Privacy Statement | TISE

Privacy Statement

1. Who are we?

1.1. The International Stock Exchange Group Limited (Guernsey registered company 57524) (“TISEG”) wholly owns The International Stock Exchange Authority Limited (Guernsey registered company number 57527) (“TISEA”).

1.2. Together, these companies are the “TISE Entities”, both with a registered office at Helvetia Court, Block B, Third Floor, Les Echelons, St Peter Port, Guernsey GY1 1AR and No.3 The Forum, Grenville Street, St Helier, Jersey, JE4 4UF. 

1.3. TISEA is licensed by the Guernsey Financial Services Commission to operate an investment exchange under the Protection of Investors (Bailiwick of Guernsey) Law, 2020. The International Stock Exchange (the “Exchange” or “TISE”) is an investment exchange which is operated and regulated by TISEA.

1.4 The TISE Entities are wholly owned by Miami International Holdings, Inc. (“MIH”), a Delaware corporation with a primary place of business at 7 Roszel Road, Suite 1A, Princeton, New Jersey, United States NJ 08540.

2. To whom does this privacy statement apply?

2.1. This Privacy Statement sets out how the TISE Entities (and in limited circumstances MIH), as data controllers, collect, process and retain personal data. 'Personal data' means any information relating to an identified or identifiable natural person.

2.2. The Privacy Statement does not form part of any contract to provide services.

2.3. This Privacy Statement applies to you as a:

  • casual browser of our website, tisegroup.com (the “Website”);
  • subscriber to our market and research material;
  • Member or prospective Member of the Exchange;
  • Issuer or prospective Issuer for listing on the Exchange;
  • user of our online contributor services portal, MyTISE;
  • users of the TISE trading system, NOVA;
  • users of the private online marketplace, TISE Private Markets;
  • current or past shareholder of TISEG; or
  • potential employee, employee, contractor, consultant or temporary worker of the TISE Entities.

3. How do we collect personal data?

3.1. We collect personal data during your recruitment and/or employment with us or when you browse or fill in forms on our Website, use MyTISE, NOVA or the TISE Private Markets platform, send us documentation or correspond with us by phone, e-mail or otherwise. We will collect additional personal information in the course of service-related activities throughout the period of providing services to you. The personal data which we collect, process and retain will vary depending upon your relationship with the TISE Entities.

4. What personal data do we collect?

4.1. Casual browsers of our Website

4.1.1. When you browse our Website we may automatically collect the following:

  • technical information, including your Internet Protocol (“IP”) address to help diagnose problems with our server, and to administer our Website. An IP address is a number that is assigned to your computer when you use the internet. Your IP address is also used to help identify you during a particular session and to gather broad demographic data; and
  • information about your visit including, for analytical purposes, using the Google Analytics service which collects information such as how often and what pages you visit on the Website and what other sites you used prior to coming to the Website.

4.1.2. Google Analytics places a cookie, which is only accessible by Google, on your computer to identify you as a unique user the next time you visit our Website. Google's use of this cookie is governed by their Google Analytics Terms of Service (https://www.google.com/analytics/terms/) and their Google Privacy Policy (https://www.google.com/intl/en-GB/policies/privacy/).

4.1.3 The Lead Forensics tool uses IP tracking for identifying businesses and is not the same as cookies. The Lead Forensics tracking code will only provide information that is readily available in the public domain. It does not, and cannot, provide individual, personal or sensitive data regarding who has visited the TISE website. It will provide information on what companies have visited our website by identifying by way of their IP address. This data may be used by us to contact the business about their experience or for marketing purposes. We will not pass this data to third parties for any reason. More information can be found at www.leadforensics.com.

4.1.4. We do not combine the information collected through our use of Google Analytics with any other information which may identify you personally.

4.2. Subscribers to our market and research material

4.2.1. The TISE Entities will only collect, process and retain your personal data (including where appropriate your name, email address and any other relevant information you provide to us) for marketing purposes or market and opinion research, where you have provided your consent for us to do so. You may at any time withdraw your consent and unsubscribe from receiving such information by selecting unsubscribe.

4.2.2. We will not disclose personal data collected for marketing purposes to any third parties without notifying you of the identity of the third party together with details of what data is being shared and how it will be processed.

4.3. Members and prospective Members of the Exchange

4.3.1. TISEA is required to collect, process and retain personal data relating to individuals associated with Members and prospective Members of the Exchange in order to satisfy its legal and regulatory obligations. Where appropriate TISEA collects names, dates of birth, certain criminal record data in relation to directors and, where relevant, traders of Members and prospective Members, postal addresses, email addresses and any other relevant information that we collect for this purpose. The names of other relevant staff (for example, a Member’s Money Laundering Compliance Officer) is also collected.

4.3.2. It is the responsibility of Members or prospective Members of the Exchange to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA.

4.3.3. Members or prospective Members of the Exchange are responsible for ensuring that personal data provided to TISEA is processed correctly and accurately.

4.4 Issuers and prospective Issuers for listing on the Exchange

4.4.1. TISEA is required to collect, process and retain personal data relating to individuals associated with Issuers and prospective Issuers for listing on the Exchange in order to satisfy its legal and regulatory obligations. Where appropriate TISEA collects names, dates of birth, certain criminal record data (in relation to directors of equity Issuers and prospective Issuers) postal addresses, email addresses and any other relevant information.

4.4.2. Where a Member is acting as a listing agent or sponsor to an Issuer or prospective Issuer for listing on the Exchange, it is the responsibility of the Member to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA.

4.4.3. Members of the Exchange are responsible for ensuring that personal data relating to issuers provided to TISEA is processed correctly and accurately.

4.5. Users of MyTISE & NOVA

4.5.1. TISEA is required to collect, process and retain personal data relating to users of MyTISE and NOVA (“Contributors”) in order to satisfy its legal and regulatory obligations and in order to monitor MyTISE’s system functions. TISEA collects user names, email addresses and contact telephone numbers for this purpose.

4.5.2. It is the responsibility of the Contributor to ensure that the individuals to whom the personal data relates have been notified of its collection, processing and retention by TISEA.

4.5.3. Contributors are responsible for ensuring that personal data relating to its system users provided to TISEA is processed correctly and accurately.

4.6. Users of TISE Private Markets

4.6.1 The Privacy Policy specific to users of the TISE Private Markets platform is available at https://tiseprivatemarkets.com/privacy-statement 

4.7. Shareholders

4.7.1. In addition to the requirements under law for the TISE Entities to maintain records of their shareholders, we may collect, retain and process personal data (including where appropriate your name, postal address, email address and any other relevant information that you provide to us or that we collect) for:

  • the processing and payment of dividends, and associated reporting;
  • the issuance of circulars to shareholders; and
  • routine correspondence and administration purposes.

4.8. Potential Staff

4.8.1. As part of our recruitment process we collect, process and retain personal data (including where appropriate your CV and any covering letter, your name, residential address, personal contact details, work experience, residential status, education, qualifications, skills, and any other relevant information that you provide to us or that we collect) for:

  • assessing your suitability for a role within the TISE Entities;
  • verifying your information and carrying out pre-screening checks and/or conducting background or criminal records checks (where applicable) if you are offered employment;
  • communicating with you about the recruitment process and/or your application, including, in appropriate cases, informing you of other potential career opportunities at the TISE Entities; and/or complying with applicable laws, regulations or other legal duties.

As a regulated business, we have a legal obligation to know the identity and background of the individuals we employ to ensure we have the appropriate staff.

4.9 Staff

4.9.1. In respect of staff, we may collect, process and retain the following types of personal data:

Category Type
Contact
  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Date of birth
  • Gender
  • Form of identity which you provide i.e. driving license, passport
  • Photographs for the purposes of internal and external systems
Professional
  • Start date
  • Location of employment or workplace
  • Recruitment information (including copies of right to work/employment permit documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, training records and professional memberships)
Financial
  • National identification number (such as a Social Security number or its equivalent in other jurisdictions) 
  • Bank account details, payroll records   and tax status information
  • Salary, annual leave, pension  and benefits information, and  equity information
  • Compensation history
Behavioural
  • Performance information
  • Disciplinary and grievance information
Social Relationship
  • Marital status and dependants
  • Next of kin and emergency contact information
  • Personal information in relation to your dependants
Usage Data
  • Other information obtained through electronic means such as swipe card records
  • Information about your use of our information and communications systems
Special Category
  • Information about your race or ethnicity, nationality, gender and sexual orientation
  • Information about your health, including any medical condition, health and sickness records
  • Information about criminal convictions and offences

 

5. How we will use information about you?

5.1. We will only use your personal data when the law allows us to and we have a need to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to comply with an agreement, we have entered into with you.
  • Where we need to comply with a contractual, legal or regulatory obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

5.2. We may also use your personal data in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else's interests).
  • Where it is needed in the public interest, including to prevent fraud.

5.3. The situations in which we will process your personal data are listed below.

  • The operation of the Exchange under the terms of its licence.
  • The operation of the MyTISE and NOVA platforms.
  • The operation of the TISE Private Markets platform.
  • Administering any contract, we have entered into with you or where you are a party related to an entity for which we are contracted to provide services.
  • Complying with a valid order by a court or other governmental body or applicable law.
  • Satisfying any legal or regulatory obligation.
  • Business management and planning, including accounting and auditing.
  • Making arrangements for the termination of a commercial relationship or contract.
  • Dealing with legal disputes involving you.
  • To prevent fraud, criminal activity or market abuse.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • To enable the effective monitoring and review of the performance of MyTISE and NOVA.
  • To conduct data analytics studies to review and better understand customer retention and attrition rates.
  • To undertake the staff recruitment and onboarding process.

For staff, the situations in which we will process your personal data are listed below:

Lawful basis for processing Purpose
To perform the contract we have entered into with you
  • Making a decision about your recruitment or appointment
  • Determining the terms and conditions on which you work for us
  • Paying you
  • Providing you with benefits
  • Liaising with your pension provider and making the relevant contributions
  • Administering the contract we have entered into with you
  • Making decisions about salary reviews and compensation
  • Gathering evidence for possible grievance or disciplinary hearings
  • Making arrangements for the termination of your employment
  • Education, training and professional qualification requirements
  • Providing references to potential or future employers
  • Arranging travel and accommodation for you
To comply with a legal or regulatory obligation
  • If you are an employee and where relevant, making the necessary statutory deductions
  • To comply with our regulatory obligations, policies and procedures
  • Complying with health and safety obligations
  • To comply with business continuity regulations
For our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Assessing qualifications for a particular role, task or project, including decisions about promotions
  • Making decisions about your continued employment or engagement
  • Business management and planning, including accounting and auditing
  • Conducting performance reviews, managing performance and determining performance requirements
  • Dealing with legal disputes involving you, or other employees, partners and contractors, including accidents at work
  • Equal opportunities monitoring
  • Day to day business activity i.e. provision of our services, updating website, client briefings
  • Knowledge management (including internal know-how sharing and provision of personal data for managing subscriptions, access to (internal and external) know-how materials and resources and attendance at events) and analysis of use of all or any of the aforementioned by employees
  • To conduct data analytics studies to review and better understand employee retention and attrition rates
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies
  • To ensure network and information security, including preventing unauthorised access to our  computer and electronic communications systems and preventing malicious software distribution
  • Recording of training events where you may be a presenter or an attendee
Due to you providing consent
  • Checking you are legally entitled to work within the relevant jurisdiction
  • To complete and hold information about your criminal convictions
To protect your interests (or someone else’s interests)
  • Ascertaining your fitness to work
  • Managing sickness absence

 

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

5.4. If you fail to provide certain personal data when requested, we may not be able to comply with the agreement we have entered into with you (if applicable) or we may be prevented from complying with our legal obligations.

5.5. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

5.6. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. How we use special category data

6.1. Special Category Data requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal data in the following circumstances:

  • In limited circumstances, with your explicit written consent.
  • Where we need to comply with our legal or regulatory obligations and in line with our data protection policy.
  • Where it is needed in the public interest, such as to prevent fraud and in line with our data protection policy.
  • During the recruitment process to establish if you have a medical condition or disability for which the Company is required to make reasonable adjustments for.

In respect of staff, we may process special category personal data for the following purposes:

Purpose
We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws
We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence, entitlement to benefit and to administer benefits
We will use information about your race or national or ethnic origin, religious, or your sexual orientation, to ensure meaningful equal opportunity monitoring and reporting
We will use information relating to criminal records or offences in order to assess suitability for the role and in order to comply with some of our contract arrangements and our regulatory obligations

 

6.2. Less commonly, we may process this type of data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

6.3. Save where you have given explicit consent, we may only use data relating to the commission or alleged commission of a criminal offence by an individual where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and where we do so in line with our data protection policy.

7. Automated decision-making

7.1. We do not envisage that any decisions will be taken about you using automated means to process your data, however we will notify you in writing if this position changes.

8. Data sharing

8.1. We may have to share your data with third parties, including MIH (and subsidiaries) and other third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.

8.2. We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

8.3. "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers:

  • screening of individuals associated with Issuers and prospective Issuers and Members and prospective Members of the Exchange;
  • identity and bank account verification services in relation to users of the TISE Private Markets platform and to process payments in relation to auctions on the TISE Private Markets platform (https://tiseprivatemarkets.com/privacy-statement); 
  • banking;
  • IT system management;
  • medical and dental insurance;
  • pension scheme operation;
  • compensation analysis and equity administration;
  • financial data analysis, business management and operational efficiency;
  • marketing; and
  • archiving.

8.4. We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.

8.5. We may also need to share your personal data with:

  • a court, regulator, government body, applicable authority, enforcement agency or to otherwise comply with the law; or
  • the Appeals Committee or Disciplinary Committee of TISEA.

8.6. For the purposes of the sharing of personal data, Guernsey’s Office of the Data Protection Commission has defined an authorised jurisdiction as:

  • the Bailiwick of Guernsey;
  • a Member State of the European Union, or any sector within a country, or any international organisation that the (European) Commission has determined ensures an adequate level of protection within the meaning of Article 45(2) of the GDPR and for which the determination is still in force; or
  • a designated jurisdiction (by Ordinance).

8.7. For the purposes of the sharing of personal data, Jersey's Office of the Information Commissioner relies upon the level of protection being deemed adequate with reference to adequacy decisions of the European Commission, in accordance with Article 45 of the GDRP and for which the adequacy decision is still in force.

8.8 We may transfer the personal data we collect about you to an authorised or adequate jurisdiction.

8.9. Save as permitted by law we will not transfer the personal data we collect about you to unauthorised or inadequate jurisdictions. In the event that we transfer personal data to an unauthorised or inadequate jurisdiction, we will ensure, prior to carrying out the transfer, that there are appropriate safeguards in place in accordance with applicable law and that, where possible, these are notified to you.

9. Storage and security of your personal data

9.1. The TISE Entities will collect and process personal data in accordance with this Privacy Statement and the law.

9.2. The TISE Entities have implemented proportionate organisational and technical measures to protect your personal data. These measures include policies and procedures, physical and software security, and an employee training programme.

9.3. Whilst we have taken measures to protect your personal data, the transmission of data over the internet or other networks cannot be guaranteed as being secure. The TISE Entities do not make any warranties, express or implied, about the security of your personal data in this regard.

9.4. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

10. Data retention

10.1. We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. Details of retention periods for different aspects of your personal data are available in our data retention policy, the details of which are available from our Data Protection Officer.

10.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process and retain your personal data, whether we can achieve those purposes through other means and the applicable legal and regulatory requirements.

11. Links to other websites

11.1. Our Website may contain links or references to websites operated by external parties. This Privacy Statement does not apply to those websites and you should check the privacy policy of each website you visit.

11.2. We have no control over or responsibility for those other websites or the way in which they collect, process or retain your personal data which may be different from the way in which we collect, process and retain your personal data.

11.3. By including references, hyperlinks or other connections to other websites we do not imply any endorsement of them or any association with their owners or operators.

12. Rights of access, correction, erasure and restriction

12.1. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

12.2. Under certain circumstances, by law you have the:

  • Right of access to your personal data (commonly known as a "data subject access request"). This entitles you to ask what data we hold about you and why.
  • Right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes or if data were being processed on grounds of public interest or for historical or scientific purposes.
  • Right to rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure of your personal data, enabling you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
  • Right to the restriction of processing of your personal data enabling you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Right to be notified of rectification, erasure and restrictions.
  • Right not to be subject to decisions based on automated processing.
  • Right to data portability: right to request the transfer of your personal data to another party.

12.3. If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer in writing.

12.4. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if a repeated request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

12.5. We may need to request specific information from you to help us confirm your identity and ensure your right to access the data you have requested (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

12.6. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer.

12.7. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

13. Enquires and complaints

13.1. Any questions relating to this Privacy Statement or the personal data which we hold on you, should be referred to our Data Protection Officer.

13.2. Should you wish to exercise any of your rights under the data protection law or wish to submit a complaint regarding our compliance with the exercise of such rights, please contact our Data Protection Officer.

13.3. If you are dissatisfied with the way in which we have dealt with or handled your complaint, you have the right refer your complaint to your local data protection authority, and to appeal the outcome of your complaint.

14. Data protection officer

14.1. Andrew Peterson

14.2. Address: Helvetia Court, Block B, 3rd Floor, Les Echelons, St Peter Port, Guernsey GY1 1AR.

14.3. E-mail: data.protection@tisegroup.com

14.4. Telephone: +44 (0) 1481 753000

15. Data protection registrations

15.1. Guernsey Office of the Data Protection Commissioner - The TISE Entities are registered as data controllers and processors:

  • TISEG – Registration ID DPA1562; and
  • TISEA – Registration ID DPA1564.

15.2. Jersey Office of the Information Commissioner:

  • TISEG – Registration ID 22077 – is registered as a data controller and processor; and
  • TISEA – Registration ID 22078 – is registered as a data controller.

16. Changes to our privacy statement

16.1. Please read this Privacy Statement carefully and re-visit the relevant sections of it each time you visit our Website or provide us with any personal data. Changes may be made to this Privacy Statement at any time and without notice.

16.2 This Statement was last updated on 15 September 2025.