Insider List Management – Maintenance, Use, and Disclosure

Purposes (1)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1

Establishment, updating, use, and disclosure of insider lists

Legal obligation

Legal obligation under the UK Market Abuse Regulation (UK MAR – see FCA Handbook MAR 1.10), issuers and persons acting on their behalf must maintain, update, and provide insider lists to the FCA upon request. Lawful basis: Art. 6(1)(c) UK GDPR – legal obligation.

Data categories (3)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Natural persons’ details

Data details

Professional e-mail addressrequired

Function end daterequired

Fax numberrequired

Telephone numberrequired

Work siterequired

Professional addressrequired

Name and surnamerequired

Employerrequired

Data conservation rules

Active base:

Updated promptly upon change.

Insider lists must be updated promptly when the person or department responsible is notified that: - a new individual has gained access to inside information, - an individual no longer has access to inside information, or - the reason for an individual’s inclusion on the list has changed. Records relating to individuals who no longer have access to inside information will be deleted at the end of the fifth year following the cessation of access or the change in reason for inclusion, in accordance with UK Market Abuse Regulation, Article 18(5). Where the information concerns an issuer subject to oversight by a competent foreign authority applying a shorter retention period, the data will instead be deleted at the end of that shorter period. Each update to an insider list will be documented either by recording the date of modification or by generating a new version of the entire list. Previous versions will be retained for five years from the date they were superseded, as required by FCA MAR 1.10.

Intermediate archiving:

5 years from cessation of access to inside information

Destruction

Third-party legal entities

Data details

Emailrequired

Telephone numberrequired

Contact person or departmentrequired

Professional addressrequired

Activityrequired

Company registration numberrequired

Legal formrequired

Name or company namerequired

Data conservation rules

Active base:

Updated promptly upon change

Insider lists must be updated promptly when the person or department responsible is notified that: - a new individual has gained access to inside information, - an individual no longer has access to inside information, or - the reason for an individual’s inclusion on the list has changed. Records relating to individuals who no longer have access to inside information will be deleted at the end of the fifth year following the cessation of access or the change in reason for inclusion, in accordance with UK Market Abuse Regulation, Article 18(5). Where the information concerns an issuer subject to oversight by a competent foreign authority applying a shorter retention period, the data will instead be deleted at the end of that shorter period. Each update to an insider list will be documented either by recording the date of modification or by generating a new version of the entire list. Previous versions will be retained for five years from the date they were superseded, as required by FCA MAR 1.10.

Intermediate archiving:

5 years from cessation of access to inside information

Destruction

Insider list – other information

Data details

Nature of role/missionrequired

Professional positionsrequired

Directorship detailsrequired

Registration/removal datesrequired

Data conservation rules

Active base:

Updated promptly upon change

Insider lists must be updated promptly when the person or department responsible is notified that: - a new individual has gained access to inside information, - an individual no longer has access to inside information, or - the reason for an individual’s inclusion on the list has changed. Records relating to individuals who no longer have access to inside information will be deleted at the end of the fifth year following the cessation of access or the change in reason for inclusion, in accordance with UK Market Abuse Regulation, Article 18(5). Where the information concerns an issuer subject to oversight by a competent foreign authority applying a shorter retention period, the data will instead be deleted at the end of that shorter period. Each update to an insider list will be documented either by recording the date of modification or by generating a new version of the entire list. Previous versions will be retained for five years from the date they were superseded, as required by FCA MAR 1.10.

Intermediate archiving:

5 years from cessation of access to inside information

Destruction

Data subject (2)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

Other
Other

GDPR Data processing modelInsider List Management – Maintenance, Use, and Disclosure

Purposes (1)

Data categories (3)

Natural persons’ details

Third-party legal entities

Insider list – other information

Data subject (2)

Access the full processing template