CME Group General Privacy Policy

1. This policy

CME Group Inc. and each of its subsidiaries and affiliates (collectively known as 'CME Group', 'we' and 'us') are committed to safeguarding your personal information. CME Group is the controller of your personal information. See section 17 below for details on how you can contact us.  

The purpose of this privacy policy (‘Policy’) is to explain how we process your personal information so that you understand what we collect, what we do with it, who we share it with and the rights available to you. The processing we undertake may include the collection, storage, modification, access, or destruction of personal information, and may be completed manually or through automatic means.

Personal information (also referred to as 'personal data' or 'data') means any information that can be used to identify you, your device, or, if you live in California, your household. This includes direct identifiers such as your name and contact details, but also indirect identifiers such as data that we may collect from the electronic device that you use to access our services.

If you have any questions about this Policy or how we use your data, our details are provided in the 'Contact details' section below.


2. Who this policy applies to

This Policy applies to you if you have any of the following relationships with us:

  • Corporate Representative – you are a representative of any of our corporate customers (e.g. an employee or a director)
  • Service User – you use any of our platforms or services
  • Web Visitor you visit our website at www.cmegroup.com, any of our social media pages or you interact with us via any third-party websites (e.g. comment on any of our blogs or posts published on a third-party website)
  • Subscriber – you subscribe to receive communications from CME Group
  • Purchaser – you purchase anything from us
  • Communicator – you contact us either online, by telephone, post or any other method
  • Supplier – you provide services to us or are employed by a company that provides services to us
  • Third party customer – you are a customer of a third party and we have a relationship with that third party
  • Shareholders – you hold a direct or indirect equitable interest in the CME Group
  • Contributor – you contribute to our Political Action Committee (PAC) in the United States
  • Scholarship candidates – you apply for a scholarship via the CME Foundation

If you are an applicant or candidate for one of our job vacancies, then you can find out more about how we use your data via our Candidate Privacy Policy.


3. What personal information we collect

Depending on the nature of the relationship you have with us, where you are located, and the products and services you utilise, we may collect and otherwise process the following personal information about you:

  • Account preferences and analytics
    Information regarding your stated preferences and relating to your use of our services, including
  • Audio, electronic, visual, or similar information
    Information including photographs taken in the workplace, at recruitment events or CCTV footage
  • Authentication details
    Your credentials which allow you to access our services, including: your user ID, password, memorable information.
  • Communication records
    Records of any communications between you and us, including via: email, our website (e.g. through our 'Send us feedback form'), telephone, social media and letter.
  • Contact details
    Your name, title, home address, office address, company name and type, job role, email address, telephone number and mobile number.
  • Device and electronic information
    Details we collect from your devices when you access our services: include your IP address, cookies, activity logs related to interactions with our systems, online identifiers, device type, operating system, browser, unique device identifiers, and geo-location data.
  • Service usage
    When you are operating our services (e.g. one of our software applications) we will collect records of your usage including transactions that you undertake, information that you select, logs of when you access the services and for how long, details of any failed login attempts and any information that you choose to download.
  • Identification information
    Information that is used to verify your identity such as: national insurance number (UK only), social security number, personal identify number (Sweden only), date of birth, place of birth, passport, driver’s license, and proof of address.
  • Financial information
    Credit/debit card details.
  • Financial status
    Information used to determine your credit worthiness, such as your credit rating, bank statements and tax information.
  • Product and service preferences
    Product update preferences, market activities reports, trading and technology communications as well as clearing and market regulation advisories, and though leadership and economic report subscriptions.
  • Professional information
    Your job role/title, function and details of the organisation you work for.
  • Social network information
    Social media account information and personal information collected from social media accounts.
  • Website posts
    Posts, comments or other information you submit on any public forums on our website including message boards and chat rooms.

    In addition, we may also collect the following categories of personal data about you that may be of a sensitive nature under certain data protection laws:
  • Biometric data
    We have a strict biometric policy. Fingerprint data is captured for Financial Industry Regulatory Authority (FINRA) purposes.
  • Criminal convictions
    Information relating to any criminal record that you may have, including suspicions, offences and convictions.

4. How your data is collected

In addition to any personal information that you provide to us directly, we may also collect and derive data about you through the following means:

  • Cookies and similar technologies – when you visit our website or use any of our mobile applications, we may employ cookies and similar technologies. See section 13 below for further details.
  • Monitoring of platforms and services – if you use any of our platforms (e.g. CME Globex) then we may collect data on your usage of these.
  • Third party sources – other organisations may provide us with access to certain data, as further detailed in section 8 below.
  • Data analytics – we may infer or derive certain data about you through our analytical processes, which are further explained in section 5 below.

Please see section 8 'Who we may receive your data from and why' for further information on the types of third parties from which we may receive your personal information.


5. How we use your data

Depending on the nature of the relationship that we have with you, where you are located, the purposes for which we may use your data are as follows:

  • Processing any application (made via online forms or click-through agreements) you make to become an individual member of CME
  • Verifying your identity
  • Performing Know Your Customer (KYC) or Anti-Money Laundering (AML) reviews
  • Assessing your creditworthiness
  • Providing you with customer services and assistance relating to our services
  • Communicating with you in relation to any services that we provide to you
  • Assisting you with managing any account you have with us
  • Monitoring of how you use any service you have with us and our services
  • Conduct profiling based on your interactions with us to identify individuals most interested in our products and services
  • Sending you newsletters and marketing materials, if you have chosen to subscribe to receive them and otherwise advertising our products and services
  • Personalising our services
  • Improving our products and services
  • Registering your attendance at our events and conferences
  • Assisting with training our staff and our customers
  • Administration of our business
  • Compliance with laws that are applicable to us
  • Defending ourselves and bringing claims in relation to legal proceedings
  • Safeguarding our environments
  • Administration of our political action committee
  • To assess scholarship applications
  • Shareholder services
  • Security and protecting our systems

To provide our services, some personal information is necessary so CME can provide you with the required access to CME platforms, information or products. CME also requires personal information to authenticate you so that we know it is you and not someone else. Should you choose not to provide the necessary personal information, we may be unable to facilitate your services or access. You may choose to opt-in or opt-out of receiving marketing communication at any time.

China only: We process your personal information based only on explicit consent that you provide via our platforms (and not based on legitimate interests), unless Chinese data privacy laws allow us to process your personal information on other applicable legal justifications.

We are committed to only using your personal data to the extent relevant, necessary and permitted by applicable local law.  Further information about the purposes for which we may use your data, the categories of personal information that are relevant to each purpose and the lawful basis we rely upon in the EU are outlined below.  We have also clarified under what circumstances this processing activity is likely to be performed, with reference to the relationship that you have with us. 

PROCESSING PURPOSE

CATEGORIES OF DATA & TYPE OF RELATIONSHIP WITH US

LEGAL BASIS FOR PROCESSING (Relevant jurisdictions only)

Membership applications

 

  • Setting up your account with us and becoming a CME Group member

 

  • Creating your profile

 

  • Taking all other necessary steps to make your chosen products/services available to you

Categories of data

  • Contact details
  • Professional information
  • Authentication details

 

Relationship type

Corporate Representative

  • Necessary for performance of the contract between you and us
  • Consent

Verifying your identity

 

  • Using information, you have provided to us to verify your identity for setting up your account and creating your profile

 

  • Authenticate your use of our services (e.g. ensuring you have provided us the correct username and password to login to your account)

 

Categories of data

  • Contact details
  • Identification information
  • Authentication details

Relationship type

Corporate Representative

  • Necessary for performance of the contract between you and us
  • Our legitimate business interest in ensuring that we are correctly provisioning access and services

Know your client checks

 

  • Performing credit checks to determine your financial status if you apply for a membership with us

Categories of data

  • Financial status
  • Criminal convictions

Relationship type

Corporate Representative, Credit Reporting Bodies

 

  • Necessary for performance of the contract between you and us
  • Legal Obligation

Customer services

 

  • Provide you with assistance with access to and use of our products and services both online and via telephone [for example, account access services]

 

  • Review and respond to any queries, issues and complaints you may have

 

 

Categories of data

  • Contact details
  • Professional information
  • Authentication details
  • Communication records
  • Website posts

 

Relationship type

Corporate Representative, Service User, Web Visitor

 

  • Necessary for performance of the contract between you and us
  • Our legitimate business interest to aid our customers with their accounts and questions.

Communicating with you

 

  • Inform you about important details relating to your account

 

  • Provide you with notifications and alerts relating to your account such as service announcements and details of maintenance or other disruptions

 

  • Communicate with you as necessary to administer our relationship with you

 

 

 

Categories of data

  • Contact details
  • Professional information
  • Communication records
  • Website posts
  • Updates to offerings you have registered for
  • Device and electronic data

 

Relationship type

Corporate Representative, Service User, Purchaser, Supplier, Third Party Customer, Contributor, Scholarship Candidate

 

  • Necessary for performance of the contract between you and us
  • Our legitimate business interest to communicate with you about your account

Managing your account

 

  • Provide you with access to your account information

 

  • Maintain the security of your account

 

 

 

 

Categories of data

  • Contact details
  • Authentication details
  • Communication records

 

Relationship type

Service User

 

  • Necessary for performance of the contract between you and us
  • Our legitimate business interest to keep your account secure and provide you with information regarding your account.

 

Marketing purposes

 

  • Contacting you by email, phone, text or post (as applicable) about services, events, industries, product announcements and other marketing communications if you have agreed to receive this information

 

 

Categories of data

  • Contact details
  • Device and electronic information
  • Product and service preferences
  • Communication record

 

Relationship type

Corporate Representative, Service User, Subscriber

 

  • Consent

Personalising our services

 

  • Sending news and product related update to customer based of account preferences.

 

Categories of data

  • Account preferences and analytics
  • Device and electronic information
  • Product and services preferences

Relationship type

Corporate Representative,

 

  • Our legitimate interest of the administration of the Site, improving our services and statistical purposes

Improving our products and services

 

  • Undertaking market research and satisfactions surveys to help us understand how our products/services can be improved

 

  • Analysis how you use our services to evaluate our we can improve them and to assess the performance of our systems.

 

 

Categories of data

  • Contact details
  • Communication records
  • Product and services preferences
  • Device and electronic information
  • Service usage

 

Relationship type Service Users, Web Visitors

  • Our legitimate business interest to improve our products and services to meet our customers and client's needs.

Events

 

  • Inviting you to our events and conferences
  • Registration for attendance and personal requirements depending upon event capabilities.

 

 

 

 

Categories of data

  • Contact details
  • Professional information
  • Communication records
  • Account information
  • Dietary requirements on occasion

 

Relationship type

Corporate Representatives, Service User, Subscriber, Event coordinators, Event sponsors

  • Consent
  • Performance of a contract

Colleague training

 

  • Use recordings of communications with you (e.g. telephone calls) to provide staff training and improve the quality of our customer services

 

Categories of data

  • Communication records
  • Contact details
  • Authentication details

 

Relationship type

Corporate Representatives, Service Users

 

  • Our legitimate business interest, which is to train our colleagues to ensure that they provide the highest quality services to you

Administration of our business

 

  • Transfers to prospective or actual buyers of an interest in our business

 

  • Receipt of professional services (e.g. legal advice and accountancy advice)

 

  • Financial management such as internal audits

 

 

 

 

Categories of data

  • Contact details
  •  Communication records
  •  Financial records

Relationship type

Corporate Representatives, Professional services

 

  • Necessary for compliance with our legal obligations
  • Performance of a contract

 

 

Compliance with laws applicable to us

 

  • To cooperate fully with state, local, federal, and international legal, governmental and regulatory entities, authorities and officials in any investigation or governmental, legal or regulatory proceeding relating to any information collected or to any purported unlawful activities.

 

Categories of data

  • Contact details
  • Communication records

 Relationship type

Government and law enforcement agencies.

 

  • Necessary for compliance with our legal obligations
  • Our legitimate business interest to cooperate with applicable laws and regulations

 

Legal proceedings and actions

 

  • Defence against legal claims

 

  • Enforcement of our legal rights

 

  • Notification of law enforcement regarding alleged or potential criminal activities

 

Categories of data

  • Contact details
  • Communication records

Relationship type

Law enforcement agencies, Legal counsel

  • Necessary for compliance with our legal obligations
  • Our legitimate business interest to facilitate legal proceedings

 

Safeguarding our environments

 

  • Safeguarding the use of our services to prevent malicious behaviour through the monitoring of the use of our services

 

  • Ensuring that there is no unauthorised access to CME offices

 

Categories of data

  • Device and electronic information
  • Service usage
  • Contact details

Relationship type

Service Users, Web Visitors

  • Necessary for compliance with our legal obligations
  • Our legitimate interest of ensuring the security, integrity and availability of our systems and your account

Detecting potential market abuses

 

  • Detecting any actions or behaviours that take place using our services which may breach CME's rules or constitute a criminal offence (e.g. fraud, money laundering, market abuse).

 

 

Categories of data

  • Device and electronic information
  • Service usage
  • Trading history
  • Contact information

 

Relationship type

Service Users, Web Visitors, Law enforcement agencies, Legal counsel

  • Necessary for compliance with our legal obligations

 

 

Administration of our political action committee

 

  • Process contributions made via the political action committee

 

 

Categories of data

  • Contact details
  • Payment information
  • Professional information

Relationship type

Contributor, Corporate representative

 

  • Consent

 

To assess scholarship applications

 

  • Process candidates on their applicability for scholarship opportunities.

 

 

Categories of data

  • Contact information
  • Scholarship application

Relationship type

Corporate representative

  • Consent

We may aggregate or anonymize your personal information in such a way that you may not reasonably be re-identified by us or any other company and may use this anonymized information for any other purpose.


6. To whom we may disclose your data and why

We may disclose your data to CME Group entities, service providers or other third parties for various purposes, to achieve our business objectives, to comply with applicable law, or in exchange for money or other valuable consideration.  The lists below apply to the disclosures we have made within the last 12 months.

We may disclose your personal information to the following parties to achieve our own purposes and not for money or other valuable consideration:

  • Members of the CME Group – As needed facilitate our operations business, services and products.
  • IT suppliers – including hosting providers, service providers and telecommunications providers to manage our business and support our environment and operations
  • Marketing service providers – who may, through the course of their professional services to CME be required to have access to CME services for providing required system services i.e. hosting services, database marketing, customer analytics.
  • Credit references agencies – to check your creditworthiness for us undertaking 'KYC' checks if you apply for membership and may provide us with information relating to your credit score and financial status for us undertaking 'KYC' checks if you apply for membership with us.
  • Third party payment providers – to process payments when you purchase products or services from us
  • Regulators and authorities – As a global company CME Group is subject to a number of financial and information regulators internationally. CME Group is also based in a number of jurisdictions and subject to those applicable laws. CME Group will therefore share information with these parties to cooperate fully with state, local, federal, and international legal, governmental and regulatory entities, authorities and officials in any investigation or governmental, legal or regulatory proceeding relating to any information collected or to any purported unlawful activities.
  • Professional advisors – including accountants, financial advisors, lawyers and other professional advisors to support auditing, compliance and corporate governance functions
  • Law enforcement agencies – in relation to the detection and prevention of criminal activities
  • Prospective purchasers and assignees – if our business, or part of it, may be or is sold or reorganised

We may also share de-identified or aggregated information with anyone and for any purpose. To receive more information about the service providers or third parties to which we may disclose your data, you can contact us through the information provided in the 'Contact details' section below.


7. International transfers of data

We may process information collected from or about you in any country in which the CME group operates, as permitted by applicable law.

In some cases, your information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for information under applicable laws (such as those in the European Union). When we conduct such transfers, we put in place appropriate safeguards (such as standard contractual clauses) in accordance with applicable legal requirements.

Information located outside of your home country may be subject to access by that country's government or its agencies under a lawful order.

For more information on the appropriate safeguards in place or to obtain a copy of these safeguards, please contact us through the information provided in the 'Contact details' section below.


8. Who we may receive your data from and why

We may receive certain data about you from various third parties from time to time, including:

  • Members of the CME Group – As needed facilitate our operations business, services and products.
  • Our corporate customers – we may receive information directly from our customers (e.g. the company that you represent and act on behalf of)
  • Third party agencies – who may provide us with information that they have collected from you on our behalf – [e.g. companies that perform background checks on behalf of CME]
  • Social media platforms – including publicly available information sources from social media pages or via services provided via social media platforms (e.g. LinkedIn, WeChat, Weibo, Facebook, Twitter, etc.)
  • Third parties that you have a relationship with – if you are a customer of a third party and we have a relationship with that third party, we may receive information from them

9. Your rights

Subject to local law, you may have certain rights regarding your personal information.

For example, if you are based in the European Union and certain other countries including you may have the following rights:

  • Access – request a copy of your data and information relating to how it is processed
  • Rectify – request any inaccuracies in the data we hold about you be corrected
  • Erasure – request that we erase your data from our records
  • Restrict – request that your data is no longer processed by us
  • Object – object to certain ways that we process your data
  • Transfer – request that your data be shared with a third party
  • Withdraw your consent – where we are relying on your consent to process your data, then you can withdraw your consent at any time
  • Lodge a complaint – you may be entitled to lodge a complaint with your local data protection authority.

If you reside in France, you also have the right to give instructions to us about the fate of your personal information after your death.

If you reside in California, you may have certain rights with respect to your personal information, including the right to access the personal information we hold about you and the right to opt out of the sharing of your personal information in certain circumstances.

California residents under age 18 who are registered users of any of our services geared toward this age group may ask us to remove content or information that you have posted to CME websites or related platforms by contacting us using the information in the ‘Contact details’ section below. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.

To exercise any of your rights, please contact us on the details set out in the 'Contact details' section of this Policy below.

Please note that some of your rights are not absolute and there may be certain circumstances where we are unable to fulfil a request that you have made. In some circumstances we may also require that you provide additional personal information to confirm your identity.


10. Automated Decisions

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.

CME may use automated analytics to identify individuals who would be most interested in our product, this may result in individuals being contacted about CME products or services.


11. Data security

We use technical, administrative, and physical security safeguards and other reasonable security measures to protect the information that we collect or receive against loss and unauthorized access, use modification, or disclosure. Please be aware that, despite our ongoing efforts, no security measures are perfect or impenetrable. Moreover, we are not responsible for the security of information that you transmit to us over networks that we do not control, including internet and wireless networks.


12. Data retention

CME Group retains personal information for the duration of the business relationship or where required, in accordance with the internal records management and retention policies.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these purposes through other means, and the applicable legal requirements.

We make reasonable attempts to ensure that all instances of such information (e.g. production, backups, etc.) are deleted in their entirety, including any of your personal information. For requests for access, corrections, or deletion please see "Contact Us" below.


13. Cookies

Please see our Cookies Policy for further information on how we use cookies on our website.


14. Children's data

Our website and services are generally not directed at children under the age of 18. If we obtain actual knowledge that any personal information we collect has been provided by a child under the age of 13, we will promptly delete that information. If you access our website from the EU/EEA or if you access an EU/EEA website, the age limit will be 16.


15. CME as processor or service provider

There may be certain circumstances where we process your personal information on behalf of one of our customers and do not use it for our own purposes. For instance, our customer may upload your information to one of our applications which is hosted on our servers. In these circumstances, CME is acting a processor or a service provider in relation to another company that is the controller or business responsible for the handling of your personal information, as these terms are used in applicable data protection laws.  This privacy notice will not apply to CME as a processor or service provider, and you should instead refer to the privacy notice of the organisation that provided us with your personal information.


16. Updates to this policy

We may update this Policy from time to time. For instance, there may be changes in the data we collect about you or the purposes for which we use it.

Whenever there are significant changes to the Policy then we will notify you of these.


17. Contact details

If you have any comments, questions or concerns about how we process your data, then please contact us at:

Email:  Privacy@cmegroup.com

Post:
20 S Wacker Drive
Chicago
IL 60606

Phone: +1 866.716.774

For the purposes of data protection in the EU/EEA:

The full list of companies across the CME Group and the contact details of each company can be found here.

  • The CME Group has a designated Data Protection Office registered for a number of CME entities. They can be contacted at Privacy@cmegroup.com