Skip to main content
TD Securities
 

Europe & Asia-Pacific Privacy Policy

The Privacy Notice applies to all individuals, including Directors, Trustees, Board Members, Beneficial Owners, Corporate, or Client/Counterparty Employees whose data is protected by TD Securities, Europe and Asia-Pacific. This includes the following legal entities:

 

United Kingdom

The Toronto-Dominion Bank, London Branch, 60 Threadneedle Street, London, EC2R 8AP

TD Bank Europe Limited, 60 Threadneedle Street, London, EC2R 8AP

TD Securities Limited, 60 Threadneedle Street, London, EC2R 8AP

 

Ireland

TD Global Finance unlimited company, 25-28 North Wall Quay, Dublin 1, Ireland

 

Singapore

The Toronto-Dominion Bank, Singapore Branch, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192

Toronto Dominion (South East Asia) Limited, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192

TD Securities (USA) LLC, Singapore Branch, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192

 

Hong Kong

The Toronto-Dominion Bank, Hong Kong Branch, Suite 2210, Two Pacific Place, 88 Queensway, Hong Kong, China

 

Australia

Toronto Dominion Australia Limited, c/o PricewaterhouseCoopers, Darling Park Tower 2, 201 Sussex Street, Sydney NSW 2000

 

In this Policy, the words “you” and “your” mean any data subject or individual described above. Any reference to “we”, “us”, “our”, or "they" includes each of the entities listed above.

 

We have always regarded the need for the protection, privacy, and confidentiality of the personal information (as defined in section 2 below) of our client and counterparty representatives as an important and fundamental operating requirement. This Privacy Notice provides descriptions that support our obligations and your rights under the General Data Protection Regulation (the “GDPR”) by explaining when and why we collect Personal Information about those individuals, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

 

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice and GDPR generally. If you have any questions about this Privacy Notice or how we handle your Personal Information, please contact:

 

Data Protection Officer
60 Threadneedle Street, London EC2R 8AP
Privacy.EAP@tdsecurities.com

 

You have the right to make a complaint at any time if you feel the processing of your Personal Information infringes the GDPR. Please see section 3 for the relevant regulators.

 

1. Key Definitions

 

“Personal Information” means any personal data or details from which a living individual may be directly or indirectly identified whether on its own or in conjunction with any other information we may have or be able to access (e.g., from you directly and/or obtained from others within or outside the Bank).

 

Examples of the categories of Personal Information we may process include:

  • Demographic information (e.g., name, address, telephone number(s), email address, age/date of birth, country of domicile, employer name, employer address, other employee contact information, and any other information that may be required for anti-money laundering documents);
  • CCTV footage;
  • Personal Identification Numbers (e.g., Government-issued ID);
  • Research subscriber preferences.

We may also process the following “special categories” of more sensitive Personal Information:

  • Information about your health (e.g., dietary restrictions, special access requirements);
  • Information about criminal convictions and offences.

“Process” or “processing” means any operation or set of operations which is performed on Personal Information (or sets of Personal Information), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, obtaining, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

2. Data Controllers

 

This Privacy Notice applies to the processing carried out by us in:

  • Australia: Toronto Dominion Australia Limited; regulated by the Office of the Australian Information Commissioner;
  • Hong Kong SAR (China): The Toronto-Dominion Bank, Hong Kong Branch, regulated by the Privacy Commissioner for Personal Data;
  • Ireland: TD Global Finance unlimited company, regulated by the Data Protection Commissioner;
  • Singapore: The Toronto-Dominion Bank, Singapore Branch, TD (South East Asia) Limited and TD Securities (USA) LLC; regulated by the Personal Data Protection Commissioner;
  • UK: The Toronto-Dominion Bank, London Branch, TD Bank Europe Limited and TD Securities Limited; regulated by the UK Information Commissioner’s Office.

Each is a data controller in respect to the relationship between themselves and you, as an individual whose Information they are processing. This means that each entity is responsible for deciding how it holds and uses your Personal Information.

 

As data controllers, each is accountable and has an obligation to ensure that they process your Personal Information in compliance with data protection law. This means that your Personal Information must be:

  • Processed fairly, lawfully and in a transparent way;
  • Collected only for specified, explicit and legitimate purposes that are clearly explained to you and not used in any way that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
  • Accurate and up to date;
  • Not kept for longer than is necessary for the purposes explained to you;
  • Processed in line with your rights;
  • Kept securely; and
  • Not transferred to other countries outside the EEA without adequate protection.

The relationships between TD Securities ("TDS") and its corporate third parties include the processing of your Personal Information for our primary business functions and activities, including KYC, AML and Sales. It encompasses the working relationship between you and TDS. It includes the administration of legislative programs such as fulfilling regulatory requirements, and tax and other statutory regulations.

 

3. How will we collect and what will be our legal ground for using your Personal Information?

 

During your relationship with us, we will collect and process your Personal Information as outlined in this Privacy Notice or as otherwise notified to you.

 

You will be the primary source for your Personal Information, but it may also be necessary to collect information from third parties, as set out in Section 8. At or before the time of collection of your Personal Information, and in line with this Privacy Notice, we explain how we intend to use your Personal Information and the legal ground for processing (e.g., legal obligation we are subject to, legitimate interest we have or consent). For each type of processing where we are relying on TDS’ legitimate interests, we list out such interests. For processing requiring your consent, we provide you with details of the Personal Information we would like and the reason for collecting it, so that you can carefully consider whether you wish to consent.

 

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact TDSClientOnboarding@tdsecurities.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose, or purposes, you originally agreed to, unless we have another legitimate basis for doing so in law.

 

We may process your Personal Information on other grounds in limited circumstances, in particular without your knowledge or consent:

  • Where we need to protect your interests (or someone else’s interests);
  • Where it is needed in the public interest or for official purposes;
  • For an emergency that threatens an individual's life, health or security, including your own;
  • If knowledge would compromise the availability or accuracy of the Information and collection is required to investigate a breach of the Guidelines of Conduct or contravention of European law;
  • If it is publicly available (such as name, address and telephone number of a subscriber in a telephone directory);
  • If we have reasonable grounds to believe the Information could be useful when investigating a contravention of a European or foreign law and the information is used for that investigation.

4. How will we collect and what will be our legal ground for using your special Personal Information?

 

We may process special categories of Personal Information in the following circumstances:

 

  1. In limited circumstances, with your explicit written consent (for example in response to an event invitation).
  2. Where we need to carry out our legal obligations of the relevant European jurisdictions in which we are operating and in line with our policies.
  3. Where it is needed in the substantial public interest and in line with our policies.

Less commonly, we may process this type of Information where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

 

5. Purposes of processing your Personal Information

 

We will process your Personal Information, including disclosure to third parties or other entities within our Bank, for any of the following legitimate business and necessary purposes:

 

Purpose Legal Ground
Conducting Client Engagement/Outreach Legitimate interest – relationship building during onboarding and forwards.
To prevent and detect crime including, e.g. fraud, terrorist financing and money laundering: conducting checks on you as part of checking on your employer, the corporate third party, such as know your customer (KYC) checks, anti-money laundering due diligence (AML DD) checks, and anti-fraud checks before we establish a relationship with that third party, and where required, during our relationship with that third party for ongoing verification in accordance with regulatory requirements regarding anti-money laundering, anti-terrorist financing, financial abuse, fraud and any other criminal activity, including cooperating with regulators, participating in internal and external investigations if any of these or any other suspicious activities are suspected. TDS’ legitimate interest and the public interest in ensuring the integrity and security of the financial sector.
Fixed Income Account Maintenance Legitimate interest – to ensure trades can successfully complete by updating third-party clients or counterparties’ representatives’ information to.
Counterparty Maintenance in Source Systems Legitimate interest – to send out trade confirmation messages and referral form agreement.
Client Relationship Management through the Individual Representatives Legitimate interest – building and maintaining relationships with TDS’ corporate clients.
Confirmations & Settlements Processes Legitimate interest – communication with third-party representatives to ensure confirmations are correct and trade settlement is successful.
Portfolio Reconciliation Legitimate interest – to reconcile clients portfolio and create client reports for regulatory reporting.
Client Reporting Processes under Regulatory Services Legitimate interest – reconcile clients portfolio and create client reports for regulatory reporting.
Organising TD Marketing Events and Attendance Registration Legitimate interest – to promote TDS EAP brand and awareness in the marketplace and our financial services and products. You can choose to stop receiving them at any time. To make that change, contact us in the usual way (as also indicated on each marketing communication).
Banking operations support: for undertaking business management and planning (including change of our business structure), including accounting and auditing and for assisting with, managing and improving the operations, including security, of TDS and TD Bank Group enterprise-wide. The lawful bases are our For criminal personal data, please refer to paragraph 4 above. Legitimate interests – business efficiency and data security to protect all data and information.
Engaging service providers, contractors or suppliers relating to the operation of our business. Legitimate interest – to enable us to provide our services as efficiently as possible.

 

We also collect, hold, use and disclose your personal information for the following optional purposes, though if you do not agree to processing for these purposes then we may not be able to provide you or our corresponding client with our products and services:

  • maintaining contact with our clients and other contacts, including keeping them informed of our services, products and events, on the basis of our legitimate interests to enable us to promote our financial services and products; and

Some of the above purposes for processing will overlap and there may be several purposes which justify our use of your Personal Information.

 

We will only use your Personal Information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

 

Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

6. Purposes of processing Special Personal Information

 

To the extent we have your special Personal Information; we will use this in the following ways:

  • Information about your health, or disability status, for the purposes of ensuring your health and safety (in particular for the purposes of event management) on the basis of your explicit written consent.
  • Information about criminal convictions and offences, for the purposes of preventing and detecting crime including, e.g. fraud, terrorist financing and money laundering.

7. Sharing your Personal Information

 

We may share your Personal Information within the Bank (as many of our processes are centralised) and with third parties, where it is necessary for the purpose for which it was collected or where we have another legitimate interest in doing so.

 

Details of Third Parties with whom your personal data may be shared:

 

Vendor Purpose
Thomson Reuters (Eikon) Monitoring and analysing financial and market information and discussing with other financial professionals.
Bloomberg UK Monitoring and analysing financial and market information and discussing with other financial professionals.
Image Events Appropriate managing of attendees at events.
Restore Document Management Technological back up and restoration services for wholesale banking support.
Veritas Technological back up and restoration services for wholesale banking support.
Sungard Back up, recovery and data centre services for wholesale banking support for London.
ICAP Information Services Sharing of broker data.
Equinix (UK) Ltd Storage and use of personal data at an EU Production Data Centre.
Algomi (Honeycomb) Personal data sharing across trading platform.
BlueMatrix Tool for writing and distributing research.
MarkitWire Personal data sharing across trade processing platform.

 

We will only share such Personal Information as is required by the third party to meet its specified, lawful purpose for processing. We may also be required by law to share your Personal Information, including with any regulatory or other governmental organisation, either in Europe or in any jurisdiction in which we operate due to the nature of our specific business in that regulator’s jurisdiction. Where reasonable to do so, and subject to the exceptions set out in this Policy, we will use all reasonable endeavours to notify you prior to sharing Information with third parties and to explain why we are doing so.

 

We require third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Information for their own purposes. We only permit them to process your Personal Information for specified purposes and in accordance with our instructions. Other than regulators, external third parties requiring access to any Personal Information within our control will have signed a confidentiality agreement and/or contract containing confidentiality and privacy wording with us. In these documents, the third party agrees to keep confidential any and all Personal Information they receive. They also agree not to collect, use or disclose it to any party other than as necessary to deliver the service in question to us.

 

We will never rent or sell your Personal Information.

 

We may transfer your data to countries outside the European Economic Area (“EEA”), for example, if any of our servers are located in a country outside of the EEA, such as the USA. These countries may not have similar data protection laws to Europe. As we operate in various jurisdictions, the EEA operations regularly share data with central groups in Toronto, Canada under the European Commission’s 2002 Adequacy Finding. If the data is going to other jurisdictions, other measures are used to protect your Personal Information to the same level, such as the European Commission’s Standard Contractual Clauses.

 

By providing your Personal Information, you are acknowledging that this transfer, storing or processing may take place. If we transfer your information outside of the EEA, we will take steps to help ensure that appropriate measures are taken to protect your privacy rights, as outlined in this Privacy Notice. You can request more information about any such measures taken from the DPO.

 

8. Automated Decision Making

 

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

 

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

 

9. Protection of your Personal Information

 

We have in place a number of technical and organization measures to protect our systems and your Personal Information. These include but are not limited to:

  • Personal Information is only accessible by a limited number of relevant staff bound by duties of confidentiality;
  • All electronic information is held on systems that incorporate firewalls, password- controlled access and virus protection procedures; and
  • We audit our procedures and security measures regularly to help ensure that they are being properly administered and that they remain effective and appropriate to the sensitivity of the information.

Every employee is responsible for protecting Personal Information to which they have access in their role. All employees who have access to Personal Information are required, as a condition of employment, to comply with their applicable HR Privacy Policy and to protect the integrity and confidentiality of the Personal Information to which they have access in accordance with TDS’s internal Technology Standards. Failure to do so will be grounds for disciplinary action, which may include termination of employment.

 

We keep your Information for no longer than is necessary for the purpose(s) for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). When we no longer require your Personal Information, we will securely destroy and/or delete it from our systems as far as is reasonably and technically possible.

 

In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such Information without further notice to you.

 

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us, whether by informing your relationship manager or other key contact here.

 

For your protection, you should not send confidential or Personal Information to us over the internet (e.g., email) or through any unsecured channel.

 

We have put in place procedures to manage any suspected data security breach and will notify you, and any applicable regulator, where we are legally required to do so.

 

10. What are your rights in connection with Personal Information?

 

Under certain circumstances, by law you have the right to:

  • Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a set of the Personal Information we hold about you and to check that we are lawfully processing that Information. Please note that there are a number of legal reasons that entitle us to withhold your Personal Information from you, including but not limited to: references to other individuals; legal privilege; confidentiality; and in connection with legal disputes.
  • Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no longer a purpose for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which may lead to you objecting to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
  • Request the restriction of processing of your Personal Information in specific circumstances. This enables you to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Information to another party.

If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Personal Information, or request that we transfer a copy of your Personal Information to another party, please contact the DPO.

 

You will not have to pay a fee to access your Personal Information or to exercise any of the other rights, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, in particular in relation to repetitive requests. Alternatively, we may refuse to comply with the request in such circumstances.

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the Information or to exercise any of your other rights. This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

 

11. Privacy Breaches and Complaints

 

If you are aware of, or are the victim of, a suspected privacy breach in connection to your relationship with us, you should immediately contact the DPO. All suspected privacy breaches are appropriately investigated and applicable corrective action is taken.

 

In addition, as set out above, you have the right to make a complaint at any time to your applicable data protection regulator, as listed above, if you believe there has been any breach of data protection law.

 

12. Changes to this Privacy Notice

 

We reserve the right to update this Privacy Notice at any time, and we will notify you, whether directly or indirectly, for example via our privacy notice webpage or email signatures, when we make any substantial updates. We may also notify you in other ways about the processing of your Personal Information.

 

If you have any questions about this Privacy Notice, please contact the DPO.

    July 19, 2018
    Login to