Euronext Securities Oslo - Privacy Statement

1.Purpose and scope of this Statement

Euronext Securities Oslo (“ES-OSL”, “Verdipapirsentralen A/S”, “VPS”, “we”, “us”) is strongly committed to protecting your personal data and upholding your right to privacy. This Privacy Statement describes how we collect and process your personal data and provides an overview of your rights in relation to your personal data. It applies to information which you may provide directly to us or via third parties. 

Euronext Securities Oslo is part of Euronext Group (“Euronext”) which consists of Euronext N.V, a Dutch holding company, located at Beursplein 5, 1012 JW, Amsterdam, the Netherlands, and its affiliated companies. 

2.Application of this Statement

Euronext Securities Oslo is the only company that has a license to operate securities registers in Norway. We offer registration of shares and other financial instruments, and provide infrastructure and services related to settlement and registration of securities rights. Euronext Securities Oslo supplies the directory services to investors and issuers through a network of securities companies (brokers), banks and management companies. These have the role of account operators and manage customer relations.

Euronext Securities Oslo may assume different privacy roles depending on the activity performed. 

Euronext Securities Oslo as a Data Controller

Euronext Securities Oslo is the Data Controller for personal data collected through our website, including when you browse, communicate with us, or engage with our services. As the Data Controller, Euronext Securities Oslo determines the purposes and means of processing such personal data in accordance with applicable data protection laws, including the General Data Protection Regulation ("GDPR").

Euronext Securities Oslo as a Data Processor

In some cases, Euronext Securities Oslo may act as a Data Processor. This occurs when we process personal data on behalf of our customers or partners in accordance with contractual agreements. In these situations, the customer or partner is the Data Controller, meaning they determine the purposes and means of processing the data. Euronext Securities Oslo processes the data strictly in accordance with their instructions and the applicable data processing agreements signed between the parties. 

This Privacy Statement applies to the way we collect and process your personal data as Data Controller. Personal data will be collected and processed by us when you or a company with which you are connected engage with us and/or avail of our services, e.g.:

  • via our websites or other selected domains, including any linked pages owned and operated by Euronext or any successors thereof, or any application made available by Euronext for use on a tablet, mobile phone or other mobile device (individually and collectively, the " Euronext websites"),
  • in the framework of the execution of a contract with a company with which you are connected (e.g. when we have a contract with your employer and the latter provides us your contact data in the execution of that agreement)
  • by participating to one of our events

We will collect personal data:

  • from you: for example through Euronext websites, when you avail of our products and services, from your securities market activity, when you attend one of our events or an event hosted at our premises, when you correspond with us, and
  • from third party sources such as but not limited to Euronext Securities Oslo vendors, Euronext Securities Oslo providers, the national Norwegian register (“ the Population Register”), and/or from publicly available resources. 

If personal data is provided directly to us or via third parties in the following cases, please refer directly to section 11 that provides the information relating to these specific cases (“Applicant(s)”) :

  • You participate in an Euronext Securities Oslo recruitment initiative
  • You voluntarily submit your resume to a representative of Euronext Securities Oslo on an ad hoc basis
  • You apply for an advertised job 
  • A recruiter provides your resume or details to Euronext Securities Oslo
  • Euronext Securities Oslo finds your CV / details in online searches e.g. LinkedIn
  • You are referred to an open position by an employee as part of the Euronext Referral Program.

This Statement applies to any and all job applications submitted and recruitment initiatives co-ordinated by Euronext Securities Oslo.

IMPORTANT: should you send your resume via a recruiter with whom you have engaged with, we encourage you to read the relevant recruiter's data protection Statement to understand how your Personal Data is processed by such a recruiter who is a controller of your Personal Data independently of Euronext’s concerned entity.

3.The personal data we process

Personal data is information or assessments that can be linked to you as a person. This may for example be name, contact information, account number and securities / transactions. 

The personal data we may process, which we may collect either directly from you or a company with which you are connected or from a third party, may include some or all of the following depending on the nature of the processing activity. 

DEVICE INFORMATION We collect information about your computer/device browser via cookies used on Euronext websites. You can read more about our use of cookies by referring to the Euronext websites Cookies Policy  available here. All other provisions of this statement are not applicable to the processing of personal data performed by Euronext Securities Oslo.
CONTACT AND COMPANY INFORMATION Information that enables us to have a dialogue with you, such as your address, phone number, and email address. The information is registered by the account operator who receives the information from you or are retrieved from the Population Register, which is operated by the Norwegian Tax Administration. 

IDENTITY INFORMATION

 Information about your identity, such as name, social security number, citizenship and possibly tax country / tax rate relevant for deduction of withholding taxes. The information is registered by the account owner who receives the information from you, or the information is retrieved from the Population Register operated by the Norwegian Tax Administration.
CSD Act INFORMATION All personal information which enables us to comply with the Central Securities Depository Regulation while also allows us to process required information from account operators to comply with the CSD Act.
ACCOUNT AND TRANSACTION INFORMATION

Information such as the VPS account number and account type, bank account number for bank account associated with a VPS account. VPS account number is generated by establishing an account relationship. It is verified by posting in the Account and Address Book that a bank account associated with a VPS account belongs to the person who creates a VPS account.

Information about transactions related to your customer relationship, such as the amount and time of purchase and sale of securities, dividends and other transactions. This is generated through your activity and use of our services or corporate actions.
TRANSACTION INFORMATION

Information about transactions related to your customer relationship, such as the amount and time of purchase and sale of securities, dividends and other transactions. This is generated through your activity and use of our services or corporate actions.
AML INFORMATION This may include your position as a director, officer or beneficial owner of a company, copy documentation confirming your identity (such as your passport or identity card) and copy documentation showing proof of your address and information collected through AML software and screening tools to comply with the AML Act. 
SRD II INFORMATION This includes all personal data that this regulation requires Euronext Securities Oslo to process in line with the SRDII and Public Limited Liability Companies Act.

OTHER APPLICABLE REGULATIONS INFORMATION

 Information necessary for Euronext Securities Oslo to comply with applicable EU and National financial markets regulation to which Euronext Securities Oslo is subject to. 
PUBLICLY AVAILABLE INFORMATION This may include information available: (i) on the websites or promotional material of companies or organisations with which you are connected; (ii) in news articles; or (iii) from registries such as the companies registration offices.
INFORMATION IN CONNECTION WITH ES-OSL MEETINGS AND/OR EVENTS We may collect specific information about you so that we may host you at our premises or at any event or seminar which we organise. We may also collect images (such as photographs and video footage) at Euronext Securities Oslo events and CCTV footage when you visit our premises. 
WEB INFORMATION 

Information registered for visits to the Euronext Securities Oslo website, through cookies or scripts on the web pages as a location (using IP address, location data, or the like), information about the pages you visit, about any products and services you order, and other technical information (such as user behavior, user equipment, browser, and operating system). Unless you sign in or otherwise enter your identity on the site, we will not be able to associate this information with you. Your activity in our applications is logged and stored by us in accordance with the rules of the CSD Act and the Personal Data Act.

OTHER INFORMATION

We may also process any personal data which you or the company with which you are connected choose to provide us or information about other persons associated with a VPS account, such as disposals, pledges and other rights holders.

4.Websites and Cookies

Euronext Securities Oslo website is part of the Euronext websites which use cookies to improve your browsing experience, please visit our Euronext Websites Cookies Policy for more information.

5.How and Why we process your personal data

The following table details the legal basis ("Legal Basis") according to which and the reasons why ("Purposes") we obtain, collect and process your personal data.

LEGAL BASIS

PURPOSE

CONTRACT

It is necessary to process your personal data to enter into and perform our contracts with you.

If you do not wish to provide us with your personal data for these purposes, we will not be able to enter into or perform our contract(s) with you.

 

We obtain, collect and process your personal data:

  • to process contract or application between Euronext Securities Oslo and you;
  • to review and publish announcements;
  • provide you with access to Euronext websites and to enable you to use them;
  • to process your application to participate in dedicated programs organized by Euronext Securities Oslo; and
  • for invoicing, billing and commercial purposes.

 

LEGITIMATE INTERESTS

We process certain of your personal data on the basis of our legitimate interests, such as in pursuit of our business or security interests or in the framework of the execution of a contract with a company with which you are connected.

 

Where we process your personal data in pursuit of our legitimate interests we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. We will not process your personal data where our legitimate interests are outweighed by the impact on your rights and freedoms (unless otherwise required or permitted by law).

We obtain, collect and process your personal data in order to:

  • to process contract or application between Euronext Securities Oslo and the company with which you are connected for Euronext Securities Oslo to provide with the services subscribed;
  • provide you with access to Euronext websites and to enable you to use them;
  • test and improve the effectiveness of Euronext websites and to monitor metrics such as numbers of visitors, traffic data and demographic patterns;
  • provide you with information (e.g. newsletters, reports, statements and other material which you sign up to receive …);
  • respond to your enquiries;
  • maintain a list of our business contacts;
  • tailor our services to match your requirements;
  • create products or services that may meet your needs;
  • to process your job/candidate application including to contact you in relation to interviews and/or offer you a job after the interview stage or to process any references you provide to us in the context of recruitment;
  • maintain the security and integrity of our premises, infrastructure and systems, and the safety of our employees, by using security measures including CCTV cameras.
  • Euronext Securities Oslo uses web information to conduct analysis, personalization of our website, providing customer service and improving our services with Google Analytics configured in a way so that the data obtained from activity on our web pages cannot be linked to your IP addresses.
  • maintain our information systems, which may involve processing personal information in operation, debugging, troubleshooting and managing our IT systems. 
LEGAL AND REGULATORY OBLIGATIONS Euronext Securities Oslo uses your personal data to fulfill the obligations we have undertaken for the implementation of securities registry services. We obtain, collect and process your personal data to comply with legal and regulatory obligations applicable to Euronext Securities Oslo such as but not limited to the Central Securities Depository Act and the Central Securities Depository Regulation and Tax Payment Act.
CONSENT Where applicable, we obtain, collect and process your personal data on the basis of consent for some specific marketing purposes (i.e. proposal of products & services, invitation to events…).

6.Disclosure of your Personal Data 

We may disclose your personal data to other companies of the Euronext Group.

Euronext Securities Oslo discloses your personal data to others only when it follows from the Central Securities Depository Act or other legislation that we may share the information or are required to complete the agreement with you. We may also disclose your personal data to third parties in relation with the purposes for which personal data are processed including:

  • Regulatory authorities and law enforcement agencies such as the Norwegian Tax Administration, the Financial Supervisory Authority of Norway and the Police: As a securities register to provide information to the National Tax authorities for pre-completion of the tax report and for control purposes. Every year in February, Euronext Securities Oslo send you an annual assignment that shows what information we have sent to the Norwegian Tax Administration. The Financial Supervisory Authority of Norway has the right to access information in the securities register in connection with supervisory duties and responsibilities. The Police have the right to access information in the securities register in connection with the prevention and combating of crime.
  • Enforcement officer and trustees for information about a person’s ownership in financial instruments when relevant to their case processing.
  • Our trusted third-party service providers and our IT service providers;
  • Third parties involved in financial market activities including account operators and security issuers and Oslo Børs (the Oslo Stock Exchange). When we deliver our services and products, this may mean that we must disclose information about you. For example, it will be necessary to disclose certain information in order to transfer your securities to another person by order from you or your account owner, or if you change the account owner. A mortgagee or proprietor of another limited right registered in an account has the right to obtain all information registered in the account that may affect the right. Before we share such information, we will always ensure that we comply with the relevant provisions on confidentiality in the financial and securities sector. Euronext Securities Oslo delivers information to Oslo Børs on transactions undertaken by primary insiders so that Oslo Børs can check that such transactions are reported in accordance with current rules. 
  • Third parties involved in hosting or organizing events or courses;
  • Professional advisors such as tax or legal advisors, consultants and accountants
  • Any prospective buyers of Euronext or the business of Euronext, and
  • Others: Everyone has access to static data on a financial instrument that is not subject to confidentiality. It may also result from special legislation that other than those in front of you are entitled to confidential information in the register.

7.Transfer of your personal data

We store and process your personal data on servers located within the European Economic Area (the "EEA"). We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or where there are appropriate safeguards in place to protect your personal data.

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to recipients in other countries (such as the U.S.), we will protect that information as described in this Privacy Policy and will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries other than the one in which you provided the information.

If you are located in the European Union (and Iceland, Liechtenstein and Norway) (“EU”), United Kingdom (“UK”) or Switzerland, with respect to transfers of personal information to the U.S., Euronext US Inc. and its subsidiaries Euronext FX Inc., Euronext Markets Americas LLC, and Euronext Market Services LLC are certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework administered by the U.S. Department of Commerce, the European Commission, the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner, respectively, regarding the transfer of personal information from the EU, UK and Switzerland to the U.S. Click here to view our Data Privacy Framework Privacy Policy.

8.Retention of your personal data 

We store information about you only as long as we have a statutory retention obligation or it is necessary for the purpose for which the information was collected. 

Generally, we shall retain your personal data for a period of ten years after the closure of your securities account following the CSD Act section 5-4. 

However to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

9.Security of your personal data

Your personal data are dealt with in confidence, and Euronext Securities Oslo has taken appropriate technical and organizational security measures to protect your personal data against loss, misuse, alteration and/or destruction. These include, but are not limited to:

  • Installing a firewall to prevent unauthorized access to our systems;
  • Using secure servers;
  • Ensuring the Personal Data are stored in physically secure accommodation.

Please be aware that the security measures mentioned above apply to systems under the control of Euronext Securities Oslo, but that Euronext Securities Oslo cannot ensure the security nor confidentiality of any information during its transmission when transmitted via means not under its control, notably the Internet, and that you are aware that data transmitted via such means may be intercepted by third parties.

If Euronext Securities Oslo becomes aware of any security breach which results in unauthorized access of your personal data, Euronext Securities Oslo will endeavor to inform you.

Euronext Securities Oslo websites may provide hyperlinks to websites from other companies or persons. This policy does not apply to the use of such websites and we are not responsible or liable for any processing of your personal data via these third party websites.

In addition, if you share content from the Euronext Securities Oslo websites via social media, your personal data will be visible to those visiting your personal pages on these social media websites. Euronext Securities Oslo is not responsible or liable for any processing of your personal data via such media. This policy does not apply to the use of such social media.

10.Your rights and how to exercise

The table below sets out the rights which you have to address any concerns or queries with us about our processing of your personal data. Please note that these rights are not absolute and are subject to certain exemptions under applicable data protection law.

RIGHT

FURTHER  INFORMATION

RIGHT TO BE 
INFORMED

You have the right to know your personal data is being processed by us, how we use your personal data and your rights in relation to your personal data.

RIGHT OF 
ACCESS

You have the right to ascertain what type of personal data Euronext Securities Oslo holds about you and to a copy of this personal data.

RIGHT TO 
RECTIFICATION

You have the right to have any inaccurate personal data which we hold about you updated or corrected.

RIGHT TO ERASURE

In certain circumstances you may request that we delete the personal data that we hold on you. You have also the right to give post-mortem instructions regarding your personal data.

RIGHT TO 
RESTRICTION OF
PROCESSING

You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.

RIGHT TO 
OBJECT

Where we rely on our legitimate interests to process your personal data, you have a right to object to this use. We will desist from processing your personal information unless we can demonstrate an overriding legitimate interest in the continued processing.

RIGHT TO DATA PORTABILITY

In case the processing is based on your consent or a contract conclude with you, you may request us to provide you with certain personal data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your personal data directly to another controller where this is technically feasible.

You can exercise any of these rights in accordance with the “Data Subject Rights Request Information Procedure

  • submitting a request through the following form.
  • sending a request to us at dpo@euronext.com.
  • by sending a letter to the following address:

Euronext
Compliance Department
Data Protection Officer
14, place des Reflets – CS30064
92054 Paris la Défense.

Furthermore, you may also submit a complaint to the competent Data Protection Authority.

11.Applicants

This section only applies to personal data which you may provide directly to us or via third parties, in the following cases :

  • You participate in an Euronext Securities Oslo recruitment initiative
  • You voluntarily submit your resume to a representative of Euronext Securities Oslo on an ad hoc basis 
  • You apply for an advertised job 
  • A recruiter provides your resume or details to Euronext Securities Oslo
  • Euronext Securities Oslo finds your CV / details in online searches e.g. LinkedIn
  • You are referred to an open position by an employee as part of the Euronext Referral Program.

This section applies:

  • to any and all job applications submitted and recruitment initiatives co-ordinated by Euronext Securities Oslo,
  • up to the point at which we decide not to continue the recruitment process with you or when you start working for us (if applicable). On this latter case, the way we process your Personal Data will no longer be dealt with under this Statement, but will instead be governed by our Data Privacy Notice.

IMPORTANT: sections 4, 7, 9, 10, 12 and 13 of this Privacy Statement apply to Applicants.

A. The Personal Data we process

As part of the recruitment and job application process, we collect the Personal Data that you / your agency / your referrer submit to us, which may include:

PERSONAL DETAILS

This may include general Personal Data such as your name, gender, residential address, email address, contact telephone numbers, nationality, marital status, etc.

DETAILS ABOUT YOUR PREVIOUS EMPLOYMENT

Such as the former company names, length of service, business titles and details on your previous roles.

QUALIFICATIONS  

Such as your skills, education, the languages you speak (including your level of proficiency), your eligibility to work in a particular country (e.g. minimum legal age to work, citizenship or visa details), your experience in the job you apply for and other industries, etc.

PREFERENCES

Such as positions you may be interested in, information about when you may be available to interview and/or start date for Euronext Securities Oslo or work on ongoing basis (e.g. full or part time or on weekends), whether you are open to relocation or working remotely, whether you are willing to travel for work and whether you have your own transport.

PUBLICLY  AVAILABLE INFORMATION

Details about you which we gather from publicly available sources over the internet and your social media accounts where such searches are relevant to the job you have applied for within Euronext Securities Oslo.

OTHER  INFORMATION

Details you may provide us in response to our queries or questions at interview stage (including information about you which we generate throughout the interview and/or recruitment process), at reference check stage, to complete psychometrics tests (where applicable) or details required where mandatory in the respect of local requirements laws.

If you apply for a position through the “Apply with LinkedIn” option, we may use the information you have previously provided to LinkedIn to populate your application. You are free to remove some details.

The main mandatory information we need to proceed with your recruitment is your resume. You may remove personal data from your resume.

It is necessary for us to process your Personal Data in order to assess your job application and/or include you in a recruitment initiative. Ultimately, it may also be necessary for us to process your Personal Data in order to take steps to offer and enter into a contract of employment with you. In the event that you do not wish to provide us with your Personal Data for the purposes outlined in this Statement, we will not be able to assess your job application and/or include you in a recruitment initiative and/or offer you a contract of employment.

Please note that should you include information you think is relevant to your job application or the recruitment initiative, including cover letters, references from your previous employers and other documents you see fit. For information containing  Personal Data, we will hold and process any such Personal Data in accordance with the terms of this Statement.

BHow and Why we process your Personal Data

The following table details the key context for which ("Legal Basis") and why ("Purposes") we collect, obtain and process your Personal Data within Euronext Securities Oslo. The third parties and those within Euronext Securities Oslo with whom we may share your Personal Data ("Recipients") are detailed in section 6 (Disclosure of your Personal Data) of this Statement.

LEGAL BASIS PURPOSE

LEGITIMATE INTERESTS

It is necessary to process your Personal Data where it is necessary for the purpose of initiate and facilitating the recruitment process.

We obtain, collect and process your Personal Data:

  • to process your job application, including to contact you in relation to interviews and/or offer you a job after the interview stage ;

  • to assess your Personal Data against vacancies which we think may be suitable for you ;

  • to request information from third parties such as qualifications and references ;
     
  •  to retain your information  in order to contact you in relation to future vacancies within Euronext Group that may be of interest to you;

  • to collect feedback on and evaluate the recruitment process ;

  • to promote internal and external recruitment events such as job fairs, campus events… ; 

COMPLIANCE WITH A LEGAL OBLIGATION

It is necessary to process your Personal Data in order to comply with legal obligations imposed on us as an employer under applicable Norwegian and European Union law.

We obtain, collect and process your Personal Data in order to comply with legal obligations, which may include: 

  • to comply with Norwegian Working Environment Act;
  • to comply with Norwegian Tax Act ;
  • to comply with other applicable Norwegian laws ;
    • Internal business units such as Human Resources, IT, Finance/Payroll, Managers, system administrators, our trusted third party service providers and our IT service providers;

IMPORTANT : 

When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).

We will only use your Personal Data for the purposes for which we collect it (as outlined in this section), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you in accordance with section 10 of this Statement and we will explain the legal basis which allows us to do so.

C. Disclosure of your Personal Data

We may disclose some or all of your Personal Data to the following parties :

  • Your previous employers when you have provided them as a reference third parties that may be contacted to provide additional information related to your previous work experiences;
  • Recruitment agencies;
  • Regulatory authorities: 
  • Outsourced service providers who assist Euronext Securities Oslo with recruitment initiatives and campaigns such as recruitment agencies, technical test assessment, background check and health assessment companies (where applicable);etc.
  • Professional advisors such as legal advisors, consultants and accountants.

D. Retention of your Personal Data

Where you are a successful job applicant, the Personal Data generated by us and provided by you over the course of the job application/recruitment process will be retained by us for the purpose of your contract of employment. Such Personal Data will be retained in accordance with our Data Privacy Notice (which will be available to you when you commence employment).

Where you are an unsuccessful job applicant, we will retain your Personal Data for a period of up to 12 months after it is determined that your application has been unsuccessful for the purposes of both contacting you in relation to future vacancies within Euronext Securities Oslo which we think may be of interest to you and, for the purpose of defending any potential employment equality claims.

Please note that in certain circumstances, we may hold your data for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your Personal Data.

12.Changes to this statement 

We may occasionally update this Privacy Statement to reflect changes in our business or to comply with applicable law and regulations. We therefore advise you to review this statement regularly to ensure that you are updated with any changes.

13.Questions and Requests

Should you have any questions or requests about this policy, please contact us via dpo@euronext.com