Intra-Group Personal Data Protection Statement

As of February 06, 2024

Bloomberg Finance L.P., its operating agent Bloomberg L.P., and affiliates (“Bloomberg”) are committed to compliance with their data protection obligations throughout the world. This Intra-Group Personal Information Protection Statement (“Statement”) sets out information about the measures we put in place to protect personal information we transfer.

Bloomberg has implemented robust processes and protections to meet the requirements of exporting or transferring personal information in accordance with applicable data protection laws. Accordingly, where Bloomberg transfers personal information to Bloomberg group members overseas, the relevant Bloomberg group members enter into appropriate Intra-Group Personal Data Protection Agreements (“IGAs”), which identify the Bloomberg group members acting as data exporter and data importer, and ensure that personal information transferred overseas is subject to appropriate safeguards, as required by applicable data protection laws.

For example, for personal information originating in the European Union, Switzerland or the United Kingdom, the IGAs incorporate EU Commission-approved Standard Contractual Clauses (“SCCs”), which include specific obligations and rights around transfers of personal information.  The IGAs will also contain amendments required by applicable data protection law to extend their application to transfers of personal information from non-EU jurisdictions, where relevant. The IGAs include the operational procedures and security measures used by Bloomberg to maintain the accuracy and integrity of personal information and adequately protect personal information.

The IGAs include the safeguards we put in place to ensure that personal information continues to be protected to a standard required under applicable data protection laws, including after it has been transferred overseas. These include:

  • Governance – We maintain a robust personal information governance program.  We regularly review and update our governance framework, including roles and responsibilities of personnel, and maintain a working group to oversee data protection regulation compliance and document results and decisions as they relate to personal information management.
  • Accountability and Recordkeeping– We map the personal information life cycle and maintain a personal data map inventory, including documenting flows of personal information within Bloomberg’s systems and any disclosures to third-party systems.
  • Security– We invest in and maintain organizational, technical, and physical safeguards intended to ensure the protection of personal information. We engage in ongoing monitoring and testing of the efficacy of these safeguards. Our data centers are dedicated solely to our products, services, and operations, and have secure and monitored access controls.
  • Privacy By Design– We integrate mapping of and accountability for personal information into our product design processes, and build personal information security into our development and product life cycles.
  • Administrative controls– We regularly review and update our policies, procedures, and controls to address our data protection obligations. We conduct company-wide privacy training, data protection executive education and tailored training programs for data protection compliance.
  • Government Requests for information – We take a company-wide approach to law enforcement, government, and regulatory agency disclosure, which extends beyond personal information and applies to all client data. Please see our Law Enforcement Data Request Statement for further information.

Contact information

Questions or comments regarding this Statement should be submitted to privacy@bloomberg.com.

Bloomberg reserves the right to change this Statement at any time by indicating revisions through the “Last updated” date at the top of the Statement. Such changes will be effective upon posting.