Web Privacy Statement of SDX

This Privacy Statement explains how and why SIX Digital Exchange Ltd. and SDX Trading Ltd. (“SDX”) processes personal data of visitors to this website (hereinafter “User”).


What’s the purpose of this Privacy Statement?

Data protection is first and foremost the protection of the individual – SDX therefore attaches high priority to compliance with the applicable laws and to the protection of the privacy and the private sphere of the individuals concerned in order to comply national and international legal requirements. The basic principle is that a high level of data protection and security must be guaranteed wherever personal data is processed.

The purpose of this Privacy Statement is to provide you with full information about the nature and extent of the data processing and to enable you to exercise your rights and obtain information about the storage of your data.


Who is responsible?

The legal entities listed below is are controller of your personal data and responsible for processing your data.

SIX Group Services Ltd.
Hardturmstrasse 201
8005 Zurich
Switzerland
E-Mail: communication@six-group.com


Why do we process personal data and what categories?

SDX processes personal data where

  • The user visits websites of SDX,
  • The user applies for or uses products or services offered by SDX online; this includes, in particular, registration for specific services or web content only accessible by means of a personal login and subscriptions to print media or online newsletters,
  • The user obtains, installs and/or uses apps of SDX from the relevant app stores, or
  • takes part in a competition.


SDX processes the users personal data for the following reasons:

  • technical management as well as research and further development of websites,
  • user administration, marketing, and market research,
  • user information on the services and products rendered by SDX, provided the User has given their consent for this,
  • selecting competition winners and awarding prizes,
  • management of data subject right requests


SDX processes in general the personal data such as name, gender, address, e-mail address, telephone that the user expressly and actively makes available to us. This also applies if the user takes part in events of SDX (online or in person). The web server of SDX – and in the case of www.sdx.com the web server of Ariva.de AG – automatically records details of the user’s visit such as IP address, browser type and version, operating system used, originating website, pages accessed, date, length of visit.


What is the legal basis?

By processing personal data according to this Privacy Statement, SDX is able to improve the quality of its products and services. Depending from the processing purpose, the legal basis for the processing of the User’s personal data will be one of the following:

  • necessary for taking steps to enter into or executing a contract with the User for the services or products requested or for carrying out our obligations under such a contract,
  • User’s consent,
  • necessary for the legitimate interests of SDX.

Examples of the ”legitimate interests of SDX” referred to above are:

  • pursuing certain of the above mentioned purposes,
  • exercising SDX’s rights, including the freedom to conduct a business and right to property,
  • providing products and services and assuring a consistently high service standard across the whole SDX, and keeping our customers, employees and other stakeholders satisfied, and
  • meeting our accountability and regulatory requirements,

in each case provided such interests are not overridden by the User’s privacy interests.


Where do we transfer your personal data to?

The User authorizes SDX to transmit Personal Data to employees, agents or other third parties within or outside the country where the User lives in order to provide services and for the purposes indicated above. Data transfer can take place to the following countries:  Switzerland, Austria, Belgium, Denmark, France, Georgia, Germany, Gibraltar, Ireland, Italy, Japan, Luxembourg, Latvia, Liechtenstein, Luxembourg, Netherlands, Monaco, Morocco, Netherlands, Norway, Poland, Romania, Poland, Spain, Singapore, Sweden, United Arab Emirates, United Kingdom, United States. Employees, agents and other third parties which have access to Personal Data are required by SDX to ensure compliance with all applicable data protection provisions. Any person who authorizes SDX to access their Personal Data as defined in this Privacy Statement will be made aware of the data security and data protection implications. When Personal Data of the User are transferred to other countries, SDX will ensure data protection by granting the protection level required by the applicable law, e.g. by adopting EU Standard Contractual Clauses (SCC) or similar safeguards.

SDX reserves the right to disclose Personal Data to regulatory and supervisory authorities, as well as, pursuant to this Privacy Statement, to Analysis Service Providers. In so doing, SDX will comply at all times with applicable regulations, laws, court orders or official requests.


How do we protect your personal data?

SDX protects Personal Data with appropriate physical, electronic and process-related security measures, such as firewalls, personal passwords, encoding and authentication technologies. Personal Data collected via a website owned by SDX will be encrypted during transmission using SSL Secure Sockets Layer (SSL) technology, which currently provides the best-available security for data transfers.


How long do we keep your personal data?

SDX will only retain your personal data for as long as necessary to fulfill the purpose for which they were collected or to comply with legal or regulatory requirements.


What rights do you have in relation to personal data?

Users whose personal data is processed within the scope of this Privacy Statement have the following rights:

  • to receive information on whether SDX may save Personal Data and what form this Personal Data may take (which categories of data, recipients or categories of recipients, retention periods for Personal Data or criteria governing retention periods);
  • to receive a copy of the personal data
  • to request the rectification of personal data if it is incorrect
  • to request the deletion of personal data
  • to request restrictions on processing personal data
  • to receive personal data in a structured, accessible and machine-readable format (if available)
  • to submit an objection to processing, especially for the purpose of direct advertising

The rights specified above may be denied or restricted if the interests, rights and freedoms of third parties take precedence or if processing is necessary to establish, exercise or defend legal claims of SDX.

Queries in relation to processing personal data are to be directed to the Data Protection Officers of SDX:

To exercise your rights with regards to data protection please use this link.


You can also direct your queries to:

SIX Group Services Ltd.
Data Protection Officer
Hardturmstrasse 2018005 Zurich
Switzerland
E-Mail: dataprotection@six-group.com

Users have also the right to make a complaint to the data protection authority responsible for them or in the place where they think an issue in relation to the Data has arisen.


Social Media Buttons

Functions (plugins) of third-party providers or social media platforms (Facebook, Twitter, Google+, etc.) are embedded into the websites of SDX. These plugins enable the User to share content on the social networks mentioned. The interfaces are deactivated by default when the website is accessed. This means that no personal data is transmitted to the respective third-party providers without intervention on the part of the User. Once the User has activated the interfaces, data (incl. also personal data) is automatically transmitted to the relevant third-party providers by the plug-ins. If the User is simultaneously logged in to the network of the respective third-party provider when they visit the website, the third-party provider can assign the visit to the User’s network account. SDX has no influence on this. The purpose and scope of such a form of data collection and the further processing and usage of personal data are outlined in the data protection guidelines of the individual social networks. Users can also obtain information there on rights and settings options in relation to protecting their privacy.


How can you withdraw your consent?

Anyone affected by the processing of personal data can withdraw their consent to this effect at any time. You can unsubscribe from our newsletters by using the dedicated link. In all other cases please contact the Data Protection Officer of SIX Group at dataprotection@six-group.com.


What about Cookies and Web analysis?

The websites of SDX uses cookies, tags, pixels, and third party tools to enhance your experience and provide valuable insights.

You can read more about our cookies and web analysis in our Policy on cookies and web analysis.


Updates to this Privacy Statement

This Privacy Statement was last updated on November 2, 2023. SDX may amend the Privacy Statement unilaterally at any time. The most recent version is published online by SDX