Your rights regarding the processing of your personal data
In application of the General Data Protection Regulation (GDPR), among other articles 15 and following, and subject in certain cases to specific conditions or exemptions (please see the relevant section below), you have the right:
- To be informed about the purpose of the Processing of your Personal Data;
- To access your Personal Data;
- To obtain the deletion of your Personal Data;
- To obtain the restriction of Processing of your Personal Data;
- To receive a copy of your Personal Data;
- To have inaccurate Personal Data rectified
- To no longer have your Personal Data processed
- To object to the Processing of your Personal Data.
If you wish to exercise these rights, where applicable, you may submit a request according to this document. If you have not obtained satisfaction following your request, or for any other matter, then you may lodge a complaint with your national Data Protection Authority or appropriate court.
Euronext is committed to handling all requests regarding the exercise of your rights regarding your data to the highest level of quality, and to engage positively with you to resolve any request satisfactorily.
What is the scope of personal data covered?
This information covers all Personal Data processed by Euronext acting as a Data Controller.
Who is entitled to make a request?
If your Personal Data have been processed by Euronext, you are entitled to make a request, either directly or indirectly.
- Direct request: the request is done by you;
- Indirect request: the request is made by a third party (e.g. a lawyer) on your behalf. In this case, appropriate evidence must be provided that the third party making the request is entitled to act on your behalf.
What details must be provided in a request to make ensure it is admissible?
To be admissible, your request must include the following indications:
- The subject line of your request must be completed;
- Your full name must be provided;
- You may also provide official documents (passport, ID, driving licence, etc.) that provide evidence of your identity;
- You must finally choose between receiving an answer by email or by post.
In order to be able to respond to your request as rapidly as possible, we welcome any other relevant additional information, such as information detailing the context in which your Personal Data were processed by Euronext (for example, the service(s) or Euronext entity for or by which your data were processed).
Who handles your request?
Your request will be investigated by the Group DPO. We will acknowledge receipt of your request and inform you that it is being investigated. Where reasonably needed, the DPO will inform you that further information is required. Depending on the urgency or the complexity of your request, the DPO will take the appropriate actions to respond as satisfactorily and as rapidly as possible to your request.
What is the response time for your request?
We are committed to respond to your request without undue delay and in any event within one month. This may potentially extend to two additional months in the case of a complex request or a number of requests. Euronext will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
What are the limits and legal exemptions?
Subject to applicable law (among others, article 23 of GDPR), we are not required to comply with your request if your request:
- adversely affects the rights or freedoms of others (for example, in the case that your Personal Data request relates to other people), including trade secrets or intellectual property;
- is deemed abusive or involves a disproportionate effort by Euronext;
- contravenes the legitimate interest of Euronext as a Data Controller.
Is your request subject to the payment of fees
Where your requests are excessive, in particular if they are being sent with a repetitive character, Euronext may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information. The assessment of the excessiveness of the request will be made by Euronext’s DPO.
For any questions regarding this document, please contact the Euronext Group Data Protection Officer at firstname.lastname@example.org .
In the Nord Pool group of companies, you may also contact GDPR@nordpoolgroup.com .