The Bank of New York Mellon EMEA Privacy Notice

Effective March 9, 2022

This privacy notice applies to The Bank of New York Mellon Corporation and its affiliates (collectively referred to as "BNY Mellon", "we", "us"). The BNY Mellon entity responsible for your personal information, along with any additional information that may be required by law, considering the specific circumstances and the type of Personal Information at issue, will be explained in a separate summary privacy notice that will be made available when your personal information is first collected, for example where you or the business you work for engages us to provide a service.


You can find out more about BNY Mellon entities at or by contacting us using the information in the contact us section.


At BNY Mellon we take our data protection and privacy responsibilities seriously. This privacy notice explains how we collect, use and share personal information in the course of our business activities, including: 


This notice does not apply to prospective, current or former employees of BNY Mellon. Our EMEA employee privacy notice is available here.


We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this notice. If we make significant changes to this privacy notice, we will seek to inform you by notice on our website or email ("Notice of Change").

What Personal Information We Collect and When and Why We Use It

In this section you can find out more about:

  • the types of personal information we collect
  • the legal basis for processing personal information
  • how we use personal information
  • when we collect personal information
  • additional information on the use of artificial intelligence and machine learning

BNY Mellon Data Subjects

If BNY Mellon collects information about you, you will usually:

  • be registered with or use one of our Website(s) or online services;
  • be a private client;
  • represent one of our institutional clients;
  • work with us as a service provider; and/or
  • visit a BNY Mellon office or register to attend a BNY Mellon event.

Personal Information We Collect

Personal Information we collect will fall within one of the following categories:

  • Your name and how to contact you - Basic contact information about you, including your signature.
  • Identification data including unique descriptors - Government issued identifiers, other unique identifiers such as date of birth, and personal descriptors that might identify you.
  • Financial and transactional - Financial information about you, transactional information and credit information, account authentication details.
  • Contractual details - Information collected as part of the products and services we provide to you.
  • Socio-demographic - Details about your work or profession, nationality, education.
  • Technical information - Details about your devices and technology that you use to access our services, including IP address.
  • Behavioural - Information about how you use our products and services.
  • Location - Data we receive about where you are.
  • Communications and CCTV - Information we capture through your communications with us, e.g. voice recordings of telephone conversations, emails and instant messaging, and CCTV images if you visit our offices.
  • Publicly available data - Details about you that are in public records and information about you that is openly available on the internet.
  • Sensitive categories of data - Laws and other regulations treat some types of personal information, including personal information relating to health or criminal convictions and offences, as special and affords them additional protections. We will only collect and use these types of data if the law allows us to do so.

The legal basis for processing your personal information

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This is explained in more detail in the drop down section below which sets out the purposes for which we collect Personal Information. For each purpose, we indicate that we will have one or more of the following reasons for using your personal information:

  • our use of your personal information is necessary to fulfill a contract we have with you or to take steps to enter into a contract with you, for example when you ask us to provide you with a product or service;
  • our use of your personal information is necessary to comply with a legal obligation that we have, for example where we are required to report to tax authorities;
  • our use of your personal information is required for regulatory reasons that are in the public interest, for example to prevent and detect financial crime;
  • you have provided your consent to us using the personal information, for example if you have agreed to receive marketing communications; or
  • our use of your personal information is in our legitimate interests as a commercial organisation.

    The personal information BNY Mellon collects will usually be required to enable us to fulfil a contract or provide a service, or to fulfil our regulatory or legal obligations. If you choose not to provide certain personal information in these circumstances, BNY Mellon may be unable to provide the services you require. If the provision of personal information is voluntary, you will be informed of this at the point of collection and there will be no consequences to you if personal information is not provided.

    Where you have provided your consent for voluntary provision of personal data, you have the right to withdraw your consent at any time. You can do so by making a request to the entity that collected your personal information, by clicking ‘opt out’ or ‘unsubscribe’ on direct marketing communications, or by contacting us.

    Where we rely on our legitimate interests, we will do so on the basis that the activity:

  • is necessary for us to meet our business or commercial objectives and to provide services to our clients and cannot be achieved without reliance on our legitimate interests;
  • is proportionate and would not cause unjustified harm;
  • is aligned to, or would not conflict with, your reasonable expectations;
  • does not undermine your individual rights, interests or freedoms; and
  • on balance, does not outweigh your privacy rights. 


We explain our legitimate interests in the drop down section below.


Personal Information we collect will be used for one or more of the following purposes 


What We Use Your Information For

  • To manage our relationship with you or your business, for example by finding out how best to contact you
  • To develop new ways to meet our clients’ needs and to grow our business, for example by seeking client feedback or sharing our market research
  • To develop and carry out marketing activities in order to keep our clients informed about our products and services
  • To develop and manage our brand

Lawful Basis

  • Legitimate interests
  • Consent (where required by law)

Our Legitimate Interests

  • Working out which of our products and services might interest you and telling you about them
  • Communicating with you about BNY Mellon and our industry insight and providing thought leadership
  • Seeking your consent when we need it to contact you
  • Keeping our records up to date and honoring your communication preferences

What We Use Your Information For

  • To make and manage client payments
  • To manage and provide treasury and investment products and services
  • To manage fees, charges and interest due on client accounts
  • To collect and recover money that is owed to us
  • To exercise our rights set out in agreements or contracts

Lawful Basis

  • Consent (where required by law)
  • Contractual Obligation
  • Legitimate interests

Our Legitimate Interests

  • Ensuring that we are able to effectively and efficiently meet our contractual obligations
  • Complying with regulatory requirements

What We Use Your Information For

  • To deliver our products and services to our individual and institutional clients
  • To provide advice or guidance, for example to support your use of our products and services
  • To develop, test and manage new and existing products and services
  • To understand how our clients use products and services from us and other organisations, for example through research and analytics
  • To manage how we work with other companies that provide services to us and our clients, for example our relationships with vendors and suppliers

Lawful Basis

  • Contractual obligation
  • Legal obligation
  • Legitimate interests
  • Consent (where required by law)

Our Legitimate Interests

  • Enabling the development of our products and services, and what we charge for them
  • Defining relevant clients for new products and services
  • Ensuring that we are able to effectively and efficiently meet our legal and contractual obligations
  • Complying with regulatory requirements

What We Use Your Information For

  • To detect, investigate, report, and seek to prevent fraud, financial crime and anti-money laundering, for example through know-your-customer checks, AML screening and other identity checks
  • To comply with other laws and regulations that apply to us, for example other financial services or country-specific legislation

Lawful Basis

  • Contractual obligation
  • Legal obligation
  • Public Interests
  • Legitimate interests

Our Legitimate Interests

  • Ensuring that we are able to effectively and efficiently meet our contractual obligations
  • Complying with regulatory requirements

What We Use Your Information For

  • To manage risk for us and our clients, for example through research and statistical analysis
  • To respond to complaints and seek to resolve them
  • To comply with foreign laws, law enforcement and regulatory requirements that may affect us as a global institution
  • To protect our IT systems, network and infrastructure
  • To run our business in an efficient and proper way, for example managing our financial position, building our business capability, or for planning, communications, corporate governance or audit
  • To assert legal claims/for defense in legal disputes

Lawful Basis

  • Legitimate interests

Our Legitimate Interests

  • Ensuring that we are able to effectively and efficiently meet our contractual obligations
  • Ensuring that we can exercise our legal rights
  • Complying with regulatory requirements

Where We Collect Your Personal Information From

We will collect the personal information we use for the above purposes from one or more of the below sources:

  • Directly from you throughout our relationship, including when you use our products, services and websites;
  • From other BNY Mellon entities;
  • From third parties that are authorised to share your information with us, such as intermediaries, broker dealers, our institutional clients and service providers;
  • From publically available sources of information.

Additional information on the use of artificial intelligence and machine learning


BNY Mellon uses both manual and automated methods of processing. In particular, we may use automated methods of processing such as Artificial Intelligence (“AI”) and Machine Learning (“ML”), which are a set of technologies programmed to perform tasks and actions that are commonly associated with human beings. We may use AI and/or ML to optimize and increase the efficiency of business processes (e.g. to support customer service desks that receive inbound inquiries) and/or to support and enhance existing security controls.

Automated methods of processing are subject to regularly tested controls designed to ensure accuracy and fairness of the output. By using AI and/or ML, we do not intend to make automated decisions about you and therefore its application would not produce legal or similarly significant effects concerning you, unless stated otherwise in a specific privacy notice provided to you directly.



Sharing Personal Information Within BNY Mellon, With Third Parties, With Our Regulators

In this section you can find out more about how we share personal information:

  • within BNY Mellon
  • with third parties that help us provide our products and services
  • our regulators

We share your information in the manner and for the purposes described below:

  • within BNY Mellon, where such disclosure is necessary to provide you with our services or to manage our business;
  • with third parties who help manage our business and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems;
  • with agencies and organizations working to prevent fraud in financial services;
  • with our regulators;
  • to comply with applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  • we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our business partners, affiliates or advertisers;
  • BNY Mellon may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your personal information, technical information about your device or browser and/or other anonymous information we obtain from you via the websites may be disclosed to any potential or actual third party purchasers of such assets and/or may be among those assets transferred.

Using Cookies and Other Technologies

In this section you can find out more about:

  • types of cookies used on our websites
  • third party advertisers
  • third party sites
  • control your cookie settings

Types of Cookies Used on Our Websites

We use cookies, web beacons and similar technologies ("Cookies") to track information provided to us by your browser and by our software application when you use our websites. A Cookie is a small piece of information that a website stores on the web browser on your device and can later retrieve. "Session" Cookies are temporary and will expire at the end of a browser session; that is, when you leave a website. Session Cookies allow a website to recognize you and carry information as you navigate between pages during a single browser session and allow you to use the website most efficiently. "Persistent” Cookies, in contrast, remain in the Cookie file of your browser even after you leave a website and after the browser is closed. They enable a website to recognize you upon your return, remember your preferences and provide tailored services to you. A Cookie will not contain information that will enable us to contact you via telephone, e-mail, or other means.

We, and third party service providers acting on our behalf, use session and persistent Cookies to:

  • remember preferences that you submit as well as those generated from your usage data and your responses to polls and surveys on our websites;
  • measure your use of our websites in an effort to improve its quality and enhance your overall experience, including tracking page views, time and date of website access, and other usage data, and identifying your operating system and browser type (but not other information about your computer or the programs on it) and your general geographic location; and
  • allow you to share certain information on our websites via social media bookmarking buttons, email or on social networking sites.

The third party service providers mentioned above use any personal information they collect on our behalf solely for the purpose of providing the contracted service to us. They have also agreed to confidentiality restrictions.

We may use aggregated usage data to track trends and analyse patterns on our websites. If you register to enter an area of our websites, the website will recognize who you are and collect all information that you submit (including subscription to emails, etc.). Information collected about you from this website may be associated with other identifying information that we have about you.


Third Party Advertisers

We may use third party advertising companies to serve ads on our behalf on other websites across the Internet. To measure and track the effectiveness of such ads, these companies typically use Cookies; so a Cookie may be set in the Cookie file of your browser when you click on one of our ads or visit a webpage associated with our ad campaigns. These companies may also use and measure information about your visits to our Site as part of this same process. The information provided to us by these companies about you will be de-identified.


Third Party Websites

Our websites contain links to third party sites (including social media bookmarking buttons that enable you to share certain content to our websites). Although some of the entities controlling these websites are under contract with us, not all of them are, so we advise you to familiarise yourself with the individual privacy and cookie notice and other terms for each linked website prior to submitting your personal information. We are not responsible for and do not have control over their terms of use or privacy notices, have not reviewed them and we do not accept any liability with respect to the content of these websites or how they use Cookies and handle your personal information. This privacy notice does not apply to your use of a third party website.


Control Your Cookie Settings

Most browsers are initially set to accept Cookies. However, you have the ability to change your browser settings. It may also be possible to configure your browser settings to enable acceptance of specific Cookies or to notify you each time a new Cookie is about to be stored on your device enabling you to decide whether to accept or reject the Cookie. You can also disable Cookies by configuring your browser setting to reject Cookies. Please refer to the help section of your browser for instructions on disabling Cookies. For more information about Cookies, how they work, why they are so useful and how to disable them, you can visit

If you do not wish to accept Cookies from our website, please either disable them or refrain from using our website. If Cookies are disabled, it may mean that you experience reduced functionality or will be prevented from using all or part of our website.

For information about the Cookies used on a specific application, please refer to that application’s Cookie notice. For more information about how collects information using Cookies and tracking technologies you can read the EMEA Cookie Notice.


Carrying Out Direct Marketing


In this section you can find out more about:

  • how we use personal information to keep you up to date with our products and services
  • how you can manage your marketing preferences


How We Use Personal Information to Keep You Up To Date With Our Products and Services

We may use personal information to let you know about BNY Mellon products and services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

How You Can Manage Your Marketing Preferences

To protect your privacy rights and ensure you have control over how we manage marketing with you:

  • we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
  • you can ask us to stop direct marketing at any time. You can ask us to stop sending email marketing by following the 'unsubscribe' link you will find on the email marketing messages we send you. Alternatively, you can contact us. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
  • you can change the way your browser manages Cookies, which may be used to deliver online advertising, by following the settings on your browser as explained above.

We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms, as well as your preferences within your BNY Mellon account.


Transferring Personal Information Globally

In this section you can find out more about:

  • how we operate as a global business and transfer data internationally
  • the arrangements we have in place to protect your personal information if we transfer it overseas

BNY Mellon operates on a global basis. Accordingly, your personal information may be processed in countries that are subject to different standards of data protection, including the United States and India. BNY Mellon will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests, and that transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

  • transfers within BNY Mellon will be covered by an agreement entered into by members of BNY Mellon (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within BNY Mellon;
  • where we transfer your personal information outside BNY Mellon, or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before personal information is disclosed.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.


How We Protect and Store Your Information



We have implemented and maintain a comprehensive information security program with written policies and procedures designed to protect the confidentiality and integrity of personal information. The information security program contains administrative, technical and physical safeguards, appropriate to the type of information concerned, designed to: (i) maintain the security and confidentiality of such information; (ii) protect against any anticipated threats or hazards to the security or integrity of such information; (iii) protect against unauthorized access to or use of such information that could result in substantial harm, and (iv) ensure appropriate disposal of such information. The security of your personal information also depends in part on the security of the devices you use to communicate with us, the security you use to protect user IDs and passwords, and the security provided by your internet service providers.



Storing and Retaining your personal information

BNY Mellon will retain your personal information:

  • for as long as required for the purposes for which it was collected, as explained in this notice
  • where here we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements
  • for longer periods of time in specific circumstances so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe that it may be required in defense of a legal claim.

In these circumstances your personal information will be subject to a corporate retention schedule which incorporates the factors above. For more information on the retention of your personal information, you can contact us.



Legal Rights Available to Help Manage Your Privacy


Legal Rights Available to Help Manage Your Privacy

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Please note that depending on your location your rights may vary. Click on the links below to learn more about each right you may have:

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will use reasonable efforts to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.


Right to Access Personal Information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to Rectify or Erase Personal Information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which BNY Mellon is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

Right to Restrict the Processing of Your Personal Information

You can ask us to restrict your personal information, but only where:

  • ts accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object and we are considering your request.

We can continue to use your personal information following a request for restriction:

  • where we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to Transfer Your Personal Information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to Object to the Processing of Your Personal Information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to Object to How We Use Your Personal Information for Direct Marketing Purposes

You can request that we change the manner in which we contact you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes

Right to Obtain a Copy of Personal Information Safeguards Used for Transfers Outside Your Jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred to countries not providing an adequate level of data protection.

We may redact data agreements to protect commercial terms.

Right to Lodge a Complaint With Your Local Supervisory Authority

You have a right to lodge a complaint with your local data protection supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.


Contact Us

The primary point of contact for all issues arising from this privacy notice, is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

By email:


By post:
The Data Protection Officer
BNY Mellon (Poland) Sp. z o. o
Swobodna 3
50-088 Wroclaw, Poland


By post (UK):

The Data Protection Officer

BNY Mellon London Branch 
One Piccadilly Gardens
Manchester, M1 1RN


Where relevant, BNYM establishments outside of the European Economic Area have appointed BNY Mellon (Poland) Sp. z o. o.  as its EU GDPR Representative ("EU Representative”) and BNYM establishments outside of the UK have appointed BNY Mellon, London Branch as their UK GDPR Representative (UK Representative). The EU and UK Representatives can be contacted using the DPO contact information above.


If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

To Contact Your Data Protection Supervisory Authority

You have a right to lodge a complaint with your local data protection supervisory authority (i.e. your place of habitual residence, place of work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before lodging a complaint with your local supervisory authority. A list of data protection supervisory authorities within the European Economic Area can be accessed here. For the Dubai International Financial Centre complaints please contact the Office of the Commissioner of Data Protection Dubai International Financial Service Authority. For the United Kingdom please contact the Information Commissioner's Office.

Employee Privacy Notices

Employee privacy notices by region or country of employment can be accessed here.