Euronext Corporate Solutions B.V
Privacy statement website

Table of content

1.    INTRODUCTION   
2.    IMPORTANT INFORMATION AND WHO WE ARE    
2.1    Purpose and scope    
2.2    Controller /processor    
2.3 Contact details    
2.4 UK Representative    
2.5 Changes to the privacy policy and your duty to inform us of changes    
3.    The data we collect about you    
3.1    Personal data we collect    
3.2 If you choose not to provide Personal Data    
4.    How is your personal data collected?    
5.    How we use your personal data    
5.1    Cookies and tracking technologies    
5.2    Training sessions and third-party platforms    
5.3    Change of purpose    
6.    Disclosure of your personal data and international transfers    
6.1 Group sharing    
6.2 Disclosure to third parties    
6.3 Safeguards and responsibilities    
6.4 Links to third-party websites and external platforms    
6.5 Social media   
7. Data security and confidential information    
8. Data retention    
9. Your Rights    
9.1 No fee usually required    
10. Applicants    
11. Updates to this Statement    
12. Annexes    
Annex 1 – Glossary of used terms    
Annex 2 – Cookie inventory    
Annex 3 – Cookie removal instructions    
Annex 4 – List of Euronext Corporate Solutions Group Companies    

 

2. IMPORTANT INFORMATION AND WHO WE ARE

2.1 Purpose and scope

ECS is committed to protecting your privacy and ensuring full transparency in how we collect, use, store and process personal data when you interact with our corporate websites. This umbrella Privacy Policy explains those practices and applies when you:

• Visit or browse any of our corporate sites (see introduction);
• Download whitepapers, brochures or other content;
• Submit a contact, inquiry or support form;
• Register for events, webinars or demonstrations;
• Subscribe to newsletters, alerts or marketing communications;
• Engage with our social‑media channels, digital advertisements or campaigns;
• Provide data via third parties acting on our behalf;
• When we process personal data as a processor on behalf of a client, under an agreement where ECS also acts as a controller for distinct activities related to service provision;
• Apply for a job with an ECS company;

• Follow a course through ECS Academy.

Note: This Policy does not cover personal data collected through any standalone product platforms (e.g. iBabs, ComplyLog , Company Webcast). Each of those services publishes a product‑specific privacy supplement—linked from its own site—that describes any additional data processing unique to that platform.

All ECS Group companies and their activities comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable local laws.

2.2 Controller / Processor

Euronext Corporate Solutions (“ECS”) operates under a dual-role data governance model, acting either as a Data Controller or a Data Processor depending on the specific service and context in which personal data is collected and processed.

When ECS acts as Data Controller

In certain instances, ECS determines the purposes and means of processing personal data, and therefore acts as the Data Controller within the meaning of the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws. These scenarios include, but are not limited to:

• Interactions through the corporate website, such as:
  • Browsing or navigating site content;
  • Requesting a demonstration or proposal;
  • Downloading product brochures, reports, or white papers;
  • Submitting inquiries through contact forms or subscription to ECS communications.
• Engagement with ECS-operated solutions where ECS directly contracts with the end user or learner—for example, the Euronext Academy, where ECS determines course design, user registration, training delivery formats, certification issuance, and learner analytics. In such cases, ECS acts as the Data Controller for all personal data collected in relation to:

• Course enrollment and user profiles;
• Assessment results and completion records;
• Attendance and performance tracking;
• Communications between ECS instructors and participants.

• Service agreements where ECS provides onboarding, account administration, or support services directly to clients in its own name (not as an agent of another controller).

Each ECS Group entity operating a service platform assumes full controller responsibilities for compliance, transparency, data security, and user rights management as applicable to its jurisdiction.

When ECS acts as Data Processor

In other circumstances—particularly where ECS platforms are used by subscribing corporate clients or institutional partners—ECS acts solely as a Data Processor. In this capacity, ECS processes personal data strictly under the documented instructions of the Data Controller, in accordance with:

• A binding Data Processing Agreement (DPA);
• Relevant security, confidentiality, and access controls;
• The controller’s governance and retention requirements.

Examples include hosted platforms where a client manages user access, uploads proprietary data, or assigns training to its personnel via ECS infrastructure.

Intra-Company processing and data sharing

To provide seamless, high-quality services and to fulfil our contractual, operational, and legal obligations, personal data may be shared internally among ECS Group entities and other relevant Euronext Group affiliates. Such intra-company processing occurs under the following conditions:

• Only on a need-to-know basis, for purposes such as technical support, client servicing, training delivery, compliance, billing, security monitoring, and audit;
• Pursuant to an intra-group data transfer agreement incorporating appropriate safeguards (including Standard Contractual Clauses where required);
• With full adherence to the data minimization, purpose limitation, and access control principles set forth by applicable privacy regulations.

Where such transfers involve cross-border processing (e.g., between the EU and the UK), ECS ensures that appropriate legal mechanisms are in place to maintain an equivalent level of data protection.

All ECS Group entities are subject to our central data protection policies and oversight by the Group Data Protection Officer (DPO), ensuring consistent standards and accountability across jurisdictions.

2.3 Contact details

If you have any questions about this Privacy Policy or how ECS processes your personal data, you can contact us using the details below:

Full legal entity name: Euronext Corporate Solutions B.V.
Company registration: Registered in The Netherlands under company number 68034970 (Dutch Chamber of Commerce)
Registered office address: Beursplein 5, 1012 JW, Amsterdam
Email address: dpo.ecs@euronext.com
Postal address: 14, place des Reflets – CS30064 - 92054 Paris la Défense Cedex.

2.4 UK Representative

For individuals in the UK, our appointed representative is:

Company name: Euronext Corporate Solutions limited
Company registration number: 05682866

Registered office address: 25 north colonnades, 11th floor, canary wharf, London, England, e14 5hs
Email address: dpo.ecs@euronext.com

2.5 Changes to the privacy policy and your duty to inform us of changes 

This version was last updated on the date stated at the beginning of this privacy policy. We reserve the right to amend this privacy policy from time to time as required to ensure its accuracy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3. THE DATA WE COLLECT ABOUT YOU

3.1 Personal data we collect

As the Data Controller, ECS determines how and why we process personal data collected through our corporate websites, training programmes, and services. Personal data, or personal information, refers to any information relating to an identified or identifiable individual. This does not include data that has been irreversibly anonymised such that the individual can no longer be identified. For a complete definition, please refer to Annex 1 – Glossary of Terms.

ECS collects and processes personal data when you interact with our platforms in the following contexts:

• Visiting ECS websites
• Registering for a service or resource
• Participating in training activities, including virtual classrooms, online learning, or in-person events hosted by Euronext Academy

When you engage with ECS in these contexts, we may collect and process the following categories of personal data, depending on the nature of your interaction.

Note: For our standalone platforms—such as iBabs, ComplyLog and Company Webcast—the categories of personal data processed are detailed in the respective privacy statements published on each product’s website. These standalone statements govern data processing activities specific to those services and supplement this umbrella policy.

Categories of data collected

1. Device and technical information

Information about your browser, device, operating system, and other technical identifiers (e.g., IP address, cookies). This data is collected through analytics tools, cookies, and log files to help us monitor site performance and enhance your experience.

Legal basis: Legitimate interest (performance and security of ECS web infrastructure)

2. Contact and professional Information

If you fill in a contact form, download content, request a demo, or subscribe to a newsletter or event, we may collect your name, email address, phone number, job title, and company name.

Legal basis: Consent (for marketing); contract performance or pre-contractual steps (for service requests); legitimate interest (general business communications)

3. Usage data

Information about how you navigate and interact with our website—such as pages visited, time spent, click behavior, and referring URLs—collected via cookies, pixels, and similar tracking technologies.

Legal basis: Consent (where required for analytics or non-essential cookies); legitimate interest (understanding website performance and user engagement)

4. Marketing preferences

If you consent to receive marketing communications, we may collect your communication preferences and track your interactions with our emails (e.g., open and click rates) to tailor future messages.

Legal basis: Consent (for electronic marketing); legitimate interest (improving communication relevance and effectiveness)

5. Training and course participation data (Euronext Academy)

If you register for or attend an Academy course, workshop, or virtual classroom, we may collect: 

• Name, contact details, job title, and company name;
• Billing and payment information (where applicable);
• Course selection, attendance records, and learning goals;
• Interaction data from training platforms (e.g. chat input, poll responses, post-event feedback).

This data is collected via booking forms, registration systems, and participation tools such as Microsoft Teams or similar platforms.

Legal basis: Contract performance (for registered users); legitimate interest (quality control and learner support)

6. Contractual Relationship

In some cases, ECS collects and processes personal data in order to perform a contract with you or your organization, or to take steps at your request prior to entering into a contract. This includes:

• Registering you for a training programme or ECS service;
• Delivering course materials, certifications, or platform access;
• Providing onboarding, technical support, or user credentials;
• Communicating with you as a designated contact for billing, scheduling, or administrative purposes.

Legal basis: Contract performance; legitimate interest (client administration and support) 

Data from third parties and public sources

We may also receive personal data from third-party and public sources, including:

• Event registration or survey platforms used to engage with ECS services;
• Professional enrichment tools or business directories (e.g., LinkedIn, public company records), where legally permitted;
• Marketing and analytics platforms that provide campaign performance metrics or indicate interest in our services.

Legal basis: Legitimate interest (commercial outreach, marketing analytics); consent (where required for enriched profiles or third-party cookies) 

Aggregated and anonymised data

We may use aggregated or anonymised data—such as website traffic metrics or content download trends—for analytical, statistical, and internal reporting purposes. This type of data does not identify individual users and is not considered personal data under applicable data protection laws.

If we combine anonymised or aggregated data with information that could identify you, we will treat the combined data as personal data and handle it in accordance with this Privacy Statement.

Legal basis: Legitimate interest (business intelligence and service optimisation) 

3.2 If you choose not to provide Personal Data

In cases where we need to collect personal data by law or to fulfil a specific request (e.g. contacting you after a demo request), and you choose not to provide that information, we may be unable to respond to your request or provide certain features of the website. We will inform you at the time if this is the case.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

We collect personal data through a variety of methods when you visit or interact with the ECS website:

1. Direct interactions

You may provide personal data directly by submitting a form on our website—for example, when you request a demo, download a resource, sign up for a newsletter, register for an event, or contact us via email or phone. This may include your name, email address, job title, company name and other contact or professional details.

2.  Events and webinars

If you register for or attend an event, webinar or other corporate solutions-hosted activity via the website, we may collect registration information such as your name, contact details, organization and participation data. This may also include responses to polls, chat contributions or feedback provided.

3. Automated technologies and analytics

When you visit the website, we automatically collect certain technical data, such as your IP-address, browser type, device information, language settings and browsing behaviour (for example pages viewed, time on site and clicks). This data is collected through cookies, pixels and similar technologies. Identifiable cookies are only used if you give your consent via our cookie banner. Otherwise, analytics data is collected in an anonymised or aggregated form.

4. Training programmes and virtual events

When you register for a ECS Academy course or attend a virtual training session, we may collect personal data directly through registration forms, booking documents, or during the course itself. This includes attendance records, chat or Q&A participation, and feedback or evaluation forms. Participation platforms (e.g. Teams) may also collect technical and interaction data during the session, in line with their respective privacy policies.

5. Third-party sources

We may receive additional personal data about you from:

• Marketing or event platforms you use to register for corporate solutions-related content
• Third-party tools we use for lead generation or marketing insights (for example business contact databases);
• Publicly available sources such as LinkedIn or company websites, used to enrich your contact or company profile;
• Communication platforms or CRM systems (for example when you contact our support team or interact with email campaigns).

This helps us improve our marketing efforts, tailor communications, and respond to your requests more effectively.

In many of these cases, data is collected to fulfil a contractual obligation—either with you directly or with your organization. Where you register for a training programme, request access to a service, or enter into a commercial engagement with ECS, we will process your personal data for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract. This legal basis also applies where we provide technical onboarding, grant service access, or deliver ECS Academy certifications.

5. HOW WE USE YOUR PERSONAL DATA

We only process your personal data where permitted under applicable data protection legislation, such as the EU General Data Protection Regulation (GDPR) and the UK GDPR. In the context of our website and related services, Euronext Corporate Solutions ECS acts as the Data Controller, as we determine the purposes and means of processing your personal data.

The sections below outline the legal bases on which we rely and the specific purposes for which we process your personal data when you interact with the Corporate Solutions website, training programmes, or related services:

5.1 Cookies and tracking technologies

The ECS website uses cookies and similar technologies to distinguish you from other users, enhance your browsing experience, and help us analyse traffic and improve our platforms. Cookies also allow us to personalise content, remember your preferences, and understand how visitors interact with our site and services. Cookies are small text files stored on your device when you visit a website. They may be set by ECS directly (first-party cookies) or by third-party services used on our site (third-party cookies). If you disable or refuse cookies, some parts of the website may become inaccessible or may not function properly. An overview of the cookies used can be found in Annex 2. 

When you first visit the ECS website, you will be prompted with a cookie banner that allows you to manage your cookie preferences. You can choose to accept or reject non-essential cookies such as performance and targeting cookies. If you accept these cookies, you are giving your explicit consent for ECS to process your personal data as described in this privacy policy. 

You have the right to change your cookie preferences at any time by accessing the "cookie settings" on our website. Please note that rejecting certain cookies may affect the functionality of some parts of the website and services. 

Important: This section applies only to cookies set on the ECS corporate website. Cookies used on ECS product platform are governed by separate cookie policies applicable to those platforms. Users of those services should refer to the relevant in-platform notices for details on platform-specific cookies, trackers, and settings. 

Legal Basis 

Where required under applicable law, we use cookies on the basis of your consent, which is requested via a cookie banner when you first access our site. You may withdraw your consent or adjust your preferences at any time using your browser settings or the cookie management tool provided on our website. 

For cookies that are strictly necessary for the operation of the site, the legal basis is ECS’s legitimate interest in providing a functional, secure digital environment. 

Cookie duration and expiry 

ECS undertakes to delete or anonymise all cookies that we control after a maximum duration of 12 months. After this period, your consent will be requested again. 

Cookie categories and purposes

You can manage your cookie preferences through your browser settings. You may choose to refuse some or all cookies or set your browser to alert you when cookies are being used. Please note that disabling certain cookies may affect the availability or functionality of parts of the website. An explanation on how you can remove cookies can be found in Annex 3.

5.2 Training sessions and third-party platforms

Some training sessions may be recorded for quality assurance, internal reference, or to support participant learning. Where this applies, participants will be informed in advance and may opt out of being recorded where feasible.

Where third-party platforms are used to deliver training services—such as virtual classrooms (e.g. Microsoft Teams), certification providers, or survey tools—your personal data may be processed by those providers under their respective privacy policies. We take appropriate steps to ensure that any such third parties meet our data protection and security standards.

5.3 Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo.ecs@euronext.com

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. DISCLOSURES OF YOUR PERSONAL DATA AND INTERNATIONAL TRANSFERS

Personal data processed by ECS may be stored on secure servers located within the European Economic Area (EEA). In certain cases, personal data may be transferred outside the EEA, the United Kingdom (UK), or Switzerland. When such transfers occur, Corporate Solutions ensures that appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement (IDTA)
• Adequacy decisions issued by the European Commission or relevant UK authority
• Participation in recognised data transfer frameworks, such as:

• The EU-U.S. Data Privacy Framework
• The UK Extension to the EU-U.S. Data Privacy Framework
• The Swiss-U.S. Data Privacy Framework

Euronext US Inc. and relevant subsidiaries are certified under these frameworks where applicable.

6.1 Group sharing

We may disclose your personal data to other entities within the Euronext N.V. group, of which ECS is a subsidiary, based on our legitimate interest to do so or for administrative, compliance, and operational purposes.

6.2 Disclosure to third parties

ECS may disclose personal data to trusted third parties only where necessary, proportionate, and lawful. Such disclosures are limited to the specific purposes for which the data was collected or for closely related operational, legal, or compliance purposes. Categories of recipients may include: 

In all such cases, ECS ensures that appropriate safeguards are in place, including data processing agreements or non-disclosure obligations, and that the recipient processes personal data only for legitimate and authorised purposes. We require all third parties to respect the security and confidentiality of your personal data and to process it in accordance with applicable data protection laws. Third-party service providers are not permitted to use your personal data for their own purposes and may only process it on our instructions and for the specified purposes set out in our agreements with them. 

6.3 Safeguards and responsibilities

We require all third parties to respect the security and confidentiality of your personal data and to process it in accordance with applicable data protection laws. Third-party service providers are not permitted to use your personal data for their own purposes and may only process it on our instructions and for the specified purposes set out in our agreements with them.

6.4 Links to third-party websites and external platforms

The ECS website may contain links to external websites or services. This privacy policy does not apply to those third parties, and ECS is not responsible for their data processing practices. We encourage you to review their privacy policies.

Additionally, ECS may use external tools and platforms operated by third parties—for example, to collect customer feedback, reviews, or provide comparison services. When you interact with these tools (such as leaving a review), the processing of your personal data is governed by the privacy policy of the respective third-party provider. ECS is not responsible for how those parties handle your data, and we recommend that you consult their privacy statements before submitting any personal information.

6.5 Social media

If you share content from the ECS website via social media, your personal data may become visible to others based on your privacy settings on those platforms. ECS is not responsible for the processing of your data by such platforms.

7. DATA SECURITY AND CONFIDENTIAL INFORMATION

ECS is committed to protecting your personal data and has implemented appropriate technical and organisational measures to safeguard it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

To protect personal data, ECS applies robust security controls, including:

• Secure infrastructure and firewall protection to prevent unauthorised access.
• Encryption of personal data where appropriate, including during data transmission.
• Role-based access controls limiting access to authorised personnel with a legitimate business need.
• Regular audits, security assessments, and continuous monitoring of systems.
• Maintenance of certifications and alignment with applicable industry standards (e.g. ISO/IEC 27001, where applicable).

In addition, we have procedures in place to deal with any suspected personal data breaches. Where legally required, we will notify affected individuals and relevant data protection authorities without undue delay.

Please note that while ECS takes reasonable steps to secure your data, the transmission of data over the internet is never completely secure. For example, email and other external communications are not encrypted. We strongly advise you not to send sensitive personal information (such as bank or credit card details) via email. By choosing to use email or other unencrypted methods, you acknowledge the potential risk of interception by third parties and accept that ECS is not responsible for any resulting loss or damage.

8. DATA RETENTION

ECS will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to respond to your inquiries, manage communications, improve our website, or comply with legal and regulatory obligations.

When determining how long to retain your data, we consider:

• The nature, sensitivity, and volume of the personal data;
• The potential risk of harm from unauthorised access or disclosure;
• The specific purpose for which we collected the data and whether that purpose can still be achieved;
• Legal, regulatory, or contractual retention obligations that may apply.

If you have an active business relationship with ECS, retention periods may be extended as needed to meet contractual or legal obligations.

You may request the deletion of your personal data at any time, subject to our legal obligations. For more information, please see section 9 on your rights.

9. YOUR RIGHTS

As a data subject, you have certain rights under applicable data protection laws in relation to the personal data we process about you. These rights are not absolute and may be subject to limitations or exemptions under relevant law.

The table below outlines your key rights:

You may exercise your rights by contacting us through one of the following methods:

• Contacting the ECS Data Protection Officer: dpo.ecs@euronext.com
• By post:
  Attn. Data Protection Officer
  14, place des Reflets – CS30064
  92054 Paris la Défense.

We may request proof of identity to verify your request in line with our internal procedures.

Post-mortem rights 

To submit post-mortem instructions under French law, you may contact dpo.ecs@euronext.com and submit your request. 

Supervisory Authorities 

You also have the right to lodge a complaint with the competent data protection authority in the country where you live, work, or where you believe your rights have been infringed. We encourage you to contact us first to give us the opportunity to address your concerns. 

Data protection authorities relevant to ECS operations:

Country	Legal Entity	Supervisory Authority	Authority website
Netherlands	Euronext Corporate Solutions B.V.	Autoriteit Persoonsgegevens	autoriteitpersoonsgegevens.nl
France	Euronext Corporate Solutions France S.A.S.	Commission nationale de l'informatique et des libertés (CNIL)	cnil.fr
Germany	Euronext Corporate Solutions Germany GmbH	Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)	bfdi.bund.de
Italy	Euronext Corporate Solutions Italy S.r.l.	Garante per la protezione dei dati personali	garanteprivacy.it
Sweden	Euronext Corporate Solutions Sweden AB	Integritetsskyddsmyndigheten (IMY)	imy.se
United Kingdom	Euronext Corporate Solutions UK Limited	Information Commissioner's Office (ICO)	ico.org.uk

 

9.1 No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.