The Bank of New York Mellon Corporation and its affiliates (collectively referred to as "BNY Mellon", "we", "us") take their data protection and privacy responsibilities seriously. This privacy notice explains how we collect, use and share personal information in the course of our business activities, including:
We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice. If we make significant changes to this privacy notice, we will seek to inform you by notice on our website or email ("Notice of Change").
Important information about BNY Mellon:
The BNY Mellon entity responsible for your personal information will be the member of BNY Mellon that originally collects information from or about you. This will be explained in separate privacy notices made available when your personal information is first collected by that BNY Mellon entity, for example where you or the business you work for engages us to provide a service.
In this section you can find out more about:
- the types of personal information we collect
- how we use personal information
- when we collect personal information
- the legal basis for using personal information
BNY Mellon collects information about you if you:
Personal Information we collect will fall within one of the below categories:
We will collect the personal information we use for the above purposes from one or more of the below sources:
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This is explained in more detail in other sections of this Privacy Notice where we indicate that we will have one or more of the following reasons for using your personal information:
In this section you can find out more about how we share personal information:
- within BNY Mellon
- with third parties that help us provide our products and services; and
- our regulators
We share your information in the manner and for the purposes described below:
In this section you can find out more about :
- Types of cookies used on our websites
- Third party advertisers
- Third party sites
- Control your cookie settings
We, and third party service providers acting on our behalf, use session and persistent Cookies to:
The third party service providers mentioned above use any personal information they collect on our behalf solely for the purpose of providing the contracted service to us. They have also agreed to confidentiality restrictions.
We may use aggregated usage data to track trends and analyse patterns on our websites. If you register to enter an area of our websites, the website will recognize who you are and collect all information that you submit (including subscription to emails, etc.). Information collected about you from this website may be associated with other identifying information that we have about you.
Most browsers are initially set to accept Cookies. However, you have the ability to change your browser settings. It may also be possible to configure your browser settings to enable acceptance of specific Cookies or to notify you each time a new Cookie is about to be stored on your device enabling you to decide whether to accept or reject the Cookie. You can also disable Cookies by configuring your browser setting to reject Cookies. Please refer to the help section of your browser for instructions on disabling Cookies. For more information about Cookies, how they work, why they are so useful and how to disable them, you can visit www.allaboutcookies.org.
If you do not wish to accept Cookies from our Website, please either disable them or refrain from using our website. If Cookies are disabled, it may mean that you experience reduced functionality or will be prevented from using all or part of our website.
In this section you can find out more about
- How we use personal information to keep you up to date with our products and services
- How you can manage your marketing preferences
We may use personal information to let you know about BNY Mellon products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.
To protect your privacy rights and ensure you have control over how we manage marketing with you:
We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms, as well as your preferences within your BNY Mellon account.
In this section you can find out more about :
- How we operate as a global business and transfer data internationally
- The arrangements we have in place to protect your personal information if we transfer it overseas
BNY Mellon operates on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the EU, including the United States and India that are subject to different standards of data protection. BNY Mellon will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests, and that transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
We have implemented and maintain a comprehensive information security program with written policies and procedures designed to protect the confidentiality and integrity of personal information. The information security program contains administrative, technical and physical safeguards, appropriate to the type of information concerned, designed to: (i) maintain the security and confidentiality of such information; (ii) protect against any anticipated threats or hazards to the security or integrity of such information; (iii) protect against unauthorized access to or use of such information that could result in substantial harm, and (iv) ensure appropriate disposal of such information. The security of your personal information also depends in part on the security of the devices you use to communicate with us, the security you use to protect user IDs and passwords, and the security provided by your internet service providers.
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
The new rights provided by the EU General Data Protection Regulation will be effective from 25 May 2018.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will use reasonable efforts to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
You can ask us to restrict your personal information, but only where:
We can continue to use your personal information following a request for restriction:
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data agreements to protect commercial terms.
You have a right to lodge a complaint with your local data protection supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
The primary point of contact for all issues arising from this privacy notice, is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
By email: email@example.com
The Data Protection Officer
160 Queen Victoria Street
London, EC4V 4LA
If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before lodging a complaint with your local supervisory authority.