Privacy and Security
TD Securities is committed to protecting your privacy and safeguarding your personal, business and financial information. TD Securities adheres to the codes, regulations and laws that govern the collection, use and protection of your Personal Information.
Internet Security
TD Securities’ Regional Privacy Policies
The Privacy Notice applies to all individuals, including Directors, Trustees, Board Members, Beneficial Owners, Corporate, or Client/Counterparty Employees whose data is protected by TD Securities, Europe and Asia-Pacific. This includes the following legal entities:
United Kingdom
The Toronto-Dominion Bank, London Branch, 60 Threadneedle Street, London, EC2R 8AP
TD Bank Europe Limited, 60 Threadneedle Street, London, EC2R 8AP
TD Securities Limited, 60 Threadneedle Street, London, EC2R 8AP
Ireland
TD Global Finance, unlimited company, One Molesworth Street, Dublin 2, D02 RF29, Ireland
Singapore
The Toronto-Dominion Bank, Singapore Branch, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192
Toronto Dominion (South East Asia) Limited, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192
Hong Kong (SAR)
The Toronto-Dominion Bank, Hong Kong Branch, Suite 1211, Two Pacific Place, 88 Queensway, Hong Kong, China
Australia
Toronto-Dominion Australia Limited, Tower One International Towers, Level 17, 100 Barangaroo Avenue, Barangaroo NSW 2000 Australia
In this Policy, the words “you” and “your” mean any data subject or individual described above. Any reference to “we”, “us”, “our”, or "they" includes each of the entities listed above.
We have always regarded the need for the protection, privacy, and confidentiality of the Personal Information (as defined in section 2 below) of our client and counterparty representatives as an important and fundamental operating requirement. This Privacy Notice provides descriptions that support our obligations and your rights under the applicable jurisdiction, by explaining when and why we collect Personal Information about those individuals, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice and GDPR more generally. If you have any questions about this Privacy Notice or how we handle your Personal Information, please contact:
Data Protection Officer 60
Threadneedle Street, London EC2R 8APH3
Privacy.EAP@tdsecurities.com
You have the right to make a complaint at any time if you feel the processing of your Personal Information infringes the local legislature. Please see the section 'Collection methods and legal ground for using Personal Information' for the relevant regulators.
Key Definitions
"Personal Information” or "Information" means any personal data or details from which a living individual may be directly or indirectly identified whether on its own or in conjunction with any other information we may have or be able to access (e.g., from you directly and/or obtained from others within or outside the Bank).
Examples of the categories of Personal Information we may process include:
- Demographic information (e.g., name, address, telephone number(s), email address, age/date of birth, country of domicile, employer name, employer address, other employee contact information, and any other information that may be required for anti-money laundering documents);
- CCTV footage;
- Personal Identiication Numbers (e.g., Government-issued ID);
- Research subscriber preferences.
We may also process the following “special categories” of more sensitive Personal Information:
- Information about your health (e.g., dietary restrictions, special access requirements);
- Information about criminal convictions and offences
“Process” or “processing” means any operation or set of operations which is performed on Personal Information (or sets of Personal Information), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, obtaining, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controllers
"Data controller" refers to where we make decisions on how Personal Information is used in relation to our business.
This Privacy Notice applies to the processing carried out by us in:
- Australia: Toronto Dominion Australia Limited, regulated by the Office of the Australian Information Commissioner
- Hong Kong SAR (China): The Toronto-Dominion Bank, Hong Kong Branch, regulated by the Privacy Commissioner for Personal Data;
- Ireland: TD Global Finance, unlimited company, regulated by the Data Protection Commissioner;
- Singapore: The Toronto-Dominion Bank, Singapore Branch, and TD (South East Asia) Limited; regulated by the Personal Data Protection Commissioner;
- UK: The Toronto-Dominion Bank, London Branch, TD Bank Europe Limited and TD Securities Limited; regulated by the UK Information Commissioner’s Office.
Each of these is a data controller in respect to the relationship between themselves and you, as an individual whose Personal Information they are processing and is responsible for deciding how it holds and uses that Information.
As data controllers, each is accountable and has an obligation to ensure that they process your Personal Information in compliance with data protection law. This means that your Personal Information must be:
- Processed fairly, lawfully and in a transparent way;
- Collected only for specified, explicit and legitimate purposes that are clearly explained to you and not used in any way that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- Accurate and up to date;
- Not kept for longer than is necessary for the purposes explained to you;
- Processed in line with your rights;
- Kept securely; and
- Not transferred to other countries outside the EEA or UK without adequate protection.
The relationships between TD Securities ("TDS") and its corporate third parties include the processing of your Personal Information for our primary business functions and activities, including Know Your Customer ("KYC"), Anti-Money Laundering ("AML") and Sales. It encompasses the working relationship between you and TDS. It includes the administration of legislative programs such as fulfilling regulatory requirements, and tax and other statutory regulations.
Collection methods and legal grounds for using Personal Information
During your relationship with us, we will collect and process your Personal Information as outlined in this Privacy Notice or as otherwise notified to you from time to time.
You will be the primary source for your Personal Information, but it may also be necessary to collect Information from third parties, elsewhere such as third party verification services and publicly available registries or records. At or before the time of collection of your Personal Information, and in line with this Privacy Notice, we explain how we intend to use your Personal Information and the legal ground for processing (e.g., legal obligation we are subject to, the legitimate interest we have or consent). For each type of processing where we are relying on TDS’ legitimate interests, we list out such interests. For processing requiring your consent, we provide you with details of the Personal Information we would like and the reason for collecting it, so that you can carefully consider whether you wish to give that consent.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact TDSClientOnboarding@tdsecurities.com. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Information for the purpose, or purposes, you originally agreed to, unless we have another legitimate basis for doing so in law in which case, we will inform you accordingly.
In limited circumstances, we may process your Personal Information on other grounds and occasionally, without your knowledge or consent. This may be:
- Where we need to protect your interests (or someone else’s interests);
- Where it is needed in the public interest or for official purposes;
- For an emergency that threatens an individual's life, health or security, including your own;
- If knowledge of the processing would compromise the availability or accuracy of the Information and collection is required to investigate a breach of the Guidelines of Conduct or contravention of European law;
- If it is publicly available (such as name, address and telephone number of a subscriber in a telephone directory);
- If we have reasonable grounds to believe the Information could be useful when investigating a contravention of a European or foreign law and the Information is used for that investigation.
Collection methods and legal grounds for 'special category' Personal Information
We may process special categories of Personal Information in the following circumstances:
- In limited circumstances, with your explicit written consent (for example in response to an event invitation where we need to know dietary requirements).
- Where we need to carry out our legal obligations of the relevant European jurisdictions in which we are operating and in line with our policies.
- Where it is needed in the substantial public interest and in line with our policies.
Less commonly, we may process this type of Information where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the Information public.
Purposes of processing your Personal Information
We will process your Personal Information, including disclosure to third parties or other entities within our Bank, for any of the following legitimate business and necessary purposes:
Purpose
|
Legal Ground
|
---|---|
Conducting Client Engagement/Outreach |
Legitimate interest – relationship building during onboarding and forwards. |
To meet compliance with regulatory obligations, and prevent and detect crime including, e.g. fraud, terrorist financing and money laundering: conducting checks on you as part of checking on your employer, the corporate third party, such as know your customer (KYC) checks, anti-money laundering due diligence (AML DD) checks, and anti-fraud checks before we establish a relationship with that third party, and where required, during our relationship with that third party for ongoing verification in accordance with regulatory requirements regarding anti-money laundering, anti-terrorist financing, financial abuse, fraud and any other criminal activity, including cooperating with regulators, participating in internal and external investigations if any of these or any other suspicious activities are suspected. Compliance with these obligations may involve call recording. |
TDS’ legitimate interest and the public interest in ensuring the integrity and security of the financial sector. |
Fixed Income Account Maintenance |
Legitimate interest – to ensure trades can successfully complete by updating third-party clients' or counterparties’ representatives’ information. |
Counterparty Maintenance in Source Systems |
Legitimate interest – to send out trade confirmation messages and referral form agreement. |
Client Relationship Management through the Individual Representatives |
Legitimate interest – building and maintaining relationships with TDS’ corporate clients. |
Confirmations & Settlements Processes |
Legitimate interest – communication with third-party representatives to ensure confirmations are correct and trade settlement is successful. |
Portfolio Reconciliation |
Legitimate interest – to reconcile client's portfolio and create client reports for regulatory reporting. |
Client Reporting Processes under Regulatory Services |
Legitimate interest – reconcile client's portfolio and create client reports for regulatory reporting. |
Organizing TD Marketing Events and Attendance Registration |
Legitimate interest – to promote TDS EAP brand and awareness in the marketplace and our financial services and products. You can choose to stop receiving them at any time. To make that change, contact us in the usual way (as also indicated on each marketing communication). |
Banking operations support: for undertaking business management and planning (including change of our business structure), including accounting and auditing and for assisting with, managing and improving the operations, including security, of TDS and TD Bank Group enterprise-wide. For the lawful bases for criminal personal data, please refer to paragraph 4 above. |
Legitimate interests – business efficiency and data security to protect all data and information. |
Engaging service providers, contractors or suppliers relating to the operation of our business. |
Legitimate interest – to enable us to provide our services as efficiently as possible. |
We also collect, hold, use and disclose your Personal Information for maintaining contact with our clients and other contacts, including keeping them informed of our services, products and events, on the basis of our legitimate interests to enable us to promote our financial services and products;
Some of the above purposes for processing will overlap and there may be several reasons to justify our use of your Personal Information.
We will only use your Information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose.
If we subsequently find that we need to use your Personal Information for a new, unrelated purpose, we will notify you and explain the legal basis which we will be relying upon.
Purposes of processing Special Personal Information
To the extent that we have your special Personal Information; we will use it in the following ways:
- Information about your health, or disability status, for the purposes of ensuring your health and safety (in particular for the purposes of event management) and with your explicit written consent.
- Information about criminal convictions and offences, for the purposes of preventing and detecting crime including, e.g. fraud, terrorist financing and money laundering.
Sharing your Personal Information
We may share your Personal Information within the Bank (as many of our processes are centralised) and with third parties, where it is necessary for the purpose for which it was collected or where we have another legitimate interest in doing so.
Details of Third Parties with whom your personal data may be shared:
Categories of recipient (Third party service providers)
|
Purpose(s)
|
---|---|
Financial data platform |
Monitoring and analysing financial and market information and discussing with other financial professionals. |
Trading platform |
Monitoring and analysing financial and market information and discussing with other financial professionals. |
Event Management |
Appropriate managing of attendees at events. |
Record Management (documents, tapes) |
Technological back up and restoration services for wholesale banking support. |
Data storage and backup |
Technological back up and restoration services for wholesale banking support. |
Business Continuity Management |
Back up, recovery and data centre services for wholesale banking support for London. |
Execution and information service (broker) |
Sharing of broker data. |
Backup Data centre for UK |
Storage and use of personal data at an EU Production Data Centre. |
Sales & Trading Efficiency tools |
Personal data sharing across trading platform. |
Investment Research |
Tool for writing and distributing research. |
Trade Confirmation platform |
Personal data sharing across trade processing platform. |
Correspondent Banks |
Responding to valid and authorized information request to comply with regulatory obligations |
We will only share such Personal Information as is required by the third party to meet its specified, lawful purpose for processing. We may also be required by law to share your Personal Information, including with any regulatory or other governmental organisation, either in Europe or in any jurisdiction in which we operate due to the nature of our specific business in that regulator’s jurisdiction. Where reasonable to do so, and subject to the exceptions set out in this Policy, we will use all reasonable endeavours to notify you prior to sharing your Information with third parties and to explain why we are doing so.
Please note:
- We require third parties to respect the security of your Personal Information and to treat it in accordance with the law.
- We do not allow our third-party service providers to use your Personal Information for their own purposes. We only permit them to process your Information for specified purposes and in accordance with our instructions.
- Other than regulators, external third parties requiring access to any Personal Information within our control will have signed a confidentiality agreement and/or contract containing confidentiality and privacy wording with us. In these documents, the third party agrees to keep confidential all Personal Information they receive. They also agree not to collect, use or disclose it to any party other than as necessary to deliver the service in question to us.
- We will never rent or sell your Personal Information.
Location of your Personal Information
We may transfer your Information to countries outside the European Economic Area (“EEA”) and UK, for example, if any of our servers are located in a country outside of the EEA or UK, such as the USA. These countries may not have similar data protection laws to Europe. As we operate in various jurisdictions, the EEA and UK operations regularly share data with central groups in Toronto, Canada under the European Commission’s 2002 Adequacy Finding. If the data is going to other jurisdictions, other measures are used to protect your Personal Information to the same level, such as the European Commission’s Standard Contractual Clauses.
By providing your Personal Information, you are acknowledging that this transfer, storing or processing may take place. If we transfer your Information outside of the EEA or UK, we will take steps to help ensure that appropriate measures are taken to protect your privacy rights, as outlined in this Privacy Notice. You can request more details about any such measures taken from the DPO.
Automated Decision Making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Protection of your Personal Information
We have a number of technical and organization measures in place to protect our systems and your Personal Information. These include but are not limited to:
- Personal Information is only accessible by a limited number of relevant staff bound by duties of confidentiality;
- All electronic information is held on systems that incorporate firewalls, password- controlled access and virus protection procedures; and
- We audit our procedures and security measures regularly to help ensure that they are being properly administered and that they remain effective and appropriate to the sensitivity of the information.
Every employee is responsible for protecting Personal Information to which they have access in their role. All employees who have access to Personal Information are required, as a condition of employment, to comply with their applicable HR Privacy Policy and to protect the integrity and confidentiality of the Personal Information to which they have access in accordance with TDS’s internal Technology Standards. Failure to do so will be grounds for disciplinary action, which may include termination of employment.
We keep your Information for no longer than is necessary for the purpose(s) for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). When we no longer require your Personal Information, we will securely destroy and/or delete it from our systems as far as is reasonably and technically possible.
In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Information changes during your relationship with us, whether by informing your relationship manager or other key contact here. For your protection, you should not send confidential or Personal Information to us over the internet (e.g., email) or through any unsecured channel.
We have put in place procedures to manage any suspected data security breach and will notify you, and any applicable regulator, where we are legally required to do so.
Your Rights in Connection with Personal Information
Under certain circumstances, and subject to local law you may have the right to:
- Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a set of the Personal Information we hold about you and to check that we are lawfully processing that Information.
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate Information we hold about you corrected.
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Information where there is no longer a purpose for us continuing to process it. You also have the right to ask us to delete or remove your Information where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which may lead to you objecting to processing on this ground.
- Object where we are processing your Personal Information for direct marketing purposes.
- Request the restriction of processing of your Personal Information in specific circumstances. This enables you to ask us to suspend the processing of Information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Information to another party in certain circumstances.
If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Information, or request that we transfer a copy of your Information to another party, please contact the DPO.
You will not have to pay a fee to access your Personal Information or to exercise any of the other rights, however, we may charge a reasonable fee if we consider your request for access to be clearly unfounded or excessive.
We may need to request additional details from you to help us confirm your identity and ensure your right to access the Information or to exercise any of your other rights. This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.
Privacy Breaches and Complaints
If you are aware of, or are the victim of, a suspected privacy breach in connection to your relationship with us, you should immediately contact the DPO. All suspected privacy breaches are appropriately investigated, and applicable corrective action is taken.
In addition, as set out above, you have the right to make a complaint at any time to your applicable data protection regulator, as listed above, if you believe there has been any breach of data protection law.
TD Securities (Japan) Co., Ltd. Privacy PolicyTD Securities (Japan) Co., Ltd. Privacy Policy, Bilingual Version (トロント・ドミニオン日本証券 プライバシーポリシー 日・英版)