Effective as of January 6, 2017
PURPOSE AND SCOPE
Because we are a global company, this Policy takes into consideration various privacy regulations and frameworks for protecting the collection, use, maintenance, sharing, and disposition of personal information in compliance with applicable legal and regulatory requirements. Additional details relating to specific countries are provided at the end of the Policy in the "Country-Specific Notices" section.
Unless superseded by alternative Terms and Conditions (e.g. customer agreements, employee contracts) where appropriate, when you provide CME Group with personal information, the method by which the information will be collected, used, distributed, and maintained will be in accordance with the terms outlined in this Policy.
By providing personal information and using our goods and services you acknowledge the collection, use, distribution and maintenance of your personal information in the manner described in this Policy or the alternative Terms and Conditions under which the collection of the information applies. If you object to any aspect of this Policy or alternative Terms and Conditions, CME Group asks that you do not submit your personal information or utilize our services.
Where required by law, we generally will seek your express written or oral consent for the collection, use, maintenance and distribution of your personal information.
There are situations where consent may not be obtained as we are legally permitted to process personal information without consent. For example, where;
- the processing of personal information is required by law (e.g. subpoena);
- the processing of personal information is required in order for CME Group to fulfill its regulatory obligations;
- the processing of personal information is necessary as part of the provision and receipt of our products and services;
- information is used in the aggregate to improve our products and services;
- in response to an emergency or where the safety or health of an individual or the public is at risk; or
- the information is publicly available.
The Policy is current as of the effective date set forth above. The Policy is reviewed regularly and may change over time. All modifications are effective immediately, where permitted by law. Therefore, we encourage you to review this Policy periodically so you are aware of our practices. If we make material changes to the Policy by modifying our privacy practices that increase our rights to use personal information we have previously collected about you, we may attempt to notify you or obtain your consent, where required by law, either through your registered email address or by prominent posting on this page with an appended revision date.
CME Group recognizes that personal information is considered to be any recorded information which relates to or can reasonably identify a living individual. CME Group may collect personal information directly from you and, in some circumstances, from those individuals and/or entities you may authorize to act on your behalf and from publicly available sources.
The type of information you may be requested to provide will vary based upon the type of relationship(s) you have established with CME Group.
Most commonly, we collect your full name, professional job title, physical address, phone number, and your e-mail address in order to provide you with services tailored to your particular needs. In connection with some of our products and services we may collect additional types of personal information including, but not limited to, full name, phone number, email, Internet Protocol (“IP”) address, Social Security Number, Financial Account Information, country of origin, etc.
CME Group may collect personal information relevant to the purposes of administering its business, providing and improving its products and services, such as in relation to:
By using CME Group Sites, you consent to the collection and use of your information as described in this Policy, including personal information CME Group may collect.
From time to time, CME Group may seek to collect input from you about the use of our Sites, products or services. This information may be collected with or without the collection of identifying information. If we request personal information, these fields will be optional, unless otherwise indicated, resulting in you having control over whether or not the answers remain anonymous. Third party tools may be used to facilitate these questionnaires.
We also collect non-personal information when you visit CME Group Sites. This information includes, but is not limited to, the pages you view, the search terms entered into the search utility, location, the operating system, browser software, preferred language and internet service provider you use. Such non-personal information we may collect generally is used to administer the Site, improve our services, determine how the Sites are being used, identify popular areas of the Sites, analyze trends and usage patterns, and offer you tailored content. If we associate your non-personal information with your personal information, we will generally treat everything as personal information.
Additionally, as permitted by law and regulation, your information may be used in aggregate, statistical form to track and measure usage including, but not limited to, customer/user preferences, interests, demographics, and patterns; and to determine trading volumes, audience size and repeated usage. We may then use such data, together with information collected from other users, to manage and customize the Site's content, layout, and our services in order to improve the Sites, enhance customer service, and provide tailored messages. We may combine personal information and non-personal information to conduct analytics in order to improve user experience. Furthermore, we may use the information you provide us to contact you about our products and services as legally permitted. Please see the section entitled "Contact Us" for instructions relating to opting out of such use.
We may use your IP address to improve our services and to help diagnose problems with our server.
We do collect personal information about your online activities over time and across third party websites or online services. When we see a browser set to "do not track", signals transmitted from web browsers do not apply to our sites, and we do not alter any of our data collection and use practices upon receipt of such a signal.
CME Group offers educational resources: including Risk Ranch, CME Institute (also known as Futures Institute) and Future Fundamentals (which targets middle schoolers and above) to increase the awareness of our industry. CME Group collects information in aggregate for the Risk Ranch, CME Institute and Future Fundamentals, and does not collect or maintain information that identifies any specific individual. The information collected is only used to improve upon functionality and its content.
The Sites may contain links to third party websites. Please note that when you click on one of these links, you will be accessing a website that CME Group does not control and which may be governed by privacy policies and practices that differ from ours. CME Group is not, and will not be, responsible for the privacy policies or practices of third parties or the content or security of any third party websites.
PUBLIC FORUMS (e.g. website comment sections, Blogs, Social Media): Posts, comments or other information you submit on any public forums (e.g. message board, chat rooms) should not be considered private or confidential. CME Group may use any such postings ("Postings"), any content thereof, and any information derived from any such Postings (including any ideas, concepts, know-how or other intellectual property) and may provide such Postings to any of its subsidiaries, affiliates, or others, for any purpose whatsoever, as deemed appropriate in the sole discretion of CME Group and subject to applicable laws. Posts, comments, and other information you share on these platforms can be read, viewed, collected or used by others accessing these public forums. We have no responsibility for how others use the information you share on these public forums, such as sending you unsolicited communications, contacting you, or any other usage of your personal information.
CME Group is under no obligation to review any Postings relating to CME Group and assumes no responsibility or liability relating to any Postings. Nonetheless, CME Group may from time to time monitor the Postings and in its sole discretion and in accordance with law may remove and/or decline to publish any material, including but not limited to: (i) any Postings that contain any unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind (ii) advertisements or solicitations of any kind; (iii) messages posted by visitors impersonating others; (iv) personal information, such as messages which list phone numbers, Social Security numbers, account numbers, addresses, or employer references; (v) messages by non-spokesperson employees of CME Group purporting to speak on behalf of the CME Group; (vi) multiple messages by the same visitor restating the same point; (vii) messages of commercial or reputational damage to CME Group; and (viii) chain letters of any kind.
SOCIAL NETWORK ACCOUNT INFORMATION: We may allow you to sign into and associate your social network accounts including, but not limited to, Twitter, LinkedIn, Facebook, and YouTube with CME Group.
We do not retain your username or password for social networking platforms for any longer than is necessary to complete an interaction. If you would like to disconnect a social media account from CME Group refer to the settings of that social media account and its provider.
EMAIL SUBSCRIPTIONS FOR NEWSLETTERS, NOTICES, AND SERVICE ANNOUNCEMENTS: If you have subscribed to receive communications from CME Group (e.g., through the CME Subscription Center), we may contact you by phone, text, mail or email, as applicable, related to company services, market or product announcements and newsletters, sales and marketing communications, and when applicable, service announcements pertaining to system maintenance or disruptions. Generally, you have the ability to opt-out of these marketing communications at any time by contacting us with the information in the “Contact Us” section of this Policy or clicking on the unsubscribe button located within the message. Some non-promotional communications used for administrative purposes, such as service announcements, may be sent to you regardless of your status for receiving marketing communications.
SALES AND MARKETING AND CUSTOMER SERVICE: Based upon the CME Group services you use, and as permitted by law, individuals from our sales and marketing and customer service teams may contact you directly by phone, email, mail or text messaging. Should you choose not to be contacted please submit a request to the Chief Privacy Officer ("Contact Us") or complete the form on "Unsubscribe – Email Alert Subscription". Unsubscribing from these communications may impact the way CME Group may share information with you regarding the use of our services.
CME Group may record certain telephone conversations, including phone lines in the Global Command Center, Clearing House, main switchboard, or where required by law. The purpose of such recordings is to provide verification of customer transactions entered in connection with CME Group business, to protect the organization against misconduct, and to ensure the telephone lines are being used consistent with applicable CME Group policies. When a recorded line is being used an announcement will be made at the beginning of the call notifying you that the call may be recorded. Consent to such recording and monitoring is presumed by the use of the recorded phone lines. There may be instances where the recording cannot be turned off. Please use discretion when sharing information over a recorded line as the recording may be retained and used for legal, regulatory, or business purposes.
BILLING INFORMATION WHEN YOU ARE PURCHASING GOODS OR SERVICES: There are certain circumstances for which CME Group may collect personal information when you purchase goods or services from us. For the purposes of these transactions, CME Group may collect, use, and maintain personal information such as your name, email, phone number, and mailing address.
Where offered, you may choose to complete your transactions using credit or debit card information (e.g. Online Store, Software, Market Data). CME Group does not directly process or retain any credit card information. Your credit card information will only be processed and stored with third parties that are Payment Card Industry Data Security Standard ("PCI DSS") compliant. The third parties are not allowed to share or use any of your information beyond the purposes for which it was collected. Where available, you may elect to have the third party maintain your credit card information for reoccurring purchases.
For registered users, upon the creation of your profile (by the user or at the request of your organization) personal information is required to be provided. Personal information collected will vary based on the type of relationship you have with CME Group. Information collected may include, name, phone number (landline or mobile), e-mail address, physical address, organization name, professional title.
Accessing CME Group systems may require additional authentication credentials beyond a password. In these situations, you can request to receive the automated code via text message or telephone call. Receipt and use of this verification code may be required in order to gain access to certain CME Group systems.
MEMBERSHIP: CME Group may collect and use personal information for the purpose of processing membership applications. For the purposes of these applications CME Group may collect, use, and maintain personal information such as your name, phone number, physical address, professional title, e-mail address, social security number (or national identity number), date of birth, and place of birth. CME Group does not share membership information with third parties except where required by law, or service providers. CME Group distributes a weekly “Membership Bulletin” that goes out to all current members providing information on new, withdrawn or changed membership details on all seat sales.
MARKET DATA AGREEMENTS: CME Group may collect personal information in order to comply with the provisions of agreements relating to receipt and/or use of market data. Under the provisions of such agreements, CME Group will collect contact details for business and contact administration purposes. Such contact details may include name, title, phone number and email address. CME Group will use this information for billing and business development management. CME Group will use personal information submitted by licensees in order to supply, administer, manage and improve services provided by CME Group and to comply with applicable regulatory and legal requirements.
RECRUITMENT AND EMPLOYMENT: CME Group may collect personal information from applicants and potential candidates, employees, interns, temporary employees and consultants (collectively "Colleagues"), as part of recruitment and selection of candidates (e.g. resumes, contact details), to fulfill the terms of employment (e.g. references and background checks) and for staff administration purposes (e.g. payroll processing, providing benefits and performance reviews).
Where necessary, CME Group may combine personal information from one service with information, including personal information, from other services or information that is publicly available to conduct due diligence for compliance and/or security purposes and/or to help us better understand your relationship to CME Group to improve your experience.
LOCATION OF PERSONAL INFORMATION
CME Group is a global company and may collect and process personal information in countries throughout the world. Therefore, subject to applicable laws, your personal information may be located and used in a country where CME Group does business other than your country of residence or where you provided CME Group with your personal information. These other countries may not have the same data protection laws as the country in which you reside. When we transfer your information to other countries, we protect that information as described in this Policy. By submitting your information, you acknowledge our collection, transfer, and processing of your personal information in accordance with this Policy.
THIRD PARTY ACCESS TO INFORMATION
We do not share personal information with third parties, unless one of the following conditions applies:
- We have obtained your consent to share your personal information.
- To disclose information about the use of our websites or mobile applications but only in aggregate, statistical form.
- To protect CME Group’s rights, property or safety of its assets and Colleagues and where permitted by law.
- To assist with investigations into malicious or fraudulent activity or other potential security or compliance threats or violations.
- To support auditing, compliance, and corporate governance functions.
- To cooperate fully with state, local, federal, and international legal, governmental and regulatory entities, authorities and officials in any investigation or governmental, legal or regulatory proceeding relating to any information collected or to any purported unlawful activities.
- As permitted by law, the information we collect, including personal information, may also be disclosed to third parties if CME Group, in its sole discretion, believes disclosure is necessary to comply with legal or regulatory processes or requests or to protect the rights, property, or personal safety of CME Group, its affiliates, and/or the respective customers, members, directors, officers, employees and agents and/or the public.
- To enforce our Terms and Conditions.
- If CME Group or any of its assets are acquired by a third party, in which case personal information may be one of the transferred assets.
When we share access to personal information with companies or individuals working on CME Group’s behalf, we protect such personal information by requiring those parties to enter into agreements (e.g., non-disclosure agreements) with CME Group to safeguard the confidentiality of personal information, to use the personal information only for CME Group purposes, and ensure compliance with applicable data protection laws.
RETENTION OF PERSONAL INFORMATION
CME Group retains personal information for the duration of the business relationship or where required, in accordance with the corporate Records and Information Management Policy and Retention Schedule. We make reasonable attempts to ensure that all instances of such information (e.g. production, backups, etc.) are deleted in their entirety, including any of your personal information. For requests for access, corrections, or deletion please see "Contact Us".
The Sites are general audience sites not directed at children under the age of 13. If we obtain actual knowledge that any personal information we collect has been provided by a child under the age of 13, we will promptly delete that information.
CME Group does offer a website and a mobile application for students to learn more about our industry. Please refer to the discussions of Risk Ranch, CME Institute and Futures Fundamentals within this Policy for more information under the header "Use of Our Websites".
Further, we occasionally allow children to be onsite for work experience/job shadowing. As a result, personal information (such as name, contact details and parent/guardian) may be processed to administer access to relevant CME Group facilities and while such individuals are onsite (see CME Group Facilities and Visitors section below).
Monitoring of Electronic Communication
CME Group reserves the right to monitor all electronic communications that occur on CME Group information systems where a CME Group representative is party to the communication as deemed necessary and appropriate, subject to applicable law. CME Group generally does not monitor the content of messages offered directly to our customers via Pivot and CME Direct where a CME Group representative is not an active participant within the communication. For more information regarding electronic communications with CME Group, please click here.
CME Group takes security and the protection of your personal information seriously. We have implemented a physical and logical security program that includes commercially reasonable administrative, physical, and technical safeguards. These controls may be updated as new technology and controls become available, or as appropriate.
To safeguard CME Group facilities and employees, CME Group may collect personal information and video when you are on company premises. Your personal information may be used for security and due-diligence purposes. CME Group uses video recording in public areas of its facilities, 24/7.
ACCESS TO OR DELETION OF YOUR INFORMATION
You may request from us certain information about you including, but not limited to, any information you have provided to us upon registration for various services. CME Group will provide individuals with access to their personal information, allow modifications, or request deletion, within reason and in accordance with applicable laws. We are committed to keeping your personal information current and accurate. If your contact information should change, please "Contact Us" so that we may update our records accordingly.
Prior to fulfilling any request for information or deletion, we may require you to provide information so we may verify your identity. Subject to applicable laws, we reserve the right to decline requests that are unreasonable, present risk to the privacy of another individual, may jeopardize the confidentiality of another party, are excessively repetitive, or may require significant technical modifications to our systems. Pending the request is reasonable in nature, all requests for information will be free of charge. CME Group reserves the right to respond to any requests as soon as reasonably possible, but generally within 30 days. For Korean residents, CME Group must respond to any such requests within 10 days.
Requests should be sent to Privacy@cmegroup.com.
All complaints, questions or comments regarding CME Group’s Policy should be directed to Privacy@cmegroup.com. If you wish to opt out of receiving communications from the CME Group or others as described in this Policy, please contact CME Privacy@cmegroup.com. All questions and comments will be directed to the Chief Privacy Officer.
CME Group Inc.
20 S Wacker Drive
Chicago, IL 60606
1.866.716.7274 (US Only)
- Confidentiality and Data Protection Policy
- News and Events Alerts Subscription & Unsubscribe Email Alert Subscription
- Disclaimer: www.CMEGroup.com
COUNTRY- AND STATE-SPECIFIC NOTICES
The following notices apply to customers who are residents of the specific country or state mentioned.
For the purpose of the Data Protection Act 1998, the following companies are registered on the ICO Data Controller Register and comply with their obligations under Directive 95/46/EC – the Data Protection Directive:
ICO Registration Number
CME Benchmark Europe Limited
CME Europe Limited
CME Group International Market Data Limited
CME Marketing Europe Limited
CME Operations Limited
CME Trade Repository Limited
Elysian Systems Limited
CME Technology and Support Services Limited
CME Clearing Europe Limited
The data collected from you may be transferred to and stored at a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for CME Group or for one of our suppliers/service providers when providing products and/or services to you. Such staff may be engaged in, among other things, the provision of support services. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy and have mechanisms in place to safeguard the personal information such as standard contractual clauses approved by the European Commission available here.
California Privacy Rights
Other than as part of joint marketing programs where the co-sponsor is identified, we do not share personal information with third parties for the third parties’ direct marketing purposes. If this practice changes, we will provide details on how we will comply with California Civil Code § 1798.83 in this Policy.
Hong Kong Customers
As part of our normal operations and in order to better serve your particular needs, we may utilize your personal data in accordance with the provisions of the Personal Data (Privacy) Ordinance, Cap 486.
The personal data collected from you may be transferred to, and stored at, a destination outside Hong Kong. It may also be processed by staff operating outside Hong Kong who work for CME Group or for one of our suppliers when providing products and/or services to you. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing and/or processing. Overseas third parties to whom we may disclose your personal data are not authorized to use your information for any other purposes beyond those we have agreed with them.
The data collected from you may be transferred to, and stored at, a destination outside Japan. It may also be processed by staff operating outside Japan who work for CME Group or for one of our suppliers when providing products and/or services to you. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing and/or processing.
Please note that we may transfer your personal data to a third party (i) in a country which is not recognized by the regulations of the Privacy Information Protection Commission (the "PPC") as having personal data protection legislation equivalent to the Act on the Protection of Personal Information (the "APPI") or (ii) which has not established an internal system for the protection of personal data which meets the requirements set forth in the regulations of the PPC. By submitting your personal data, you also agree to the transfer of your personal data to such third party. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and the APPI. Overseas third parties to which we disclose your personal information are not authorized to use your information for any other purposes beyond those we have agreed with them.
South Korean Customers
The data collected from you may be transferred to, and stored at, a third party outside South Korea. It may also be processed by staff who work for CME Group or for one of our suppliers when providing products and/or services to you. Such staff may be engaged in, among other things, the provision of support services. Prior to (i) the collection and use of; (ii) the change of purpose of such collection and use of; and (iii) the provision to a third party of, your personal information, CME Group will seek to obtain consent from you pursuant to the Personal Information Protection Act of Korea (“PIPA”) and other relevant Korean laws and regulations, unless the contemplated data processing is necessary to implement the agreement with you.
In cases where CME Group transfers your personal information or outsources processing of your personal information to a person or entity outside South Korea or allows a person or entity outside Korea to retain or access to your personal information, we will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy, PIPA and other relevant laws and regulations of Korea.
This Policy sets forth the purposes, manners, and scope that CME Group may collect and use your personal information, subject to your consent.
If CME Group identifies any Postings that are considered to violate applicable laws and regulations, CME Group reserves the right to retain the relevant record and/or report to the competent authorities.
If you find your identity and/or personal privacy is infringed on or otherwise compromised, you may wish to contact us to delete the corresponding information and/or take other reasonable measures as described in the “Contact Us” section of this Policy.
As part of our normal operations and in order to better serve your particular needs, we may collect, use and disclose your personal data in accordance with the provisions of the Personal Data Protection Act 2012 ("PDPA").
Where your personal data is transferred out of Singapore, we strive to comply with the PDPA. This may include obtaining your consent, unless an exception under the PDPA applies, and taking appropriate steps to ascertain that the foreign recipient organization of the personal data is bound by legally enforceable obligations to provide a standard of protection to that date that is at least comparable to the protection under the PDPA. This may include us entering into an appropriate contract with the foreign recipient organization dealing with the transfer of personal data or permitting the transfer of personal data without such a contract if the PDPA permits us to do so.
By submitting your personal data, you agree to our use of your personal data in accordance with this Policy. Third parties outside Singapore to whom we may disclose your personal data are not authorized to use your information for any other purposes beyond those we have agreed with them.