Privacy and Security

TD Securities is committed to protecting your privacy and safeguarding your personal, business and financial information. TD Securities adheres to the codes, regulations and laws that govern the collection, use and protection of your Personal Information.

Internet Security

Internet Security Policy

TD Securities’ Regional Privacy Policies

Canada & the U.S.

Europe & Asia-Pacific

The Privacy Notice applies to all individuals, including Directors, Trustees, Board Members, Beneficial Owners, Corporate, or Client/Counterparty Employees whose data is protected by TD Securities, Europe and Asia-Pacific. This includes the following legal entities:

United Kingdom

The Toronto-Dominion Bank, London Branch, 60 Threadneedle Street, London, EC2R 8AP
TD Bank Europe Limited, 60 Threadneedle Street, London, EC2R 8AP

Ireland

TD Global Finance, unlimited company, One Molesworth Street, Dublin 2, D02 RF29, Ireland

Singapore

The Toronto-Dominion Bank, Singapore Branch, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192
Toronto Dominion (South East Asia) Limited, 1 Temasek Avenue, #15-02 Millenia Tower, Singapore, 039192

Mainland China

The Toronto-Dominion Bank Shanghai Representative Office, Room 2505, 25th Floor, Office Building, Plaza 66, No. 1266 West Nanjing Road, Shanghai, China

Hong Kong (SAR)

The Toronto-Dominion Bank, Hong Kong Branch, Suite 1211, Two Pacific Place, 88 Queensway, Hong Kong, China

Australia

Toronto-Dominion Australia Limited, Tower One International Towers, Level 17, 100 Barangaroo Avenue, Barangaroo NSW 2000

In this Policy, the words “you” and “your” mean any data subject or individual described above. Any reference to “we”, “us”, “our”, or "they" includes each of the entities listed above.

We have always regarded the need for the protection, privacy, and confidentiality of the Personal Information (as defined in section 2 below) of our client and counterparty representatives as an important and fundamental operating requirement. This Privacy Notice provides descriptions that support our obligations and your rights under the applicable jurisdiction, by explaining when and why we collect Personal Information about those individuals, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice, the General Data Protection Regulation (GDPR), and applicable global data privacy legislations more generally. If you have any questions about this Privacy Notice or how we handle your Personal Information, please contact:

Data Protection Officer
60, Threadneedle Street, London EC2R 8APH3
Privacy.EAP@tdsecurities.com

You have the right to make a complaint at any time if you feel the processing of your Personal Information infringes the local legislature. Please see the section 'Collection methods and legal ground for using Personal Information' for the relevant regulators.

Key Definitions

"Personal Information” or "Information" means any personal data or details from which a living individual may be directly or indirectly identified whether on its own or in conjunction with any other information we may have or be able to access (e.g., from you directly and/or obtained from others within or outside the Bank).

Examples of the categories of Personal Information we may process include:

Demographic information (e.g., name, address, telephone number(s), email address, age/date of birth, country of domicile, employer name, employer address, other employee contact information, and any other information that may be required for anti-money laundering documents such as Know Your Customer ("KYC") information);
CCTV footage;
Calls and communications recordings;
Personal Identification Numbers (e.g., Government-issued ID);
Online services related information (e.g., IP address):
Research and marketing subscriber preferences.

We may also process the following “special categories” of more sensitive Personal Information:

Information about your health (e.g., dietary restrictions, special access requirements);
Information about criminal convictions and offences

“Process” or “processing” means any operation or set of operations which is performed on Personal Information (or sets of Personal Information), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, obtaining, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Controllers

"Data controller" refers to where we make decisions on how Personal Information is used in relation to our business.

This Privacy Notice applies to the processing carried out by us in:

Australia: Toronto Dominion Australia Limited, regulated by the Office of the Australian Information Commissioner
Mainland China: The Toronto-Dominion Bank Shanghai Representative Office, regulated by the Cyberspace Administration of China
Hong Kong SAR (China): The Toronto-Dominion Bank, Hong Kong Branch, regulated by the Privacy Commissioner for Personal Data;
Ireland: TD Global Finance, unlimited company, regulated by the Data Protection Commissioner;
Singapore: The Toronto-Dominion Bank, Singapore Branch, and TD (South East Asia) Limited; regulated by the Personal Data Protection Commissioner;
UK: The Toronto-Dominion Bank London Branch and, TD Bank Europe Limited; regulated by the UK Information Commissioner’s Office.

Each of these is a data controller in respect to the relationship between themselves and you, as an individual whose Personal Information they are processing and is responsible for deciding how it holds and uses that Information.

As data controllers, each is accountable and has an obligation to process your Personal Information in compliance with the applicable data protection law. This means that your Personal Information must be:

Processed fairly, lawfully and in a transparent way;
Collected only for specified, explicit and legitimate purposes that are clearly explained to you and not used in any way that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
Accurate and up to date;
Not kept for longer than is necessary for the purposes explained to you;
Processed in line with your rights;
Kept securely; and
Not transferred to other countries or regions outside the country of origin without adequate safeguards.

The relationships between TD Securities ("TDS") and its corporate third parties include the processing of your Personal Information for our primary business functions and activities, including Know Your Customer ("KYC"), Anti-Money Laundering ("AML") and Sales. It encompasses the working relationship between you and TDS. It includes the administration of legislative programs such as fulfilling regulatory requirements, and tax and other statutory regulations.

Collection methods and legal grounds for using Personal Information

During your relationship with us, we will collect and process your Personal Information as outlined in this Privacy Notice or as otherwise notified to you from time to time.

You will be the primary source for your Personal Information, but it may also be necessary to collect Information from third parties, elsewhere such as third party verification services, publicly available registries or records and public sources such as social media to the extent that you choose to make your profile publicly visible (e.g., LinkedIn).

In providing services or products to you, we may receive Personal Information about a range of individuals connected to you. This may include your authorized signatories, beneficial owners, directors, officers, employees or staff members. Whenever you or a corporate representative within your organisation provide us with Personal Information about those individuals, you warrant that (i) those individuals have been informed and understand that their Personal Information is being provided to us or our affiliates; (ii) those individuals have been provided with information regarding the collection, use, processing, disclosure and cross-border transfer of their personal information; (iii) you have obtained any necessary consents or are otherwise entitled to provide this information to us and for it to be processed by us as described in this Privacy Notice; and (iv) those individuals are aware of their data protection rights and how to exercise them. It is your responsibility to ensure that the Personal Information provided to us is accurate and to inform us of any change.

While you are not required to supply any of the aforementioned Personal Information to us, please know that failure to do so may result in us being unable to open, maintain or provide service to you.

We use cookies and other technologies to deliver personalized content on our websites and relevant advertising on other websites. Unless you change your preferences these technologies allow TD Securities and our ad partners to better align ads with your banking goals. However, for visitors from the EEA and the UK, only strictly necessary cookies are used on this site. These cookies are necessary for the website to function and cannot be switched off. For more information about cookies please visit here.

At or before the time of collection of your Personal Information, and in line with this Privacy Notice, we explain how we intend to use your Personal Information and the legal ground for processing (e.g., legal obligation we are subject to, the legitimate interest we have or consent). For each type of processing where we are relying on TDS’ legitimate interests, we list out such interests. For processing requiring your consent, we provide you with details of the Personal Information we would like and the reason for collecting it at the point of the collection of the data, so that you can carefully consider whether you wish to give that consent.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact TDSClientOnboarding@tdsecurities.com. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Information for the purpose, or purposes, you originally agreed to, unless we have another legitimate basis for doing so in law in which case, we will inform you accordingly.

In limited circumstances, where permitted under applicable laws, we may process your Personal Information on other grounds and occasionally, without your knowledge or consent. This may be:

Where we need to protect your interests (or someone else’s interests);
Where it is needed in the public interest or for official purposes;
For an emergency that threatens an individual's life, health or security, including your own;
If knowledge of the processing would compromise the availability or accuracy of the Information and collection is required to investigate a breach of the Guidelines of Conduct or contravention of a European law or other applicable law;
If it is publicly available (such as name, address and telephone number of a subscriber in a telephone directory);
If we have reasonable grounds to believe the Information could be useful when investigating a contravention of a European or other applicable law and the Information is used for that investigation.

Collection methods and legal grounds for 'special category' Personal Information

We may process special categories of Personal Information in the following circumstances:

In some circumstances, with your explicit written consent (for example in response to an event invitation where we need to know dietary requirements, or where applicable local laws require explicit consent to be sought).
Where we need to carry out our legal obligations of the relevant European jurisdictions in which we are operating and in line with our policies.
Where it is needed in the substantial public interest and in line with our policies.

Less commonly, where permitted under applicable laws, we may process this type of Personal Information where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the Personal Information public.

Purposes of processing your Personal Information

We will process your Personal Information, including disclosure to third parties or other entities within our Bank, for any of the following legitimate business and necessary purposes:

TODO Text for Caption needed
Purpose	Legal Ground
Prospect and client administration, relationship management, to manage and administer the account/product or services	To fulfil our contractual obligations; and Legitimate Interest – in order to manage our accounts effectively so we can provide a high level of service to our clients. And building and maintaining relationships with TDS’ corporate clients and prospects; and Consent – for processing related to gifts and entertainment.
Conducting Client Engagement/Outreach	Legitimate interest – relationship building during onboarding and forwards.
To meet compliance with regulatory obligations, and prevent and detect crime including, e.g. fraud, terrorist financing and money laundering: conducting checks on you as part of checking on your employer, the corporate third party, such as know your customer (KYC) checks, anti-money laundering due diligence (AML DD) checks, and anti-fraud checks before we establish a relationship with that third party, and where required, during our relationship with that third party for ongoing verification in accordance with regulatory requirements regarding anti-money laundering, anti-terrorist financing, financial and market abuse, fraud and any other criminal activity, including cooperating with regulators, participating in internal and external investigations if any of these or any other suspicious activities are suspected. Compliance with these obligations may involve monitoring and recording calls and electronic communications.	Where the law requires this, and TDS’ legitimate interest - to operate our business in a prudent manner in accordance with industry standards and applicable laws, and In the public interest in ensuring the integrity and security of the financial sector.
Recording and monitoring calls and other electronic communications for quality, business analysis, training and other similar purposes.	Consent
Fixed Income Account Maintenance	Legitimate interest – in order to successfully complete trades by updating third-party clients' or counterparties’ representatives’ information.
Counterparty Maintenance in Source Systems	Legitimate interest – to send out trade confirmation messages and referral form agreement.
Client Relationship Management through the Individual Representatives	Legitimate interest – communication with third-party representatives to validate that confirmations are correct and trade settlement is successful.
Confirmations & Settlements Processes	Legitimate interest – communication with third-party representatives to ensure confirmations are correct and trade settlement is successful.
Portfolio Reconciliation and Client Reporting Processes under Regulatory Services	Legitimate interest – to reconcile client's portfolio and create client reports for regulatory reporting.
Marketing - Sending you electronic direct marketing communications. To provide you with industry and research insights, to make suggestions and recommendations to you about TDS services and products or invite you to TDS events.	Legitimate interest – to promote TDS brand awareness in the marketplace and or financial services and products to grow our business. Consent - We will use consent where required by law. You can choose to stop receiving electronic marketing communications at any time. To make that change, contact us in the usual way (i.e., via your Relationship Manager and also as indicated on each marketing communication).
Marketing – Analysing how TDS electronic marketing communications are used by you (including whether you open them and click through to access their contents)	Consent - We will use consent where required by law. Legitimate interest – to operate our business in a sensible manner and to assist with providing you with information that you are interested in. You can choose to stop receiving electronic marketing communications at any time. To make that change, contact us in the usual way (i.e., via your Relationship Manager and also as indicated on each marketing communication).
Banking operations support: for undertaking business management and planning (including change of our business structure), including accounting and auditing and for assisting with, managing and improving the operations, including security, of TDS and TD Bank Group enterprise-wide. For the lawful bases for criminal personal data, please refer to paragraph 4 above.	Legitimate interests – business efficiency and data security to protect all data and information.
Engaging service providers, contractors or suppliers relating to the operation of our business.	Legitimate interest – to enable us to provide our services as efficiently as possible.
To assist with supporting network and information security, including preventing unauthorised access to our computer and electronic communications systems, preventing malicious software distribution, fraud and other security breaches, for the purposes of prevention of crime and fraud to help with ensuring the security of TDS systems and further improve its service.	Legitimate interests – to operate our business in a prudent manner and to enable us to implement data security to protect all data and information.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information held by TDS is among the assets transferred.	Legitimate interests – to enable to us to manage our business
To administer and protect this website and for internal operations, including to keep our website safe and secure, data analysis, troubleshooting, testing, system maintenance, support, reporting and hosting of data, research, statistical and survey purposes.	Legitimate interests – to enable to us to manage our website and keep it secure.
To use data analytics to manage and improve our website, products/services, marketing, customer relationships and experiences, including to ensure that content from our website is presented in the most effective manner for you and for your device. However, for visitors from the EU and the UK, only strictly necessary cookies are used on this site. These cookies are necessary for the website to function and cannot be switched off. Please see our Ad Choices and Personalisation (information to understand how TDS uses cookies or other similar technologies and how you can change your preferences.	Consent – where applicable to enable to keep our website relevant and tailor the content to you. Legitimate interests – where strictly necessary cookies are used.

Some of the above purposes for processing will overlap and there may be several reasons to justify our use of your Personal Information.

We will only use your Information for the purposes for which it was collected, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose.

If we subsequently find that we need to use your Personal Information for a new, unrelated purpose, we will notify you and explain the legal basis which we will be relying upon.

Purposes of processing Special Personal Information

To the extent that we have your special Personal Information; we will use it in the following ways:

Information about your health, or disability status, for the purposes of ensuring your health and safety (in particular for the purposes of event management) and with your explicit written consent.
Information about criminal convictions and offences, for the purposes of preventing and detecting crime including, e.g., fraud, terrorist financing and money laundering.

Sharing your Personal Information

We may share your Personal Information within the Bank (as many of our processes are centralised) and with third parties, where it is necessary for the purpose for which it was collected or where we have another legitimate interest in doing so.

Details of Third Parties with whom your personal data may be shared:

TODO Text for Caption needed
Categories of recipient (Third party service providers)	Purpose(s)
Financial data platform	Monitoring and analysing financial and market information and discussing with other financial professionals.
Trading platform	Monitoring and analysing financial and market information and discussing with other financial professionals.
Event Management	Appropriate managing of attendees at events.
Record Management (documents, tapes)	Technological back up and restoration services for wholesale banking support.
Data storage and backup	Technological back up and restoration services for wholesale banking support.
Business Continuity Management	Back up, recovery and data centre services for wholesale banking support for London.
Execution and information service (broker)	Sharing of broker data.
Backup Data centre for UK	Storage and use of personal data at an EU Production Data Centre.
Sales & Trading Efficiency tools	Personal data sharing across trading platform.
Investment Research	Tool for writing and distributing research.
Trade Confirmation platform	Personal data sharing across trade processing platform.
Correspondent Banks	Responding to valid and authorized information request to comply with regulatory obligations
Settlement Agents, Overseas Banks, Exchange or Clearing Houses	In the course of providing products and services to our clients
Anti-fraud, AML, KYC and sanction service providers	To support compliance with the applicable regulatory and legal requirements
Marketing platforms	To market our products and services to our prospects and clients

We will only share such Personal Information as needed to meet specified and lawful purpose for processing.

We may also be required by law to share your Personal Information with regulators or other government agencies and law enforcement authorities, either in Europe or in any jurisdiction in which we operate due to the nature of our specific business in that regulator’s jurisdiction. Where reasonable to do so, and subject to the exceptions set out in this Policy, we will use all reasonable endeavours to notify you prior to sharing your Information with third parties and to explain why we are doing so.

Please note:

We require third parties to respect the security of your Personal Information and to treat it in accordance with the law.
We do not allow our third-party service providers to use your Personal Information for their own purposes. We only permit them to process your Information for specified purposes and in accordance with our instructions.
Other than regulators, external third parties requiring access to any Personal Information within our control will have signed a confidentiality agreement and/or contract containing confidentiality and privacy wording with us. In these documents, the third party agrees to keep confidential all Personal Information they receive. They also agree not to collect, use or disclose it to any party other than as necessary to deliver the service in question to us.
We will never rent or sell your Personal Information.

Location of your Personal Information

Your Personal Information may be stored, processed, and transferred outside of the country you reside (and outside of the EEA and UK) for the purposes described in this Privacy Notice, including in countries that may not guarantee the same level of protection for personal information as the country in which you reside. We will endeavour to make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. In particular, European data protection laws include specific rules on transferring personal information outside the EEA or UK. As we operate in various jurisdictions, the EEA and UK operations regularly share data with central groups in Toronto, Canada under the European Commission’s 2002 Adequacy Finding. If the data is going to other jurisdictions, other measures are used to protect your Personal Information to the same level, such as the European Commission’s Standard Contractual Clauses (EC SCCs) and the UK International Data Transfer Agreement/UK Addendum to the EC SCCs.

Where applicable, we may transfer your Personal Information to countries/regions outside your country of origin , where measures are used to protect your Personal Information in accordance the data protection laws in such other countries/regions compatible to the requirements under the applicable data protection laws.

By providing your Personal Information, you are acknowledging that this transfer, storing or processing may take place. If we transfer your Information outside of the country where your Personal Information originates from, we will take steps to implement appropriate measures to protect your privacy rights, as outlined in this Privacy Notice. You can request more details about any such measures taken from the DPO.

Automated Decision Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

Protection of your Personal Information

We have a number of technical and organization measures in place to protect our systems and your Personal Information. These include but are not limited to:

Personal Information is only accessible by a limited number of relevant staff bound by duties of confidentiality;
All electronic information is held on systems that incorporate firewalls, password- controlled access and virus protection procedures; and
We audit our procedures and security measures regularly to help demonstrate that they are being properly administered and that they remain effective and appropriate to the sensitivity of the information.

Every employee is responsible for protecting Personal Information to which they have access in their role. All employees who have access to Personal Information are required, as a condition of employment, to comply with their applicable HR Privacy Policy and to protect the integrity and confidentiality of the Personal Information to which they have access in accordance with TDS’s internal Technology Standards. Failure to do so will be grounds for disciplinary action, which may include termination of employment.

We keep your Personal Information for no longer than is necessary for the purpose(s) for which it was collected (including for the purposes of satisfying any legal, accounting or reporting requirements). When we no longer require your Personal Information, we will securely destroy and/or delete it from our systems as far as is reasonably and technically possible.

In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Information changes during your relationship with us, whether by informing your relationship manager or other key contact here. For your protection, you should not send confidential or Personal Information to us over the internet (e.g., email) or through any unsecured channel.

We have put in place procedures to manage any suspected data security breach and will notify you, and any applicable regulator, where we are legally required to do so.

Your Rights in Connection with Personal Information

Under certain circumstances, and subject to local law you may have the right to:

Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a set of the Personal Information we hold about you and to check that we are lawfully processing that Information.
Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate Information we hold about you corrected.
Request erasure of your Personal Information. This enables you to ask us to delete or remove Information where there is no longer a purpose for us continuing to process it. You also have the right to ask us to delete or remove your Information where you have exercised your right to object to processing (see below).
Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which may lead to you objecting to processing on this ground.
Object where we are processing your Personal Information for direct marketing purposes.
Request the restriction of processing of your Personal Information in specific circumstances. This enables you to ask us to suspend the processing of Information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your Personal Information to another party in certain circumstances.

If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Information, or request that we transfer a copy of your Personal Information to another party, please contact the DPO.

You will not have to pay a fee to access your Personal Information or to exercise any of the other rights, however, we may charge a reasonable fee if we consider your request for access to be manifestly unfounded or excessive, or if you request further copies of your data.

We may need to request additional details from you to confirm your identity and assist you with the exercise of your right to access your Personal Information or to exercise any of your other rights. This is another appropriate security measure to protect your Personal Information so that this is not disclosed to any person who has no right to receive it.

Privacy Breaches and Complaints

If you are aware of, or are the victim of, a suspected privacy breach in connection to your relationship with us, you should immediately contact the DPO. All suspected privacy breaches are appropriately investigated, and applicable corrective action is taken.

In addition, as set out above, you have the right to make a complaint at any time to your applicable data protection regulator, as listed above, if you believe there has been any breach of data protection law.

TD Securities Europe & Asia Pacific Privacy Policy (Chinese Version) - ??????????????? (???)

TD Securities (Japan) Co., Ltd. Privacy Policy

TD Securities (Japan) Co., Ltd. Privacy Policy, Bilingual Version (?????????????? ?????????? ????)