1.1. The International Stock Exchange Group Limited (Guernsey registered company 57524) (“TISEG”) wholly owns The International Stock Exchange Authority Limited (Guernsey registered company number 57527) (“TISEA”).
1.2. Together, these companies are the “TISE Entities”, both with a registered office at Helvetia Court, Block B, Third Floor, Les Echelons, St Peter Port, Guernsey GY1 1AR and No.3 The Forum, Grenville Street, St Helier, Jersey, JE4 4UF.
1.3. TISEA is licensed by the Guernsey Financial Services Commission to operate an investment exchange under the Protection of Investors (Bailiwick of Guernsey) Law, 2020. The International Stock Exchange (the “Exchange” or “TISE”) is an investment exchange which is operated and regulated by TISEA.
2.1. This Privacy Statement sets out how the TISE Entities, as joint data controllers, collect, process and retain personal data. 'Personal data' means any information relating to an identified or identifiable natural person.
2.2. The Privacy Statement does not form part of any contract to provide services.
2.3. This Privacy Statement applies to you as a:
3.1. We collect personal data when you browse or fill in forms on our Website, use MyTISE, NOVA or the TISE Private Markets platform, send us documentation or correspond with us by phone, e-mail or otherwise. We will collect additional personal information in the course of service-related activities throughout the period of providing services to you. The personal data which we collect, process and retain will vary depending upon your relationship with the TISE Entities.
4.1. Casual browsers of our Website
4.1.1. When you browse our Website we may automatically collect the following:
4.1.2. Google Analytics places a cookie, which is only accessible by Google, on your computer to identify you as a unique user the next time you visit our Website. Google's use of this cookie is governed by their Google Analytics Terms of Service (https://www.google.com/analytics/terms/) and their Google Privacy Policy (https://www.google.com/intl/en-GB/policies/privacy/).
4.1.3 The Lead Forensics tool uses IP tracking for identifying businesses and is not the same as cookies. The Lead Forensics tracking code will only provide information that is readily available in the public domain. It does not, and cannot, provide individual, personal or sensitive data regarding who has visited the TISE website. It will provide information on what companies have visited our website by identifying by way of their IP address. This data may be used by us to contact the business about their experience or for marketing purposes. We will not pass this data to third parties for any reason. More information can be found at www.leadforensics.com.
4.1.4. We do not combine the information collected through our use of Google Analytics with any other information which may identify you personally.
4.2. Subscribers to our market and research material
4.2.1. The TISE Entities will only collect, process and retain your personal data (including where appropriate your name, email address and any other relevant information you provide to us) for marketing purposes or market and opinion research, where you have provided your consent for us to do so. You may at any time withdraw your consent and unsubscribe from receiving such information by selecting unsubscribe.
4.2.2. We will not disclose personal data collected for marketing purposes to any third parties without notifying you of the identity of the third party together with details of what data is being shared and how it will be processed.
4.3. Members and prospective Members of the Exchange
4.3.1. TISEA is required to collect, process and retain personal data relating to individuals associated with Members and prospective Members of the Exchange in order to satisfy its legal and regulatory obligations. Where appropriate TISEA collects names, dates of birth, certain criminal record data in relation to directors of Category 2 & 3 Members and traders of Members and prospective Members, postal addresses, email addresses and any other relevant information that we collect for this purpose. The names of other relevant staff is also collected.
4.3.2. It is the responsibility of Members or prospective Members of the Exchange to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA.
4.3.3. Members of the Exchange are responsible for ensuring that personal data provided to TISEA is processed correctly and accurately.
4.4 Issuers and prospective Issuers for listing on the Exchange
4.4.1. TISEA is required to collect, process and retain personal data relating to individuals associated with Issuers and prospective Issuers for listing on the Exchange in order to satisfy its legal and regulatory obligations. Where appropriate TISEA collects names, dates of birth, certain criminal record data (in relation to directors of equity issuers and prospective issuers) postal addresses, email addresses and any other relevant information.
4.4.2. Where a Member is acting as a listing agent or sponsor to an issuer or prospective issuer for listing on the Exchange, it is the responsibility of the Member to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA.
4.4.3. Members of the Exchange are responsible for ensuring that personal data relating to issuers provided to TISEA is processed correctly and accurately.
4.5. Users of MyTISE & NOVA
4.5.1. TISEA is required to collect, process and retain personal data relating to users of MyTISE and NOVA (“Contributors”) in order to satisfy its legal and regulatory obligations and in order to monitor MyTISE’s system functions. TISEA collects user names, email addresses and contact telephone numbers for this purpose.
4.5.2. It is the responsibility of the Contributor to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA.
4.5.3. Contributors are responsible for ensuring that personal data relating to its system users provided to TISEA is processed correctly and accurately.
4.6. Users of TISE Private Markets
4.6.1 The Privacy Policy specific to users of the TISE Private Markets platform is available at https://tiseprivatemarkets.com/privacy-statement
4.7. Shareholders
4.7.1. In addition to the requirements under law for the TISE Entities to maintain records of their shareholders, we may collect, retain and process personal data (including where appropriate your name, postal address, email address and any other relevant information that you provide to us or that we collect) for:
4.8. Potential Staff
4.8.1. As part of our recruitment process we collect, process and retain personal data (including where appropriate your CV and any covering letter, your name, residential address, personal contact details, work experience, residential status, education, qualifications, skills, and any other relevant information that you provide to us or that we collect) for:
As a regulated business, we have a legal obligation to know the identity and background of the individuals we employ to ensure we have the appropriate staff.
5.1. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
5.2. We may also use your personal data in the following situations, which are likely to be rare:
5.3. The situations in which we will process your personal data are listed below.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.
5.4. If you fail to provide certain personal data when requested, we may not be able to comply with the agreement we have entered into with you (if applicable) or we may be prevented from complying with our legal obligations.
5.5. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
5.6. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6.1. Special Category Data requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal data in the following circumstances:
6.2. Less commonly, we may process this type of data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
6.3. Save where you have given explicit consent, we may only use data relating to the commission or alleged commission of a criminal offence by an individual where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and where we do so in line with our data protection policy.
7.1. We do not envisage that any decisions will be taken about you using automated means to process your data, however we will notify you in writing if this position changes.
8.1. We may have to share your data with third parties, including third-party service providers and other entities in the group. We require third parties to respect the security of your data and to treat it in accordance with the law.
8.2. We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
8.3. "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers:
8.4. We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.
8.5. We may also need to share your personal data with:
8.6. For the purposes of the sharing of personal data, Guernsey’s Office of the Data Protection Commission has defined an authorised jurisdiction as:
8.7. We may transfer the personal data we collect about you to an Authorised Jurisdiction.
8.8. Save as permitted by law we will not transfer the personal data we collect about you to unauthorised Jurisdictions.
9.1. The TISE Entities will collect and process personal data in accordance with this Privacy Statement and the law.
9.2. The TISE Entities have implemented proportionate organisational and technical measures to protect your personal data. These measures include policies and procedures, physical and software security, and an employee training programme.
9.3. Whilst we have taken measures to protect your personal data, the transmission of data over the internet or other networks cannot be guaranteed as being secure. The TISE Entities do not make any warranties, express or implied, about the security of your personal data in this regard.
9.4. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
10.1. We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. Details of retention periods for different aspects of your personal data are available in our data retention policy, the details of which are available from our Data Protection Officer.
10.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process and retain your personal data, whether we can achieve those purposes through other means and the applicable legal and regulatory requirements.
11.1. Our Website may contain links or references to websites operated by external parties. This Privacy Statement does not apply to those websites and you should check the privacy policy of each website you visit.
11.2. We have no control over or responsibility for those other websites or the way in which they collect, process or retain your personal data which may be different from the way in which we collect, process and retain your personal data.
11.3. By including references, hyperlinks or other connections to other websites we do not imply any endorsement of them or any association with their owners or operators.
12.1. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
12.2. Under certain circumstances, by law you have the:
12.3. If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer in writing.
12.4. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if a repeated request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
12.5. We may need to request specific information from you to help us confirm your identity and ensure your right to access the data you have requested (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
12.6. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer.
12.7. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
13.1. Any questions relating to this Privacy Statement or the personal data which we hold on you, should be referred to our Data Protection Officer.
13.2. Should you wish to exercise any of your rights under the data protection law or wish to submit a complaint regarding our compliance with the exercise of such rights, please contact our Data Protection Officer.
13.3. If you are dissatisfied with the way in which we have dealt with or handled your complaint, you have the right refer your complaint to your local data protection authority, and to appeal the outcome of your complaint.
14.1. Jonathan Richards
14.2. Address: Helvetia Court, Block B, 3rd Floor, Les Echelons, St Peter Port, Guernsey GY1 1AR.
14.3. E-mail: data.protection@tisegroup.com
14.4. Telephone: +44 (0) 1481 753000
15.1. Guernsey Office of the Data Protection Commissioner - The TISE Entities are registered as data controllers and processors:
15.2. Jersey Office of the Information Commissioner:
16.1. Please read this Privacy Statement carefully and re-visit the relevant sections of it each time you visit our Website or provide us with any personal data. Changes may be made to this Privacy Statement at any time and without notice.
16.2 This Statement was last updated on 30 August 2023.