CME Group Candidate Privacy Policy

1. What is the purpose and scope of this notice?


2. What categories of personal data may we hold about you?

We may collect, store, and use the following categories of personal data about you to the extent relevant, necessary and permitted by applicable local law:

  • Information which identifies you
    E.g. your name, date of birth, passport, visa, driver’s license, government-issued identification numbers, vehicle registration, signature.
  • Personal contact details
    E.g. address, telephone numbers and personal email address
  • Demographics or protected class characteristics
    E.g. gender, marital status, citizenship, residency or domicile and immigration status
  • Professional or prior or current employment-related information
    E.g. title, location of employment, working hours, work days, work duties, professional biography, skills, interests, professional memberships, experience information and compliance/training records
  • Recruitment information
    E.g. copies of right to work documentation, references, job application information, background check outcome (if applicable), education history and level/qualifications, proposed start date, pre-booked annual leave/vacation dates, salary expectations and other information included in a resume/CV or cover letter or that you provide to us during an interview, assessment or otherwise as part of the application process
  • Status of your application
    E.g. the outcome of your application and associated reasoning or the reasons for withdrawal of your application (if applicable)
  • Financial details
    E.g. tax status, expenses
  • Communications
    E.g. written communications from or about you
  • Internet or other electronic network activity information
    E.g., details of resource usage or information about your interaction with areas of our network
  • Information regarding aptitude testing
    E.g. psychometric tests, attitudes, predispositions, abilities, or aptitudes
  • Audio, electronic, visual, or similar information
    E.g. professional photograph, photographs taken in workplace or at recruitment events or CCTV footage

We may also collect, store and use the more sensitive categories of personal data ("special categories") to the extent relevant, necessary and permitted by applicable local law:

  • Information about sensitive characteristics
    E.g. your nationality, race or ethnicity, religious beliefs and trade union membership where required by applicable law or provided voluntarily by you
  • Information about criminal convictions and offences, information about criminal history as part of the recruitment process to assess to determine whether a candidate is appropriate for a position.
  • Biometric identifiers, fingerprints (where applicable)
  • Information about your health including any medical condition and/or disability and drug and alcohol test results (where applicable)

3. How is your personal data collected?

To the extent relevant, necessary and permitted by applicable local law,

  • Beyond the personal data which you provide to us directly (for example, via an online application, attending an interview, completing a test/assessment, sending us an e-mail, or making a call to us), we may sometimes collect certain information about you from third parties including an employment and/or recruitment agency, former employer or your other reference providers, job sites we utilize from time to time (such as Naukri, NIJobfinder, NI Jobs or eFinancialCareers), background check provider or credit reference agencies, government agencies, higher education institutions and other related sources;
  • We may also collect publicly-available profile information from a company website, internet searches, online share dealing portals or from social media platforms such as LinkedIn; and.
  • We may also collect information about you automatically (for example, when you interact with areas of our network).

You may not be required to provide us with certain information requested and the provision of such is voluntary. However, some information is necessary for the purposes described in this policy and, therefore, if you fail to provide certain information requested as mandatory, we may not be able to process your application successfully. For example, if we require references for the role that you have applied for and you fail to provide us with such details, we may not be able to progress your application in relation to that role.


4. Children's data

CME Group has determined that under this policy, children will be considered as individuals under the age of 18. We occasionally allow children to be onsite for work experience/job shadowing as well as engage in the offering of scholarship programs. As a result, personal information (such as name, contact details and parent/guardian, work history and potential sensitive information) may be collected, processed and shared to both determine applicability and to administer access to relevant CME Group facilities and while such individuals are onsite. 


5. How and for what purposes could we use your personal data?

The purposes for which we may process your personal data are as follows:

  • Verification of your identity, role eligibility and checking that you are legally entitled to work in the country in which we are seeking to employ you.
  • Verification of employment history, qualifications, experience and references.
  • Recruitment and selection, including interviews, assessments, shortlisting, job offer and benefits (where applicable).
  • Communication with you about the recruitment process.
  • Sending periodic and customized updates to you covering employment opportunities relevant to your area of expertise, company news, events and information aligned with your interests (when you decide to join Talent Network.
  • Comply with our equal opportunities and reporting obligations in certain jurisdictions.
  • Establishment, defence or exercise of our legal rights.
  • Monitoring and improvement of the recruitment process through data analytics studies to review and better understand application and recruitment trends.
  • Making a decision about your recruitment.
  • Determining the terms on which you may work for us.
  • Business administration, including record keeping obligations, audit, etc.; where applicable, pre-employment administration and management, including preparation of contractual and non-contractual documents (where applicable), and arranging systems and building access.
  • Fraud prevention.
  • To determine suitability, where applicable, under the United Kingdom’s FCA's Senior Managers and Certification Regime.

The additional purposes for which we may process special categories of personal data are as follows to the extent relevant, necessary and permitted by applicable local law:

  • We will use information about your race or national or ethnic origin and religious beliefs to ensure meaningful equal opportunity monitoring and reporting.
  • We will use information about trade union membership to ensure that your rights as a trade union member are not infringed.
  • We will capture and process fingerprints only for individuals as required to meet our FINRA requirements or to grant individuals access to CME Group secure facilities and systems, i.e. individuals based in Chicago and New York. Before collecting biometric data i.e. fingerprints for background check purposes, individuals will be provided with a copy of our Biometric Security Policy.
  • We will use information about your health, or disability status, for occupational health purposes to ensure your health and safety in the workplace and to assess your fitness to work and to provide appropriate workplace adjustments if your application is successful.

For some roles, we are required by law to undertake criminal background screening checks and we can process your personal information in this way because processing is necessary for the purposes of complying with a regulatory requirement which involves us taking steps to establish if you have committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct. In any other circumstances, we will only collect and process criminal records information with your explicit consent and in accordance with applicable law.

Subject to the foregoing we will only conduct criminal background screening if your recruitment exercise has been successful and we have offered you a role at CME Group. In such an instance, our offer will be conditional upon satisfactory completion of such background screening checks.

How will we use information about your dependents?

Subject to applicable law, we may collect personal information about your dependents to comply with our legal obligations under immigration law. To in order to administer benefits to them in accordance with your benefit entitlements.

We may share personal information about your dependents in accordance with this privacy policy or with governmental authorities where we are legally required to do so. All personal information about your dependents will be processed by us in accordance with this privacy policy and applicable law.

Automated Decision-Making

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.

We do not envisage that any decisions that will have a significant impact on you will be taken based solely on automated decision-making.


6. In what circumstances might your personal data be shared with others?

We may share your data with CME Group entities, service providers, or other third parties. We require the receiving entity to protect the security of your data, to process your personal data only in accordance with our instructions and to treat it in accordance with the law. We my share your personal information for certain purposes and with the entities described in this section.

  • CME Group: We may share your personal information with other CME Group entities, for example, for business and administration and travel and accommodations arrangements.
  • Service Providers: We may share your personal information with services providers that we engage to assist us in conducting our recruitment process. Such service providers may include IT or systems maintenance providers, systems or data hosts, communications providers, background screening and online assessment providers, recruitment and head-hunting agencies that have assisted us in conducting our recruitment process, record-keeping companies, accountants, auditors, or other professional advisors.
  • Corporate transactions: We may share your personal information to the extent reasonably necessary to proceed with the consideration, negotiation, or completion of a merger, reorganization, or acquisition of our business, or a sale, liquidation, or transfer of some or all our assets.
  • Third parties as required by law: We will share your personal information to comply with laws to which we are subject. For example, we may share your personal information in response to a court order or subpoena, or in response to a valid request from law enforcement.
  • Third parties for other purposes: We may share your personal information with any third party as necessary to protect our rights; this may include detecting, preventing, or responding to fraud, intellectual property infringement, or other illegal activities; and protecting the safety and security of tangible or intangible property belonging to us or a related third party.
  • Regulators and governmental authorities: We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making disclosures to regulators (including, for example, the Information Commissioner’s Office, CFTC and the Health & Safety Executive) and disclosures to our shareholders.

7. Where is your information processed?

We process information collected from or about you in any country in which the CME Group operates, as permitted by applicable law. In some cases, your information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for information under applicable laws (such as those in the European Union). When we conduct such transfers, we put in place appropriate safeguards (such as standard contractual clauses) in accordance with applicable legal requirements. Information located outside of your home country may be subject to access by that country’s government or its agencies under a lawful order. For more information on the appropriate safeguards in place or to obtain a copy, please contact us at privacy@cmegroup.com.


8. How long will we retain your personal information?

We retain your personal information for as long as necessary to carry out the purposes set out in this privacy policy, unless a longer retention period is required by applicable law or is necessary for us to protect our rights.

If the recruitment exercise is successful, information will be retained, and its use will be covered by the CME Group Inc. Colleague Privacy Policy, which [you will have access to prior to the start your employment with CME Group.]

If the recruitment exercise is unsuccessful, we may also retain your personal data and process it to assess your suitability for future positions and roles within the organization, with your consent where required by applicable law. We may also retain your information in case a recruitment-related dispute arises between us. We will delete your information afterwards in accordance with our data retention policies and applicable law.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you (as, once anonymized, it will cease to constitute personal data).


9. Is your personal information secure?

We use technical, administrative, and physical security safeguards to protect the information that we collect or receive against loss and unauthorized access, use, modification, or disclosure. Please be aware that, despite our ongoing efforts, no security measures are perfect or impenetrable. Moreover, we are not responsible for the security of information that you transmit to us over networks that we do not control, including Internet and wireless networks.


10. Do you have any rights with respect to your personal information?

Subject to local law, you may have certain additional rights regarding your personal information. For example, residents of the European Union and other countries may have rights to: access personal information; correct personal information; request deletion of personal information; restrict our use of personal information; object to certain uses of personal information; receive personal information in a usable electronic format and transmit it to a third party (also known as the right of data portability); lodge a complaint with a local data protection authority; or withdraw any consent supporting uses or disclosures of personal information. If you have questions about the rights you may have, please contact us via the channels listed in Section 12.

If you reside in California, you may have certain rights with respect to your personal information, including the right to access the personal information we hold about you and the right to opt out of the sharing of your personal information in certain circumstances. Requests to exercise your rights may be submitted to us in writing at privacy@cmegroup.com or by phone at +1 866 716 7274.

Please note that, to exercise any rights, we may require that you provide additional personal information to confirm your identity.


11. What is CME's lawful ground for processing? (EU only)

We are committed to only using your personal data to the extent relevant, necessary and permitted by applicable local law. Where we rely on our legitimate business interests, we have undertaken an assessment where we have balanced your rights against ours to ensure that our interest is not overridden by the interests you have to protect your information.

The lawful bases for the different purposes set out in this policy will be as follows as applicable under local law:

Lawful basis

 

Purposes

 

Necessary to take steps at your request prior to setting up our contractual relationship with you

  • Pre-employment administration and management, including preparation of contractual and non-contractual documents where applicable
  • Determining the terms on which you may work for us
  • Job offer and benefits (where applicable)
  • Sharing of information with third parties as necessary to set up our relationship with you

Compliance with legal obligations

  • Verification of your identity, role eligibility and checking that you are legally entitled to work in the country in which we are seeking to employ you
  • Candidate vetting and background screening
  • Equal opportunities and reporting obligations in certain jurisdictions
  • Record keeping and audit obligations
  • Comply with employment laws and health, safety and other regulatory obligations
  • Response to a court order or a valid request from law enforcement or sharing of information as otherwise required by law (e.g. disclosures to regulators or shareholders)

Consent

  • Sending periodic and customized updates to you covering employment opportunities relevant to your area of expertise, company news, events and information aligned with your interests. 

Legitimate interest

  • Verification of employment history, qualifications, experience and references
  • Recruitment and selection, including interviews, assessments, shortlisting
  • Communication with you about the recruitment process
  • Establishment, defence or exercise of our legal rights
  • Monitoring and improvement of the recruitment process
  • Making a decision about your recruitment
  • Determining the terms on which you may work for us
  • Ensuring the security of our business (for example arranging systems and building access) and fraud prevention purposes
  • Manage our business through corporate transactions
  • Transfer of data with CME Group entities to provide consistent and efficient operations across all CME Group entities
  • Sharing of information with third parties for our legitimate interest in the efficient management and operation as potential employer

12. Can this privacy notice be changed?

Yes. We may update this privacy policy at any time. For any material changes, we will provide you with an updated copy of this policy as soon as reasonably practical. The current version of this policy from time to time can be accessed on our Privacy Page.

We may also notify you in other ways from time to time about the processing of your personal data.


13. If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).


14. Who can you contact?

If you have any questions about this privacy policy or how we handle your personal data or to exercise any right, please contact Privacy Compliance at privacy@cmegroup.com.

CME Group, Inc.
20 S Wacker Drive
Chicago, IL 60606
1.312.930.1000
1.866.716.7274 (US Only)
privacy@cmegroup.com

For the purposes of data protection in the EU/EEA, Singapore or India:

  • Your controller is the company which employs or engages you. This entity is responsible for deciding how we hold and use your personal information. The list of employing controllers, across the CME Group can be found here. In addition, CME Group Inc. (our US parent company) is also a joint data controller. This privacy policy is provided for CME Group, and on behalf of Chicago Mercantile Exchange Inc.
  • The CME Group has designated a Data Protection Officer that can be contacted at privacy@cmegroup.com
  • CME Group Inc., CME Mercantile Exchange Inc. and the above non-EU/EEA entities have designated CME Operations Limited as their representative within the EU/EEA.

15. PDF

 Please see below for a PDF version of this policy.

View Candidate Policy