CME Group Candidate Privacy Notice

Effective March 9 2022

CME Group Inc. and each of its subsidiaries and affiliates (collectively known as "CME Group") are committed to safeguarding your personal information. The purpose of this notice is to make all individuals that apply for employment or engagement by CME Group (“Candidates” "you", "your") aware of how CME Group processes their personal data. Such processing may include the collection, storage, modification, access, or destruction of personal information, and may be completed manually or through automatic means.

Personal information, or personal data, means any information relating to you from which you can be identified. It does not include anonymous data.

If you accept employment with or are otherwise engaged by CME Group, we will need to collect more information about you and make other uses of your information, and this will be covered by the CME Group Inc. Colleague Privacy Notice, which you will be provided access to once you are provided with your offer letter.

Back to top

We may collect, store, and use the following categories of personal data about you to the extent relevant, necessary and permitted by applicable local laws:

• Information which identifies you
  E.g. your name, date of birth, passport, visa, driver’s license, government-issued identification numbers, vehicle registration, signature.
• Personal contact details
  E.g. address, telephone numbers and personal email address
• Demographics or protected class characteristics
  E.g. gender, marital status, citizenship, residency or domicile and immigration status
• Professional or prior or current employment-related information
  E.g. title, location of employment, working hours, work days, work duties, professional biography, skills, interests, professional memberships, experience information and compliance/training records
• Recruitment information
  E.g. copies of right to work documentation, references, job application information, background check outcome (if applicable), education history and level/qualifications, proposed start date, pre-booked annual leave/vacation dates, salary expectations and other information included in a resume/CV or cover letter or that you provide to us during an interview, assessment or otherwise as part of the application process
• Status of your application
  E.g. the outcome of your application and associated reasoning or the reasons for withdrawal of your application (if applicable)
• Financial details
  E.g. tax status, expenses
• Communications
  E.g. written communications from or about you
• Internet or other electronic network activity information
  E.g., details of resource usage or information about your interaction with areas of our network
• Information regarding aptitude testing
  E.g. psychometric tests, attitudes, predispositions, abilities, or aptitudes
• Audio, electronic, visual, or similar information
  E.g. professional photograph, photographs taken in workplace or at recruitment events or CCTV footage

In addition, we may also collect the following categories of personal data about you, in very limited cases and in compliance with applicable laws, that may be of a sensitive nature:

• Information about sensitive characteristics
  E.g. your nationality, race or ethnicity, religious beliefs and trade union membership where required by applicable laws or provided voluntarily by you
• Information about criminal convictions and offences, information about criminal history as part of the recruitment process to assess to determine whether a candidate is appropriate for a position.
• Biometric identifiers, fingerprints (where applicable)
• Information about your health including any medical condition and/or disability and drug and alcohol test results (where applicable)

Where we collect your personal data out of the scope above or for purposes beyond those specified in this notice, we will communicate with you of such change.

Back to top

To the extent relevant, necessary and permitted by applicable local laws,

• Beyond the personal data which you provide to us directly (for example, via an online application, attending an interview, completing a test/assessment, sending us an e-mail, or making a call to us), we may sometimes collect certain information about you from third parties including an employment and/or recruitment agency, former employer or your other reference providers, job sites we utilize from time to time, background check providers or credit reference agencies, government agencies, higher education institutions and other related sources;
• We may also collect publicly-available profile information from a company website, internet searches, online share dealing portals or from social media platforms such as LinkedIn; and.
• We may also collect information about you automatically (for example, when you interact with areas of our network).

You may not be required to provide us with certain information requested and the provision of such is voluntary. However, some information is necessary for the purposes described in this notice and, therefore, if you fail to provide certain information requested as mandatory, we may not be able to process your application successfully. For example, if we require references for the role that you have applied for and you fail to provide us with such details, we may not be able to progress your application in relation to that role.

Back to top

CME Group has determined that under this notice, children will be considered as individuals under the age of 18. We occasionally allow children to be onsite for work experience/job shadowing as well as engage in the offering of scholarship programs. As a result, personal information (such as name, contact details and parent/guardian, work history and potential sensitive information) may be collected, processed and shared to both determine applicability and to administer access to relevant CME Group facilities and while such individuals are onsite. 

For children residing in the PRC and are under the age of 14, we process their personal information (if any) based on their parent or guardian's explicit consent.

Back to top

The purposes for which we may process your personal data are as follows:

• Verification of your identity, role eligibility and checking that you are legally entitled to work in the country in which we are seeking to employ you.
• Verification of employment history, qualifications, experience and references.
• Recruitment and selection, including interviews, assessments, shortlisting, job offer and benefits (where applicable).
• Communication with you about the recruitment process.
• Sending periodic and customized updates to you covering employment opportunities relevant to your area of expertise, company news, events and information aligned with your interests (when you decide to join Talent Network.
• Complying with our equal opportunities and reporting obligations in certain jurisdictions.
• Establishment, defense or exercise of our legal rights.
• Monitoring and improvement of the recruitment process through data analytics studies to review and better understand application and recruitment trends.
• Making a decision about your recruitment.
• Determining the terms on which you may work for us.
• Business administration, including record keeping obligations, audit, etc.; where applicable, pre-employment administration and management, including preparation of contractual and non-contractual documents (where applicable), and arranging systems and building access.
• Fraud prevention.
• Determining suitability, where applicable, under the United Kingdom’s FCA's Senior Managers and Certification Regime.

The additional purposes for which we may process special categories of personal data are as follows to the extent relevant, necessary and permitted by applicable local laws:

• We will use information about your race or national or ethnic origin and religious beliefs to ensure meaningful equal opportunity monitoring and reporting.
• We will use information about trade union membership to ensure that your rights as a trade union member are not infringed.
• We will capture and process fingerprints only for individuals as required to meet our FINRA requirements or to grant individuals access to CME Group secure facilities and systems, i.e. individuals based in Chicago and New York. Before collecting biometric data i.e. fingerprints for background check purposes, individuals will be provided with a copy of our Biometric Security Notice.
• We will use information about your health, or disability status, for occupational health purposes to ensure your health and safety in the workplace and to assess your fitness to work and to provide appropriate workplace adjustments if your application is successful.

For some roles, we are required by law to undertake criminal background screening checks and we can process your personal information in this way because processing is necessary for the purposes of complying with a regulatory requirement which involves us taking steps to establish if you have committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct. In any other circumstances, we will only collect and process criminal records information with your explicit consent and in accordance with applicable laws.

Subject to the foregoing we will only conduct criminal background screening if your recruitment exercise has been successful and we have offered you a role at CME Group. In such an instance, our offer will be conditional upon satisfactory completion of such background screening checks.

How will we use information about your dependents?

Subject to applicable laws, we may collect personal information about your dependents to comply with our legal obligations under immigration law, and to administer benefits to them in accordance with your benefit entitlements.

We may share personal information about your dependents in accordance with this privacy notice or with governmental authorities where we are legally required to do so. All personal information about your dependents will be processed by us in accordance with this privacy notice and applicable laws.

Automated Decision-Making

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.

We do not envisage that any decisions that will have a significant impact on you will be taken based solely on automated decision-making.

Back to top

We may share your data with CME Group entities, service providers, or other third parties. We require the receiving entity to protect the security of your data, to process your personal data only in accordance with our instructions and to treat it in accordance with the law. We have agreements in place with these external third parties who process your personal data to ensure their compliance with the applicable data protection laws. We my share your personal information for certain purposes and with the entities described in this section.

• CME Group: We may share your personal information with other CME Group entities, for example, for business and administration and travel and accommodations arrangements.
• Service Providers: We may share your personal information with services providers that we engage to assist us in conducting our recruitment process. Such service providers may include IT or systems maintenance providers, systems or data hosts, communications providers, background screening and online assessment providers, recruitment and head-hunting agencies that have assisted us in conducting our recruitment process, record-keeping companies, accountants, auditors, or other professional advisors.
• Corporate transactions: We may share your personal information to the extent reasonably necessary to proceed with the consideration, negotiation, or completion of a merger, reorganization, or acquisition of our business, or a sale, liquidation, or transfer of some or all our assets.
• Third parties as required by law: We will share your personal information to comply with laws to which we are subject, as permitted by applicable laws. For example, we may share your personal information in response to a court order or subpoena, or in response to a valid request from law enforcement.
• Third parties for other purposes: We may share your personal information with any third party as necessary to protect our rights; this may include detecting, preventing, or responding to fraud, intellectual property infringement, or other illegal activities; and protecting the safety and security of tangible or intangible property belonging to us or a related third party.
• Regulators and governmental authorities: We may also need to share your personal information with a regulator or to otherwise comply with the law, as permitted by applicable laws. This may include making disclosures to regulators (including, for example, the Information Commissioner’s Office, CFTC and the Health & Safety Executive) and disclosures to our shareholders.

Back to top

We process information collected from or about you in any country in which the CME Group operates, as permitted by applicable laws. In some cases, your information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for information under applicable laws (such as those in the European Union). When we conduct such transfers, we rely on your explicit consent (as required under applicable laws) and/or put in place appropriate safeguards (including without limitation signing standard contractual clauses) in accordance with applicable legal requirements. Information located outside of your home country may be subject to access by that country’s government or its agencies under a lawful order, as permitted by applicable laws. For more information on the appropriate safeguards in place or to obtain a copy, please contact us at privacy@cmegroup.com.

Back to top

We retain your personal information for as long as necessary to carry out the purposes set out in this privacy notice, unless a longer retention period is required by applicable laws or regulatory requirements that may be applicable to us or is necessary for us to protect our rights.

If the recruitment exercise is successful, information will be retained, and its use will be covered by the CME Group Colleague Privacy Notice, which you will have access to prior to the start of your employment with CME Group.

If the recruitment exercise is unsuccessful, we may also retain your personal data and process it to assess your suitability for future positions and roles within the organization, with your consent where required by applicable laws. We may also retain your information in case a recruitment-related dispute arises between us. We will delete your information afterwards in accordance with our data retention policies and applicable laws.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you (as, once anonymized, it will cease to constitute personal data).

Back to top

We use technical, administrative, and physical security safeguards to protect the information that we collect or receive against loss and unauthorized access, use, modification, or disclosure. Please be aware that, despite our ongoing efforts, no security measures are perfect or impenetrable. Moreover, we are not responsible for the security of information that you transmit to us over networks that we do not control, including Internet and wireless networks.

Back to top

Subject to local law, you may have certain additional rights regarding your personal information. For example, residents of the European Union and other countries may have rights to: access personal information; correct personal information; request deletion of personal information; restrict our use of personal information; object to certain uses of personal information; receive personal information in a usable electronic format and transmit it to a third party (also known as the right of data portability); lodge a complaint with a local data protection authority; or withdraw any consent supporting uses or disclosures of personal information. If you have questions about the rights you may have, please contact us via the channels listed in Section 12.

If you reside in California, you may have certain rights with respect to your personal information, including the right to access the personal information we hold about you and the right to opt out of the sharing of your personal information in certain circumstances. Requests to exercise your rights may be submitted to us in writing at privacy@cmegroup.com or by phone at +1 866 716 7274.

Please note that, to exercise any rights, we may require that you provide additional personal information to confirm your identity.

Back to top

We are committed to only using your personal data to the extent relevant, necessary and permitted by applicable local laws. Where we rely on our legitimate business interests, we have undertaken an assessment where we have balanced your rights against ours to ensure that our interest is not overridden by the interests you have to protect your information.

The lawful bases for the different purposes set out in this notice will be as follows as applicable under local laws:

* If you are located in the People's Republic of China ("PRC", for the purpose of this CME Colleague Privacy Notice, excluding the Hong Kong SAR, the Macau SAR and Taiwan), we process your personal information based on explicit consent to this notice that you provide to us and other lawful basis permitted under Chinese data privacy laws (and not based on legitimate interests).

Back to top

Yes. We may update this privacy notice at any time. For any material changes, we will provide you with an updated copy of this notice as soon as reasonably practical. The current version of this notice from time to time can be accessed on our Privacy Page.

We may also notify you in other ways from time to time about the processing of your personal data.

Back to top

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Back to top

If you have any questions about this privacy notice or how we handle your personal data or to exercise any right, please contact Privacy Compliance at privacy@cmegroup.com.

CME Group, Inc.
20 S Wacker Drive
Chicago, IL 60606
+1 312 930 1000
+1 866 716 7274 (US Only)
privacy@cmegroup.com

For the purposes of data protection in the EU/EEA, Singapore or India:

• Your controller is the company which employs or engages you. This entity is responsible for deciding how we hold and use your personal information. The list of employing controllers, across the CME Group can be found here. In addition, CME Group Inc. (our US parent company) is also a joint data controller. This privacy notice is provided for CME Group, and on behalf of Chicago Mercantile Exchange Inc.
• The CME Group has designated a Data Protection Officer that can be contacted at privacy@cmegroup.com
• CME Group Inc., CME Mercantile Exchange Inc. and the above non-EU/EEA entities have designated CME Operations Limited as their representative within the EU/EEA.

Back to top