Skip to Content Skip to Menu Skip to Footer

Entity Insights - Privacy Notice

Markit Group Limited and its subsidiaries and affiliates (collectively "S&P Global" "us" "we" or "our") are committed to protecting your privacy. This Privacy Notice (“Notice”) is designed to give Beneficial Owners, Key Controllers, Directors, and Related Parties (together, “Associated Individuals”) information about how S&P Global processes personal information when providing Entity Insights related services from publicly available sources as described below (“Entity Insights Services”) to our clients.

Anti-money laundering (“AML”) and counter terrorist financing (“CTF”) regulations apply to a variety of businesses and industries. These regulations require businesses to verify the identity of their customers, apply risk-based customer due diligence measures, and take other steps to prevent services from being used for money laundering or terrorist financing. S&P Global supplies services that include a broad set of capabilities for their clients to meet their specific AML and CTF obligations. S&P Global collects, processes, and shares personal information as part of providing our Entity Insights Services to our subscribers, who use this information to verify the identity of persons and entities who may become their customers, vendors or counterparties and to meet their AML and CTF due diligence obligations. S&P Global uses a connected set of operational risk and regulatory compliance solutions to achieve these purposes, which are carefully reviewed to ensure personal information is protected, minimized, and only processed in ways an individual would reasonably expect.

For the purpose of this Notice:

“Beneficial Owner” means an individual identified within the ownership structure of an entity S&P Global is performing Entity Insights Services on.

“Key Controller” “Director” or “Related Party” means an individual identified by S&P Global in the performance of Entity Insights Services as appointed or elected to exercise direct control over an entity, by participating in the governance, strategic direction, or senior executive activities.

“Publicly available sources” means personal information (1) originally available to the public and typically over the internet; or (2) lawfully made available from records, databases, and/or systems of government agencies, departments, divisions or other operating units, in electronic, paper or any other format.

Why is this Notice important?

Being transparent when processing personal information is a critical component of most global privacy laws. As an example, S&P Global is obligated under Article 14 of the General Data Protection Regulation 2016/679 (“GDPR”) to provide relevant information about processing activities that involve personal information. S&P Global meets these transparency requirements through several means, one of which is via this Notice. For more detail about our processing of Personal Data generally, please see S&P Global’s Corporate Privacy Policy.

Who are we?

S&P Global is the Data Controller of your personal information. A “Data Controller” is the main decision maker in respect of data processing - this means we exercise overall control over the purposes and means when processing personal information. Being a Data Controller means we have a high level of compliance responsibility and that we must comply with, and demonstrate compliance with, all applicable data protection laws and regulations, including GDPR where it applies.

How to contact us

If you have any queries regarding this privacy notice or data protection in general, you should contact us using the form on our Privacy Request Page.
Enquiries can also be sent to the following address:

MIPrivacyOfficer@spglobal.com
General Counsel – S&P Global Market Intelligence
55 Water Street
New York, NY 10041

Why we process personal information

Our Entity Insights Services collect a range of personal and non-personal ‘business’ information from various public sources, including websites, news sources, regulatory filings and official government watchlists. In some circumstances, the information being collected includes a limited amount of personal information, which will commonly be your name and related beneficial ownership information.

S&P Global shares this personal information with third-party businesses to enable the third-party businesses to use it for its own internal business purposes, including but not limited to banking, Entity Insights, onboarding, and other regulatory purposes.

Entity Insights procedures are a critical function used to assess customer risk and a legal requirement under AML and CTF laws. S&P Global provides Entity Insights Services that assist customers in establishing and maintaining effective systems and controls for countering the risk of criminal exploitation and maintaining compliance with AML and CTF laws and regulations.

What personal information we process

S&P Global collects personal information when providing Entity Insights Services to our clients, including:

  • Identifying information [(e.g. name (first and last name),)]
  • Professional address
  • Professional role/title
  • Publicly available data on sanctions, regulatory enforcement, or adverse media covering criminal data

Associated Individual information –

  • Type of association
  • Level of association
  • Percentage of association

How we ensure our processing of personal information is lawful

S&P Global and the third parties we serve have a legitimate interest in processing the personal information provided through Entity Insights Services. S&P Global clients have a legitimate interest in gaining access to high-quality and easily manageable data of the type we process in order to optimize their AML and CTF compliance requirements and protect the public from financial crime, fraud and serious misconduct S&P Global has a legitimate interest to reduce the societal cost of money laundering through the provision of cost-effective Entity Insights solutions. We aim to reduce the AML and CTF risks faced by our clients by providing effective products that assist our customers in establishing and maintaining systems and controls for countering the money laundering and terrorist financing efforts of criminals

S&P Global has thoroughly assessed our legitimate interest, considered the potential impact on you (positive or negative) and your rights under data privacy laws, and will not use your personal information for activities where the impact on you overrides the legitimate interests we have in processing your personal information.

Where we process special or adverse criminal information, we will do so for reasons of substantial public interest, pursuant to applicable law.

Who do we share personal information with?

S&P Global discloses personal information to unaffiliated third-party clients who utilize Entity Insights Services. These third-party clients are also data controllers when they process personal information. S&P Global enters into processing agreements with these third-party clients to ensure they only process personal information in accordance with the commitments we’ve set out in this Notice.

We may also disclose personal information to S&P Global's parent, subsidiary, affiliates, and other related companies for the purposes listed in this Notice. If S&P Global sells all or part of its business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, S&P Global may transfer your personal information to a third party as part of that transaction.

From time to time, we may also disclose personal information to a limited number of service providers, sometimes referred to as processors, for the purpose of providing information processing services to our organisation; operating our business; or delivering, improving, and customizing our products or services. S&P Global has processing agreements with these service providers to ensure that they are subject to confidentiality obligations and are restricted in their processing activities to ensure personal information is protected at all times.

Finally, we may disclose personal information to regulators, government bodies, fraud prevention agencies, law enforcement agencies and courts, who have powers to order us to provide personal information, which we may occasionally have to comply with. There may also be instances where we are required to share personal information to protect the interests, rights, safety or property of S&P Global or others in compliance with a legal process, in response to adverse third parties in the context of litigation, or to protect against fraud or for risk management purposes.

How long do we process personal information?

S&P Global will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Personal information that is identified as inaccurate or out-of-date is either removed or corrected.

Your rights while we process personal information

We strive to make sure that our information is reliable, accurate, and up to date. Individuals in certain jurisdictions have rights over how their personal information is processed. To make a request regarding your personal information, please complete the form found on our Privacy Request Page.

Below is a brief description of rights that may apply to you:

Right of access: You may have the right to access your personal information to review, update, and correct inaccuracies. There are some exemptions, which means you may not always receive all the information we process. Additionally, there may be limits to the amount of information we will provide access to. For example, in some cases, we may limit access to personal information where the request is manifestly unfounded or excessive, in particular because of the requests have been repetitive in character, or where doing so would violate the rights of others.

Right to rectification: You may have the right to ask us to rectify personal information you think is inaccurate. This could also include the right to ask us to complete information you think is incomplete.

Right to erasure: In some circumstances and subject to certain exceptions, you may have the right to ask us to erase your personal information.

Right to restrict processing: In certain circumstances, you may have the right to ask us to restrict the processing of your information.

Right to object to the processing of your personal information: In certain circumstances, individuals may have the right to object to the processing of their information. If you wish to object to our processing of personal information, you must give specific reasons why you are objecting to the processing of your data. These reasons should be based upon your particular situation.

Please be aware that in these situations and subject to applicable law, your right to object is not an absolute right, and we may refuse to comply if we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms.

Right to lodge a complaint with a supervisory authority: If you have a complaint or a concern regarding how personal information is being processed, we recommend that you raise it with us in the first instance (by completing the form on our Privacy Request Page). We are best placed to address any concerns or resolve any complaints.

Should you still wish to report a complaint to a supervisory authority or if you feel that S&P Global has not addressed your concern in a satisfactory manner, you may raise your concerns directly. Contact details for data protection authorities in the EEA, Canada, Switzerland and the UK are available here.

Where do we source personal information from?

We compile information from publicly available sources. These sources are in the public domain and are reasonably accessible or available to S&P Global, such as public websites, news sources, regulatory websites, open government databases, exchanges, and public registries.

International data transfers

As a global organization, we may transfer your personal information to S&P Global affiliates, agents, contractors, service providers, and to third parties in various countries and jurisdictions around the world. The websites, services, and products we provide often result in the processing of personal information, and where applicable law permits, this information could be transferred, processed, and stored in countries where data protection standards may be different.

S&P Global safeguards and enables the global transfer of personal information in several ways:

  • Standard Contractual Clauses
  • Adequacy Decisions

For a full explanation of how international transfers are managed at S&P Global, see the S&P Global Privacy Policy - International Data Transfers.

Modifications to this Privacy Notice

S&P Global reserves the right to change this Notice at any time by posting revisions on this web page. When we do, we will let you know by posting the changed Notice on this page with a new "Updated" date. Such changes will be effective upon posting. In some cases (for example, if we significantly expand our use or sharing of your personal information), we also may tell you about changes by additional means.

Updated May 2023.