EEA Privacy

Privacy Notice For Data Subjects From The EEA

Your privacy is important to us.  This privacy notice (“Privacy Notice”) applies to every person from the EEA:

  • who visits or registers with citadel.com or any other of our websites where this policy is posted (each a “Site”);
  • who uses the products and services that we make available from the Site or who engages with us to use the services that Citadel provides, as described on the Site (our “Services”);
  • whose personal data we may process as a result of providing the Services to others;
  • who contacts Citadel either in relation to the Site or the Services; or
  • who applies to work at Citadel.

1. PURPOSES OF THIS NOTICE

This Privacy Notice explains to data subjects in the EEA the type of personal data that Citadel Enterprise Americas LLC, Citadel Securities Americas LLC, Citadel Americas LLC and their affiliates (“Citadel”, “we”, or “us”) might collect from you, or which we have obtained about you from a third party, the purposes for which we process your personal data and your rights in respect of our processing of your personal data.

Please note that when using the Site it should be read in conjunction with our Website Terms of Use.

Please also note that this Privacy Notice only applies to the use of your personal data obtained by us, it does not apply to your personal data collected during your communications with third parties.

2. WHO ARE WE AND WHAT DO WE DO?

We are the data controllers responsible for your personal data processed via the Site.

Please note that depending on which Citadel entity you contract with in relation to the Services, or to which Citadel entity you apply for a job, other Citadel group companies or companies managed by Citadel may also be data controllers responsible for your personal data processed in relation to the Services.

3. PERSONAL DATA COLLECTION

Our primary goal in collecting personal data from you may be: (i) to verify your identity; (ii) to help us deliver the Services; (iii) to develop new products or Services and conduct analysis to enhance current products and Services; (iv) to review the usage and operations of the Site (and related Citadel digital channels, including Citadel social media channels) and to improve its content; (v) to provide you with customised Site content and site experience (including on related Citadel digital channels, including Citadel social media channels); (vi) to carry out requests made by you on the Site or in relation to Services; (vii) to investigate or settle inquiries or disputes; (vi) to comply with any applicable law, court order, other judicial process, or the requirements of any relevant regulator; (vii) to enforce our agreements with you; (viii) to protect the rights, property or safety of us or third parties, including our other clients and users of the Site or Services; (ix) to provide support for the provision of Services; (x) for recruitment, talent management, brand building, company communications and employment purposes; and (xi) to use as otherwise required or permitted by law.


To undertake these goals we may process the following personal data:

Visitors to the Site

  • Contact information, including your name, job title, address, email address, telephone, or mobile number.
  • Your interaction with the Site.
  • IP address.
  • Demographic information such as postcode, preferences and interests (including demographic information provided by third parties which may include amongst other things: location, hardware details for trouble shooting, search engine and social media interactions).
  • Other information relevant to provision of Services.
  • Any other personal data you provide to us (including but not limited to, specifically for Alpha League platform visitors any information you provide in relation to investment ideas submitted through the Alpha League platform).

Individual clients or investors to whom we provide or propose to provide Services

  • Contact information, including your name, job title, address, email address, telephone, or mobile number wire transfer instructions.
  • Citadel account number.
  • Other information relevant to provision of Services.
  • Information that you provide to us as part of our providing the Services to you which depends on the nature of your agreement with Citadel.
  • Relevant information as required by any regulatory Know Your Client and or Anti Money Laundering regulations (or similar) applicable to Citadel. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, investors, shareholders and intermediaries, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from the prospective client or through the use of online sources or both.
  • Any other personal data you provide to us.

Individuals whose personal information may be processed by us as a result of providing the Services to others (including corporate clients, investors or intermediaries)

Primarily Citadel is engaged by corporate clients, investors or intermediaries (i.e. other corporate entities) and as such those clients, investors or intermediaries are not data subjects.  However as part of such instructions personal data about other persons may be provided to us, e.g. personal data relating, without limitation, to any workers, employees, partners, members, directors, representatives or similar of our corporate clients, investors or intermediaries or prospective clients, investors or intermediaries).

The following is a non-exhaustive list which is reflective of the varied nature of the personal data processed as part of our business.

For instance, if we are providing services to a corporate client, investor or intermediary we may be provided with, and then process, personal data about their representatives including but not limited to the representative’s name and contact details and any other information necessary to fulfil the Services (e.g. but without limitation including any regulatory Know Your Client and or Anti Money Laundering regulations (or similar) information).

In using the Alpha League platform, we may process personal data provided by such representatives in relation to the User Investment Profile section of the platform.

We might also need to process personal data in relation to a corporate client’s, investor’s or shareholder’s workers who use a Service in the course of their work for such corporate entity.

Please note that in this Privacy Notice when we reference the processing of personal data related to any corporate clients, investors, or intermediaries we also mean any individual whose personal data may be processed by us as a result of providing the Services.


Potential recruits to any Citadel office in the EEA

  • Name and job title.
  • Contact information including email address.
  • Curriculum vitae, your education, employment history and similar matters and similar information that you may provide to us.
  • Other information relevant to potential recruitment to Citadel (including background checks, reference checks, immigration status, relevant test scores in relation to any application).
  • Any other personal data you provide to us as part of any application for a job at Citadel.
  • Please note that Citadel may also receive information from third party recruiters, agents and from your references as part of any recruitment process.

Suppliers (including trading counterparties, subcontractors and individuals associated with our suppliers and subcontractors)

We collect and process personal data about our suppliers (including trading counterparties) and their representatives in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide the Services to our clients.


Visitors to any Citadel office in the EEA

We have security measures in place at our offices, including CCTV and building access controls.  There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident).  CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).  We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time.  Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).

4. PERSONAL INFORMATION USE

We may use your personal data for the following purposes:

  • Fulfilment of Services.  For more information click here.
  • Business management, administration and legal and regulatory compliance. For more information click here.
  • Recruitment and Talent Management. For more information click here.
  • Insight and Analysis. For more information click here.
  • Marketing communications. We carry out the following marketing activities using your personal data:
    • Email marketing. For more information click here.
    • Online personalised advertising. For more information click here.
    • Social media remarketing. For more information click here.
    • Your feedback about our Services. For more information click here.

Fulfilment of Services

We collect and maintain personal data that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services that we provide to you. Please note also that the terms of the relevant contract will also apply when we provide Services.

These purposes include:

  • to ensure any investor is aware of the performance of their investment;
  • to make necessary regulatory communications with clients, investors or intermediaries;
  • general client, investor, or intermediary management to ensure Services are provided correctly; and
  • relationship management between Citadel and any client, investor, shareholder or intermediary.

What is our legal basis?

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or where it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services in the best way that we can.


Business management, administration and legal and regulatory compliance.

We use your personal data for the following business management, administration and legal and regulatory compliance purposes:

  • to manage and administer Citadel’s business;
  • to manage and administer any investment funds that we manage and in which you may be an investor (please note further information will be provided in the relevant Confidential Offering Memorandum);
  • to comply with our applicable legal and regulatory obligations, including but not limited to Know Your Client, AntiMoney Laundering or Anti-Bribery or similar obligations);
  • to enforce our legal rights;
  • to maintain regulatory records of our business activities;
  • to make any necessary corporate filings;
  • protect rights of third parties; and
  • in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.

What is our legal basis?

Where we use your personal data in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal data to comply with any legal obligations imposed upon us.


Recruitment and Talent Management

We use your personal data for the following recruitment and talent management purposes:

  • to assess your suitability for any position for which you may apply at Citadel (or future positions for which we think you may be suitable) including employment or freelancer positions, member level positions, summer placements or internships and also any business support or services role whether such application has been received by us online, via email or by hard copy or in person application;
  • to take any steps necessary to enter into any contract of employment (or otherwise) with you;
  • to comply with any regulatory or legal obligations in relation to any such application; and
  • to review Citadel’s equal opportunity profile in accordance with applicable legislation. Citadel does not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation.

What is our legal basis?

Where we use your personal data in connection with recruitment and talent management it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment and talent management decisions for Citadel or it is our legal obligation to use your personal data to comply with any legal obligations imposed upon us.  We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent.


Insight and Analysis

We analyse your contact details with other personal data that we observe about you from your interactions with our Site and/or with our Services.

Where you have given your consent (where lawfully required) we use cookies, log files and other technologies to collect personal data from the computer hardware and software you use to access the Site, or from your mobile. This includes the following:

  • a session ID to track usage statistics on our Site;
  • information regarding your personal or professional interests, demographics, buying habits, experiences with our products and contact preferences.

Our web pages contain “cookies” “web beacons” or “pixel tags” (all referred to in this Privacy Notice as “cookies”). Cookies allow us to track you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information.

Please see the “Our use of cookies and similar technologies” section for further information.

By using this information, we are able to measure the effectiveness of our content, digital channels, and branding efforts and how visitors use our Site. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of information our registered users like to see.

We also use this information for marketing purposes (see the “Marketing Communications” section below for further details).

What is our legal basis?

Where your personal data is anonymised, we do not require a legal basis to use it as the information will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see the “Our use of cookies and similar technologies” section for further details.

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data in such a way to ensure that we provide the very best products and services to you and our other clients.


Marketing communications. We carry out the following marketing activities using your personal data:


Email marketing

We use information that we observe about you from your interactions with our Site, our email communications to you, our interactions with you on our other digital channels such as social media and/or with Services (see the Insight and Analysis section above for more details of the information collected and how it is collected) and/or your address details, to provide information that we think will be of interest about us and our Services.  For example, industry updates and insights, newsletters, invites to events and, where permitted by applicable law, promotional materials from Citadel.

What is our legal basis?

Where your personal data is anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised information may be subject to other laws where your consent is required. Please see the “Our use of cookies and similar technologies” section for further details.

Where your personal data is not in an anonymous form, such as your email address, it is in our legitimate interest to use your personal data for email marketing.

We will only send you marketing communications via email where you have consented to receive such marketing communications or where we have a lawful right to do so.


Online personalised advertising. 

We use information that we observe about you from your interactions with our Site (and from third parties), our email communications to you and/or with Services (see the “Client Insight and Analysis” section above for more details of the information collected and how it is collected) to provide you with personalised online advertising.

What is our legal basis?

Where your data is anonymised, we do not require a legal basis to use it as the data will no longer constitute data information that is regulated under data protection laws. However, our collection and use of such anonymised data may be subject to other laws where your consent is required. Please see the “Our use of cookies and similar technologies” section for further details.

Where your data is not in an anonymous form, it is in our legitimate interest to use your data for marketing purposes.


Social media remarketing

We use information that we observe about you from your interactions with our Site, our email communications to you and/or with Services (see the Client Insight and Analysis section above for more details of the information collected and how it is collected) to provide you with personalised advertising on social media channels.

What is our legal basis?

Where your personal data is anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see “Our use of cookies and similar technologies” section for further details.

Where your personal data is not in an anonymous form, it is in our legitimate interest to use your personal data for marketing purposes.


Your feedback about our Services

From time to time we will contact you to invite you to provide feedback about our Services. We use this information to help us improve the quality of service provided by our staff. We also use your feedback to monitor the quality of our Services.

What is our legal basis?

It is in our legitimate business interests to use the information you provide to us in your feedback for the purposes described above.

5. HOW DO WE OBTAIN YOUR CONSENT?

Where our use of your personal data requires your consent, you can provide such consent:

  • at the time we collect your personal data following any instructions provided; or
  • by informing us by e-mail, post or phone using the contact details set out in this Privacy Notice.

6. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

The Site uses certain essential and functional cookies, pixels, beacons, log files and other technologies to allow the Site to function (all referred to as “cookies”).

Please note that no marketing, advertising or analytics cookies are used by the Site.

For more information on cookie management and blocking or deleting cookies for a wide variety of browsers, visit www.allaboutcookies.org.


What are cookies?

Cookies and similar technologies are very small text documents or pieces of code which often include an anonymous unique identifier. When you visit a website or use a mobile application, a computer asks your computer or mobile device for permission to store this file on your computer or mobile device and access information from it. Information gathered through cookies and similar technologies may include the date and time of visits and how you are using the particular website or mobile application. Cookies are used by us as part of the functioning of the Site.

What do we do with cookies on the Site?   We use cookies where they are essential for the operation of the Site, for example to remember that you are signed in to the Site.

What cookies do we use on the Site?  The table below sets out more information about the individual cookies used on the Site and the purposes for which they are used:

7. PERSONAL INFORMATION SHARING

We will only share personal data with others when we are legally permitted to do so.  When we share personal data with others, we use reasonable efforts to put contractual arrangements and security mechanisms in place to protect the personal data and to comply with our data protection, confidentiality and security standards.

Please note that when processing your personal data we may need to share it with other third parties as follows:

  • Our affiliated companies and licensees using the Citadel or other Citadel affiliate name, including subsidiaries of such companies.
  • For details of our office locations, please click here. We may share personal data with other Citadel Group entities where necessary for administrative purposes and to provide Services to our clients, investors and intermediaries.
  • Third party service providers that provide applications/functionality, data processing or IT services to us.
  • We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security, recruitment portals, advertising and marketing and storage services.  The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world and personal data may be stored in any one of them.
  • Third party service providers that otherwise assist us in providing Services or information (including but without limitation any Administrator of an investment fund managed by Citadel).
  • Third party organisations that assist us with our marketing activities listing above.
  • Auditors, lawyers, accountants and other professional advisers.
  • Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

8. EXTRA-EEA TRANSFERS

Please note that, due to the international operations of Citadel, where necessary to deliver the Services we will transfer personal data to countries outside the EEA (including to Citadel’s US affiliates) and such personal data may be stored on servers located outside the EEA.  When doing so we will use reasonable efforts to comply with our legal and regulatory obligations in relation to the personal information including but without limitation having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.

9. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?

Regarding visitors to the Site, we will retain relevant personal data for at least six years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation or similar legislation around the world (or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations).

Regarding personal data we have processed as part of providing you with the Services, we will retain relevant personal data for at least six years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation or similar legislation around the world (or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations). We may then destroy such files without further notice or liability. If you request your files and documents we may charge you for the costs of copying a duplicate.

Regarding personal data we have processed in relation to any recruitment activity, if you are unsuccessful in your application your personal data will be kept for a period after informing you that you were unsuccessful.  If you are successful any retention protocols that apply to staff members at Citadel will apply. In considering how long to keep your personal data its relevance to Citadel’s business and your potential employment either as a record or in the event of a legal claim will be taken into account.

If personal data is only useful for a short period, e.g. for specific marketing campaigns or CCTV footage, we may delete it after such retention period.

10. PERSONAL DATA SECURITY

We take the security of all the personal data we hold very seriously.  We use reasonable efforts to adhere to internationally recognised security standards..  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the personal data we hold secure.

11. YOUR RIGHTS AND ACCESS TO PERSONAL DATA

You have the following rights in relation to the personal data we hold about you:

  • Right of access. For more information click here.
  • Right to rectification. For more information click here.
  • Right to erasure. For more information click here.
  • Right to restrict processing. For more information click here.
  • Right to data portability. For more information click here.
  • Right to object. For more information click here.
  • Rights in relation to automated decision-making and profiling. For more information click here.
  • Right to withdraw consent. For more information click here.
  • Right to lodge a complaint with the supervisory authority. For more information click here.

Right of access

If you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.


Right to rectification

If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.


Right to erasure 

You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.


Right to restrict processing

You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.


Right to data portability

With effect from May 25, 2018, you have the right, in certain circumstances, to obtain personal data you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.


Right to object

You can ask us to stop processing your personal data, and we will do so, if we are:

  • relying on our own or someone else’s legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
  • processing your personal data for direct marketing.


Rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.


Right to withdraw consent

If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.


Right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to your local data protection regulators – for instance but without limitation those regulators in the EU in which Citadel has offices are as follows:

In the UK the data protection regulator is the Information Commissioner’s Office (ICO). You can contact the ICO using the following website https://www.ico.org.uk.

In Ireland the data protection regulator is the Data Protection Commissioner- Ireland (DPC).  You can contact the DPC using the following website https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/r/18.htm.

In Italy the data protection regulator is the Italian Data Protection Authority-Garante per la protezione dei dati personali (Garante Privacy).    You can contact Garante Privacy using the following website http://www.garanteprivacy.it/web/guest/home_en.

12. COLLECTION OF INFORMATION BY THIRD-PARTY SITES AND SPONSORS

The Site contains links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices as Citadel has no control over information that is submitted to, or collected by, these third parties.

13. REVISIONS TO THIS PRIVACY NOTICE

We may make changes to this Privacy Notice from time to time.

To ensure that you are always aware of how we use your personal data we will update this Privacy Notice from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.

14. CONTACT US

If you have any questions about this Privacy Notice or want to exercise your rights set out in this Privacy Notice, please contact us by:

  • sending an e-mail to Corporate.Communications@citadel.com; or
  • sending a written request to:
    Citadel Enterprise Americas LLC
    ATTN: Corporate Communications
    131 South Dearborn Street
    Chicago, IL 60603
    USA

EFFECTIVE DATE: May 23, 2018, Version Number 1