Cboe - Privacy Notice and Policy
Last Updated: August 4, 2022
Cboe Global Markets, Inc. and its wholly-owned subsidiaries, controlled companies, and affiliates, (collectively, "Cboe", “we”, “us”, or “our”) have created this Privacy Notice and Policy in order to demonstrate our firm commitment to the privacy of a) users of a Cboe Website ("users"); b) Cboe customers and prospective customers; c) Cboe participants, members, users and such persons’ associated persons and representatives; and d) any other individuals from whom Cboe collects personal data during the course of its business activities. This Privacy Notice and Policy describes the personal data we collect, how Cboe uses your personal data, with whom we may share such data and how you can contact Cboe, access your personal data and exercise your rights regarding Cboe’s use of your personal data. Your personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, in accordance with this Privacy Notice and Policy and applicable data protection laws to which Cboe is subject. By using or accessing a Cboe Website, registering with Cboe, and to the extent required or permitted by applicable law, you signify your acknowledgment and assent to Cboe collecting and processing information about you in accordance with this Privacy Notice and Policy.1
When We Collect Data
We may obtain personal data from you when you use or access a Cboe website, attend Cboe-sponsored events, subscribe to Cboe communications or educational opportunities, access Cboe facilities, apply for employment with Cboe, or apply for membership at a Cboe trading facility. We may also obtain your personal data from third parties, including third-party partners, applications, advertising networks, government agencies, regulatory bodies, and other market research data companies and organizations. Your personal data may also be obtained for authentication and security purposes in accordance with applicable law.
What Personal Data We Collect
Based on the specific products, services, business relationship, or websites involved (as well as requirements under applicable law), Cboe may collect the following categories of personal data on our own or from third parties about you in accordance with applicable law.
Identity Data: includes first name, last name, username, social media username, photograph, employment, career or professional history, education background, passport or government-issued identification information, or similar identifiers.
Contact Data: includes address, e-mail address, mailing address, business contact information, and telephone number.
Transaction Data: includes bank account, credit card number, financial holdings information, and details about trades, positions, and other details of services that Cboe provides to you, as a customer.
Technical Data: includes internet protocol (IP) address, your login data, browser type and version, cookies, log files, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Cboe websites and online services.
Profile Data: includes your username, password, preferences, or feedback responses.
Usage Data: includes statistical data, analytics, trends, and usage information about how you use our systems, products, and services, such as activity logs and other aggregated quantitative data.
Marketing and Communications Data: includes your preferences in receiving marketing from Cboe and your communications preferences.
Cboe may also collect, use, and share Aggregated Data such as statistical or demographic data, which may be used and processed after you cease your relationship with us. Aggregated Data derived from your personal data is not considered personal data as this data is anonymized and does not directly or indirectly reveal your identity.
What Sensitive Personal Data We Collect
At times, Cboe may collect and handle sensitive personal data. Cboe will only collect sensitive personal data as permitted by applicable law including, where necessary, with an individual’s consent.
Identifiable Data: includes criminal history for the purpose of evaluating individuals who can access Cboe facilities/systems and race/racial origin for the purposes of facilitating these background checks.
Health Data: includes health information such as COVID-19 vaccination data and COVID-19 test results processed to determine whether individuals should be granted access to Cboe facilities.
Data Processing and Dissemination
Except as otherwise provided in this Privacy Notice and Policy, the following discloses our data processing and dissemination practices.
Cboe values your privacy and processes your personal data, as a data controller, in accordance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”). Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Cboe will only collect and process personal data about you where there is a lawful basis to do so. Lawful bases may include:
Consent: Cboe will use or process personal data where the data subject has given consent to the processing of their own personal data for one or more specific purposes. Cboe may use or process your personal data for direct marketing when you expressly consent to receive direct marketing communications via e-mail. You have the option to withdraw your consent at any time. If you no longer wish to receive marketing communications and to withdraw your consent, please see the Choice/Opt-Out section below.
Contractual Obligation: Cboe may use or process personal data where processing is necessary for the performance of a contract.
Regulatory Obligation: We will use or process personal data as necessary for compliance with a legal obligation to which we are subject. This includes using or processing personal data for defense of claims and satisfying any government reporting obligations and requests, as well as to identify, investigate, and prevent fraud and other criminal threats or activities.
Legitimate Interests: We will process your personal data for any of our other legitimate interests not described above. These include analyzing use of our website or services, tailoring website and news content, setting preferences in our website or electronic mailings, improving our websites, offering and managing programs and events, assessing what products and services may be of interest to individuals, fulfilling our obligations to our clients and others, and managing our client and vendor relationships.
We use your personal data only for the purposes explicitly stated in this Privacy Notice and Policy. Should we use or disclose your personal data for any purpose that is additional to or different from the originally specified purpose at the time of collection, the new use is fair, lawful, and transparent and fulfills lawful basis and notice requirements dictated by applicable law and as noted above.
Use of Personal Data
To the extent required by applicable law, each purpose for the processing of personal data is substantiated by one or more lawful bases for processing. Cboe processes your personal data for certain purposes which may include some or all of the following:
- To administer and manage our relationship with you
- To register you as a new customer or member and establish an account for you
- To register you to receive services or information through one or more of our websites or online services
- To administer and protect our business and systems (such as through troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- To evaluate, review, approve, or enter into potential contractual arrangements
- To enable us to administer, support, enhance, modify, personalize or otherwise improve our products/ services/ communications/ marketing opportunities for the benefit of users
- To enhance the security of our network and information systems, as well as monitor for security threats, breaches, spam, and fraud involving the use of Cboe products, services, systems, websites, online services, or facilities
- To protect Cboe systems and employees from spam, phishing, malware, ransomware, and other security risks that may be present in digital communications from you or in your interactions with Cboe Websites and online services
- To better understand how people interact with Cboe Websites
- To comply with certain obligations under applicable law, industry guidelines and internal policies as a Self-Regulatory organization, trading venue, central counterparty, and/or market operator
- To comply with certain obligations under applicable law, industry guidelines and internal policies as an exchange, central counterparty, broker-dealer, central shares depository, pension system administrator and/or other regulated/licensed business including, but not limited to regulations applicable to our EEA Regulated Entities
- To perform transaction and regulatory reporting requirements under applicable law
- To manage, administer, and assign transactions that are effected on Cboe facilities
- To process transactions through one or more of our services including, but not limited to, processing financial transactions initiated by you or your representative
- To keep you informed about our activities, products, and services that we think may be of interest to you, as permitted by applicable law
- To determine the effectiveness of promotional campaigns and advertising
Use of a Cboe Website may involve the collection of personal data by Cboe. There are also cases where users may be asked for personal data on a Cboe Website. For example, online surveys are occasionally conducted to better understand the needs and profiles of Cboe Website users. Our online surveys typically ask users for demographic and profile data such as zip code, age, and income level. In addition, personal data is requested if you voluntarily register to receive additional information about Cboe, sign up for Cboe products and services, or if you want to purchase a product directly from a Cboe Website. Voluntary Cboe Website registration forms may request user personal data such as name, mailing address, and/or e-mail address. Registered users of Cboe Websites may have certain "opt-out" choices which are described in the choice/opt-out section below.
What Data We Share
Cboe will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the business function for which such access is granted. No authorization will be extended to access personal data on a personal basis.
Your personal data may be processed by Cboe Global Markets, Inc. and its wholly-owned subsidiaries, controlled companies, and affiliates. A list of relevant Cboe subsidiaries can be found here.
Cboe does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, personal data to third-parties for monetary or other valuable consideration. From time to time, your personal data may be processed on our behalf by, or shared with, Cboe affiliates and other unaffiliated parties. (collectively “third parties”). Third parties who process your data may include lawyers, auditors, agents, suppliers, vendors, service providers, contractors who provide any services to Cboe, business partners, governmental and judicial bodies and regulatory agencies as well as any other persons and corporate entities to whom Cboe is obliged to disclose such information under applicable law that are located in the United States and in other countries inside and outside the European Economic Area (“EEA”) for the purposes outlined above. For data transfers from the EEA to third parties outside of the EEA, Cboe relies on appropriate safeguards, as defined in GDPR and as approved by the European Commission, to provide an adequate level of protection.
Select third-party providers which may process your personal data may be found in the "Service Providers" section below.
Cboe may transfer your information to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries, or other assets. To the extent permitted by applicable law, we may share information with a prospective buyer or transferee of the business as part of the diligence process. We require any such third-party to maintain the confidentiality of your information and protect it with appropriate technical and organizational security measures.
Where required, Cboe has implemented appropriate cross-border transfer mechanisms to provide adequate protection for transfers of certain personal data, including, but not limited to, the European Commission’s Standard Contractual Clauses (available here ). To the extent permitted by applicable law, by using our Sites, and providing us information about you, you consent to the international transfer of information about you to our subsidiaries, controlled companies, affiliates, vendors, business partners, and select service providers. Cboe may also disclose your information to international regulatory and government authorities as required by applicable law.
Cboe shall exercise reasonable precautions to safeguard and secure personal data retained at Cboe. We hold all information securely, at a secure location on our computer systems and databases (which may be hosted by a third-party on our behalf). Cboe has security protections in place that help to protect against the loss, misuse, and alteration of the data under our control. Security protections use technology consistent with current industry standards. Cboe periodically tests the security protections of its information systems and monitors the effectiveness of its information security controls, systems, and procedures. Cboe takes reasonable steps to review third-party processors of personal data to ensure those third-party processors exercise effective data security protections, in accordance with relevant laws.
Although we take proper measures to safeguard against unauthorized disclosures of data, no assurances can be provided that personal data that we collect will never be disclosed in a manner that is inconsistent with this Privacy Notice and Policy.
Cboe will retain your personal data for as long as your account, membership, customer relationship, or any other business relationship with Cboe, as applicable, is active, or for a reasonable period needed to provide you with products or services. Cboe may retain your data after you cease your relationship with us. To the extent your personal data is retained after a reasonable period has passed, your personal data is aggregated for statistical use only, as permitted by applicable law. Aggregated Data derived from your personal data is not considered personal data as this data is anonymized and does not directly or indirectly reveal your identity.
Cboe Websites log IP addresses and browser types for administrative purposes, including logging the IP addresses associated with each post to or use of a Cboe Website. Such logs will be reviewed in order to improve the user experience and to improve the materials and content available on a Cboe Website. In addition, such information may be used for information security-related activities in connection with performance monitoring, investigations, questions, claims or complaints relating to use of a Cboe Website.
When you use a Cboe Website, Cboe and third party service providers may use "cookies." Cookies involve placing small files/code on your device or browser that serve a number of purposes, such as remembering your preferences (e.g., language) and generally improving your experience on Cboe Websites. Specifically, we may use such technology for purposes such as to:
- Gather analytics about Cboe Websites, including demographic information in a non-identifiable form, in order to improve Cboe Websites' performance and customize users' experience;
- Support security measures, such as requiring re-login into your account; and
- More effectively market Cboe Websites and advertise other websites (including those of our advertising partners) that may be of interest to you.
Policies for Children
Cboe Websites are not targeted for use by children under the age of 16. We do not target any of our products or services for use by children.
Cboe may collect limited data of individuals under 16 years of age with verified parental consent for the limited purpose of processing beneficiary information related to accounts held by customers, participants, or members. Parents may access, edit, or erase this data by contacting us using the information provided in the “Access to Personal Data” section of this Privacy Notice and Policy.
Links to Third-Party Websites and Framing
For the user's convenience, Cboe Websites may provide links to other external websites. The listing of a link by Cboe should not be construed as a sponsorship, endorsement or approval of such websites, their content, or as an indication of the value of any claims, recommendations or other information contained therein. Cboe Website users should be aware that Cboe has no control over any linked website and is not responsible for the contents or privacy practices of any linked website or any link on a linked website. Cboe urges our users to be aware of when they exit the Cboe Website and to carefully read the privacy statements of each website that collects personal data. This Privacy Notice and Policy is applicable only to data collected by a Cboe Website.
Access to Personal Data
If you choose to update or delete personal data previously provided to Cboe, to the extent allowed by law, Cboe will endeavor to correct, update or remove the personal data being maintained by Cboe. You can do this by contacting us via the "Contact Cboe" form located at https://www.cboe.com/Contact or at the contact points specified below. Cboe will respond to your request(s) within the timeframes required by law.
Subject to local law(s), you may have certain rights regarding personal data we have collected about you. Verifiable requests made pursuant to your jurisdiction’s respective privacy laws may be submitted via the “Contact Cboe” form located at https://www.cboe.com/Contact or at the contact points specified below. To help protect your privacy, Cboe takes reasonable steps to verify your identity before granting access to your personal data or responding to your requests.
Cboe Websites provide registered users the opportunity to opt out of receiving communications from us at the point where we request data about the user. If you opt in, Cboe may (1) share the data with those organizations with which Cboe has a direct or indirect business relationship; (2) use the data for its own internal purposes, or (3) contact you for market-related research.
If you prefer not to receive traditional mail or other off-line promotions from Cboe or from organizations with which Cboe has a direct or indirect business relationship, send an e-mail via the “Contact Cboe” form located at https://www.cboe.com/Contact. Please include your full name and mailing address. To unsubscribe by postal mail, please write to: Cboe Customer Experiences, 433 W. Van Buren St., Chicago, IL 60607.
To remove yourself from any Cboe e-mail lists, please click on the “update your preferences” or “unsubscribe” options located at the bottom of any Cboe marketing e-mail. To unsubscribe by postal mail, please write to: Cboe Customer Experiences, 433 W. Van Buren St., Chicago, IL 60607. Alternatively, to remove yourself from any Cboe e-mail lists, you may send an e-mail via the “Contact Cboe” form located at https://www.cboe.com/Contact.
If you have any other questions about opting out of any communications from Cboe, send an e-mail via the "Contact Cboe" form located at https://www.cboe.com/Contact. Please also refer to the jurisdiction-specific data subject rights section applicable to you below.
Data Subjects Rights Under GDPR
To the extent provided for under GDPR, effective May 25, 2018, if you are a data subject in the European Union you are entitled to access your personal data; obtain information on the processing of your personal data; have your personal data rectified or erased or their processing restricted; or exercise your right to data portability. You also are entitled to withdraw any consent that you might have given to the processing of your personal data, including any consent for any direct marketing purposes with future effect. These are known as "Data Subjects Rights."
If you would like to exercise your Data Subjects Rights or learn more about the details of the processing of your personal data, please contact us using the information provided below or please fill out a form provided here. Cboe will respond to your request(s) as soon as reasonably practicable within the legally required period of time. To help protect your privacy, Cboe takes reasonable steps to verify your identity before granting access to your personal data or responding to your requests.
If you are not satisfied with Cboe’s response or believe that we are not processing your personal data in accordance with applicable law please contact Cboe’s Data Protection Officer using the contact information provided below. You also may contact or register a complaint with the competent supervisory authority or seek other remedies under applicable law.
Data Subject Rights of Canada Residents
Data Subject Rights of United Kingdom Residents
Data Subject Rights of California Residents
Cboe members and customers who are residents of California may request certain information about our disclosure of personal data and information to third parties for direct marketing purposes. To make such a request, please contact our DPO with “Request for California Privacy Information” on the subject line and in the body of your message. We will comply with your request within thirty (30) days or as otherwise required by the statute.
Data Subject Rights of Singapore Residents
Data Subject Rights of Hong Kong Residents
Data Subject Rights of Japan Residents
Data Subject Rights of Residents of the People’s Republic of China
Data Subject Rights of Australia Residents
Under the Australian Privacy Act, you can request access to your personal data information retained by us, or make corrections to the data, or ask us more generally about the kind of personal data we hold and what our policies and practices are in relation to the data. The best way to do this is to send your request to [email protected] Please note that Cboe Australia may charge you a reasonable fee for processing data access or correction requests.
To remove yourself from any Cboe Australia e-mail newsletters, either click the unsubscribe link at the bottom of any email newsletter you receive or email [email protected] .
If you have any comments of complaints relating to a possible breach of the APPs, please e-mail Cboe Australia Compliance at [email protected] .
Cboe reserves the right to disclose personal data in special cases, when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury or interference with (either intentionally or unintentionally) our rights or property, other Cboe Website users, or anyone else that could be harmed by such activities. We may also disclose personal data without notice to you in response to a subpoena, or when requested from a governmental, regulatory body or law enforcement agency or any other forum of competent jurisdiction when we believe in good faith that such disclosure is required, or to respond to any emergency situation.
Select Service Providers
We may share your information with third party service providers who perform functions on our behalf. We do not authorize these third parties to use your information for purposes other than the purpose(s) for which it has been provided, and we do not authorize these third parties to disclose or distribute your information to unauthorized parties. All of our service providers are subject to our due diligence process to ensure they maintain appropriate security to protect your information from unauthorized access or processing. The below list is of some key third parties we work with.
Cboe has selected World-Check, a database screening tool provided by Refinitiv Limited ("Refinitiv"). World-Check is used for due diligence screening which includes identity checks for purposes of fraud and anti-money laundering prevention and measures relating to sanctions, anti-bribery, anti-corruption and anti-terrorism laws. Such identity checks may require verifying personal data through databases and registers of public domain information. Please review the World-Check privacy statement available here: https://www.refinitiv.com/en/products/world-check-kyc-screening/privacy-statement
Notice of Changes
Cboe reserves the right to update or change this Privacy Notice and Policy or any part of it from time to time without prior notice. Cboe encourages you to review this Privacy Notice and Policy periodically for changes. You may at any time contact us to request a copy of this Privacy Notice and Policy.
If you have any questions regarding this Privacy Notice and Policy please contact us using the information below.
Cboe Global Markets, Inc.
Attention: Marketing Technology
433 W. Van Buren Street
Chicago, IL 60607
Cboe Global Markets, Inc.
Attention: Membership Services
433 W. Van Buren Street
Chicago, IL 60607
E-mail: [email protected]
Cboe Europe Limited
Attention: Participant Services
11 Monument Street, 5th Floor
London EC3R 8AF UK
E-mail: [email protected]
Cboe Global Markets, Inc.
Attention: Data Protection Officer
433 W. Van Buren Street
Chicago, IL 60607
E-mail: [email protected]
Cboe Technology Philippines Inc.
Attention: Office of the Data Protection Officer
10th Floor, Unit AB, North Tower, Rockwell Business Center Sheridan, Sheridan Street Corner United Street, Highway Hills, Mandaluyong City 1550, Philippines
Phone: +63 2 7 918 2227
E-mail: [email protected]
Cboe Australia Pty Ltd
Attention: Legal & Compliance
1 Farrer Place, Sydney
NSW, 2000, Australia
E-mail: [email protected]
1: This Policy is applicable to BIDS Trading L.P. (“BIDS Trading”). BIDS Trading is a subsidiary of BIDS Holdings L.P., which is a wholly-owned subsidiary of Cboe Global Markets. BIDS Trading L.P. is a registered broker-dealer and the operator of the BIDS Alternative Trading System (“ATS”). The BIDS ATS is not a registered national securities exchange or a facility thereof. The BIDS ATS is an independently managed and operated trading venue, separate from and not integrated with the Cboe U.S. securities exchanges.