Your privacy is important to us. This privacy notice (“Privacy Notice”) applies to every person from the EEA, Switzerland and the UK:
This Privacy Notice explains to data subjects in the EEA, Switzerland and the UK the type of personal data that Citadel Enterprise Americas LLC, Citadel Securities Americas LLC, Citadel Americas LLC and their affiliates (“Citadel”, “we”, or “us”) might collect from you, or which we have obtained about you from a third party, the purposes for which we process your personal data and your rights in respect of our processing of your personal data.
Please note that when using the Site it should be read in conjunction with our Website Terms of Use.
Please also note that this Privacy Notice only applies to the use of your personal data obtained by us, it does not apply to your personal data collected during your communications with third parties.
We are the data controllers responsible for your personal data processed via the Site.
Please note that depending on which Citadel entity you contract with in relation to the Services, or to which Citadel entity you apply for a job, other Citadel group companies or companies managed by Citadel may also be data controllers responsible for your personal data processed in relation to the Services.
Our primary goal in collecting personal data from you may be: (i) to verify your identity; (ii) to help us deliver the Services; (iii) to develop new products or Services and conduct analysis to enhance current products and Services; (iv) to review the usage and operations of the Site (and related Citadel digital channels, including Citadel social media channels) and to improve its content; (v) to provide you with customised Site content and site experience (including on related Citadel digital channels, including Citadel social media channels); (vi) to carry out requests made by you on the Site or in relation to Services; (vii) to investigate or settle inquiries or disputes; (vi) to comply with any applicable law, court order, other judicial process, or the requirements of any relevant regulator; (vii) to enforce our agreements with you; (viii) to protect the rights, property or safety of us or third parties, including our other clients and users of the Site or Services; (ix) to provide support for the provision of Services; (x) for recruitment, talent management, brand building, company communications, employment and academic trading program administration purposes; and (xi) to use as otherwise required or permitted by law.
To undertake these goals we may process the following personal data:
Primarily Citadel is engaged by corporate clients, investors or intermediaries (i.e. other corporate entities) and as such those clients, investors or intermediaries are not data subjects (except with respect to Switzerland as under Swiss data protection law, not only individuals but also legal entities may be data subjects). However as part of such instructions personal data about other persons may be provided to us, e.g. personal data relating, without limitation, to any workers, employees, partners, members, directors, representatives or similar of our corporate clients, investors or intermediaries or prospective clients, investors or intermediaries).
The following is a non-exhaustive list which is reflective of the varied nature of the personal data processed as part of our business.
For instance, if we are providing services to a corporate client, investor or intermediary we may be provided with, and then process, personal data about their representatives including but not limited to the representative’s name and contact details and any other information necessary to fulfil the Services (e.g. but without limitation including any regulatory Know Your Client and/or Anti Money Laundering regulations (or similar) information).
In using the Alpha League platform, we may process personal data provided by such representatives in relation to the User Investment Profile section of the platform.
We might also need to process personal data in relation to a corporate client’s, investor’s or shareholder’s workers who use a Service in the course of their work for such corporate entity.
We may also need to process voice recordings where we are required to record telephone calls for financial regulatory purposes or other proportionate purposes (e.g. to establish the existence of facts relevant to Citadel’s business; to ascertain compliance with regulatory or self-regulatory practices or procedures relevant to Citadel’s business; to ascertain or demonstrate standards that are or ought to be achieved by persons using the system; to prevent or detect crime or to investigate or detect the unauthorised use of the communications system or ensure the effective operation of the system.)
Please note that in this Privacy Notice when we reference the processing of personal data related to any corporate clients, investors, or intermediaries we also mean any individual whose personal data may be processed by us as a result of providing the Services.
We collect and process personal data about our suppliers (including trading counterparties) and their representatives in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide the Services to our clients.
We may also need to process voice recordings where we are required to record telephone calls for financial regulatory purposes or other proportionate purposes (e.g. to establish the existence of facts relevant to the business; to ascertain compliance with regulatory or self-regulatory practices or procedures relevant to the business; to ascertain or demonstrate standards that are or ought to be achieved by persons using the system; to prevent or detect crime or to investigate or detect the unauthorised use of the communications system or ensure the effective operation of the system.)
We have security measures in place at our offices, including CCTV and building access controls. There are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).
In relation to pandemic prevention measures health data (e.g. temperature testing or questions about travel) may be processed. Any such processing will only be undertaken in line with relevant government guidance and where there is a clear lawful basis to process such data (e.g. legitimate interests, legal obligations and public interest).
We may use your personal data for the following purposes:
We collect and maintain personal data that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services that we provide to you. Please note also that the terms of the relevant contract will also apply when we provide Services.
These purposes include:
What is our legal basis?
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or where it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services in the best way that we can.
We use your personal data for the following business management, administration and legal and regulatory compliance purposes:
Where we use your personal data in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal data to comply with any legal obligations imposed upon us.
We use your personal data for the following recruitment and talent management purposes:
Where we use your personal data in connection with recruitment and talent management it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment, brand awareness and talent management decisions for Citadel or it is our legal obligation to use your personal data to comply with any legal obligations imposed upon us. We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent, or if relating to diversity and inclusion personal data, if such processing is in the substantial public interest (and permissible under local laws). Any personal data we process relating to criminal convictions and offences will be to comply with our legal obligation as a part of financial regulatory compliance and for the prevention of crime (financial or otherwise).
We analyse your contact details with other personal data that we observe about you from your interactions with our Site and/or with our Services.
Where you have given your consent (where lawfully required) we use cookies, log files and other technologies to collect personal data from the computer hardware and software you use to access the Site, or from your mobile. This includes the following:
Our web pages contain “cookies” “web beacons” or “pixel tags” (all referred to in this Privacy Notice as “cookies”). Cookies allow us to track you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information (see below for more information under Our use of Cookies and Similar Technologies for more information). We may also use third party cookies and other similar technologies to collect information about your online activity over time and across third party websites.
Please see the “Our use of cookies and similar technologies” section for further information.
By using this information, we are able to measure the effectiveness of our content, digital channels, and branding efforts and how visitors use our Site. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of information our registered users like to see. The information is also used to create profiles and insights about your demographic. We also use this information to improve the content on our Site and in our marketing efforts- both online and offline.
We also use this information for marketing purposes (see the “Marketing Communications” section below for further details), and for recruitment and talent management purposes (see the “Recruitment and Talent Management” section above for further details). We may share this information with third parties for these purposes (see the “Personal Information Sharing” section below for further details).
Where your data is collected through the use of non-essential cookies we rely on consent to collect your data. Please see Manage Preferences for further details about the cookies that we use, and to update your preferences.
However, we may rely on other legal basis when we use your personal data that has been collected via the use of cookies. Where we use this personal data to analyse how you use our Sites and Services, it is in our legitimate interest to use your personal data in such a way to improve our Site and our Services.
Where we use this personal data for the purposes described in the ‘Marketing Communications’ and ‘Online personalised advertising’ sections of this Privacy Notice, please see those sections to see the legal basis that we rely on.
We use information that we observe about you from your interactions with our Site, our email communications to you, our interactions with you on our other digital channels such as social media and/or with Services (see the Insight and Analysis section above for more details of the information collected and how it is collected) and/or your address details, to provide information that we think will be of interest about us, our Services and where relevant our recruitment practice. For example, industry updates and insights, newsletters, invites to events and, where permitted by applicable law, promotional materials from Citadel (including in relation to recruitment).
Where your personal data is anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal data that is regulated under data protection laws. However, our collection and use of such anonymised information may be subject to other laws where your consent is required. Please see the “Our use of cookies and similar technologies” section for further details.
We will only send you marketing communications via email where you have consented to receive such marketing communications, or where it is otherwise within our legitimate interests to do so. You have the right to opt-out of email marketing communications at any time.
We use information that we observe about you from your interactions with our Site (and from third parties), our email communications to you and/or with Services (see the “Client Insight and Analysis” section above for more details of the information collected and how it is collected) to provide you with personalised online advertising.
Where your data is anonymised, we do not require a legal basis to use it as the data will no longer constitute data information that is regulated under data protection laws. However, our collection and use of such anonymised data may be subject to other laws where your consent is required. Please see the “Our use of cookies and similar technologies” section for further details.
Where we use your personal data to display online personal advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or it is otherwise in our legitimate interests to promote our Site and our Services to you (including in relation to recruitment).
We use information that we observe about you from your interactions with our Site, our email communications to you and/or with Services (see the Client Insight and Analysis section above for more details of the information collected and how it is collected) to provide you with personalised advertising on social media channels.
We may do this through Facebook Customer Audiences and/or Google Customer Match respectively. Please note that such activity is also subject to the privacy choices you have elected to make on such services.
Where your personal data is anonymised, we do not require a legal basis to use it as the personal data will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal data may be subject to other laws where your consent is required. Please see “Our use of cookies and similar technologies” section for further details.
Where we use your personal data to provide you with personalised advertising on social media channels, we rely on the consent that you have provided in respect of the collection of such data, or it is otherwise in our legitimate interests to promote our Site and our Services to you when you use those social media channels (including in relation to recruitment).
From time to time we will contact you to invite you to provide feedback about our Services. We use this information to help us improve the quality of service provided by our staff. We also use your feedback to monitor the quality of our Services.
It is in our legitimate business interests to use the information you provide to us in your feedback for the purposes described above.
Where our use of your personal data requires your consent, you can provide such consent:
The Site uses certain essential, functional, marketing and analytics cookies, pixels, beacons, log files and other technologies to allow the Site to function (all referred to as “cookies”).
There are various ways that you can manage your cookie preferences, but please be aware that in order to use some parts of our Site you will need to allow certain essential or functional cookies. If you block or subsequently delete those cookies, some aspects of our Site may not work properly, and you may not be able to access all or part of our Site.
For more information about our use of cookies, please see the ‘Insight and Analysis’, ‘Marketing Communications’ and ‘Online personalised advertising’ sections of this Privacy Notice.
For further information about types of cookies used and to customise your cookie preferences please visit Manage Preferences.
For more information on cookie management and blocking or deleting cookies for a wide variety of browsers, visit www.allaboutcookies.org.
We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we use reasonable efforts to put contractual arrangements and security mechanisms in place to protect the personal data and to comply with our data protection, confidentiality and security standards.
Please note that when processing your personal data we may need to share it with other third parties as follows:
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Please note that, due to the international operations of Citadel, where necessary to deliver the Services we will transfer personal data to countries outside the EEA, Switzerland and the UK (including to Citadel’s US affiliates) and such personal data may be stored on servers located outside the EEA, Switzerland and the UK. When doing so we will use reasonable efforts to comply with our legal and regulatory obligations in relation to the personal information including but without limitation having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.
Regarding visitors to the Site, we will retain relevant personal data for at least six years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation, the Swiss Federal Data Protection Act, the UK GDPR and the UK Data Protection Act 2018, the Irish Data Protection Act 2018 or similar legislation around the world (or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations).
Regarding personal data we have processed as part of providing you with the Services, we will retain relevant personal data for at least six years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation, the Swiss Federal Data Protection Act, the UK GDPR and the UK Data Protection Act 2018, the Irish Data Protection Act 2018 or similar legislation around the world (or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations). We may then destroy such files without further notice or liability. If you request your files and documents we may charge you for the costs of copying a duplicate.
Regarding personal data we have processed in relation to any recruitment activity, if you are unsuccessful in your application your personal data will be kept for a period after informing you that you were unsuccessful. If you are successful any retention protocols that apply to staff members at Citadel will apply. In considering how long to keep your personal data, its relevance to Citadel’s business and your potential employment either as a record or in the event of a legal claim will be taken into account.
If personal data is only useful for a short period, e.g. for specific marketing campaigns or CCTV footage, we may delete it after such retention period.
We take the security of all the personal data we hold very seriously. We use reasonable efforts to adhere to internationally recognised security standards. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the personal data we hold secure.
You have the following rights in relation to the personal data we hold about you:
If you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
You have the right, in certain circumstances, to obtain personal data you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
You can ask us to stop processing your personal data, and we will do so, if we are:
You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
You have the right to define guidelines as regards the retention, erasure and communication of your personal data after your death. Such guidelines may be general or specific, as set out in the French Data Protection Act.
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to your local data protection regulators – for instance but without limitation those regulators in the EU, Switzerland and the UK in which Citadel has offices are as follows:
In the UK the data protection regulator is the Information Commissioner’s Office (ICO). You can contact the ICO using the following website https://www.ico.org.uk.
In Ireland the data protection regulator is the Data Protection Commissioner- Ireland (DPC). You can contact the DPC using the following website https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/r/18.htm.
In France the data protection regulator is the Commission nationale de l’informatique et des libertés (CNIL). You can contact the CNIL using the following website https://www.cnil.fr/.
In Sweden the data protection regulator is the Swedish Data Protection Authority (Datainspektionen). You can contact the Datainspektionen using the following website https://www.datainspektionen.se/other-lang/in-english/.
In Switzerland the data protection regulator is the Federal Data Protection and Information Commissioner (FDPIC). You can contact the FDPIC using the following website https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
The Site contains links to other sites whose information practices may be different than ours. Visitors should consult the other sites’ privacy notices as Citadel is not responsible for, and has no control over, information that is submitted to, or collected by, these third parties. You may also be giving information to social media networks such as Facebook or Google who provide us with data which we in turn use to improve our marketing performance. Citadel has no control over the information collected by social media networks. You should review the relevant social media network privacy notice for further information about what information is being collected, the legal basis for such collection and your rights in relation to your personal data.
We may make changes to this Privacy Notice from time to time.
To ensure that you are always aware of how we use your personal data we will update this Privacy Notice from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.
If you have any questions about this Privacy Notice or want to exercise your rights set out in this Privacy Notice, please contact us by:
Citadel Enterprise Americas LLC ATTN: Corporate Communications Southeast Financial Center 200 S. Biscayne Blvd. Miami, FL 33131
EFFECTIVE DATE: January 21, 2021