Jefferies EMEA Privacy Notice
Introduction
This Privacy Notice (“Notice”) explains how Jefferies International Limited and Jefferies GmbH and each branch, affiliate or subsidiary in the Jefferies Group operating in the UK, European Union, Switzerland, Israel, Dubai International Finance Centre (DIFC) and Abu Dhabi General Market (ADGM) (“Jefferies”, “we”, “our” or “us”) processes personal data.
“Personal data” is information that can be used to identify an individual or relates to an identifiable individual and “processing” includes any collection, use and storage of that personal data. This Notice applies to our existing and prospective clients, suppliers, personnel of entities we engage with, website users and any other individuals whose personal data we may process in the course of our commercial activities. We refer to these individuals as “you” in this Notice.
Jefferies respects your privacy, is committed to protecting your personal data and will handle your personal data in accordance with applicable data protection law. For the purposes of applicable data protection law in your jurisdiction, the entity responsible for your personal data is Jefferies International Limited or Jefferies GmbH. Contact details for these entities are set out in Section 11 of this Notice.
Please note that we may amend this Notice from time to time and any changes will be posted on this page.
What types of personal data do we collect?
The table below sets out the different categories and types of your personal data that Jefferies may process depending on the nature of our relationship with you.
Please note that we generally do not process sensitive types of your personal data which your local legislation may refer to as “special category” or “sensitive” personal data (“Sensitive Personal Data”). Sensitive Personal Data includes information relating to your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data or criminal convictions data. Where you are based in the DIFC, Sensitive Personal Data also includes information revealing your communal origin and in the ADGM it also includes information revealing any security measures related to your criminal record.
Categories of personal data that may include Sensitive Personal Data elements are marked with a “*” in the table below. Details regarding the specific purposes for which we process your personal data are set out in Section 4 below.
Where you are a website user, we have provided further information about the cookies that we use in Section 10 below.
| Categories | Types of Personal Data |
| Business contact data | First name, last name, corporate mobile number, corporate email address, job title, registered office address, username |
| Personal contact data | First name, last name, personal email address, personal mobile number, residential postal address |
| Financial data | Corporate bank account number, sort code, account name, tax residency information, investment preferences, investor classification, credit status |
| Identification data | Date of birth, copies of photo identification documents (such as a driving license, passport, and/or identity card), national identification number, nationality, citizenship, place of birth, country of residence, unique account number |
| Criminal record data* | Information relating to current or spent criminal convictions, including offences, alleged offences, court sentences and unspent criminal convictions |
| Relationship data | Details of any personal relationships you have with staff members at Jefferies that are relevant to our conflict and regulatory obligations |
| Relationship data | Details of any personal relationships you have with staff members at Jefferies that are relevant to our conflict and regulatory obligations |
| Correspondence data | Information contained in emails and messages that we exchange with you, voice call recordings (where required by our regulators), call logs, attendance notes of meetings or calls |
| Agreement data | Job title, employer, written signature and information contained in e-signatures (such as location at time of signing) |
| Website / device data | IP address, device ID, browser type and version, length of visit, location, operating system and platform, cookie and other similar tracking technology data |
| Marketing and communications data | First name, last name, corporate email address, personal email address, job title, employer |
| Visitor data* | First name, last name, job title, CCTV images, dietary requirements, mobility requirements |
Please note that if you fail to provide (when requested) information which is necessary for us to enter into or continue a business relationship with you, we may not be able to provide or procure services, respond to queries or requests, or manage our relationship with you. This may be because we are under a statutory obligation to collect certain information – such as documentation required under anti money-laundering regulations – or the information may be necessary to enter into or perform a contract with you.
How do we collect your personal data?
We collect your personal data either from you directly or from other sources. Where we obtain it indirectly, we will always do so in accordance with applicable law.
We collect your personal data from you directly when:
- You contact us directly in relation to our services, usually by corresponding with us by phone, email, filling in forms or where we liaise with you to obtain information that we need to comply with our regulatory requirements; and / or
- You visit our website and enter your information to subscribe for our newsletter or event notifications.
We collect your personal data indirectly when:
- Another individual from your organisation provides your personal data to us in connection with the provision of our services;
- It is in the public domain and we obtain it from third party sources such as brokers, counterparties and online and offline media (or where other organisations obtain it for us); and / or
- You visit our website and we collect device data and other information through our use of cookies or you read or click on an email from us and we collect your data automatically.
Where third parties provide your personal data to us, such personal data is deemed to have been provided on the basis that: (i) you have been informed that your personal data is being provided to us and you are aware of your data protection rights; and (ii) the individual or company providing your personal data has a valid lawful basis in applicable data protection law to share it with us.
How and why do we use your personal data?
Depending on the nature of our relationship with you, we may process your personal data for a range of different purposes. Where we process your personal data, we must identify a lawful basis in order to do so under applicable data protection law. The table below sets out: (i) the purposes for which we may process your personal data; (ii) which personal data categories are in scope of each purpose; and (iii) the lawful basis/bases we rely upon to lawfully process personal data for each purpose.
We may process your personal data for these purposes for both mandatory and optional reasons. We will not process your personal data for any additional purposes that are incompatible with the original purpose for which it was collected unless permitted by applicable law.
Clients, prospective clients and personnel
| Purpose for processing | Categories of personal data | Lawful basis for processing |
|---|---|---|
| Managing and administering your account, including storing your details on our database so that we can contact you in relation to our ongoing services, agreements or dealings, conducting analysis and reporting on the services we provide | Business contact data, financial data, communications data, marketing and communications data, agreement data | • Performance of a contract: We need to process your personal data to comply with the terms of our agreements with you regarding the provision of our services. • Legitimate interests: To provide information to you, communicate with you regarding our services and maintain our relationship with you. |
| Conducting onboarding and verification checks, including undertaking anti-money laundering, know your client and credit checks, and conducting ongoing processing to comply with our legal and regulatory obligations | Business contact data, personal contact data, financial data, identification data, criminal record data*, correspondence data, agreement data, relationship data | • Legitimate interest: To complete thorough onboarding and verification reviews in accordance with our onboarding policies. • Legal obligation: We must process certain types of personal data to comply with our regulatory and legal obligations as an investment bank including, without limitation, protecting against money laundering and terrorist financing as instructed by our regulators and in accordance with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 and Proceeds of Crime Act 2002 in the UK and equivalent legislation in your jurisdiction. We must also process data regarding any relationship you have with a Jefferies member of staff to manage any potential conflicts of interest and ensure confidentiality within our business. • Legitimate interest: To complete thorough onboarding and verification reviews in accordance with our onboarding policies. • Legal obligations to complete anti-money laundering and know-your-client checks*: See above. |
| Maintaining records of our conversations, meetings and messages, where applicable, to comply with our legal and regulatory obligations | Business contact data, correspondence data, financial data, personal contact data | • Legal obligation: We have a legal or regulatory obligation to process such personal data, for example the Markets in Financial Instruments Directive (2014/65/EU) requires us to record and store copies of certain phone and electronic communications. |
| Contacting you to offer you additional services, keep you up to date with business development and market insights and invite you to events that may be of interest | Business contact data, marketing and communications data, agreement data | • Legitimate interests: To send you selected communications about services we offer, events we are running and other updates that may be of use to you. |
| Preparing for you to take part in an online event or visit our offices, for instance where you have a meeting with us or we are hosting a meeting that you are attending | Visitor data* | • Consent: To invite you to online events that we are hosting in connection with our services and accommodate you at our offices for in-person meetings. • Explicit consent*: Information relating to your dietary and mobility requirements may be considered ‘special category’ or ‘sensitive’ health data, meaning that it is Sensitive. • Personal Data. On that basis, we will only process such information with your explicit consent, which you can withdraw at any time. |
| Establishing, exercising and/or defending legal claims | All data types listed above | • Legitimate interests: To establish, exercise or defend legal claims concerning our business. • Establishment, exercise or defense of legal claims*: To establish, exercise or defend ourselves against a claim that contains Sensitive Personal Data. |
Suppliers, prospective suppliers and personnel
| Purpose for processing | Categories of personal data | Lawful basis for processing |
|---|---|---|
| Storing and updating your details on our database so that we can contact you in relation to our agreements or our dealings with you | Business contact data, correspondence data, agreement data | • Legitimate interests: To maintain up-to-date contact details for you so that we can contact you in relation to your services. |
| Storing our agreements that we have entered into with you for our records | Business contact data, agreement data | • Performance of a contract: We need to process your personal data to maintain copies of and comply with the terms of our agreements regarding the provision of your services, such as contact information. • Legal obligation: To maintain copies and registers of our agreements in accordance with local regulatory and legal requirements including FCA Rules and the Digital Operational Resilience Act in the UK and EU. • Legitimate interests: To maintain copies of the agreements that we have entered into to monitor services, service levels and deliverables. |
| Obtaining support and services from you as needed | Business contact data, correspondence data, agreement data | • Performance of a contract: To seek support and services from you in accordance with our agreements that we have in place or that we are putting in place. |
| Undertaking verification, anti-money laundering and background checks in accordance with our legal and regulatory obligations | Business contact data, identification data, relationship data* | • Legal obligation: To conduct checks that are required by law and our regulators, including, without limitation, protecting against money laundering and terrorist financing and identifying possible conflicts of interest. |
| Facilitating invoicing processes | Business contact data, financial data | • Performance of a contract: To pay and process your invoices in accordance with the terms of our agreements. |
| Establishing, exercising and/or defending legal claims as necessary | Business contact data, correspondence data, agreement data | • Legitimate interests: To establish, exercise and/or defend legal claims concerning our business. • Establishment, exercise or defense of legal claims*: To establish, exercise or defend our business against a claim that contains Sensitive Personal Data. |
Website users and Jefferies alumni
| Purpose for processing | Categories of personal data | Lawful basis for processing |
|---|---|---|
| Enabling the functioning, administration and protection of our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Website / device data | Legitimate interests: To allow you to use the website and for us to ensure its proper functionality. |
| Tracking the use of our website at individual and group level using cookies in order to develop and improve our website | Website / device data | Consent: You consent to our use of performance, functional, targeting and/or social media cookies and other tracking technologies via our cookies preference center on our website. |
| Enabling you to subscribe to our mailing list and to receive updates about events that may be of interest to you, including alumni newsletters and events | Website / device data, marketing and communications data | • Legitimate interests: To enable you to subscribe and receive updates from us in accordance with your personal or business interests. • Consent: You provide your consent to us processing your personal data for marketing purposes. |
| Enabling Jefferies alumni to join and access our alumni site and alumni-specific content | Website / device data, personal contact data, business contact data | Legitimate interests: To enable Jefferies alumni to subscribe to and participate in our alumni network. |
Who do we share your personal data with?
We may share your personal data with third parties where it is appropriate and / or necessary to do so under applicable law and regulations. We may share your personal data with the following categories of recipients:
- Affiliates within the Jefferies Group;
- Tax, audit, regulatory bodies or other authorities where applicable law or regulations require us to share this information (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations);
- Third party service providers who perform functions on our behalf (including administrators, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third party outsourced IT, account management and document storage providers where we have an appropriate processing agreement (or similar protections) in place; and
- If Jefferies (or a part of its business) is subject to a bid, or otherwise merges with or is acquired by another business or company in the future, we may share your personal data with the new (or prospective) owners of the business or company pursuant to our legitimate interests to do so.
Where third parties have access to your personal data, we will ensure that we always have a valid lawful basis to share your personal data, that appropriate measures have been put in place and, where necessary, contractual terms are entered into in order to ensure that your personal data receives an adequate level of protection.
How do we store and safeguard your personal data?
We are committed to protecting the security and confidentiality of all personal data that we process. This includes taking all reasonable steps to protect it from misuse, loss, alteration or unauthorised access. We do this by implementing a range of appropriate technical and organisational measures. These include the utilisation of industry standard encryption, robust access controls, network security controls, intrusion detection systems and training for staff on confidentiality and handling information.
Please note you are responsible for ensuring that any information that you send to us is sent securely (e.g. encrypting attachments) and that you do not share your credentials with anyone.
How do we transfer your personal data internationally?
The different purposes for which we process your personal data, as outlined above in Section 4, may require us to transfer your personal data outside of the jurisdiction in which it was collected. This would include transferring your personal data to the third parties listed in Section 5 above and to our parent company based in the United States.
Where an international transfer occurs, we will take steps to ensure that your personal data is adequately protected, including by ensuring that appropriate safeguards are in place in accordance with applicable data protection laws, particularly where your personal data is transferred to countries that are not considered “adequate” by applicable data protection law or the relevant authorities in your jurisdiction. For example:
- For international transfers within the Jefferies Group, we have an intra-group data transfer agreement in place that is signed by all relevant entities and includes EU Standard Contractual Clauses, the UK Addendum and other necessary provisions to ensure that transfers take place in accordance with the data protection laws of Switzerland, Israel, the DIFC and ADGM; and
- For international transfers to third parties, including service providers and regulators, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your personal data, usually by including EU Standard Contractual Clauses, the UK Addendum and other jurisdiction-specific transfer clauses and provisions in our agreements (alongside implementing other supplementary technical and/or contractual measures as necessary).
For your information, a copy of the EU Standard Contractual Clauses can be found here, the UK Addendum to those Clauses can be found here, guidance from Switzerland on amending the EU Standard Contractual Clauses to suit the purposes of Swiss data protection law requirements can be found here, the DIFC Standard Contractual Clauses can be found here and the ADGM Standard contractual Clauses can be found here.
How long do we keep your personal data for?
We will retain personal data for as long as is reasonably necessary in order to fulfil the purposes set out in Section 4 above. Where our legal and regulatory obligations require us to do so, we may also retain your personal data for longer periods of time following the end of our relationship. All retention periods are governed by our internal Retention Policy and the precise length of time that we retain your personal data for will depend on the type of personal data we are processing, our business need for the processing and any specific legal or regulatory requirements relating to its storage.
What rights do you have in relation to your personal data?
Under applicable data protection law, you may have rights in relation to the personal data that we hold about you. These rights may include, where permitted under applicable law and subject to certain exceptions and restrictions:
- Access: You may ask us to confirm, and provide copies of, your personal data that we hold;
- Erasure: You have the right to request that we erase your personal data in certain circumstances;
- Restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances;
- Rectification: You have the right to request that we rectify any personal data that you believe is inaccurate or incomplete;
- Data portability: You have the right to ask us to transfer personal data that you have provided to us to yourself or to another data controller in certain circumstances;
- Object: You have the right to object to us processing your personal data where we do so: (i) on the basis of our legitimate interests; or (ii) to send you relationship management and marketing materials for additional products or services. If you no longer wish to receive marketing communications from us, you can opt out by either liaising with your Jefferies contact or by electronically unsubscribing from emails we have sent you; and
- Withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw this consent at any time. This will not affect the lawfulness of any processing based on consent before its withdrawal.
If you would like to exercise any of these rights, details of how to contact us can be found in Section 11. Please note that if your personal data is subject to applicable data protection laws in the DIFC, you will also be entitled to not be discriminated against or adversely treated when exercising your personal data rights. In accordance with applicable data protection laws you also have the right to lodge a complaint with your local supervisory authority, details of which can be found in Section 11.
Cookies
We may collect personal data through the use of cookies. A cookie is a small file containing data that is created and stored on your device when you visit a website using a computer or mobile device. When you visit a website, a cookie may be used to track the activities of your browser and provide you with a more consistent and efficient online experience. Tracking your use of our website using cookies enables us to understand how you use the site and track any patterns that emerge individually or from larger groups. This helps us to develop and improve our website and services in response to what our visitors want and need.
We use performance, functional, targeting, social media and strictly necessary cookies on our website. You can find out more about these cookies, including who provides these cookies and their purposes by reading our Cookies Policy. You can view and change your cookie preferences at any time by clicking on the cookie icon on the bottom left-hand side of the screen when you visit our website.
Although you can click the ‘reject all’ button on our website to opt out of most cookies, please note that our ‘strictly necessary’ cookies are necessary for the website to function and cannot be turned off in our systems. You can set your browser to block these cookies, but some parts of the site may not work if you do.
Contacting us in relation to your privacy and details of local supervisory authorities
If you would like further information about any of the matters in this Notice, have any questions about how we collect, store or use your personal data, or would like to exercise any of the rights set out above, please contact us by email at [email protected] or by post using the contact details set out below.
- For individuals in the UK, Switzerland, Israel, DIFC or ADGM, please contact Jefferies International Limited by post at 100 Bishopsgate, London, EC2N 4JL, United Kingdom.
- For individuals in the EU, please contact Jefferies GmbH by post at Bockenheimer Landstraße 24, 60323 Frankfurt am Main, Germany.
Details for the relevant supervisory authorities are set out in the table below:
| Jurisdiction | Supervisory Authority | Address |
|---|---|---|
| UK | Information Commissioner’s Office | Wycliffe House, Water Lane Wilmslow, Cheshire, United Kingdom, SK9 5AF |
| Germany and EEA | Hessischer Beauftragter für Datenschutz und Informationsfreiheit | Postfach 3163, 65021 Wiesbaden |
| Switzerland | Federal Data Protection and Information Commissioner | Feldeggweg 1, CH – 3003 Bern |
| Israel | Privacy Protection Authority | Tel Aviv Government Complex, P.O. BOX 33503, Tel-Aviv 6133401 |
| DIFC | Commissioner of Data Protection | Dubai International Financial Centre Authority, Level 14, The Gate Building, Dubai International Financial Centre (DIFC), Dubai, UAE |
| ADGM | Office of Data Protection | ADGM Building, ADGM Square, Al Maryah Island, PO Box 111999, Abu Dhabi, UAE |
© 2025 Jefferies Financial Group Inc.