Euronext Corporate Solutions B.V

Privacy statement website

1. INTRODUCTION

This Privacy Statement serves as the umbrella privacy notice for the Euronext Corporate Solutions group of companies (“ECS”, “we”, “our” or “us”) and explains how we collect, use, share, and protect your personal data when you visit or interact with our websites, platforms, services, or applications. This document is designed to comply with Article 13 and 14 of the EU GDPR, as well as relevant national implementations in member states and the UK.

ECS operates a range of specialised digital solutions across governance, compliance, communication, and advisory domains. Each ECS entity may act as an independent data controller depending on the nature of the service or client relationship. 

All terms used in this Privacy Statement shall have the same meaning as defined in the EU General Data Protection Regulation (GDPR), unless otherwise specified.

Scope

This Privacy Statement applies to all personal data collected through the Euronext Corporate Services digital environment, including but not limited to visits to:
https://www.corporatesolutions.euronext.com (together referred to as the “Website”). This Privacy Statement also applies to other ECS brands and affiliated domains, except where a separate product-specific privacy policy is expressly referenced.

Our corporate sites and applications provide information about—and, where relevant, gateways to—secure digital and advisory solutions for listed companies and market participants (e.g. board portals, investor relations tools, insider log tracking, webcasting), as well as professional training services delivered through the Euronext Academy.

• Visit or browse our Website
• Download whitepapers or other content
• Submit a contact or inquiry form
• Register for an event or webinar
•  Enrol in professional training services provided by the Euronext Academy, such as virtual classrooms or sustainability-focused programmes
• Interact with us via chat or other online channels
  
  

Euronext Group consists of Euronext N.V, a Dutch holding company, located at Beursplein 5, 1012 JW, Amsterdam, the Netherlands, and its affiliated companies, acting as controllers. A list of all group companies and applicable privacy statements can be found in annex 4 to this Statement.

ECS is committed to maintaining the highest standards of data protection and transparency in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and all other applicable local data protection laws.

By using any ECS website, platform, or applications, you acknowledge and consent to the data processing practices outlined in this Privacy Statement and the individual product policies referenced above.

For any inquiries regarding the processing of your personal data or to exercise your rights under applicable data protection laws, please refer to Section 2: Contact Us.

This statement was last updated in September 2025

Table of contents

2.1 Purpose and scope 

2.2 Controller /processor 

2.3 Contact details 

2.4 UK Representative 

2.5 Changes to the privacy policy and your duty to inform us of changes 

3. The data we collect about you 

3.1 Personal data we collect 

3.2 Categories of data collected 

3.3 If you choose not to provide Personal Data 

4. How is your personal data collected? 

5. How we use your personal data 

5.1 Cookies and tracking technologies 

5.2 Training sessions and third-party platforms 

5.3 Change of purpose 

6. Disclosure of your personal data and international transfers 

6.1 Group sharing 

6.2 Disclosure to third parties 

6.4 Links to third-party websites and external platforms 

6.5 Social media 

7. Data security and confidential information

8. Data retention 

9. Your Rights

9.1 No fee usually required 

10. Applicants

Updates to this Statement 

Annexes

Annex 1 – Glossary of used terms 

Annex 2 – Cookie inventory 

Annex 3 – Cookie removal instructions 

1. IMPORTANT INFORMATION AND WHO WE ARE

1. Purpose and scope

Euronext Corporate Services is committed to protecting your privacy and ensuring transparency in how we collect, use, store, and process personal data when you interact with our corporate websites and related services. This umbrella Privacy Statement describes our data processing practices and applies when you:

• Visit or browse any of our ECS corporate websites or product landing pages (see Introduction);
• Download whitepapers, brochures, or other content (e.g. recorded webinars, demo kits);
• Submit a contact, inquiry, or support form—including for demo requests or onboarding assistance;
• Register for webinars, virtual classrooms, product demonstrations, or promotional events;
• Subscribe to newsletters, regulatory updates, or marketing communications;
• Interact with our social media, embedded videos, digital advertisements, or tracking tools;
• Provide personal data through third-party platforms used by ECS for event registration, marketing automation, or analytics;
• Apply for a job with an ECS company or submit your CV through our recruitment channels;
• Participate in CWC-hosted events or webcasts (e.g. via registration, poll submissions, or feedback forms);
• Interact with the ComplyLog or Company Webcast environment in contexts where ECS acts as a controller (e.g. account setup, billing, service support, CRM and analytics use);
• Engage with services where ECS acts as both a processor (on behalf of a client) and a controller for distinct activities related to service delivery or platform development;
• Follow a course through ECS Academy.

Some ECS services—such as iBabs, continue to maintain their own product-specific privacy statements, which remain applicable and are accessible via their respective website.

All ECS Group entities operate in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.

1. Controller /processor

Euronext Corporate Solutions (“ECS”) operates under a dual-role data governance model, acting either as a Data Controller or a Data Processor depending on the specific service and context in which personal data is collected and processed.

When ECS acts as Data Controller

ECS acts as a data controller when it determines the purposes and means of processing personal data. This includes, but is not limited to, the following scenarios:

• Interactions through ECS corporate websites, such as:

•  Browsing site content or interacting with embedded features.
•  Requesting a product demonstration or proposal.
•  Downloading brochures, reports, or white papers.
•  Submitting contact or support inquiries.
•  Subscribing to newsletters or marketing updates.

• Engagement with ECS-operated platforms where ECS contracts directly with end users or corporate clients and controls onboarding, support, and CRM data. Examples include:

• ComplyLog: where ECS manages registration, service administration, user engagement analytics, and client communications related to the InsiderLog, TradeLog, IntegrityLog, LiabilityLog, LiveEquity or Eurostocknews tools.
• Company Webcast: where ECS collects data from webcast registrations, viewer engagement (e.g. polls, chats), and usage analytics tied to event delivery.
• Euronext Academy: where ECS designs and administers course content, training formats, participant certification, and learning analytics.

• Client service agreements where ECS handles onboarding, billing, account management, or platform support directly in its own name—not as an agent of another controller.

Each ECS entity operating under this model assumes full responsibility for data protection compliance, transparency, security, and data subject rights management under applicable laws.

When ECS acts as Data Processor

In other circumstances—particularly where ECS platforms are used by corporate subscribers who control access, content, and user management—ECS acts as a data processor and processes personal data solely on behalf of the subscribing organisation. These processing activities are governed by:

• A binding data processing agreement (DPA).
• Documented client instructions.
• Strict security, access control, and confidentiality protocols.
• The controller’s data retention, audit, and governance policies.

Examples include:

• A client using ComplyLog to manage its internal insider lists, employee trading records, or whistleblower reports.
• A client using Company Webcast infrastructure to host investor events, internal broadcasts, or public-facing sessions, where ECS processes participant or attendee data under the client’s instructions.

In these scenarios, ECS does not determine the processing purposes and acts exclusively within the remit defined by the client. Where permitted under the applicable data processing agreement, ECS may also use metadata, usage logs, or aggregated statistics derived from client interactions with its platforms for the limited purpose of service improvement, analytics, and platform development. Such data is never used to identify individuals and is processed in compliance with applicable data protection laws, including the principles of data minimisation and pseudonymisation where relevant. Where ECS processes metadata or technical logs from client-hosted sessions for service improvement, such data is pseudonymised, aggregated, and cannot be traced back to specific individual

Intra-Company processing and data sharing

To provide reliable, secure, and scalable services, personal data may be accessed or processed by other ECS entities or Euronext Group affiliates under strict controls. This intra-group processing occurs:

• Only on a documented need-to-know basis, for operational purposes such as technical support, legal compliance, billing, or training coordination.
• Subject to appropriate contractual safeguards, including intra-group data transfer agreements and, where required, Standard Contractual Clauses (SCCs).
• In accordance with the principles of data minimisation, purpose limitation, and restricted access

Where intra-group transfers involve cross-border processing (e.g. between the EU and the UK), ECS ensures that a valid legal basis is in place to preserve an equivalent level of protection. All ECS entities are subject to centralised data protection oversight by the Euronext Group Data Protection Officer (DPO), ensuring consistent compliance across jurisdictions.

2.3 Contact details

If you have any questions about this Privacy Policy or how ECS processes your personal data, you can contact us using the details below:

Full legal entity name: Euronext Corporate Solutions B.V.
Company registration: Registered in The Netherlands under company number 68034970 (Dutch Chamber of Commerce)
Registered office address: Beursplein 5, 1012 JW, Amsterdam
Email address: dpo.ecs@euronext.com
Postal address: 14, place des Reflets – CS3006492054 Paris la Défense.

2.4 UK Representative

For individuals in the UK, our appointed representative is:

Company name: Euronext Corporate Solutions limited
Company registration number: 05682866

Registered office address: 25 North Colonnades, 11th Floor, Canary Wharf, London, England, e14 5hs
Email address: dpo.ecs@euronext.com

2.5 Changes to the privacy policy and your duty to inform us of changes

This version was last updated on the date stated at the beginning of this privacy policy. We reserve the right to amend this privacy policy from time to time as required to ensure its accuracy. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

1. The data we collect about you

   1. Personal data we collect

As the Data Controller, ECS determines how and why we process personal data collected through our corporate websites, training programmes, and services. Personal data refers to any information relating to an identified or identifiable individual. This does not include information that has been irreversibly anonymised such that the individual can no longer be identified. For a full definition, see Annex 1 – Glossary of Terms.

ECS collects and processes personal data when you interact with our websites or platforms in the following contexts:

• Visiting ECS websites or browsing product pages.
• Registering for a service, training programme, or downloadable resource.
• Participating in learning activities, including virtual classrooms, online courses, or in-person events hosted by the Euronext Academy.
• Engaging with ECS-operated platforms such as ComplyLog (including InsiderLog, TradeLog, IntegrityLog, and LiabilityLog) or Company Webcast, including demo requests, webcast registration, and participation in online events.

Depending on the nature of your interaction, we may collect and process the following categories of personal data:

• Identification and contact details (e.g. name, email address, job title, company, phone number).
• Login or access credentials (where applicable).
• Event participation details (e.g. registration status, attendance, poll answers, chat messages).
• Communication history (e.g. interactions with support teams, training feedback, or follow-up responses).
• Technical identifiers (e.g. device type, operating system, user agent string, session logs).
• Preferences and communication settings.
• Interaction data from ECS web properties or marketing tools (e.g. IP address, browser type, source pages, viewed content).
• Metadata about how users engage with our services, which may be used in aggregated or pseudonymised form for service development and analytics.

This Privacy Statement applies to personal data collected through ECS corporate websites and the following ECS-operated platforms: ComplyLog and Company Webcast. For all other ECS services—including iBabs, IR.Manager, Shareholder Analysis, and Euronext Academy—product-specific privacy statements remain in effect and govern any data processing specific to those platforms. Links to those policies are available on the relevant product websites. 

In certain contexts, ECS may process personal data through the ComplyLog or Company Webcast platforms in its capacity as a data processor, acting on behalf of a client. In those cases, the client remains the data controller and defines the purposes and means of processing. Such processing is governed by a binding data processing agreement (DPA) between the ECS company and the client, and ECS handles the data solely in accordance with the client's documented instructions.

1. Categories of data collected

All personal data is processed in accordance with applicable data protection laws and on the basis of a relevant legal ground, as outlined in the "Purposes and Legal Bases" section of this Privacy Statement. In certain limited cases, ECS may access such data for internal purposes such as platform security, service monitoring, or support troubleshooting, strictly within the boundaries permitted by the applicable data processing agreement.

• Device and technical information

Information about your browser, device, operating system, and other technical identifiers (e.g., IP address, cookies). This data is collected through analytics tools, cookies, and log files to help us monitor site performance and enhance your experience.

Legal basis: Legitimate interest (performance and security of ECS web infrastructure)

• Contact and professional Information

If you fill in a contact form, download content, request a demo, or subscribe to a newsletter or event, we may collect your name, email address, phone number, job title, and company name.

Legal basis: Consent (for marketing); contract performance or pre-contractual steps (for service requests); legitimate interest (general business communications)

• Usage data

Information about how you navigate and interact with our website—such as pages visited, time spent, click behaviour, and referring URLs—collected via cookies, pixels, and similar tracking technologies.

Legal basis: Consent (where required for analytics or non-essential cookies); legitimate interest (understanding website performance and user engagement)

• Marketing preferences

If you consent to receive marketing communications, we may collect your communication preferences and track your interactions with our emails (e.g., open and click rates) to tailor future messages.

Legal basis: Consent (for electronic marketing); legitimate interest (improving communication relevance and effectiveness)

1. Training and course participation data (Euronext Academy)

If you register for or attend an Academy course, workshop, or virtual classroom, we may collect:

• Name, contact details, job title, and company name
• Billing and payment information (where applicable)
• Course selection, attendance records, and learning goals
• Interaction data from training platforms (e.g. chat input, poll responses, post-event feedback)

This data is collected via booking forms, registration systems, and participation tools such as Microsoft Teams or similar platforms.

Legal basis: Contract performance (for registered users); legitimate interest (quality control and learner support)

• Contractual Relationship

In some cases, ECS collects and processes personal data in order to perform a contract with you or your organization, or to take steps at your request prior to entering into a contract. This includes:

• Registering you for a training programme or ECS service;
• Delivering course materials, certifications, or platform access;
• Providing onboarding, technical support, or user credentials;
• Communicating with you as a designated contact for billing, scheduling, or administrative purposes.

• Professional or organisational details (e.g. employer name, industry, country)  
• Communication history (e.g. interactions with support teams, training feedback, or follow-up responses)  
• Technical identifiers (e.g. device type, operating system, user agent string, session logs)

Legal basis: Contract performance; legitimate interest (client administration and support)

• Data from third parties and public sources

We may also receive personal data from third-party and public sources, including:

• Event registration or survey platforms used to engage with ECS services;
• Professional enrichment tools or business directories (e.g., LinkedIn, public company records), where legally permitted;
• Marketing and analytics platforms that provide campaign performance metrics or indicate interest in our services;

Legal basis: Legitimate interest (commercial outreach, marketing analytics); consent (where required for enriched profiles or third-party cookies)

• Aggregated and anonymised data

We may use aggregated or anonymised data—such as website traffic metrics or content download trends—for analytical, statistical, and internal reporting purposes. This type of data does not identify individual users and is not considered personal data under applicable data protection laws.

If we combine anonymised or aggregated data with information that could identify you, we will treat the combined data as personal data and handle it in accordance with this Privacy Statement.

Legal basis: Legitimate interest (business intelligence and service optimisation)

1. If you choose not to provide Personal Data

In cases where we need to collect personal data by law or to fulfil a specific request (e.g. contacting you after a demo request), and you choose not to provide that information, we may be unable to respond to your request or provide certain features of the website. We will inform you at the time if this is the case.

1. How is your personal data collected?

ECS collects personal data through various methods depending on how you interact with our websites, services, and training platforms. The data may be provided directly by you, generated automatically through digital interactions, or received from third-party sources. Below is an overview of the key collection methods:

• Direct interactions

You may provide personal data directly by submitting a form on our website—for example, when you request a demo, download a resource, sign up for a newsletter, register for an event, or contact us via email or phone. This may include your name, email address, job title, company name and other contact or professional details.

• Events and webinars

When you register for or participate in an ECS-hosted event, webinar, or live webcast (including those run via Company Webcast), we may collect:

• Registration details (e.g. name, contact, company, function);
• Participation data (e.g. login timestamp, session duration, poll responses, questions submitted, chat interactions, feedback forms).

Some of this data is collected directly by ECS, while additional technical or usage data may be collected by the platform used to host the event in line with their respective privacy policies.

• Automated technologies and analytics

When you visit the website, we automatically collect certain technical data, such as your IP-address, browser type, device information, language settings and browsing behaviour (for example pages viewed, time on site and clicks). This data is collected through cookies, pixels and similar technologies. Identifiable cookies are only used if you give your consent via our cookie banner. Otherwise, analytics data is collected in an anonymised or aggregated form.

• Training programmes and virtual events

When you register for a ECS Academy course or attend a virtual training session, we may collect personal data directly through registration forms, booking documents, or during the course itself. This includes attendance records, chat or Q&A participation, and feedback or evaluation forms. Participation platforms (e.g. Teams) may also collect technical and interaction data during the session, in line with their respective privacy policies.

• Third-party sources

We may receive additional personal data about you from:

• Marketing or event platforms you use to register for corporate solutions-related content;
• Third-party tools we use for lead generation or marketing insights (for example business contact databases);
• Publicly available sources such as LinkedIn or company websites, used to enrich your contact or company profile;
• Communication platforms or CRM systems (for example when you contact our support team or interact with email campaigns).

This helps us improve our marketing efforts, tailor communications, and respond to your requests more effectively.

Legal Basis

In many of the above cases, the collection of personal data is necessary for the performance of a contract or to take steps at your request prior to entering into a contract (e.g. access to a training programme, service onboarding, or responding to a contact request). Other collection activities are based on our legitimate interests or, where required, your explicit consent (e.g. for non-essential cookies or direct marketing).

1. How we use your personal data

We only process your personal data where permitted under applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK GDPR.

In the context of our websites, training programmes, and related services, Euronext Corporate Services (ECS) acts as the data controller, meaning we determine the purposes and means of processing your personal data.

This includes personal data collected through the ComplyLog and Company Webcast platforms where ECS acts as a data controller—for example, when handling demo requests, user onboarding, support tickets, webcast participation, or issuing attendance certificates. Where ECS acts as a data processor for ComplyLog or Company Webcast clients, those processing activities are governed by a separate Data Processing Agreement (DPA) and carried out on the legal basis determined by the client, who remains the data controller. In all cases, ECS ensures that processing is performed in accordance with applicable laws and the terms of the relevant agreement.

The table below outlines the legal bases on which we rely and the corresponding purposes for which we process your data:

1. Cookies and tracking technologies

The ECS website uses cookies and similar technologies to distinguish you from other users, enhance your browsing experience, and help us analyse traffic and improve our platforms. Cookies also allow us to personalise content, remember your preferences, and understand how visitors interact with our site and services. Cookies are small text files stored on your device when you visit a website. They may be set by ECS directly (first-party cookies) or by third-party services used on our site (third-party cookies). If you disable or refuse cookies, some parts of the website may become inaccessible or may not function properly. An overview of the cookies used can be found in Annex 3.

When you first visit the ECS website, you will be prompted with a cookie banner that allows you to manage your cookie preferences. You can choose to accept or reject non-essential cookies such as performance and targeting cookies. If you accept these cookies, you are giving your explicit consent for ECS to process your personal data as described in this privacy policy.

You have the right to change your cookie preferences at any time by accessing the "cookie settings" on our website. Please note that rejecting certain cookies may affect the functionality of some parts of the website and services.

Important: This section applies only to cookies set on the ECS corporate website. Cookies used on ECS product platform are governed by separate cookie policies applicable to those platforms. Users of those services should refer to the relevant in-platform notices for details on platform-specific cookies, trackers, and settings.

Legal Basis

Where required under applicable law, we use cookies on the basis of your consent, which is requested via a cookie banner when you first access our site. You may withdraw your consent or adjust your preferences at any time using your browser settings or the cookie management tool provided on our website.

For cookies that are strictly necessary for the operation of the site, the legal basis is ECS’s legitimate interest in providing a functional, secure digital environment.

Cookie duration and expiry

ECS undertakes to delete or anonymise all cookies that we control after a maximum duration of 12 months. After this period, your consent will be requested again.

Cookie categories and purposes

You can manage your cookie preferences through your browser settings. You may choose to refuse some or all cookies or set your browser to alert you when cookies are being used. Please note that disabling certain cookies may affect the availability or functionality of parts of the website. An explanation on how you can remove cookies can be found in Annex 3.

1. Training sessions and third-party platforms

Some training sessions may be recorded for quality assurance, internal reference, or to support participant learning. Where this applies, participants will be informed in advance and may opt out of being recorded where feasible.

Where third-party platforms are used to deliver training services—such as virtual classrooms (e.g. Microsoft Teams), certification providers, or survey tools—your personal data may be processed by those providers under their respective privacy policies. We take appropriate steps to ensure that any such third parties meet our data protection and security standards.

1. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Examples of compatible purposes include platform security auditing, feature usage reporting, and client training content improvement.

If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo.ecs@euronext.com If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

1. Disclosure of your personal data and international transfers

Personal data processed by ECS may be stored on secure servers located within the European Economic Area (EEA). In certain cases, personal data may be transferred outside the EEA, the United Kingdom (UK), or Switzerland. When such transfers occur, Corporate Solutions ensures that appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• The UK International Data Transfer Agreement (IDTA);
• Adequacy decisions issued by the European Commission or relevant UK authority;
• Participation in recognised data transfer frameworks, such as:

• The EU-U.S. Data Privacy Framework;
• The UK Extension to the EU-U.S. Data Privacy Framework;
• The Swiss-U.S. Data Privacy Framework.

Euronext US Inc. and relevant subsidiaries are certified under these frameworks where applicable.

This applies equally to data processed via ECS-operated platforms such as ComplyLog and Company Webcast, which may involve transfers to or access by third-party service providers located outside the EEA, including in the United States. These platforms rely on trusted infrastructure partners to support application hosting, analytics, communication workflows, and support services. Where these providers are based outside the EEA, ECS ensures that all transfers are subject to robust legal mechanisms and adequate safeguards as outlined above.

6.1 Group sharing

We may disclose your personal data to other entities within the Euronext N.V. group, of which ECS is a subsidiary, based on our legitimate interest to do so or for administrative, compliance, and operational purposes.

6.2 Disclosure to third parties

ECS may disclose personal data to trusted third parties only where necessary, proportionate, and lawful. Such disclosures are limited to the specific purposes for which the data was collected or for closely related operational, legal, or compliance purposes. Categories of recipients may include:

In all such cases, ECS ensures that appropriate safeguards are in place, including data processing agreements or non-disclosure obligations, and that the recipient processes personal data only for legitimate and authorised purposes. We require all third parties to respect the security and confidentiality of your personal data and to process it in accordance with applicable data protection laws. Third-party service providers are not permitted to use your personal data for their own purposes and may only process it on our instructions and for the specified purposes set out in our agreements with them.

6.4 Links to third-party websites and external platforms

The ECS website may contain links to external websites or services. This privacy policy does not apply to those third parties, and ECS is not responsible for their data processing practices. We encourage you to review their privacy policies.

Additionally, ECS may use external tools and platforms operated by third parties—for example, to collect customer feedback, reviews, or provide comparison services. Where cloud service providers or analytics partners are used, these are selected based on their adherence to security certifications (e.g. ISO 27001) and binding contractual commitments.

When you interact with these tools (such as leaving a review), the processing of your personal data is governed by the privacy policy of the respective third-party provider. ECS is not responsible for how those parties handle your data, and we recommend that you consult their privacy statements before submitting any personal information.

6.5 Social media

If you share content from the ECS website via social media, your personal data may become visible to others based on your privacy settings on those platforms. ECS is not responsible for the processing of your data by such platforms.

7. Data security and confidential information

Euronext Corporate Solutions (ECS) is committed to safeguarding your personal data and has implemented appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with applicable data protection laws.

To ensure the confidentiality, integrity, and availability of personal data, ECS applies a range of security measures, including:

• Secure infrastructure and firewall protection to prevent unauthorised access.
• Encryption of personal data where appropriate, including during data transmission.
• Role-based access controls limiting access to authorised personnel with a legitimate business need.
• Regular audits, security assessments, and continuous monitoring of systems.
• Maintenance of certifications and alignment with applicable industry standards (e.g. ISO/IEC 27001, where applicable).

ECS also maintains internal incident response procedures designed to detect, assess, and mitigate security breaches. Where legally required, ECS will notify the competent supervisory authority and affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

While ECS takes reasonable steps to protect personal data, no system can guarantee absolute security—particularly during transmission over the internet. As a precaution, users are advised not to send sensitive information (such as payment details or identification numbers) via unencrypted email or other unsecured communication channels. ECS cannot accept responsibility for data that is voluntarily shared through such methods and beyond our reasonable control.

8. Data retention

Euronext Corporate Solutions (ECS) will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to respond to inquiries, manage communications, improve our website, deliver training or services, or comply with legal and regulatory obligations.

When determining retention periods, ECS considers:

• The nature, sensitivity, and volume of the personal data
• The potential risk of harm from unauthorised access or disclosure
• The purposes for which the data was collected and whether those purposes are still relevant
• Applicable legal, regulatory, or contractual retention obligations

If you have an active business relationship with ECS, your data may be retained for the duration of the relationship and extended where required for contractual or legal purposes.

For personal data processed through ComplyLog or Company Webcast platforms in their capacity as a data processor, retention is governed by the terms of the relevant client contract and DPA. In such cases, ECS stores and deletes data in accordance with the data controller’s documented instructions.

You may request the deletion of your personal data at any time, subject to applicable legal obligations. For more information, see section 9: Your Rights.

9. Your Rights

As a data subject, you have certain rights under applicable data protection laws in relation to the personal data we process about you. These rights are not absolute and may be subject to limitations or exemptions under relevant law.

The table below outlines your key rights:

In cases where ECS processes personal data on behalf of a client in the capacity of a data processor, your request may need to be forwarded to the relevant data controller. ECS will assist the controller in responding, in accordance with the applicable Data Processing Agreement. 

If you object to processing based on our legitimate interests (e.g. analytics), you may contact us at dpo.ecs@euronext.com. We will assess your objection and respond in accordance with the GDPR.

Exercising your rights

You may exercise your rights by contacting us through one of the following methods:

• Contacting the ECS Data Protection Officer: dpo.ecs@euronext.com
• By post:
  Attn. Data Protection Officer
  14, place des Reflets – CS30064
  92054 Paris la Défense.

We may request proof of identity to verify your request in line with our internal procedures.

Post-mortem rights

To submit post-mortem instructions under French law, you may contact dpo.ecs@euronext.com and submit your request.

Supervisory Authorities

You also have the right to lodge a complaint with the competent data protection authority in the country where you live, work, or where you believe your rights have been infringed. We encourage you to contact us first to give us the opportunity to address your concerns.

Data protection authorities relevant to ECS operations:

9.1 No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. 

10. Applicants

This section applies to personal data collected and processed by ECS and its affiliated entities—such as CWC and ComplyLog—during the recruitment process. It explains how we handle personal data submitted by individuals who apply for job opportunities, whether directly, through third parties, or via public channels.

This notice covers:

• Applications for roles at any ECS company, including CWC and ComplyLog.
• Participation in ECS recruitment campaigns, talent programmes, or referral initiatives.
• Submissions received via job boards, recruitment agencies, or unsolicited CVs.
• Profiles identified through professional platforms such as LinkedIn.
• Data provided to us by third parties, such as referees or recruiters

This section applies to all recruitment activity conducted by ECS up to the point where:

1. The recruitment process ends and you are not offered a role, or
2. you accept a position and begin employment, in which case your personal data will be handled under our internal Staff Privacy Notice.

We are committed to processing your personal data lawfully, fairly, and transparently, and in accordance with applicable data protection legislation such as the GDPR, the UK GDPR, and relevant national law

This section only applies to personal data which you may provide directly to us or via third parties, in the following cases:

• You participate in a ECS recruitment initiative
• You voluntarily submit your resume to a representative of Euronext on an ad hoc basis
• You apply for an advertised job
• A recruiter provides your resume or details to ECS
• ECS finds your CV / details in online searches e.g. LinkedIn
• You are referred to an open position by an employee as part of the Euronext Referral Program.

The personal data we process

As part of the recruitment and job application process, we collect the personal data that you / your agency / your referrer submit to us, which may include:

If you apply for a position through the “Apply with LinkedIn” option, we may use the information you have previously provided to LinkedIn to populate your application. You are free to remove some details. The main mandatory information we need to proceed with your recruitment is your resume. You may remove personal data from your resume.

It is necessary for us to process your personal data in order to assess your job application and/or include you in a recruitment initiative. Ultimately, it may also be necessary for us to process your Personal Data in order to take steps to offer and enter into a contract of employment with you. In the event that you do not wish to provide us with your personal data for the purposes outlined in this Statement, we will not be able to assess your job application and/or include you in a recruitment initiative and/or offer you a contract of employment.

Please note that should you include information you think is relevant to your job application or the recruitment initiative, including cover letters, references from your previous employers and other documents you see fit. For information containing personal data, we will hold and process any such Personal Data in accordance with the terms of this Statement.

How and why, we process your personal data

The following table details the key context for which ("Legal Basis") and why ("Purposes") we collect, obtain and process your Personal Data within ECS. The third parties and those within Euronext with whom we may share your Personal Data ("Recipients") are detailed in section 6 of this Statement.

IMPORTANT:
When we process your personal data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).

We will only use your personal data for the purposes for which we collect it (as outlined in this section), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in accordance this statement and we will explain the legal basis which allows us to do so.

Disclosure of your personal data

We may disclose some or all of your personal data to the following parties:

• Internal business units such as Human Resources, IT, Finance/Payroll, Managers, system administrators, our trusted third-party service providers and our IT service providers.
• Your previous employers when you have provided them as a reference third parties that may be contacted to provide additional information related to your previous work experiences.
• Recruitment agencies.
• Regulatory authorities:
• Outsourced service providers who assist ECS with recruitment initiatives and campaigns such as recruitment agencies, technical test assessment, background check and health assessment companies (where applicable); etc.
• Professional advisors such as legal advisors, consultants and accountants.

Retention of your personal data

Where you are a successful job applicant, the personal data generated by us and provided by you over the course of the job application/recruitment process will be retained by us for the purpose of your contract of employment. Such personal data will be retained in accordance with our Staff Data Protection Policy and Retention Policy (which will be available to you when you commence employment).

Where you are an unsuccessful job applicant, we will retain your personal data for a period of up to 12 months after it is determined that your application has been unsuccessful for the purposes of both contacting you in relation to future vacancies within ECS which we think may be of interest to you and, for the purpose of defending any potential employment equality claims.

Please note that in certain circumstances, we may hold your data for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your personal data.

11. Updates to this Statement

We encourage you to check this Privacy Statement regularly to stay informed of updates. If we make material changes, we will notify you via our website or, where appropriate, directly via email.

12. Annexes

Annex 1 – Glossary of used terms

Annex 2 – Cookie inventory I

The following cookies are used on the ECS website and may be set either by ECS directly (first-party) or by third-party platforms integrated with our services. These cookies help us ensure platform functionality, monitor site performance, and improve the user experience.

Note: Cookie deployment may vary depending on user location, device type, and the user’s consent preferences. Users can manage their cookie settings at any time via the cookie banner or browser settings.

Annex 3 – Cookie removal instructions

As part of our commitment to privacy and compliance with the GDPR, we provide the following information on how to remove cookies from your browser:

Google Chrome:

1. Open Chrome and click on the three-dot menu icon in the top-right corner.
2. Select “Settings” from the drop-down menu.
3. Under the “Privacy and security” section, click on “Clear browsing data.”
4. Select the time range for which you want to remove cookies.
5. Check the box next to “Cookies and other site data.”
6. Click on the “Clear data” button to remove the cookies.

Mozilla Firefox:

1. Open Firefox and click on the menu button (three horizontal lines) in the top-right corner.
2. Select “Settings” from the menu.
3. In the left sidebar, click on “Privacy & Security.”
4. Under the “Cookies and Site Data” section, click on the “Clear Data” button.
5. Check the box next to “Cookies and Site Data.”
6. Click on the “Clear” button to remove the cookies.

Safari:

1. Open Safari and click on “Safari” in the top menu.
2. Select “Settings” from the drop-down menu.
3. In the Preferences window, click on the “Privacy” tab.
4. Click on the “Manage Website Data” button.
5. In the new window, select the website(s) for which you want to remove cookies.
6. Click on the “Remove” button, then click “Done” to confirm.

Please note that the above instructions may vary slightly depending on the browser version you are using. If you are using a different browser, we recommend referring to the browser’s documentation or support website for specific instructions.

Annex 4 – List of Euronext Corporate Solutions Group Companies

This privacy statement shall be applicable to the following Euronext Corporate Solutions Group companies:

• Euronext Corporate Solutions BV, with the corporate registration number 68034970 located at Beursplein 5, 1012 JW, Amsterdam, the Netherlands ;
• Euronext Corporate Solutions France S.A.S., with the corporate registration number 444 325 286 R.C.S. Courbevoie located at 14 place des Reflets, CS30064, 92054 Paris la Défense Cedex, France ;
• Euronext Corporate Solutions Germany GmbH, with the corporate registration number District Court of Frankfurt HRB 129135 located at Bockenheimer Landstraße 23, Frankfurt am Main, Germany ;
• Euronext Corporate Solutions Italy S.r.l., with the corporate registration number MI-2621729 located at Piazza degli Affari 6, 20123 Milano, Italy ;
• Euronext Corporate Solutions Sweden AB, with the corporate registration number 5591417083 located at Holländargatan 17B, 111 60 Stockholm, Sweden ;
• Euronext Corporate Solutions UK Limited, with the corporate registration number 5682866 located at 11th Floor CARGO Building, 25 North Colonnade, London E14 5HS, United Kingdom ;
• Euronext Corporate Solutions Finland Oy, with the corporate registration number 2700662-1 located at Lapinlahdenkatu 16, 00180 Helsinki, Finland ;
• Company Webcast B.V., with the corporate registration number 24384974 located at Rivium Boulevard 176, 2909 LK Capelle aan den IJssel, Netherlands ;

This Privacy Statement shall not apply to the personal data collected and processed by the following companies. For more information, please read their privacy policies. The privacy policies of those companies are available to: