We are FIX Protocol Ltd. (a company number 03760285 with its registered office at 5th Floor, 6 St Andrew Street, London, EC4A 3AE and ICO registration number ZA037691) the owner and provider of this Web Site. This Policy applies to our use of any and all Data, as defined in Clause 1 below, collected by us in relation to your use of the Web Site and any Services or Systems therein.

Services shall mean collectively any online facilities, tools, services or information that FIX Protocol Ltd. makes available through the Web Site either now or in the future.

Systems are any online communications infrastructure that FIX Protocol Ltd. makes available through the Web Site either now or in the future.  This includes, but is not limited to, web-based email, message boards, live chat facilities and email links.

If you have any questions about this Policy, please contact the FIX Program Office.

Introduction

We at FIX Protocol Ltd respect the privacy of our users and your right to protection of your personal data, and are committed to ensuring these are safeguarded to the utmost high standards.  This policy statement sets out how we look after your data, your rights in relation to the data we collect and retain about you and how the law protects your right to privacy.

As you may be aware, the law on data privacy in the UK (and across the EU) is changing on 25 May 2018 and we have updated our policy and are further upgrading our already sophisticated systems and procedures to ensure we maintain best practice in privacy and data protection in accordance with the latest legal requirements.

It is important that you read this Policy together with any updates to our fair processing note set out below from time to time so that you are fully up-to-date and aware as to how we are using your data.  We also work and share your data with third party providers for the purposes of delivering our services to you.  When you leave our website we encourage you to read the privacy notice of every website you visit.

Data we collect about you

1.1.      Without limitation, any of the following personal information (the Data) may be collected through the online form available on the Registration page:

1.1.1.   name;

1.1.2.   email address;

1.1.3    telephone;

1.1.4.   Skype / Linkedin details;

1.1.5.   address details;

1.1.6.   employer;

1.1.7.   job title / role;

1.1.8.   financial services interests;

1.1.9.   IP address (automatically collected);

1.1.10. web browser type and version (automatically collected);

1.1.11. operating system – i.e., the programs and data that run on your computer and manages the computer hardware and provides common services for computer programs. (automatically collected);

1.1.12. Data on the websites through which the User reached our website (automatically collected);1.1.13.            Cookie information (see clause 10 below);

1.1.14. Location Data;

1.2       Marketing and communications data, including marketing preferences, event attendance, customer feedback and survey responses

1.3       Data from your use of our website[.][;]

Our Use of Data

2.1.      Any Data you submit, including any Data that you may submit through any communications System that we may provide, will be retained by FIX Protocol Ltd. for as long as you use the Services and Systems provided on the Web Site.

2.2.      Unless we are obliged or permitted by law to do so, and subject to Clauses 2.2.1, 2.2.2 3 and 4 below, your Data will not be disclosed to third parties unless required by applicable law.

2.2.1    We may disclose your Data to our affiliates and / or other companies within our group of companies for the purposes defined in Clause 2.4 below, and also to other third parties as described in Clause 4 below.

2.2.2    When you register for a conference organized by FIX Protocol Ltd. we may [where you provide your consent] share your Data with the sponsors of such conference, for organisation purposes and also for their own direct marketing purposes. This will be explained in further detail in the conference registration forms.

2.4.      Any or all of the Data described in Clause 1 above may be required by us from time to time in order to provide you with the best possible service and experience when using our Web Site and our services. Specifically, Data may be used by us for the following reasons:

2.4.1.   internal record keeping for committee / working group management, user management and accounting purposes;

2.4.2    to administer and protect our business and website and use data analytics to improve our website and member services and experience;

2.4.3    to improve our products / services;

2.4.4    to generate suggestions and recommendations in relation to our services which may be of interest to you;

2.4.5    transmission by email of invitations to meetings, conferences and events that may be of interest to you as part of your membership;

2.4.6    contact for market research purposes which may be done using email, telephone, fax or mail;

2.4.7    creating and maintaining your account if you become a registered member;

2.4.8    ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;

2.4.9    to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

2.5       Please see our Fair Use Table, which summarises our fair uses of the personal data we collect and the legitimate basis for our use.

2.5       Generally we do not rely on consent as a legal basis for processing your personal data by FIX Protocol Ltd. other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

2.6       We require all third parties with whom we share personal data (e.g. those sponsors and media partners of our events referred to at clause 2.2.2 above) to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.   We have entered into specific data sharing agreements with each of these parties for these purposes.

Third Party Web Sites and Services

3.1       FIX Protocol Ltd. may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, search engine facilities, advertising and marketing.

3.2       Where we do not already have your valid consent in place in accordance with the law, we will obtain your express OPT-IN consent before we share your personal data with any company outside the FIX group of companies for marketing purposes.

3.3 The providers of such services do not have general access to Data provided by Users of this Web Site, but only to the specific categories of Data they require in order to provide the contracted services. Any Data used by such parties is used only to the extent required by them to perform the services that FIX Protocol Ltd. requests. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the Data Protection Act 1998.

How long will you use my personal data for?

4.1       We will only retain your personal data for only as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, in accordance with FIX’s Data Retention Policy

4.2       To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Changes of Business Ownership and Control

5.1       FIX Protocol Ltd. may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.

5.2       In the event that any Data submitted by Users will be transferred in such a manner, where required by applicable law, you will be contacted in advance and informed of the changes.

Controlling Access to your Data

6.1       Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This will expressly seek your OPT-IN consent to the following:

6.1.1    objecting to the use of Data for direct marketing purposes and also for market research purposes; and

6.1.2    objecting to us sharing Data with third parties.

6.2       Where we are required to do so, FIX will always seek your OPT-IN consent before sharing or otherwise processing your Data.

Your Right to Withhold Information

7.1       You may access certain areas of the Web Site without providing any Data at all, except information pertaining to your IP address and the ones collected by the cookies we use, as described in this Policy. However, to use all Services and Systems available on the Web Site you may be required to submit Account information or other Data.

7.2       You may restrict your internet browsers use of Cookies. For more information see clause 10.4 below. Should you elect to do so, certain capabilities of the Web Site may be rendered inoperable.

Your Legal Rights

8.1       You may access your Account at any time to view or amend the Data. You may need to modify or update your Data if your circumstances change. Your marketing preferences (i.e. whether you wish to receive event announcements) may also be stored and you may change this at any time.

8.2       You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.. These requests should be sent to fix@fixtrading.org.

8.3       We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

8.4       Under certain circumstances, you have rights under data protection laws in relation to your personal data. See annex on page 10 to find out more about these rights:

  • [Request correction of your personal data];
  • [Request erasure of your personal data];
  • [Object to processing of your personal data];
  • [Request restriction of processing your personal data];
  • [Request transfer of your personal data];
  • [Right to withdraw consent];

8.5       If you wish to exercise any of the rights set out above, please contact fix@fixtrading.org for subject access rights.

Security

9.1       Data security is of great importance to FIX Protocol Ltd. and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected by us in relation to your use of the Web Site and any Services or Systems therein.

9.2       These measures are to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.  We limit access to those employees, agents, contractors and other third parties who have a legitimate reason for accessing such data and/or where your explicit consent has been obtained in advance.

9.3       We have put in place procedures to deal with any suspected personal data breach (e.g. accidental release or disclosure or authorized access) and will notify you and any applicable regulator of a breach where we are legally required to do so.

Transfers of your personal data

10.1.    Sharing your personal data

Third Parties

There are a few data controllers (i.e. MailChimp, Eventbrite, Salesforce, Xero, SurveyMonkey) that your personal data may be shared with.

Your personal information may also be shared with any company that is a member of our group of companies, where necessary for internal administrative purposes, corporate strategy, auditing and monitoring and research and development. We may also share your personal information with our group companies where they provide products and services to us that help us to provide products and services to you as our customer.

Your personal data may also be shared with the following categories of third parties:

  • Dispute and complaints services, should we need to resolve a complaint with you
  • IT service providers, to enable us to manage and host our IT platforms
  • Social media platforms and management tools, to enable us to respond to any communications with you via our social media channels
  • Marketing and advertising agencies, to help us develop our marketing communications so that they are relevant for you
  • Survey hosting providers, to enable us to send out surveys to you so that we can learn from your feedback and improve our customer service
  • Industry regulators, legal and tax services, to help us comply with our legal and regulatory obligations
  • Sponsors of events organised by FIX Protocol Ltd. (see S 2.2.2 above)

We will also disclose your personal data to third parties:

(a)  where it is in our legitimate interests to do so to run, grow and develop our business:

  1. if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets;
  2. if FIX Protocol Ltd. or substantially all of its assets are acquired by a third party, in which case personal data held by FIX Protocol Ltd. will be one of the transferred assets;

iii.  if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;

(b)  to enforce our contract with you, to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or

(c)  to protect the rights, property or safety of FIX Protocol Ltd., our employees, customers, suppliers or other persons.

Your Data may be transferred outside the European Economic Area (EEA). In the event Data is transferred outside of the EEA, we will take the legally required precautions to ensure it is appropriately protected, and that any such international transfer is carried out only in accordance with the Data Protection Act 1998 and the EU General Data Protection Regulation. FIX Protocol Ltd. has in place compliant Data Transfer Agreements with all non-EEA third party recipients of your personal data which ensure minimum adequate safeguards of your personal data when it is exported to a location outside of the EEA.

Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and/or obtaining your consent. Where you have given your consent for us to use your personal data in a particular way, but later change your mind, you should contact us and we will stop doing so.

Cookies

11.1     FIX Protocol Ltd. may set and access Cookies on your computer.   We use this information and Data to tailor the Web Site for our visitors, showing them content that they are shown to be interested in, and displaying the content according to their preferences.

11.2     A Cookie is a small file that resides on your computer’s hard drive and often contains an anonymous unique identifier and is accessible only by the web site that placed it there, not any other sites.  Cookies can be first party or third party cookies.  First party cookies – cookies that the website you are visiting places on your computer.  Third party cookies – cookies placed on your computer through the website but by third parties.

11.3     You may delete Cookies, however you may lose any information that enables you to access the Web Site more quickly.

11.4     Certain capabilities of the Web Site may be rendered inoperable should you elect to disable cookies. FIX Protocol Ltd. shall have no obligation to restore such capabilities or to provide support in respect restoring such capabilities.

11.5     You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however this can be altered. For further details please consult the help menu in your browser. Disabling Cookies may prevent you from using the full range of Services available on the Web Site.

11.6     We use the following first and third party cookies on our website:

Strictly necessary cookies – These cookies are essential in order to enable you to move around the website and use its features.  Without these cookies, services you have asked for cannot be provided.  They are deleted when you close the browser.  These are first party cookies.

Performance cookies – These cookies collect information in an anonymous form about how visitors use our website.  They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it and the approximate regions that they are visiting from.  These are first party cookies.

Functionality cookies – These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features.
These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites. These are first party cookies.

Targeting Cookies – These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually third party cookies, placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

10.7     Cookie consent and opting out

10.7.1  To comply with current legislation, we need to ask for your consent to set cookies on our website.

10.7.2  When you arrive on our website a pop-up message will appear informing  you that we would like to place cookies on your device.  If you, or another user of your computer, wish to withdraw your consent at any time, you can do so by altering your browser settings otherwise we will assume that you are happy to receive cookies from our website.  For more information please visit http://www.allaboutcookies.org/ and http://www.youronlinechoices.com/uk/