted under applicable data protection and privacy laws, any purpose directly related to, or compatible with, such purpose), unless we are required or permitted by applicable data protection and privacy laws to do so, you are so informed at the time of collection, or we have obtained your consent, directly or indirectly, to use or disclose your personal information for another purpose or in another manner. To the extent permitted by applicable data protection and privacy laws, we may provide your personal information to law enforcement agencies, regulatory bodies, or other government agencies without your knowledge or consent.
On what basis do we use your personal information?
- ISDA collects, uses, processes and discloses personal data in accordance with applicable data protection and privacy laws. We may process personal data on the following bases:
  - to enter into agreements with you or your firm, and to perform all obligations and exercise all rights under, and in accordance with, such agreements;
  - for the legitimate business interests of ISDA, including to ensure that ISDA (i) is able to maintain its relationships with existing member representatives and non-member representatives; and (ii) to promote its services and products to member representatives and non-member representatives and to inform them of the same. Using your personal information helps us to operate and improve our business, minimise any disruption to the services that we may offer, make our communications with you more relevant and personalised to you, and make your experience of our products and services more efficient and effective;
  - to comply with any legal and regulatory obligations;
  - because you have given your consent – at times we may ask for your consent to allow us to use your personal information for one or more purposes; and
  - for the establishment, exercise or defence of legal claims or proceedings.

With whom do we share your personal information?
- Due to the global nature of our operations, ISDA needs to be able to move member representatives’ and non-member representatives’ personal information across our organisation. We may share certain of your personal information with:
  - venues for ISDA’s conferences and other events and other third parties assisting ISDA with organising and running conferences and events (e.g. sending delegate lists to venues);
  - other ISDA offices and members of the ISDA group of companies;
  - employees and consultants in relevant departments throughout ISDA, including the Conferences and Membership departments and the Finance department;
  - third parties that provide products and services to ISDA such as IT systems suppliers and support;
  - local and foreign legal and regulatory authorities and governments; and
  - consultants, accountants, auditors, lawyers and other outside professional advisors.
- All our third-party service providers and other offices will be required to take appropriate security measures to protect your personal information in line with our policies and procedures in force from time to time. Third-party service providers will not be allowed to use your personal information for their own purposes and they will only be permitted to process your personal information for specified purposes and in accordance with our instructions.
- See the “Protecting your personal information” section below for information on how we will keep your personal information secure when sharing it with others.
Transfers of your personal information outside of your home country
- Your personal information may be processed by ISDA and those other parties described at the “With whom do we share your personal information?” section above, anywhere in the world (for example, to our offices in Hong Kong, Singapore, Tokyo and the US), including in countries where data privacy laws may not be equivalent to, or as protective as, the laws in your home country. We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You can find more information about data transfer agreements here. Where we transfer personal information to third party recipients that are certified under the EU-U.S. Privacy Shield, we may rely on this certification to protect your personal information.
Protecting your personal information
- We will use appropriate security measures and technologies to help protect your personal information.
- Any personnel handling personal information will be required to take appropriate measures to maintain, secure and protect the confidentiality of such information and take appropriate precautions to protect personal information from any unauthorised use, disclosure or potential loss.
- When ISDA retains a third-party service provider, that provider will be carefully selected in accordance with ISDA’s policies and procedures and the third-party service provider will be required to use appropriate safeguards in relation to the handling of your personal information (including in relation to maintaining confidentiality of your personal information and implementing appropriate technical and organisational security measures).
- Your personal information will only be accessed by those employees, agents, contractors, secondees and other third parties who have a business need to know. They will only process such personal information on our instructions and they will not be allowed to use personal information for their own personal use or otherwise outside of their engagement with ISDA. In addition, they will be required to use appropriate safeguards in relation to the handling of your personal information (including complying with any rules and policies implemented by ISDA, maintaining confidentiality of your personal information and implementing appropriate technical and organisational security measures).
- Whilst we endeavour to protect the privacy of your ISDA website accounts and any account you may have with any mobile application used by ISDA from time to time and other personal information, we cannot guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information. Please be reminded that e-mail communication is not secure. When requesting information or sending forms to us by e-mail, we recommend that you do not include any confidential information (i.e. credit card information). For your protection, our e-mail responses to you will not include any confidential information.
- The Members section of ISDA’s website requires registration and log-in processes that need a password. Your password is intended for your sole and individual use. You are responsible for maintaining the confidentiality of your password. All activities that occur using your password are your responsibility. Please immediately notify us of any unauthorised use of your password or your account.
How long will we keep your personal information?
- We will keep your personal information, as updated from time to time, only for as long as it remains necessary for the purposes for which it was collected (outlined in the “How do we use your personal information?” section above) or as required or permitted by applicable privacy and data protection laws
- To determine the appropriate retention period for personal information, we will consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
- In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
- Please note that retention periods will vary depending on the jurisdiction in which your personal information is processed.
Your rights
- In certain circumstances, you may be entitled to:
  - ask ISDA about the processing of your personal information, including to be provided with a copy of your personal information;
  - request the correction and/or deletion of your personal information;
  - request the restriction of the processing of your personal information, or object to that processing;
  - withdraw your consent to the processing of your personal information (in circumstances where ISDA is processing your personal information based on your consent);
  - request receipt or transmission to another organisation, in a machine-readable form, of the personal information that you have provided to ISDA; and
  - in certain countries, complain to your local supervisory authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.
- Please note that your rights may vary depending on the jurisdiction in which your personal information is processed. If you would like more information about your rights, or have any concerns about ISDA’s processing of your personal information, please let us know by getting in touch with privacy@isda.org.
- Where you are given the option to share your personal information with us, you can always choose not to do so. If you object to the processing of your personal information in those circumstances ISDA will respect that choice in accordance with its legal obligations. This could mean that we are unable to perform the actions necessary to achieve the purposes of processing described in the “How do we use your personal information?” section above.
Contact us
If you have questions or requests about the processing of your personal information, or need additional information, please contact privacy@isda.org.

May 2018