Legally required information for business correspondence
360 Treasury Systems AG
60322 Frankfurt am Main
Phone: +49 69 900 289 0
Registered Office: Frankfurt
Commercial Register Frankfurt, No. HRB 49874
Relevant fiscal authority: Finanzamt Frankfurt III, company tax no.: 045 231 76367
VAT identification number: DE 21 21 37 654
Competent supervisory authority:
Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), Bonn
360 Treasury Systems AG is assigned to the Compensatory Fund of Securities Trading Companies (EdW).
Data protection information under the EU General Data Protection Regulation
The following information provides an overview of how we process your personal data and your rights under data protection law.
Who is responsible for the data processing and who can I contact in this regard?
Both 360T AG and its daughter, 360TGTX Inc. are acting as data controllers. Based on a joint controllership agreement, both parties jointly determine the purposes and means of the processing of personal Data in the context of providing services to the joint customer base of both parties.
As part of the joint controllership agreement, 360T AG has taken responsibility for compliance with the obligations under the GDPR vis-a-vis the Data Subjects. Irrespective of the terms of the Joint Controllers Agreement, a Data Subject may exercise its rights (such as access right, roght to rectification, right to restriction, right to object, right to data protability and right to be forgotten) in respect of and against each of the controllers.
360 Treasury Systems AG
60322 Frankfurt am Main
Phone: +49 69 900 289 0
Fax: +49 69 900 289 29
521 Fifth Avenue
New York, NY 10175
Phone: +1 908 333 0951
You can reach the data protection officer via the above address or via email email@example.com
What sources and data do we use?
We process personal data which we receive from our clients in the context of our business relationship. This includes personal data we receive from persons acting as representative/agent of the legal entity of a prospective and/or existing client.
To the extent necessary in order to provide our services, we also process personal data which we lawfully (e. g., for executing orders, performing contracts or on the basis of your consent) receive from you, other entities in 360T or Deutsche Börse Group, or from business partners.
In some cases, we may be required to collect additional information based on legal and regulatory requirements from publicly available sources (e. g., debtor directories, land registers, commercial registers and registers of associations, press, media, Internet) which we lawfully obtain and are permitted to process.
We only use data that is required to execute the business relationship, to provide the trading platform, and fulfill our contractual, legal, and regulatory requirements. Relevant personal data are personal details (name, address and other contact data) and legitimisation data (such as data from ID cards). In addition, these may also be contract data (such as an order), data resulting from the performance of our contractual obligations (such as a trade), information about your financial status (such as data on credit standing, scoring/rating, data relevant for loans (income and expenditure), documentation data (such as an excerpt from the Commercial Register) and other data comparable with the above-mentioned categories.
Why do we process your data (purpose of the processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR)
a. for fulfillment of contractual obligations (Art. 6 para. 1b of the GDPR) and for the purpose of safeguarding legitimate interests (Art. 6 para 1f of the GDPR)
To identify, provide access, and facilitate trading on the TEX platform, mapping of User-IDs to external systems, monitor and improve the user experience.
b. due to statutory provisions (Art. 6 para. 1c of the GDPR) or in the public interest (Art. 6 para. 1e of the GDPR)
As a regulated entity, we are subject to various legal obligations, meaning statutory requirements (e.g. Anti-Money Laundering Act) and bank regulatory requirements. Purposes of processing include assessment of creditworthiness, identity and age checks, fraud and money laundering prevention, fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks. We are also required to keep records according to section 83 para 1 and 2 of the German Securities Trading Act (WpHG) in conjunction with German Securities Administration and Organisation Regulation (WpDVerOV). Depending on the instrument and trading venue, additional provisions may apply.
c. on the basis of your consent (article 6 (1) a) GDPR)
Insofar as you have granted us consent to the processing of personal data for specific purposes (e. g., marketing, email newsletters, client satisfaction surveys), the lawfulness of such processing is based on your consent. Any consent granted may be revoked at any time. This also applies to the revocation of declarations of consent that are granted prior to the entry into force of the EU General Data Protection Regulation, i. e., prior to 25 May 2018. Please be advised that the revocation will only take effect in the future and does not apply to processing carried out prior thereto.
Who receives my data?
Within 360T, those units will be granted access to your data that need them in order to comply with our contractual and statutory obligations. In cases where 360T subsidiaries need to access your data, appropriate contracts are in place to safeguard the data.
Access may also be given to service providers which observe our written instructions under the data protection law.
We may also disclose data to external parties if we are legally required to do so. This includes:
User Mapping Reports that are sent to market makers, market takers, and liquidity providers
Notifications on executed or failed trades to counterparties
Audit logs and reports on trading activities to regulators and appointed regulatory service providers (e.g. BaFin, the European Central Bank, Tax offices, the CFTC, National Futures Association etc.) insofar as a statutory or official obligation exists
We may also need to disclose your data to regulators, auditors, and other companies in the Deutsche Börse Group for the purposes of risk management on the basis of statutory or official obligations.
Is data transferred to a third country or to an international organisation?
Data will only be transferred to countries outside the EU or the EEA (so called third countries) if this is required for the execution of the business relationship, and in accordance to GDPR Chapter 5 on “Transfers of personal data to third countries or international organisations”.
How long will my data be stored?
We process and store your personal data as long as it is necessary for the performance of our contractual and statutory obligations. In this regard, it should be noted that our business relationship is a continuing obligation designed to last for several years.
If the data are no longer required for the performance of our contractual and statutory obligations, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes:
Compliance with records retention periods under commercial and tax law, such as the German Commercial Code (Handelsgesetzbuch – HGB); the German Tax Code (Abgabenordnung – AO); the Banking Act (Kreditwesengesetz – KWG); the Money Laundering Act (Geldwäschegesetz – GwG); and the Securities Trading Act (Wertpapierhandelsgesetz – WpHG). The records retention periods prescribed therein range from two to 10 years.
Preservation of evidence within the scope of statutes of limitations. Under section 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), these limitation periods may be up to 30 years, whereby the regular limitation period is three years.
What data protection rights do I have?
Every data subject has a right of access (article 15 GDPR), a right to rectification (article 16 GDPR), a right to erasure (article 17 GDPR), a right to restriction of processing (article 18 GDPR), a right to object (article 21 GDPR) and a right to data portability (article 20 GDPR). The right of access and right to erasure are subject to the restrictions under sections 34 and 35 BDSG. Data subjects also have a right to lodge a complaint with a supervisory authority (article 77 GDPR in conjunction with section 19 BDSG).
You can request that your information is updated, corrected or deleted by sending an e-mail to firstname.lastname@example.org .
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that are granted prior to the entry into force of the EU General Data Protection Regulation, i. e., prior to 25 May 2018. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby.
Under the following link you can change your privacy settings: Cookie Settings
Am I under any obligation to provide data?
Within the scope of our business relationship, you must provide personal data which is necessary for the initiation and execution of a business relationship and the performance of the associated contractual obligations or which we are legally obligated to collect. As a rule, we would not be able to enter into any contract or execute the order without these data or we may no longer be able to carry out an existing contract and would have to terminate it.
In particular, provisions of money laundering law require that we verify your identity before entering into the business relationship, for example, by means of your identity card and that we record your name, place of birth, date of birth, nationality and your residential address. In order for us to be able to comply with this statutory obligation, you must provide us with the necessary information and documents in accordance with section 4 (6) GWG and notify us without undue delay of any changes that may arise during the course of the business relationship. If you do not provide us with the necessary information and documents, we will not be allowed to enter into or continue your requested business relationship.
To what extent is automated decision making (including profiling) carried out?
As a rule, we do not make decisions based solely on automated processing as defined in article 22 GDPR to establish and implement the business relationship. If we use these procedures in individual cases, we will inform you of this separately, provided that this is prescribed by law.
Is “profiling” used?
In some cases, we process your data automatically with the aim of evaluating certain personal aspects (profiling). For instance, we use profiling in the following cases:
We are required by law to take anti-money laundering and anti-fraud measures.
In order to provide you with targeted information and advice on products, we use evaluation tools. These enable demand-oriented communication and advertising, including market and opinion research.
Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR)
- Ad hoc right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 (1) e) GDPR (processing in the public interest) and article 6 (1) f) GDPR (processing for the purposes of safeguarding legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 (4) GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.
- Right to object to the processing of data for marketing purposes In certain cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer processes your personal data for such purposes.
There are no formal requirements for lodging an objection.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on the computer of the respective visitor of this website and that allow an analysis of the use of the website by this visitor. The information generated by the cookie about the use of this website by the visitors are usually transmitted to a Google server in the USA and stored there.
However, due to the IP anonymisation activated on this website, the IP address of the respective visitor is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. IP anonymization is active on this website. On behalf of 360 Treasury Systems AG, Google will use this information to evaluate the use of the website by visitors, to compile reports on website activity and to provide other services related to website activity and internet usage to 360 Treasury Systems AG.
The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. Visitors of the website can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. Visitors to this website may also prevent the collection by Google of the data generated by the cookie and related to its use of the website (including your IP address) as well as the processing of this data by Google by using the browser available at the following link. Download and install plugin:
Browser Add-On to disable Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=en .
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link . An opt-out cookie will be installed on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.
Objection against data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site:
Use of Talents Connect
Object of data protection
Talents Connect provides tools for optimizing recruiting processes. The subject of data protection is personal data. These are details of the personal or material circumstances of a particular or identifiable natural person. This includes, for example, information such as name, postal address, e-mail address or telephone number, but possibly also usage data. Usage data is the kind of data required to use our websites, such as information about the beginning, end and extent of the use of our website and login data. The data Talents Connect collects and how it is processed or used is described below:
Collection and use of data
Automated data collection
When accessing the web pages of 22CONNECT, in this case the careers page of 360T, the Internet browser automatically transmits data for technical reasons. The following information is stored separately from any other information that may be submitted:
type / version Used operating system
URL of previously visited web page
Amount of data sent
This data is stored for technical reasons only and is never assigned to a specific person. Talents Connect reserves the right to check this data retrospectively, if they become aware of specific indications for illegal use.
More Information on Talents Connects data protection regulations can be found here: www.talentsconnect.com/privacy
Use of Clever Reach
Object of data protection
Clever Reach provides tools to manage the subscription process and regular sending of a Thought Leadership-Publication, issued by 360T.
Collection and use of data
Automated data collection
When accessing 360T.com and registering to the Thought Leadership-Publication on the subscription form visitors are using a plugin provided by Clever Reach. The plugin allows 360T to connect the Thought Leadership-Publication- software with the WordPress backend and it enables subscribers to sign-up to the publication in compliance with data protection regulations. 360T’s free Thought Leadership-Publication “FX Spotlight” provides regular Thought Leadership articles via e-mail, edited by 360T. Any data entered here will only be used to personalise the email and will not be passed on to third parties beyond 360T and the service providers used to facilitate this publication service.
Subscribers can unsubscribe from the publication at any time or revoke their consent by e-mail to FXspotlight@360t.com. Subscriber’s data will be deleted after the end of the publication reception, provided that the deletion does not conflict with any statutory storage requirements. When using the subscription form the Internet browser automatically transmits data for technical reasons. The following information is stored separately from any other information that may be submitted:
type / version Used operating system
This data is stored for technical reasons only. Clever Reach reserves the right to check this data retrospectively, if they become aware of specific indications for illegal use.
More Information on Clever Reach data protection regulations can be found here: https://www.cleverreach.com/en/features/privacy-security/eu-general-data-protection-regulation-gdpr/
Use of reCaptcha by Google (Only for CleverReach registration forms)
We use Google’s reCaptcha service to determine whether a human or a computer is making a particular entry in our newsletter form. Google checks whether you are a human or a computer using the following data: IP address of the terminal device used, the website you visit with us on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the described data processing is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our side in this data processing to ensure the security of our website and to protect us from automated entries (attacks).