Unless indicated otherwise, this privacy policy applies to:

• Individuals who access, use, and/or interact with our websites, domains products, services, platforms, software, and applications, including mobile applications (“apps”) (collectively the “Services”).
• Individuals who attend ION events, events hosted at our premises, and delegates at events for which ION provides sponsorship.
• Prospective employees.
• Independent contractors, consultants; subcontractors, and service providers, including influencers whom ION engages, and other suppliers and their personnel.

ION Services are not intended to be used or accessed by children, and we do not intentionally collect information from individuals under the age of sixteen (16).

This policy covers the content that forms part of our Services.

The policy applies across all entities and jurisdictions where ION operates, other than those entities and jurisdictions where a local policy is in force, in which case such policy will take precedence.

Personal information about you is collected from you or your employer when you access or interact with the Services. This includes, but isn’t limited to, when you:

• Ask us for support.
• Interact with our websites, domains, and applications.
• Sign up to receive marketing or other communications from us, such as a newsletter.
• Get invited to, register for, or attend an event that ION organises or sponsors.

ION servers, logs, and other technologies may automatically collect certain information from or about you. For example, your User ID and IP address. This and your usage information help ION to administer, protect, and improve our Services.

ION may also collect information by using cookies. For more information about cookies and similar technologies, see Cookies.

Information may be collected directly from you or through your engagement with ION. To set up your access and/or use of our Services, information about you may also be collected from:

• Third parties, such as your employer.
• A subscriber.
• A group, organisation, or association you belong to or are associated with.
• Service providers and partners who work alongside us in relation to our Services.

Certain companies provide content for use in our Services, which may include your information. We also use sources available:

• In the public domain, generally over the Internet, such as corporate websites.
• Via media and from government databases, datasets, records, and systems (such as government and business websites, and other online resources.

If you are a potential employee or before your or your employer’s engagement as an independent contractor or consultant, we may obtain data directly from you, information made public by you, or information about you from a third-party verification check provider.

Subject to relevant laws, we or the third-party verification provider may verify the information you provide against information you’ve made public, and/or against information held by third parties.

Any third parties who provided personal information to us are responsible for their own compliance with applicable data protection and privacy law.

What information we collect about you depends on how you’re interacting with us and how you use our Services. The personal information collected may include:

• Name and contact data: For example, your:
  • First and last name
  • Email address, almost always business contact email addresses
  • Postal address
  • Phone number
  • Other similar contact data.
• Business contact data and industry status: For example, your:
  • Current and/or former employers
  • Job titles
  • Gender
  • Business contact information
  • Industry
  • Certifications
  • Board memberships
  • Seniority
  • Tenure
  • Organisational structure
  • Publications
  • Number of followers on social media profiles
  • Media coverage
  • Event attendances and involvement
  • Publications
  • Education history
• Account credentials: For example, passwords and other security information for authentication and access.
• User content: For example, communications and files you provide in relation to your use of the Services.
• Payment information: For example:
  • Payment card number (credit or debit card).
  • The security code associated with your payment instrument, if you make a payment.
• Device information: For example, information about your device, such as:
  • IP address
  • Location
  • Device identification numbers, or provider
• Usage information and browsing history: For example:
  • Information about how you navigate within our Services.
  • Your browsing history.
  • Which elements of the Services you use the most.
• Demographic information: For example, your country and preferred language.
• Your curriculum vitae or resume and your:
  • Education
  • Qualifications and experience
  • Employment history
  • Any criminal record
  • Credit background
  • Visa information
  • Social security number
  • Marital status
  • Banking details
  • Answers to questions relevant to a particular role you have applied for.
• CCTV, images, and/or photographs, if you visit or work from ION offices or attend an event ION is involved with.
• Identification documents, if you apply for a role with us, submit a data subject request, and so on. For example, copies of your passport, driving licence, or other official IDs.
• Special categories of data or sensitive personal information: For example, where it’s relevant for accessing our Services or events or making reasonable adjustments for job interviews. This could include:
  • Health or disability information, where it’s relevant for accessing our offices or attending our events.
  • Religious information relating to dietary requirements for attending an event or meeting.
• Identifiers: For example:
  • Unique identification numbers
  • Cookie identifiers
  • Account numbers
  • Social security numbers
  • National identifiers
• Additional personal information may be sourced from public sources, usually over the internet, when we have a reasonable basis to believe the information is lawfully made available to the general public by or from:
  • You, the subject of the data. For example, information posted on social media.
  • Widely distributed media, or
  • A person to whom you have disclosed the personal information or lawfully made it available from records, databases, and/or systems of government agencies, departments, divisions, or otherwise, in electronic, paper, or any other format.

Examples include personal information found on company registries or other governmental websites and databases, or via reputable news media, publications, and other channels.

The public source data may directly or indirectly contain special category information.

This section sets out the legal grounds upon which your personal information is processed. There may be more than one lawful ground or reason for processing your personal data.

Personal information about you is processed based on one or more of the following:

• It’s necessary for the performance of a contract: Where ION has a contract with you, ION will process your personal information to fulfil the contract, in default of which ION may not be able to comply with our contractual obligations.
• It’s in our or a third party’s legitimate interests: Details of those legitimate interests are set out in Legitimate interests for use. For example, providing Services that we’re contractually obliged to deliver to you by a third party, such as your employer or our subscriber.
• There’s substantial public interest based on applicable law: For example, to help prevent and detect unlawful acts, such as money laundering, fraud, and/or other criminal activity.
• You give us your consent: For example, by signing up to receive marketing and promotional communications from or about ION.
• For compliance with a legal obligation: For example, to respond to a court order or a regulator, or comply with statutory and regulatory requirements in the jurisdictions where we operate.

We may process sensitive personal information in limited circumstances. We normally only do this where:

• It’s necessary in relation to legal obligations.
• Personal information is within the public domain.
• It’s necessary for the establishment, exercise, or defence of legal claims.
• Courts are acting in their judicial capacity, or
• Processing is necessary for reasons of substantial public interest, based on applicable law.

Personal information is used to:

• Set up and administer your account and your use of our Services, including:
  • For access purposes.
  • To provide technical and customer support and training.
  • To verify your identity and perform authentication activities.
  • To facilitate and process transactions.
  • To provide suggestions and recommendations related to our Services.
  • To service our customers’ needs (including delivering the Services).
  • To send important account, subscription, and Service information.
• Administer our relationship with you, our business, and our third-party providers. For example, to send invoices or to handle enquiries or complaints.
• Understand the patterns, preferences, and interests of our customers, for research and development purposes to improve, test, and enhance our Services.
• Contact you for participation in, and to conduct, and manage, events, webinars, seminars, meetings, and/or other related gatherings or similar activities. These include but are not limited to promotions and competitions.
• Deliver and suggest tailored content such as news, research, reports, and business information. We analyse how you use our Services to suggest features or Services you’ll be interested in and make our Services more user-friendly.
• To personalise your experience with our Services. ION may retain your browsing and usage information to make your searches within our Services more relevant. We may:
  • Use those insights to target the advertising you see on our websites and apps. To learn about your choices, see How to opt out of marketing.
  • Share your personal information across our Services to make them more user-friendly. For example, so that you don’t have to enter the same data multiple times.
• To contact you in relation to, and to conduct, surveys, polls, or other research activities and to analyse the data collected for market research purposes, including, without limitation, related to creating and improving our Services.
• To display information you choose to post, share, upload, or make available in forums or similar.
• To provide insights about the use of the Services to any third party who has made our Services available to you. For example, your employer or our subscriber.
• To provide you with marketing as permitted by law.
• To meet our internal and external audit requirements, including:
  • Meeting our information security obligations.
  • If your employer or our subscriber provides your access to our Services, meeting their internal and external audit requirements.
  • For regulatory reporting, oversight, and co-operation.
• To enforce our terms and conditions.
• To protect our rights, privacy, safety, networks, systems, and property, or those of other persons, including without limitation:
  • Verifying identity at our premises. For example, ID check.
  • Monitoring our premises for safety and security purposes. For example, CCTV.
• For:
  1. Onboarding and managing relationships with clients or customers, suppliers, influencers, business partners, professional advisers, and/or any other counterparties.
  2. Participation in any M&A, restructures, joint ventures, or similar transactions.
  3. Appointment and periodic review of any individuals in ownership, shareholder, member, manager, director, officer, and/or any other executive-level positions, roles, or capacities for or with companies in the ION Group and in connection with the matters covered in (i) — (iii) above, to carry out any background and screening checks, including screening checks performed using our KYC6 product.

• As part of a contemplated or actual corporate transaction such as a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock, including in connection with any bankruptcy or similar proceedings.
• For the prevention, detection, or investigation of a crime or other breach of law or requirement, loss prevention, or fraud.
• To build, update, supplement, and manage content databases made available to our customers in connection with our Services.
• To comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence.
• To exercise our rights, and to defend ourselves from claims, and to comply with laws and regulations that apply to us or the parties we work with.

Where legitimate interests are relied upon as a lawful ground for processing your personal information, those interests are balanced against your fundamental rights and freedoms.

Marketing and event communications are delivered to you in various ways.

If a marketing communication is sent, instructions on how to opt out of receiving these communications in the future are included. Where required by law, you’ll be explicitly asked to opt in to receive marketing from us.

You have the right to opt out of receiving direct marketing and targeted online advertising at any time.

Tools and technologies to deliver or display targeted marketing and advertising content on or through our Services are used. These may involve:

• Use of cookies and related technologies,
• Tracking of IP addresses.
• Assigning and tracking unique identification numbers.

ION may also engage in marketing and advertising activities through chat or messenger functionality available through our Services.

When we send you marketing communications, we use email tracking technology to review your engagement and the effectiveness and relevance of the communications. This technology includes, without limitation, dynamic links and image files.

Tools and technologies are used to:

• Distinguish known and unknown users of our Services.
• Record, review, track, and analyse engagement and use of our Services. For example, recording or tracking hovers, clicks, keyword searches, or personal information entered in forms.

ION may also engage in marketing activities on third-party platforms, including, without limitation, social media platforms. These activities are subject to the privacy statements and terms and conditions applicable to such third-party platforms.

How to opt out of marketing

You can opt out or unsubscribe from such marketing activities in the following ways:

• In emails from us, click Unsubscribe.
• Within a specific Service, use any contact features to specify your preferences.

Note: If you opt out of marketing communications, ION may still send you service communications or important transactional information related to your accounts, subscriptions, and applicable products for purposes such as providing customer support.

Interest-based advertising

Interest-based advertising (IBA) allows us to deliver targeted advertising to users of our Services. Materials are shown based on the type of content you typically access or read.

For example, as you browse our Services, an advertising cookie will be placed on your device. This helps us better understand what pages or content you’re interested in.

Opting out of interest-based advertising doesn’t mean you’ll no longer receive advertising when using our Services. It just means that ION will not use your personal information for IBA.

To exercise your online advertising choices, either:

• Visit YourAdChoices.com, or
• Click AdChoices in an ad and follow the instructions.

You can also opt out of receiving interest-based ads from many sites using the Network Advertising Initiative’s (NAI) opt-out tool.

• If you delete cookies, use a different device, or change web browsers, you may need to opt out again.

Advertising on mobile devices

Mobile devices have an identifier that allows companies to serve targeted ads to a specific mobile device.

Often, you can turn off mobile device ad tracking or reset the advertising identifier at any time within your mobile device’s privacy settings.

Another tool you can use to control advertising on your mobile device is the AppChoices App.

You can also choose to turn off location tracking on your mobile device.

If you turn off ad or location tracking, we will no longer use information collected from your device’s advertising identifier to advertise.

You may still see the same number of ads, but they won’t be tailored to your interests. Where needed, consent will be obtained to gather information about your location.

Personal information is shared with various parties and persons, including:

• Within the ION Group.
• With certain suppliers and partners.
• With the party or person providing your access to our Services (if that’s not you).

ION companies are located worldwide. Your personal information may be processed outside your home country, possibly in countries that offer less protection.

Appropriate safeguards (including but not limited to contractual agreements) are in place to ensure international transfers respect data protection laws. Our personnel and third-party providers are subject to duties of confidentiality.

ION has servers, systems, networks, and databases around the world. Support is offered on a follow-the-sun model to benefit our clients, who are also global companies.

We have long-standing contractual relationships with cloud hosting services and other core suppliers around the world to meet the needs of our business and our clients.

Appropriate steps are taken to ensure that personal information is processed in accordance with applicable law as may be further addressed in our agreements.

Sometimes your personal information may need to be transferred within ION or to third parties in areas outside of your home country, including to countries that have not been declared adequate by data protection regulators or supervisory authorities, including, without limitation, the European Commission.

Where necessary, safeguards are put in place in accordance with applicable law, including Articles 44–50 (Chapter 5) of the EU General Data Protection Regulation (GDPR). The locations of these recipients will vary from time to time, but include:

• The United States
• Europe
• Canada
• Asia, including Australia and India
• All other countries where ION has a business presence.

For the list of our offices, please see https://iongroup.com/offices/.

Support

To provide technical support to our global customers, ION has employees, business units, and company functions in various international locations.

Limited personal data needs to be transferred internationally, so that employees working in these various business units and/or company functions can access the limited personal data required to provide the requested support, complete assigned tasks, and collaborate with colleagues located at different international sites as necessary.

By interacting with our support services by email or any other method, you are transferring your personal data to personnel located in these jurisdictions. They will process any personal data you opt to share with them for the purposes of providing support and improving our services.

Use of subprocessors

ION uses trusted service providers to deliver its Services and for its general business operations. These providers are subject to duties of confidentiality.

For more information relating to the Service you subscribe to, please contact us. See How to contact us.

By continuing to use our Services and engage with ION, you accept and acknowledge that ION uses subcontractors or subprocessors. This acceptance is considered a ‘general authorisation’ under the provisions of the EU General Data Protection Regulation.

The following table lists some of our core providers. It provides links to their web pages relating to privacy and the handling of personal data.

A processor shall not engage another processor without the prior specific or general written authorisation of the controller.

For general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors. This allows the controller to object to such changes.

ION takes the security of personal information very seriously.

Appropriate technical and organisational measures are used to secure data, according to the risk level and the service provided. ION has a global Information Security team, led by our Chief Information Security Officer.

ION Group Information Security policies, documentation, and procedures are aligned with widely recognised international standards.

The Information Security team regularly reviews these standards and documentation to ensure ION meets changing requirements.

Although reasonable means are used to secure your personal data, no method is completely secure. ION cannot guarantee the security of any personal information you transmit.

All transmissions are done at your own risk.

You are responsible for your own compliance with all relevant data privacy laws or regulations.

When you use ION services or access our systems or information, you should not input, upload, or disclose to ION, any irrelevant, inaccurate, or excessive information about yourself or others.

If we’re processing data on your behalf, ION will act on your instructions. If we believe any instructions breach applicable data privacy legislation, we’ll inform you.

The nature and purpose of the processing of personal data is the performance of services pursuant to the agreement in place between the relevant ION entity and you.

The categories of data subjects whose personal data will be processed while providing such services, and the types of data processed, are generally business contact information of users or administrators (name, email address, phone number, location, usage information) or as otherwise set out in the subscription agreement or this policy.

Subject to ION’s policies in place from time to time, ION will:

• Assist you in ensuring compliance with the obligations of applicable data privacy legislation, considering the nature of processing and the information available to ION.
• Notify you without undue delay upon becoming aware of a qualifying personal data breach, providing you with sufficient information to meet your obligations.
• Provide commercially reasonable assistance and information to enable you to demonstrate compliance with applicable data privacy legislation.

At ION’s discretion, we may demonstrate compliance with applicable legislation in the form of certificates, third-party audit reports, or the provision of other relevant information.

ION’s assistance will be provided following an agreement between the parties on:

• The scope and timing of such assistance.
• The fees chargeable by ION for such assistance, which shall be agreed in advance before services are undertaken by ION.

Our approach to retention depends on the relevant Service. However, we aim not to retain personal data for longer than necessary, and you can request details regarding a particular processing.

Considerations in relation to our retention periods include:

• When you or your employer (or other subscriber arranging your access to our Services) ceases to use our Services.
• The time necessary to fulfil the purposes for which the data was collected.
• The time for which it’s reasonable to keep records to demonstrate that we’ve fulfilled our duties and obligations.
• Any statutory limitation periods within which claims might be made and any relevant legal or regulatory proceedings.
• Any retention periods prescribed by law or recommended by regulators, professional bodies, or associations.
• Our Group Information policies and documentation, and any other factors that ION and our advisers think necessary.

A cookie is a small text file placed on a computer or other device and used to identify the user or device and collect information.

ION uses cookies to:

• Allow the proper functioning of our Services.
• Review how users use our Services so we can improve our Services and tailor our marketing efforts.

For more information about how we use cookies and how you can control and manage them, please click on the cookies icon entitled ‘Consent Preferences’ on our website.

Sometimes, an explanation of our lawful reason for processing your personal information in our screening products is required.

The information processed in connection with our diligence products may involve personal information to enable us to conduct a search. For example, identification information. We process this data as a processor and not a controller on behalf of our customer.

We process standard personal information on the basis that it is in our or others’ legitimate interests to facilitate or carry out checks on behalf of our customers to:

• Ensure they can comply with their legal and regulatory obligations.
• Protect the public from financial crime, fraud and serious misconduct, or dishonesty.

It’s in our legitimate interests to carry on a business to facilitate those checks.

We and the public also have a legitimate interest in ensuring that financial crime, fraud, and serious misconduct or dishonesty are prevented and detected.

We generally process special category and criminal data for reasons of substantial public interest based on applicable law. It’s reasonable for you to expect that:

• Your information may be used for carrying out compliance checks in the public interest.
• The legitimate interests in carrying out checks would not be overridden by your own interests, given the significant public interest in carrying out the compliance checks.

We process your special category information on the basis that:

• You have made the information manifestly public.
• In all other cases, the processing is necessary for reasons of substantial public interest based on applicable law. This includes anti money-laundering, anti-bribery and corruption, and sanctions regulations.

We process information about actual or alleged criminal offences on the basis that it’s authorised by applicable law.

Generally, the sources of information don’t include reliable contact information that would enable us to inform you that your information is in our database. Usually, informing data subjects that their information is included would involve disproportionate effort on our part.

Because of the limitations regarding contact information and the limited reasons for which we make our screening services available, we can lawfully process your personal information without relying on your consent to do so.

ION’s diligence products are not available to the general public. They’re available to established users (who are subject to usage restrictions and standard terms and conditions) companies within the ION Group, and service providers and partners who work with us.

ION may be required to disclose information about you to competent authorities. For example, courts, tribunals, national or international regulators, and enforcement bodies. To participate in or be the subject of any business transfers (including but not limited to any sales, mergers, restructures, joint ventures, and so on), we may share or include information collected about you as part of that process.

Information in our databases may be treated as a business asset in a sale.

Our users are expected to be experienced compliance personnel who understand their obligations in relation to the use of your data. For example, they are expected to know that the mere inclusion of an individual in our databases should not automatically lead to a particular inference being drawn, or action taken or not taken.

The following are also required:

• Additional independent checks and contextual analysis to verify the accuracy of personal information we process.
• Risk assessments.

KYC6

The personal data we process may include:

• Identity: Name, national insurance number, address, passport and driving licence numbers; personal identification numbers.
• Marital status and dependents if you are a politically exposed person (PEP) or a close associate of a PEP.
• Employment/role and education details: The entity you work for, public roles, job title, and your education history.
• Inclusion on sanctions lists.
• Professional and personal affiliations: For example, organisations (including sanctioned vessels and aircraft) and individuals that you may be associated with in a professional or personal capacity.
• Financial information: For example, bankruptcy or insolvency filings.
• Your inclusion on public lists of disqualified directors or other positions of responsibility.
• Adverse media coverage about actual or alleged money laundering or terrorist financing crime, or crimes that are a precursor to money laundering or terrorist financing. These are also known as predicate offences. For example:
  • Financial crime
  • Illegal trafficking
  • Environmental offences
  • Smuggling
  • Membership of an organised crime group

Sometimes, depending on specific jurisdictions and their applicable data protection laws, the personal information on KYC6 may constitute sensitive or special categories.

For example, information relating to your:

• Political opinions: For example, if you are a PEP holding a position in a political party.
• Sexual orientation: For example, this could be inferred if your spouse or partner as a PEP is included.
• Religious beliefs: For example, if your role as a religious leader qualifies you as a PEP.
• Racial or ethnic origin: For example, this could be inferred from your name, location, and/or citizenship.
• Trade union membership: For example, if your role as a trade unionist qualifies as a PEP.
• Criminal offences you have actually or allegedly committed: For example, if these are money-laundering or terrorist financing offences, or precursor crimes to such offences.

Wealthmonitor

We collect, use, and store in our searchable database, data relating to high-net-worth individuals. We then provide this information to our subscribers.

The personal data that we process may include:

• Name and contact details.
• Date of birth.
• Gender.
• Number of children.
• Civil status: Married, single, divorced, or widowed.
• Links to social media accounts, such as LinkedIn, XING, Twitter/X, Facebook, and information publicly available on such pages.
• Names of other family members and relatives, excluding minors.
• Education and details of current and past job positions.
• Details of companies and/or entities with which the third party may be associated, or in which they may hold a directorship or have a shareholding.
• Details of wealth accumulated through liquidity events (selling equity in businesses), potential liquidity events, emoluments, and assets (if publicly available).
• Information in news articles, such as interests and/or other biographical information.
• Details of corporate advisers, Interests, and hobbies.

For the purposes of such services, we don’t envisage collecting any special categories of data. That is, data relating to an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data; or data relating to criminal offences.

We have implemented safeguards to minimise the risk of collecting such data indirectly.

Enhanced due diligence (EDD)

We offer an advanced background checks service for clients. This provides detailed information to help organisations identify and protect against regulatory and/or reputational risks that could arise when they enter into relationships and/or transactions with individuals and/or entities.

We obtain data from various public data sources. We process this data as a data controller, and such processing activities are subject to this privacy policy.

EDD is to be used for internal compliance in connection with a customer’s legal or regulatory obligations related to preventing or detecting unlawful acts. For example, money laundering, terrorism, fraud, and modern slavery.

The personal data we process may encompass that included in our other diligence products.

Cybercheck

We collect, use, and store in our database lists of data classes (including personal data) that were impacted in a particular data leak. This data helps individuals and organisations combat violations of privacy by enabling them to:

• Identify at a given moment if their information has been involved in a data leak.
• Take appropriate precautionary measures in response.

These data classes are stored and accessible only in a manner that prevents further compromise. There is no research option for users. That is, no one user can access the full domain.

A corporation that subscribes to corporate domain monitoring is informed of any breaches for that domain only. We don’t provide them with the personal data involved in the breach.

The following personal data may be processed in the Cybercheck product offering:

• Identity:
  • Name
  • National insurance number
  • Address
  • Passport
  • Driving licence numbers.
• Personal:
  • Email address
  • Passwords, not displayed in clear text
  • Mobile numbers
  • Secret/security questions and answers
  • Payment provider IDs, such as PayPal or eBay
• Financial:
  • Account numbers
  • Sort codes or routing numbers
  • Card information, in partial format

For further details, see our webpages for KYC6 and other diligence products.

ION maintains various content databases used to provide our services. These include personal information. For example, officers and directors; ownership and shareholders; or investment professionals.

The information in these databases is collected from various sources, including, without limitation:

• Data subjects
• Public sources, such as corporate websites.
• Certain financial publications.
• Government records or databases. For example, the Companies House registry in the UK or the U.S. Securities and Exchange Commission (SEC).
• Third parties. For example, business partners or representatives.

The sources of this information are responsible for their own compliance with applicable laws and for ensuring the accuracy and completeness of the information they provide or make available.

We manage our databases to provide informational services to our clients. The users of the content are solely responsible for ensuring that they process the content in accordance with applicable laws, including but not limited to privacy laws. Uses of the content include:

• Conducting research and analytics.
• Performing due diligence.
• Mapping and verifying contacts.
• Facilitating discussions or communications regarding business opportunities.

Under UK, European, and international laws, you may have rights to access your personal information and to ask us to rectify it, erase it, or restrict its use.

You may also have rights to:

• Object to your personal information being used.
• Ask for the transfer of personal information you have made available to us.
• Withdraw consent to the use of your personal information.

You have the following rights under UK and European laws and may have similar rights under the laws of other countries.

Note: These rights are not absolute and do not always apply in all cases.

• Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information.
• Right to rectification: The right to have inaccurate information about you corrected or removed.
• Right to erasure (right to be forgotten): The right to have certain personal information about you erased.
• Right to restriction of processing: The right to request that your personal information is only used for restricted purposes where:
  • The accuracy of personal information is contested.
  • The processing is unlawful, but you object to the erasure of the personal information, or
  • We no longer require the personal information, but it is still required for the establishment, exercise, or defence of a legal claim.
• Right to opt out of marketing: The right to ask not to receive marketing communications from us. This can be for a specific type of marketing communication or all marketing communications.
• Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format.
• Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. Withdrawing your consent doesn’t affect the lawfulness of our use of your personal information before you withdraw it.
• Right to object: The right to object to the processing of your personal information in cases where:
  • Our processing is based on the performance of a task carried out in the public interest, or
  • We have let you know that the processing is necessary for our or a third party’s legitimate interests.

If you make a request, we will ask you to verify your identity and provide certain information to help us assist. If we don’t comply with your request, in whole or in part, we’ll explain why.

To exercise your rights, please contact [email protected].

Your rights in other jurisdictions

ION is a global company. For a list of our global offices, see iongroup.com/offices.

We’re sensitive to the laws and requirements of the various jurisdictions where we operate.

Our internal practices are largely based on the requirements of the EU General Data Protection Regulation (GDPR). However, you may have different expectations and rights under different laws throughout the world.

If you have any queries or you’re unsure how to exercise a jurisdiction-specific right, please contact us. See How to contact us. If your query relates to the privacy laws of a particular country, reference this in your correspondence.

In some countries, local legislation considers company-related information (sometimes called juristic persons) to be personal data. We source and treat this information in the same or similar ways as set out in this privacy policy.

Sometimes, our handling of this data is based on particular legal requirements and legislation. For example, under Companies legislation.

California

If you are a California resident, the following section applies and supplements the information provided elsewhere in this privacy policy.

ION may use the categories of personal information listed in What we collect: Types and categories of personal data for the purposes set out in our Privacy Policy.

These categories of personal information may also be used for certain business purposes specified under California privacy law.

Certain information collected by ION may constitute sensitive personal information as defined by the California privacy law. For example, your log-in and password details used to provide access to our Services.

Note: Certain information collected may be exempt because it’s considered public (for example, it’s made available by a government entity) or covered by a federal privacy law.

We don’t sell your personal information for money or share your personal information for cross-context behavioural or targeted advertising outside the use of electronic technologies to provide relevant personalisation and advertisements.

However, when certain practices described above relating to advertising constitute targeted advertising or are considered selling or sharing under California privacy law, you can adjust your preferences.

Certain browser plug-ins provide options for communicating opt-out preference signals.

You can also submit a request, quoting “Do Not Sell My Personal Information” in the subject line of your correspondence. See How to contact us.

Besides your right to opt out, you may also have the right to request access, deletion, correction, and limitation of the use and disclosure of your personal data.

How to submit a request

To submit a request, including a Shine the Light (marketing related) request, email us at [email protected]. In the subject line, include the phrase California Privacy Request.

To help us action your request, we may ask you to provide:

• Identification to verify that you’re the data subject to whom the personal information relates.
• Details of your relationship with ION Group.

If you’re submitting a request as an authorised agent, ION will require verification that you are permitted to act under applicable law.

If you exercise any of your rights under California privacy law, you have the right not to receive discriminatory treatment by ION.

To the extent permitted by applicable law, ION may charge a reasonable fee to comply with your request.

Our products and services are directed at adult professionals. ION doesn’t knowingly sell the personal information of minors under 16 years. If you’re aware that any data concerning minors under 16 years has been included in our Services, please notify us. See How to contact us.

If you have any queries or concerns about the processing of your personal data, please contact us in one of the following ways:

• By email at [email protected].
• By post at:
  Privacy Team
  ION Trading Ireland Limited
  Minerva House, 4 Floor
  Simmonscourt Road
  Dublin 4
  Ireland.

If you have a complaint about the management of your personal information, you may be able to raise this with the relevant supervisory authority.

For a list of National Data Protection Authorities in the European Economic Area, see edpb.europa.eu/about-edpb/about-edpb/members_en.

In the United Kingdom, visit ico.org.uk/.

In Australia, visit: oaic.gov.au/.

This policy may be updated from time to time for consistency with applicable law.

The latest version of the policy will appear on this webpage. The date at the end of this document indicates when the latest revisions were made. Any amendments are effective from this date. Information regarding changes may also be communicated via other channels.