Notice of European Union Data Protection terms –  to Customers and Suppliers

June 2025 version

1      Identity and contact details

2      Categories of personal data

3      Purposes and Legal basis

4      Transfer of data to third party

5      Retention

6      Automated decisions

7      Rights of the data subject

 

With this privacy notice (hereinafter the “Notice”), KNEIP Communication S.A. in Luxembourg (hereinafter “we”, “KNEIP”, “our” or “us”) informs you how we process your personal data.

As controller, we are responsible for the personal data we collect from you. This obligation includes the compliance with Regulation (EU) 2016/679 of 27 April 2016 (“GDPR” or “General Data Protection Regulation”) and all other national and supranational laws (including but not limited to the Luxembourg law of 1st August 2018 on the organisation of the National Data Protection Commission and the general data protection framework, as amended from time to time) (collectively “Data Protection Laws”).

 

We collect and process personal data about natural persons, who are employees or any other individuals related to our clients and suppliers – including your internal and external employees, former employees, your commercial representatives, contact person(s), visitor(s), senior management, board member(s), representative(s) and/or beneficial owner(s) related to the customer or any other individual concerned (hereafter “Data Subject(s)”).

 

This data protection notice provides information about what information we collect, how and why we process it, and with whom we share it. This notice applies to all aforementioned Data Subjects, regardless of their place of residence and the type of service or product, offered by us.

 

In case of a legal person, you undertake and guarantee to process personal data and to supply relevant personal data to us in compliance with the Data Protection Laws, including, where appropriate, informing the relevant Data Subjects of the content of this data protection notice and any updated version thereof in accordance with articles 12, 13 and/or 14 of the GDPR.

In addition, Data Subjects undertake to ensure the accuracy of the personal data provided and promptly inform us where such personal data is not up to date.

 

We collect and process certain information about Data Subjects in order to conclude and execute contract(s) with our clients and suppliers as well as to maintain our contractual relationship with them. Unless Data Subjects provide us with such information, we may not be able to enter into, execute or fulfil any contractual relationship. We may have obtained the personal data set out in the section below from (not public accessible) sources such as the contract and communication(s) during our contract performance.

The current data protection notice should be read along with the contracts signed with our clients and suppliers at the beginning of the business relationship, and which describe the product and service we offer/receive.

 

This data protection notice is also valid after termination of the contract with our clients and suppliers.

 

  • Identity and contact details

We are: KNEIP Communication  S.A., 33 avenue du Puits Romain, L-8070 Bertrange, e-mail: [email protected].

 

The contact details of our Data Protection Officer are as follows, Data Protection Officer, KNEIP Communication  S.A., 33 avenue du Puits Romain, L-8070 Bertrange, [email protected].

 

  • Categories of personal data

We collect, store and process personal data that we receive from our clients and suppliers or other sources during the course of our business relationship. Personal data may be the following information:

  • Identification data: Business contact details, full name, age, gender, birthdate and place, nationality, citizenship, identity number, passport number, identity card with photo, civil status, profession, the position within the company, signature, the role with regard to the KNEIP system, User IDs;
  • Contact data: email, address, phone number, fax number, proof of address;
  • Tax related data: tax identifiers, countries of tax residency, tax status, tax certificates;
  • AML/KYC related data: source of wealth, source of funds, power of attorney status, PEP status, sanctions status, income, related parties;
  • As part of our compliance with legal obligations such as AML/KYC, we may be required to process special categories of personal data as defined by the GDPR, including personal data relating to political opinions as well as criminal convictions and offences.
  • Communication data: recordings such as video or telephone recordings, client communications via electronic or other means.
  • We may process any other information pertaining to the aforementioned Data Subjects that has been disclosed or becomes known to KNEIP in the context of our business relationship.

 

We will collect Data Subjects personal data from various sources, namely:

  • directly from the Data Subject.
  • from third parties representing the Data Subjects;
  • from third parties representing us;
  • from our service providers;
  • from public registers/platforms;
  • from public agencies/authorities.

 

  • Purposes and Legal basis

We collect, process, store and share personal information based on the following legal bases:

  1. for the fulfilment of contractual obligations (Art. 6 para.1b GDPR)
  • to perform any pre-contractual and contractual measures and to fulfil our contractual obligations, including for the acceptance of your company as KNEIP Client for KNEIP services and the KNEIP systems, the day-to-day operations, the payment of the fees and costs) (identification data, contact data, and tax related data).

 

 

  1. in the context of our legitimate interest not overriding the Data Subjects’ interests or fundamental rights and freedoms (Art. 6 para. 1f GDPR)
  • A due diligence carried out by any third party that: (i) acquires, or is interested in acquiring or securitizing, all or part of KNEIP’s assets or shares, (ii) succeeds to us in carrying on all or a part of our businesses, or services provided to us, whether by merger, acquisition, financing, reorganization or otherwise, or (iii) intends to onboard us as a client or a co-investor or otherwise (identification data, contact data, tax related data, AML/KYC related data and communication data).
  • Customer/supplier relationship management (identification data and contact data).
  • Establishing, exercising, or defending legal claims and the provision of the proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of our’ business, to courts, regulators and authorities having jurisdiction over KNEIP, its affiliates or any other third parties engaged by KNEIP or its affiliates (identification data, contact data, tax related data, ALM/KYC related data and communication data).
  • Complying with foreign laws and regulations and/or any order of a foreign court, government, supervisory, regulatory or tax authority, including in case of discovery proceedings (identification data, contact data, tax related data, AML/KYC related data and communication data).
  • To the purpose of fraud prevention / risk management / audit and investigations (identification data, contact data, tax related data, AML/KYC related data and communication data).
  • To perform market and customer analyses in order to improve KNEIP’s products and services (identification data and contact data).

 

  • to the extent you as a KNEIP client are or become prospect or client of other affiliate(s), for specific sharing of your data between the relevant entities, such data being limited to the clients’ AML, CTF and KYC data, as required by applicable laws, regulations, and internal policies (identification data, contact data, AML/KYC related data); and
  • exercising our business in accordance with reasonable market standards (all types of personal data).

 

  1. based on the Data Subjects consent (Art. 6 para. 1a GDPR)
  • the legality of the processing is given by the Data Subject consent to the use of personal data for specific purposes (e.g. use of email address for marketing/promotional measures). Data Subjects can revoke their given consent at any time with effect for the future. For the avoidance of doubt, where consent is given by the Data Subjects, such consent shall be construed distinctly from any consent given in the context of confidentiality and/or professional secrecy compliance obligations.

Accordingly, if personal data that is required is not provided, KNEIP may not be able to enter into business relationships with its clients and suppliers.

 

Where our purposes and/or legal bases change over time or where we want to use your personal data for new purposes, we will inform you of such new processing in accordance with the Data Protection Laws.

 

  • Transfer of data to third parties

Your data will only be made available within KNEIP, its subsidiaries (i.e. KNEIP Communication UK Ltd) and to Deutsche Börse group entities who are supporting the fulfilments of our contractual and legal obligations. We may share and disclose personal data:

  • to service providers involved in the context of the performance of the services by KNEIP, such as IT service providers (e.g. for purposes of IT hosting, operation and support etc).
  • to professional advisors of KNEIP, such as its auditors or lawyers or consultants.
  • to other third parties involved in the context of the compliance with its legal and regulatory duties or rights towards national or foreign administrative, governmental, supervisory, judicial or tax authorities. to public authorities (governmental, judicial, prosecution or regulatory agencies and/or authorities) and, where applicable, official national and international registers.
  • to any third party that acquires, or is interested in acquiring or securitizing, all or part of KNEIP’ assets or shares, or that succeeds to it in carrying on all or a part of its businesses, or services provided to it, whether by merger, acquisition, reorganization or otherwise as well as any other third party supporting the activities of KNEIP.
  • in connection with any group restructuring/reorganisation or transfer of business and/or services.
  • any other third party supporting the activities of KNEIP.

All of the above listed recipients are hereafter referred to as “Recipients”.

The Recipients may, under their own responsibility, disclose the personal data to their agents and/or delegates (chain-outsourcing) (the “Sub-Recipients”), which shall process the personal data for the sole purposes of assisting the Recipients in providing their services to KNEIP and/or assisting the Recipients in fulfilling their own legal obligations.

The Recipients and Sub-Recipients may, as applicable, process the personal data as processors (when processing the personal data on behalf and upon instructions of KNEIP and/or the Recipients), or as distinct controllers (when processing the personal data for their own purposes, namely fulfilling their own legal obligations).

 

Sometimes the Recipients to whom we transfer your personal data are located in countries outside the European Economic Area in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your personal data, such as entering, prior to such transfer, into legally binding transfer agreements with the relevant Recipients in the form of the European Commission approved standard contractual clauses or any other appropriate safeguards pursuant to the GDPR, as well as, if necessary, supplementary measures. In this respect, the Data Subjects have a right to request copies of the relevant document for enabling the personal data transfer(s) towards such countries by writing to us at the address referred to in the Section 1.

Any transfer of personal data s to service providers acting as processors (e.g. for purposes of IT hosting, operation and support), is based on prior signed data processing agreements according to GDPR requirements.

  • Data retention

KNEIP and those third parties to whom personal data is transferred will retain that data as long as necessary for the purposes set out above and/or required by applicable laws. In particular, we will hold certain personal data and for a period consistent with its data retention policy (generally 10 years) after the termination of the relationship between a given client or supplier and KNEIP and in any event no longer than necessary with regard to the purpose of the data processing or as required by law and regulation. These include the following purposes:

Type of records Retention periods
Commercial contracts 10 years from the end of the contractual relationship to which the documents relate.
Business correspondence (letters, emails, faxes, etc.) 10 years from the end of the accounting year in which the document was sent or received.
Accounting related documents 10 years from the latest of either the end of the accounting year.
Corporate related documents 5 years from the date of the closing of CFCL’s liquidation.
AML/KYC related documents 5 or 10 years from the end of the contractual relationship to which the documents relate.

 

 

In some circumstances the personal data may be anonymised so that it can no longer be associated with the Data Subjects, in which case documents having been anonymised can be kept for an unlimited period of time.

 

KNEIP undertakes to ensure that necessary records and documents are adequately protected and maintained and that records that are no longer needed or are of no value are deleted or destroyed in compliance with the provisions of the GDPR.

  • Automated decisions

We do not make any automated decisions solely on automatic processing, including profiling, which would produce legal effects concerning you or similarly significantly affect you.

  • Rights of the data subject

In accordance with the conditions and limitations laid down by the Data Protection Laws, each Data Subject has a right to:

 

  • access his/her personal data: to obtain from us confirmation as to whether or not personal data concerning him/her are being processed, and, where that is the case, access the relevant personal data.
  • correct his/her personal data where it is inaccurate or incomplete: to obtain from us without undue delay the rectification of inaccurate personal data concerning him/her. Considering the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • object to the processing of his/her personal data (including for commercial prospection purposes): to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her which is based on the performance of a task carried out in the public interest or the legitimate interests pursued by us or by a third party. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for commercial prospection purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning them for such commercial prospection, which includes profiling to the extent that it is related to such direct commercial prospection.
  • restrict the use of his/her personal data: to obtain from us restriction of processing, in some circumstances. Where processing has been restricted under the above paragraph, such personal data shall, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  • ask for erasure of his/her personal data: to obtain from us the erasure of personal data concerning them without undue delay and we shall have the obligation to erase personal data without undue delay, except in certain limited scenarios set out in the GDPR.
  • ask for personal data portability: to receive the personal data concerning them, which he/she has provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where (i) the processing is based on consent pursuant or on a contract and (ii) the processing is carried out by automated means.

 

To the extent that our processing of personal data is based on individual’s consent, the Data Subject also has the right to withdraw the consent, without affecting the lawfulness of our processing based on his/her consent before its withdrawal. To exercise rights of the individual, each Data Subject can contact us.

Such rights may be exercised by email or letter addressed to the appointed data protection officer (“DPO”) of Clearstream via email at: [email protected] or via post at: Data Protection Officer – KNEIP Communication  S.A., 33 avenue du Puits Romain, L-8070 Bertrange.

Please note that you as an Individual have the right to lodge a complaint to the Commission Nationale pour la Protection des Données (the “CNPD”) at the following address: 15, Boulevard du Jazz, L-4370 Belvaux, Grand Duchy of Luxembourg; or with any competent data protection supervisory authority of their EU Member State of residence.

  • Changes to this data protection notice

 

We reserve the right to update this data protection notice at any time.

An up-to-date version will be made available to you on the ‘Privacy Policy’ section of our website www.kneip.com  present at the bottom of the page.

 

Press enter or esc to cancel