Privacy and Security

The Privacy Notice applies to all individuals, including Directors, Trustees, Board Members, Beneficial Owners, Corporate, or Client/Counterparty Employees whose data is protected by TD Securities, Europe and Asia-Pacific. This includes the following legal entities:

United Kingdom

The Toronto-Dominion Bank, London Branch, 60 Threadneedle Street, London, EC2R 8AP
TD Bank Europe Limited, 60 Threadneedle Street, London, EC2R 8AP
TD Securities Limited, 60 Threadneedle Street, London, EC2R 8AP

Ireland

TD Global Finance, unlimited company, One Molesworth Street, Dublin 2, D02 RF29, Ireland

Singapore

The Toronto-Dominion Bank, Singapore Branch, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192
Toronto Dominion (South East Asia) Limited, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192

Hong Kong (SAR)

The Toronto-Dominion Bank, Hong Kong Branch, Suite 1211, Two Pacific Place, 88 Queensway, Hong Kong, China

Australia

Toronto-Dominion Australia Limited, Tower One International Towers, Level 17, 100 Barangaroo Avenue, Barangaroo NSW 2000 Australia

In this Policy, the words “you” and “your” mean any data subject or individual described above. Any reference to “we”, “us”, “our”, or "they" includes each of the entities listed above.

We have always regarded the need for the protection, privacy, and confidentiality of the Personal Information (as defined in section 2 below) of our client and counterparty representatives as an important and fundamental operating requirement. This Privacy Notice provides descriptions that support our obligations and your rights under the applicable jurisdiction, by explaining when and why we collect Personal Information about those individuals, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice and GDPR more generally. If you have any questions about this Privacy Notice or how we handle your Personal Information, please contact:

Data Protection Officer 60
Threadneedle Street, London EC2R 8APH3
Privacy.EAP@tdsecurities.com

You have the right to make a complaint at any time if you feel the processing of your Personal Information infringes the local legislature. Please see the section 'Collection methods and legal ground for using Personal Information' for the relevant regulators.

Key Definitions

"Personal Information” or "Information" means any personal data or details from which a living individual may be directly or indirectly identified whether on its own or in conjunction with any other information we may have or be able to access (e.g., from you directly and/or obtained from others within or outside the Bank).

Examples of the categories of Personal Information we may process include:

We may also process the following “special categories” of more sensitive Personal Information:

“Process” or “processing” means any operation or set of operations which is performed on Personal Information (or sets of Personal Information), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, obtaining, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Controllers

"Data controller" refers to where we make decisions on how Personal Information is used in relation to our business.

This Privacy Notice applies to the processing carried out by us in:

Each of these is a data controller in respect to the relationship between themselves and you, as an individual whose Personal Information they are processing and is responsible for deciding how it holds and uses that Information.

As data controllers, each is accountable and has an obligation to ensure that they process your Personal Information in compliance with data protection law. This means that your Personal Information must be:

The relationships between TD Securities ("TDS") and its corporate third parties include the processing of your Personal Information for our primary business functions and activities, including Know Your Customer ("KYC"), Anti-Money Laundering ("AML") and Sales. It encompasses the working relationship between you and TDS. It includes the administration of legislative programs such as fulfilling regulatory requirements, and tax and other statutory regulations.

Collection methods and legal grounds for using Personal Information

During your relationship with us, we will collect and process your Personal Information as outlined in this Privacy Notice or as otherwise notified to you from time to time.

You will be the primary source for your Personal Information, but it may also be necessary to collect Information from third parties, elsewhere such as third party verification services and publicly available registries or records. At or before the time of collection of your Personal Information, and in line with this Privacy Notice, we explain how we intend to use your Personal Information and the legal ground for processing (e.g., legal obligation we are subject to, the legitimate interest we have or consent). For each type of processing where we are relying on TDS’ legitimate interests, we list out such interests. For processing requiring your consent, we provide you with details of the Personal Information we would like and the reason for collecting it, so that you can carefully consider whether you wish to give that consent.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact TDSClientOnboarding@tdsecurities.com. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Information for the purpose, or purposes, you originally agreed to, unless we have another legitimate basis for doing so in law in which case, we will inform you accordingly.

In limited circumstances, we may process your Personal Information on other grounds and occasionally, without your knowledge or consent. This may be:

Collection methods and legal grounds for 'special category' Personal Information

We may process special categories of Personal Information in the following circumstances:

1. In limited circumstances, with your explicit written consent (for example in response to an event invitation where we need to know dietary requirements).
2. Where we need to carry out our legal obligations of the relevant European jurisdictions in which we are operating and in line with our policies.
3. Where it is needed in the substantial public interest and in line with our policies.

Less commonly, we may process this type of Information where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the Information public.

Purposes of processing your Personal Information

We will process your Personal Information, including disclosure to third parties or other entities within our Bank, for any of the following legitimate business and necessary purposes:

TODO Text for Caption needed

Purpose	Legal Ground
Conducting Client Engagement/Outreach	Legitimate interest – relationship building during onboarding and forwards.
To meet compliance with regulatory obligations, and prevent and detect crime including, e.g. fraud, terrorist financing and money laundering: conducting checks on you as part of checking on your employer, the corporate third party, such as know your customer (KYC) checks, anti-money laundering due diligence (AML DD) checks, and anti-fraud checks before we establish a relationship with that third party, and where required, during our relationship with that third party for ongoing verification in accordance with regulatory requirements regarding anti-money laundering, anti-terrorist financing, financial abuse, fraud and any other criminal activity, including cooperating with regulators, participating in internal and external investigations if any of these or any other suspicious activities are suspected. Compliance with these obligations may involve call recording.	TDS’ legitimate interest and the public interest in ensuring the integrity and security of the financial sector.
Fixed Income Account Maintenance	Legitimate interest – to ensure trades can successfully complete by updating third-party clients' or counterparties’ representatives’ information.
Counterparty Maintenance in Source Systems	Legitimate interest – to send out trade confirmation messages and referral form agreement.
Client Relationship Management through the Individual Representatives	Legitimate interest – building and maintaining relationships with TDS’ corporate clients.
Confirmations & Settlements Processes	Legitimate interest – communication with third-party representatives to ensure confirmations are correct and trade settlement is successful.
Portfolio Reconciliation	Legitimate interest – to reconcile client's portfolio and create client reports for regulatory reporting.
Client Reporting Processes under Regulatory Services	Legitimate interest – reconcile client's portfolio and create client reports for regulatory reporting.
Organizing TD Marketing Events and Attendance Registration	Legitimate interest – to promote TDS EAP brand and awareness in the marketplace and our financial services and products. You can choose to stop receiving them at any time. To make that change, contact us in the usual way (as also indicated on each marketing communication).
Banking operations support: for undertaking business management and planning (including change of our business structure), including accounting and auditing and for assisting with, managing and improving the operations, including security, of TDS and TD Bank Group enterprise-wide. For the lawful bases for criminal personal data, please refer to paragraph 4 above.	Legitimate interests – business efficiency and data security to protect all data and information.
Engaging service providers, contractors or suppliers relating to the operation of our business.	Legitimate interest – to enable us to provide our services as efficiently as possible.

We also collect, hold, use and disclose your Personal Information for maintaining contact with our clients and other contacts, including keeping them informed of our services, products and events, on the basis of our legitimate interests to enable us to promote our financial services and products;

Some of the above purposes for processing will overlap and there may be several reasons to justify our use of your Personal Information.

We will only use your Information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose.

If we subsequently find that we need to use your Personal Information for a new, unrelated purpose, we will notify you and explain the legal basis which we will be relying upon.

Purposes of processing Special Personal Information

To the extent that we have your special Personal Information; we will use it in the following ways:

Sharing your Personal Information

We may share your Personal Information within the Bank (as many of our processes are centralised) and with third parties, where it is necessary for the purpose for which it was collected or where we have another legitimate interest in doing so.

Details of Third Parties with whom your personal data may be shared:

TODO Text for Caption needed

Categories of recipient (Third party service providers)	Purpose(s)
Financial data platform	Monitoring and analysing financial and market information and discussing with other financial professionals.
Trading platform	Monitoring and analysing financial and market information and discussing with other financial professionals.
Event Management	Appropriate managing of attendees at events.
Record Management (documents, tapes)	Technological back up and restoration services for wholesale banking support.
Data storage and backup	Technological back up and restoration services for wholesale banking support.
Business Continuity Management	Back up, recovery and data centre services for wholesale banking support for London.
Execution and information service (broker)	Sharing of broker data.
Backup Data centre for UK	Storage and use of personal data at an EU Production Data Centre.
Sales & Trading Efficiency tools	Personal data sharing across trading platform.
Investment Research	Tool for writing and distributing research.
Trade Confirmation platform	Personal data sharing across trade processing platform.
Correspondent Banks	Responding to valid and authorized information request to comply with regulatory obligations

We will only share such Personal Information as is required by the third party to meet its specified, lawful purpose for processing. We may also be required by law to share your Personal Information, including with any regulatory or other governmental organisation, either in Europe or in any jurisdiction in which we operate due to the nature of our specific business in that regulator’s jurisdiction. Where reasonable to do so, and subject to the exceptions set out in this Policy, we will use all reasonable endeavours to notify you prior to sharing your Information with third parties and to explain why we are doing so.

Please note:

Location of your Personal Information

We may transfer your Information to countries outside the European Economic Area (“EEA”) and UK, for example, if any of our servers are located in a country outside of the EEA or UK, such as the USA. These countries may not have similar data protection laws to Europe. As we operate in various jurisdictions, the EEA and UK operations regularly share data with central groups in Toronto, Canada under the European Commission’s 2002 Adequacy Finding. If the data is going to other jurisdictions, other measures are used to protect your Personal Information to the same level, such as the European Commission’s Standard Contractual Clauses.

By providing your Personal Information, you are acknowledging that this transfer, storing or processing may take place. If we transfer your Information outside of the EEA or UK, we will take steps to help ensure that appropriate measures are taken to protect your privacy rights, as outlined in this Privacy Notice. You can request more details about any such measures taken from the DPO.

Automated Decision Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Protection of your Personal Information

We have a number of technical and organization measures in place to protect our systems and your Personal Information. These include but are not limited to:

Every employee is responsible for protecting Personal Information to which they have access in their role. All employees who have access to Personal Information are required, as a condition of employment, to comply with their applicable HR Privacy Policy and to protect the integrity and confidentiality of the Personal Information to which they have access in accordance with TDS’s internal Technology Standards. Failure to do so will be grounds for disciplinary action, which may include termination of employment.

We keep your Information for no longer than is necessary for the purpose(s) for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). When we no longer require your Personal Information, we will securely destroy and/or delete it from our systems as far as is reasonably and technically possible.

In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Information changes during your relationship with us, whether by informing your relationship manager or other key contact here. For your protection, you should not send confidential or Personal Information to us over the internet (e.g., email) or through any unsecured channel.

We have put in place procedures to manage any suspected data security breach and will notify you, and any applicable regulator, where we are legally required to do so.

Your Rights in Connection with Personal Information

Under certain circumstances, and subject to local law you may have the right to:

If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Information, or request that we transfer a copy of your Information to another party, please contact the DPO.

You will not have to pay a fee to access your Personal Information or to exercise any of the other rights, however, we may charge a reasonable fee if we consider your request for access to be clearly unfounded or excessive.

We may need to request additional details from you to help us confirm your identity and ensure your right to access the Information or to exercise any of your other rights. This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

Privacy Breaches and Complaints

If you are aware of, or are the victim of, a suspected privacy breach in connection to your relationship with us, you should immediately contact the DPO. All suspected privacy breaches are appropriately investigated, and applicable corrective action is taken.

In addition, as set out above, you have the right to make a complaint at any time to your applicable data protection regulator, as listed above, if you believe there has been any breach of data protection law.

TD Securities (Japan) Co., Ltd. Privacy Policy

TD Securities (Japan) Co., Ltd. Privacy Policy, Bilingual Version (トロント・ドミニオン日本証券 プライバシーポリシー 日・英版)