Privacy Policy

This Privacy Policy relates solely to the TISE Private Markets service, which ceased operations on 27 March 2026. Please refer to the main Privacy Statement for all other services and activities offered by the TISE Group.

1. Scope of this Privacy Policy

1.1 The privacy of your personal data is extremely important to us and this privacy policy sets out important information about how The International Stock Exchange Group Limited and The International Stock Exchange Authority Limited (together, "TISE", "we" or "us") retain your personal data following the cessation of the TISE Private Markets service and closure of the platform on 27 March, 2026.

1.2 Personal data is any information from which you can be identified. We're committed to protecting the privacy and security of your personal data.

1.3 In this privacy policy, "processing" means the collection, recording, retaining, storage, use, disclosure and generally any other uses, form of operations or dealings with your personal data.

1.4 This Notice was last updated on 27 March 2026.

2. About us

2.1 TISE Private Markets was a subscription-based private online investment marketplace platform ("TPM Platform") allowing issuers to facilitate the buying and selling of equity securities or managed investment products ("Issuers") and holders to buy and sell equity securities or managed investment products of the issuers. Effective 27 March 2026, TISE ceased the TISE Private Markets service and closed the TPM Platform. Following the closure of the TPM Platform, we will retain certain personal data where necessary to comply with legal and regulatory obligations. We will seek to keep the minimum amount of personal data needed for those purposes and will delete it once the relevant retention period has expired.

2.2 If you were registered on the TPM Platform and used it to buy and sell your equity securities or managed investment products, we refer to you as a "Holder".

2.3 In order for us to operate the TPM Platform, TISE processed personal data and when doing so, TISE was a "controller" of certain personal data. Following closure of the TPM Platform, we continue to be responsible for the retention of your personal data based on legal and regulatory requirements until the retention period has expired.

2.3 This privacy notice covers the situations where we remain a controller of your personal data in relation to the TPM Platform. This is predominantly when we were processing personal data about the directors and shareholders of the Issuers.

2.4 Where we processed personal data of Holders who used the TPM Platform, with the exception of the data we processed to set up a Holder account (see Section 3.6 below), we did so as a processor on behalf of the Issuer. This means that we only acted on and in accordance with the instructions of the Issuer and Holders should contact the Issuer for information on how the Issuer is processing Holder personal data in relation to its previous use of the TPM Platform.

2.5 We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with all data protection laws in Guernsey and the United Kingdom, including the Data Protection (Bailiwick of Guernsey) Law 2017, UK GDPR and the Data Protection Act 2018 ("Data Protection Laws").

3. Whose personal data do we retain?

3.1 The personal data that we retain will depend on the relationship you had with us. We retain personal data relating to: (i) directors at Issuers (ii) material shareholders at Issuers (iii) administrator users of the TPM Platform at Issuers; and (iv) Holders who used the TPM Platform.

3.2 Please see the relevant heading below (which correlates to your relationship with TISE) to learn more about the type of personal data we retain about you and how it was obtained:

3.3 Directors at Issuers

This section will apply to those directors at Issuers whose information was processed as part of the onboarding process for the Issuer onto the TPM Platform or subsequently during the Issuer’s use of the TPM Platform.

(a) What personal data do we retain?

(i) general information such as your full name, address, email address and date of birth;
(ii) professional details such as your job title, information about your job role, industry and current employer;
(iii) other positions you may hold as a director;
(iv) identity documents such as copies of passports and utility bills;
(v) details of any bankruptcy or similar arrangement;
(vi) details of any criminal record, fraudulent activity or disqualifications;
(vii) information about you in relation to the Issuer, for example percentage of ownership, directorships; and
(viii) any other information we collect directly from you during our onboarding process.

(b) How did we obtain your personal data?

We collected most of your personal data directly from you or the Issuer but we may have also used our own records and information from other sources for compliance with legal and regulatory obligations.

3.4 Material Shareholders at Issuers

This section will apply to those shareholders of Issuers who held a material shareholding either when the Issuer was onboarded onto the TPM Platform or subsequently during the Issuer’s use of the TPM Platform. A material shareholder means a shareholder holding or controlling 25% or more of the Issuer’s share capital.

(a) What personal data do we retain?

(i) general information such as your full name, address, email address and date of birth;
(ii) your percentage shareholding in the Issuer; and
(iii) identity documentation.

(b) How did we obtain your personal data?

We collected most of your personal data directly from the Issuer but we may have also used our own records and information from other sources for compliance with legal and regulatory obligations.

3.5 Issuer Administrator users of the TPM Platform

This section will apply to individuals that were authorised by the Issuer to access and undertake activities on the TPM Platform on the Issuer's behalf whom we liaised with and previously set up an account for on the TPM Platform.

(a) What personal data do we retain?

(i) general information such as your name and date of birth, and contact details including phone number and email address;
(ii) professional details such as your job title and information about your job role;
(iii) usernames and passwords for the TPM Platform; and
(iv) identity documents such as passport copies and utility bills.

(b) How did we obtain your personal data?

We collected most of your personal data directly from you or the Issuer, but we may have also used our own records and information from other sources for compliance with legal and regulatory obligations.

3.6 Holders who used the TPM Platform

This section will apply to Holders who used the TPM Platform prior to 27 March 2026 when TISE ceased the TISE Private Markets service and closed the TPM Platform.

Where we processed personal data of Holders who used the TPM Platform, we did so as a processor on behalf of the Issuer; meaning that we only acted on and in accordance with the instructions of the Issuer when you were using the TPM Platform. Therefore much of the information that was being processed about Holders on the TPM Platform is under the control of the relevant Issuer and Holders should contact the Issuer for information on how the Issuer is processing Holder personal data.

The only exception to this was where we processed personal data for the Holder in order to set up an initial account for them on the TPM Platform ("Holder User Account Administration");

3.7 Holder User Account Administration

(a) What personal data do we retain?

Personal details such as your name, address, date of birth, country of residence and contact details including phone number and email address and other information that was required to enable two factor authentication.

(b) How did we obtain your personal data?

We collected most of your personal data directly from you, primarily through our onboarding application forms which you filled out when you signed up to the TPM Platform or we received it from the Issuer. Information we received about you from the Issuer included your name and contact details.

4. For what purpose do we retain your personal data and with whom is it shared?

TISE ceased the TISE Private Markets service and closed the TPM Platform on 27 March 2026. Following the closure of the TPM Platform, we only retain your personal data where necessary to comply with legal and regulatory obligations.

When we share your personal data, we do so in accordance with Data Protection Laws and our internal security standards. Below are the parties with whom we may share personal data and why:

Within TISE: We may share your personal data with other companies within TISE for IT maintenance or support services.
Our third party service providers: We may share personal data with third party service providers vendors and agents (including their subcontractors) such as IT suppliers, software providers and information security providers which are only authorised to process your personal data strictly for the purposes of providing these services and in accordance with our instructions. If applicable, we will enter with such third party service providers into the relevant contractual agreements or the standard data protection clauses that would be required under Data Protection Laws to ensure compliance with our instructions.
Other third parties: We may share your personal data with any lawyers, external auditors or advisors, professional consultants, notaries, bailiffs, law enforcement agencies, as well as any courts, regulatory, governmental, administrative or other official bodies as agreed or may be required by law, where such disclosure is necessary (i) to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; and (iii) to protect our rights and interests.

5. Shieldpay

5.1 For a period of time prior to closing the TPM Platform on 27 March 2026, we engaged a third party provider called Shieldpay to (i) carry out identity and bank account verification services in relation to the users of the TPM Platform and (ii) process payments in relation to auctions on the TPM Platform.

5.2 In some circumstances we provided personal data on Holders and Issuers to them for the purposes of carrying out identity verification services and in other situations Holders and Issuers provided information directly to Shieldpay. In all situations Shieldpay are a controller of the personal data they have in connection with the TPM Platform and a copy of their Privacy Policy is available to view on their website (www.shieldpay.com).

6. How do we protect your personal data when sending it outside UK and/or Europe?

6.1 In some circumstances, we may need to transfer your personal data to a country or territory outside Guernsey, Jersey, the UK and/or the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA").

6.2 When we do so, we will ensure that such transfers are appropriately safeguarded and in compliance with Data Protection Laws. This may mean that we transfer data to countries considered adequate by the Guernsey data protection authority or otherwise enter into standard clauses approved by the Guernsey data protection authority.

7. Your rights

7.1 When we have identified in this privacy policy that we are a data controller you have the right to make certain requests of us in relation to the personal data that we hold about you. If you wish to exercise these rights at any time please contact us using the details set out in the "Contacting us" section (see Section 10). Please note that if your query concerns any information processed by Shieldpay, you can contact them at dpo@shieldpay.com. If your query concerns personal data processed in the context of an auction on the TPM Platform, you will need to contact the relevant Issuer.

7.2 Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with legal requirements). However, if we cannot comply with your request, we will tell you the reason, and we will always respond to any request you make. In some locations, not all rights will be available. We have set out a summary of relevant rights available to you under the locations in which we supplied the TPM Platform prior to its closure on 27 March 2026.

7.3 Although TISE ceased the TISE Private Markets service and closed the TPM Platform on 27 March 2026 and we only retain your personal data where necessary to comply with legal and regulatory obligations, you continue to maintain certain rights under data protection laws as follows:

(a) the right to access your personal data:

(i) you are entitled to a copy of the personal data we control and hold about you and certain details of how we use it; and
(ii) we will usually provide you with your personal data in writing, unless you request otherwise, or where you have made the request using electronic means, in which case the information will, where possible, be provided to you by electronic means;

(b) the right to rectification: we take reasonable steps to ensure that your personal data that we hold is accurate and complete, however, you can ask us to amend or update the personal data if you do not believe that this is so or if your details change;

(c) the right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors, for example, we may have legal obligations which mean we cannot comply with your request

(d) the right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;

(e) the right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice;

(f) the right to object to marketing: you can ask us to stop sending you marketing messages at any time. You can exercise this right by either clicking on the "unsubscribe" link which is contained in any email that we send to you or you can use the details set out in the "Contacting us" section to contact us (see Section 10). Please note that exercise of this right does not extend to service related communications;

(g) the right to object to processing: where we process your personal data based on our legitimate business interests (indicated in this privacy policy), you can object to our processing. We will consider your objection and determine whether or not our legitimate business interests prejudice your privacy rights

(h) the right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this privacy policy where we need your consent. You have the right to withdraw your consent at any time; and

(i) to the right to lodge a complaint with the Office of the Data Protection Authority: you can find out more information at their website: www.odpa.gg. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

8. How do we protect your personal data?

8.1 We have put in place:

(a) appropriate security measures, policies and procedures to prevent your personal data from being accidentally lost, used, interfered with or accessed in an unauthorised manner, altered or disclosed; and

(b) procedures to address any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.

8.2 We review our security measures periodically. We also ensure that our employees receive appropriate data security training.

9. How long will we keep your personal data?

9.1 The retention period for the personal data we maintain is 6 years after 27 March 2026 which aligns with the date that TISE ceased the TISE Private Markets service and closed the TPM platform. During the retention period, we only maintain your personal data where necessary to comply with legal and regulatory obligations.

10. Contacting us

If you have any queries about how we handle your personal data, the contents of this privacy policy, your data protection rights under applicable data protection laws, or how to obtain a copy of the personal data that we hold about you, please email us at data.protection@tisegroup.com or write to us at: The International Stock Exchange Authority Limited, PO Box 623, Helvetia Court, Block B, 3rd Floor, Les Echelons, St Peter Port, Guernsey GY1 4PJ.

11. Updates to this Privacy Policy

We may change or update parts of this Notice from time to time in order to maintain compliance with applicable Data Protection Laws and any changes to other laws or following an update to our internal practices. We will publish the updated version of the privacy policy and you can check our website here periodically to view it.

{{curPage.Title}}