This Privacy Statement contains the information EMMI is required to provide under the General Data Protection Regulation 2016/679 (hereinafter GDPR) concerning the processing by EMMI of your personal data.
Please note that this Privacy Statement will be updated to reflect any changes in the way EMMI handles your personal data or any changes in the applicable law.
EMMI collects personal data of its employees, potential employees, members of governing bodies, customers, service providers, contributors, users of websites, users who watch content EMMI posts on social media, members of the press, members of industry associations and members of public and governmental authorities.
If the data we collect are not listed in this Privacy Statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used.
Except for information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Statement, and you may not be able to use certain information, products and systems of EMMI which require the use of such personal data. If you provide EMMI with personal data of another individual, you are responsible for ensuring that such individual is made aware of the information contained in this Privacy Statement and that an appropriate legal basis is available to share the personal data with EMMI.
The precise categories of personal data that EMMI collects depends on the relationship you have with EMMI. These categories of personal data may include:
• Your basic information – such as your names (including name prefix or title), gender, date of birth, nationality, and professional position;
• Contact information – such as your address; email address; and phone number(s);
• Financial information needed to perform our payment obligations and rights – such as the information needed to pay our employees, members of governing bodies and service providers and the information needed to invoice our customers;
• Information on the use made of our websites – such as number of unique visitors, page views, time spent on our site: this information is collected via third party cookies;
• Career Information – Information on your education and work experience and other information contained in your curriculum vitae; and
• Health Data needed to perform our obligations under Belgian employment and social security law – such as information on pregnancy and work place accidents of our employees; and
|EMMI processes personal data as required for the performance of its agreements with its customers, members of the governing bodies and service providers.||Necessary for the performance of a contract to which you are a party.|
|EMMI processes personal data to meet its legal obligations under the Benchmark Regulation and any other applicable laws and to handle complaints (including whistleblowing) and investigations by supervisory authorities, data protection authorities and public authorities.||Necessary for the compliance with a legal obligation to which EMMI is subject.|
|EMMI processes personal data for the creation of benchmarks.||Justified on the basis of EMMI’s legitimate interest to ensure the proper functioning of its business operations.|
|EMMI processes personal data relating to its employees to ensure that EMMI meets its legal obligations as an employer.||Necessary for the compliance with a legal obligation to which EMMI is subject.|
|EMMI processes personal data of customers in order to monitor and prevent any suspicious or fraudulent activity.||Justified on the basis of EMMI’s legitimate interest to ensure the security of your accounts and prevent fraudulent activities.|
|EMMI processes personal data relating to potential employees for the purpose of the recruitment process.||Justified on the basis of EMMI’s legitimate interests for ensuring that we recruit qualified employees.|
|EMMI processes personal data to protect the legal rights and interests of EMMI.||Justified on the basis of EMMI’s legitimate interests for ensuring that EMMI can enforce and defend its legal rights and obligations.|
|EMMI processes personal data relating to the use of its websites to improving the security and functioning of the websites.||Justified on the basis of EMMI’s legitimate interests for ensuring that you receive an excellent user experience and our networks and information are secure.|
|EMMI processes personal data to carry out market surveys.||Justified on the basis of EMMI’s legitimate interests for improving the quality of its products and services.|
|EMMI processes personal data to promote and market its product and services.||Justified on the basis of EMMI’s legitimate interests for ensuring that EMMI can conduct and increase its business.|
|EMMI processes personal data to communicate with you.||Justified on the basis of our legitimate interests for ensuring proper communication outside and within the organization.|
|EMMI processes personal data to carry out background checks of the members of the Steering Committee and the Board of Directors.||Necessary for the compliance with a legal obligation to which EMMI is subject.|
We may transfer personal data to our customers, service providers, professional advisors, public and governmental authorities or to interested third parties in connection with a (potential) corporate or commercial transaction.
Some of the recipients to whom EMMI may transfer your personal data may be located outside the European Economic Area (EEA). Such transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards under the applicable law.
EMMI attaches great importance to your right to privacy and the protection of your personal data.
EMMI protects your personal data in accordance with applicable laws including the European General Data Protection Regulation (GDPR). EMMI maintains (partly through service providers) organizational, physical and technical security arrangements for all the personal data we hold. EMMI has relevant policies and procedures to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing it undertakes.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the internet, we cannot guarantee the total security of data flows during transmission via the internet or that our IT systems are totally impenetrable and safe from any attempt to intrude in it.
We will retain your personal data only for as long as necessary for the abovementioned purposes, in particular your personal data will be retained according to the following principles.
For all personal data related to the benchmark administration process, EMMI’s Record-keeping Policy and Procedure for EMMI Benchmarks, sets out the timeframe of the record-keeping which depends on the type of personal data.
Your personal data will be retained for as long as needed in order to comply with our legal and contractual obligations.
Employees’ personal data will be retained for a period of 5 years after termination of the employment contract.
EMMI will store applicants’ personal data for as long as the open position must be filled. This period is over when a candidate accepts the job offer related to the job opening. When that period is over, the personal data will either be deleted, or be kept in EMMI’s database in case of future job openings. In such case, EMMI will inform the applicant(s) that their data will be kept and that they have the possibility to assert their Data Subjects Rights (please refer to section 6).
EMMI will also keep your personal data for as long as there is an ongoing relationship between you and EMMI.
EMMI may retain your personal data during a longer period if it is necessary for legal proceedings, governmental or regulatory requests or investigations, enforcing our agreements and policies or protecting the security and integrity of its products and services.
You have certain rights when it comes to your personal data. Below is a summary of those rights.
We will respond to your request(s) within a reasonable timeframe and in any event within one month of receipt of the request (unless more time is required in view of the complexity of the request or number of requests received by EMMI). You are entitled to the following rights:
• Right to request access to your personal data: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
• Right of rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
• Right to request erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
• Right to request the restriction of processing activities: this right entitles you to request that EMMI only processes your personal data in limited circumstances.
• Right to object to the processing activities: this right entitles you to request that EMMI no longer processes your personal data.
• Right to data portability: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to EMMI, or request EMMI to transmit such personal data to another data controller.
In case you have questions about the processing by EMMI or want to exercise the rights set out in section 6 of this Privacy Statement, please send an e-mail to email@example.com or fill in a data subject request form. You may also send a request by post to:
Data Privacy Responsible
European Money Markets Institute
Avenue des Arts, 56
If you have unresolved concerns, you have the right to file a complaint with the Belgian data protection authority (Autorité de protection des données/Gegevensbeschermingsautoriteit) that oversees compliance of the legislation in effect in relation to privacy and the protection of data.
[last update: 25/052018]
STEP takes reasonable measures to ensure the quality and accuracy of the information on this Website. However, STEP cannot be held liable in any way for the inaccuracy or incompleteness of any information that is available on or through this Website. In addition, none of the Parties can in any way be held liable or responsible for the content of any Website linked to this Website.