Cboe - Privacy Notice and Policy
Last Updated: September 18, 2024
Cboe Global Markets, Inc. and its wholly-owned subsidiaries, controlled companies, and affiliates, (collectively, "Cboe", “we”, “us”, or “our”) have created this Privacy Notice and Policy in order to demonstrate our firm commitment to the privacy of a) users of a Cboe Website ("users"); b) Cboe customers and prospective customers; c) Cboe participants, members, users and such persons’ associated persons and representatives; and d) any other individuals from whom Cboe collects personal data during the course of its business activities. This Privacy Notice and Policy describes the personal data we collect, how Cboe uses your personal data, with whom we may share such data and how you can contact Cboe, access your personal data and exercise your rights regarding Cboe’s use of your personal data. Your personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, in accordance with this Privacy Notice and Policy and applicable data protection laws to which Cboe is subject. By using or accessing a Cboe Website, registering with Cboe, and to the extent required or permitted by applicable law, you signify your acknowledgment and assent to Cboe collecting and processing information about you in accordance with this Privacy Notice and Policy.1
Data Collection
When We Collect Data
We may obtain personal data from you when you use or access a Cboe website, attend Cboe-sponsored events, subscribe to Cboe communications or educational opportunities, access Cboe facilities, apply for employment with Cboe, or apply for membership at a Cboe trading facility. We may also obtain your personal data from third parties, including third-party partners, applications, advertising networks, government agencies, regulatory bodies, and other market research data companies and organizations. Your personal data may also be obtained for authentication and security purposes in accordance with applicable law.
What Personal Data We Collect
Based on the specific products, services, business relationship, or websites involved (as well as requirements under applicable law), Cboe may collect the following categories of personal data on our own or from third parties about you in accordance with applicable law.
Identity Data: includes first name, last name, username, social media username, photograph, employment, career or professional history, education background, passport or government-issued identification information, or similar identifiers.
Contact Data: includes address, e-mail address, mailing address, business contact information, and telephone number.
Transaction Data: includes bank account, credit card number, financial holdings information, and details about trades, positions, and other details of services that Cboe provides to you, as a customer.
Technical Data: includes internet protocol (IP) address, your login data, browser type and version, cookies, log files, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Cboe websites and online services.
Profile Data: includes your username, password, preferences, or feedback responses.
Usage Data: includes statistical data, analytics, trends, and usage information about how you use our systems, products, and services, such as activity logs and other aggregated quantitative data.
Marketing and Communications Data: includes your preferences in receiving marketing from Cboe and your communications preferences.
Cboe may also collect, use, and share Aggregated Data such as statistical or demographic data, which may be used and processed after you cease your relationship with us. Aggregated Data derived from your personal data is not considered personal data as this data is anonymized and does not directly or indirectly reveal your identity.
What Sensitive Personal Data We Collect
At times, Cboe may collect and handle sensitive personal data. Cboe will only collect sensitive personal data as permitted by applicable law including, where necessary, with an individual’s consent.
Identifiable Data: includes criminal history for the purpose of evaluating individuals who can access Cboe facilities/systems and race/racial origin for the purposes of facilitating these background checks.
Biometric Data: includes fingerprint data and facial scans to facilitate background checks and identify individuals who have been granted access to Cboe facilities and systems. Processing of biometric data is further described in Cboe’s Biometric Information Privacy Policy .
Health Data: includes health information such as COVID-19 vaccination data and COVID-19 test results processed to determine whether individuals should be granted access to Cboe facilities.
Data Processing and Dissemination
Except as otherwise provided in this Privacy Notice and Policy, the following discloses our data processing and dissemination practices.
Cboe values your privacy and processes your personal data, as a data controller, in accordance with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”). Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Cboe will only collect and process personal data about you where there is a lawful basis to do so. Lawful bases may include:
Consent: Cboe will use or process personal data where the data subject has given consent to the processing of their own personal data for one or more specific purposes. Cboe may use or process your personal data for direct marketing when you expressly consent to receive direct marketing communications via e-mail. You have the option to withdraw your consent at any time. If you no longer wish to receive marketing communications and to withdraw your consent, please see the Choice/Opt-Out section below.
Contractual Obligation: Cboe may use or process personal data where processing is necessary for the performance of a contract.
Regulatory Obligation: We will use or process personal data as necessary for compliance with a legal obligation to which we are subject. This includes using or processing personal data for defense of claims and satisfying any government reporting obligations and requests, as well as to identify, investigate, and prevent fraud and other criminal threats or activities. We may also disclose personal data without notice to you in response to a subpoena, or when requested from a governmental, regulatory body or law enforcement agency or any other forum of competent jurisdiction when we believe in good faith that such disclosure is required, or to respond to any emergency situation.
Legitimate Interests: We will process your personal data for any of our other legitimate interests not described above. These include analyzing use of our website or services, tailoring website and news content, setting preferences in our website or electronic mailings, improving our websites, offering and managing programs and events, assessing what products and services may be of interest to individuals, fulfilling our obligations to our clients and others, and managing our client and vendor relationships.
We use your personal data only for the purposes explicitly stated in this Privacy Notice and Policy. Should we use or disclose your personal data for any purpose that is additional to or different from the originally specified purpose at the time of collection, the new use is fair, lawful, and transparent and fulfills lawful basis and notice requirements dictated by applicable law and as noted above.
Use of Personal Data
To the extent required by applicable law, each purpose for the processing of personal data is substantiated by one or more lawful bases for processing. Cboe processes your personal data for certain purposes which may include some or all of the following:
- To administer and manage our relationship with you
- To register you as a new customer or member and establish an account for you
- To register you to receive services or information through one or more of our websites or online services
- To administer and protect our business and systems (such as through troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- To evaluate, review, approve, or enter into potential contractual arrangements
- To enable us to administer, support, enhance, modify, personalize or otherwise improve our products/ services/ communications/ marketing opportunities for the benefit of users
- To enhance the security of our network and information systems, as well as monitor for security threats, breaches, spam, and fraud involving the use of Cboe products, services, systems, websites, online services, or facilities
- To protect Cboe systems and employees from spam, phishing, malware, ransomware, and other security risks that may be present in digital communications from you or in your interactions with Cboe Websites and online services
- To better understand how people interact with Cboe Websites
- To comply with certain obligations under applicable law, industry guidelines and internal policies as a Self-Regulatory organization, trading venue, central counterparty, and/or market operator
- To comply with certain obligations under applicable law, industry guidelines and internal policies as an exchange, central counterparty, broker-dealer, central shares depository, pension system administrator and/or other regulated/licensed business including, but not limited to regulations applicable to our EEA Regulated Entities
- To perform transaction and regulatory reporting requirements under applicable law
- To manage, administer, and assign transactions that are effected on Cboe facilities
- To process transactions through one or more of our services including, but not limited to, processing financial transactions initiated by you or your representative
- To keep you informed about our activities, products, and services that we think may be of interest to you, as permitted by applicable law
- To determine the effectiveness of promotional campaigns and advertising
Use of a Cboe Website may involve the collection of personal data by Cboe. There are also cases where users may be asked for personal data on a Cboe Website. For example, online surveys are occasionally conducted to better understand the needs and profiles of Cboe Website users. Our online surveys typically ask users for demographic and profile data such as zip code, age, and income level. In addition, personal data is requested if you voluntarily register to receive additional information about Cboe, sign up for Cboe products and services, or if you want to purchase a product directly from a Cboe Website. Voluntary Cboe Website registration forms may request user personal data such as name, mailing address, and/or e-mail address. Registered users of Cboe Websites may have certain "opt-out" choices which are described in the choice/opt-out section below.
What Data We Share
Cboe will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the business function for which such access is granted. No authorization will be extended to access personal data on a personal basis.
Your personal data may be processed by Cboe Global Markets, Inc. and its wholly-owned subsidiaries, controlled companies, and affiliates. A list of relevant Cboe subsidiaries can be found here.
Cboe does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, personal data to third-parties for monetary or other valuable consideration. From time to time, your personal data may be processed on our behalf by, or shared with, Cboe affiliates and other unaffiliated parties. (collectively “third parties”). Third parties who process your data may include lawyers, auditors, agents, suppliers, vendors, service providers, contractors who provide any services to Cboe, business partners, governmental and judicial bodies and regulatory agencies as well as any other persons and corporate entities to whom Cboe is obliged to disclose such information under applicable law that are located in the United States and in other countries inside and outside the European Economic Area (“EEA”) for the purposes outlined above. For data transfers from the EEA to third parties outside of the EEA, Cboe relies on appropriate safeguards, as defined in GDPR and as approved by the European Commission, to provide an adequate level of protection.
Select third-party providers which may process your personal data may be found in the "Service Providers" section below.
Business Transfers
Cboe may transfer your information to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries, or other assets. To the extent permitted by applicable law, we may share information with a prospective buyer or transferee of the business as part of the diligence process. We require any such third-party to maintain the confidentiality of your information and protect it with appropriate technical and organizational security measures.
International Transfers
Where required, Cboe has implemented appropriate cross-border transfer mechanisms to provide adequate protection for transfers of certain personal data, including, but not limited to, the European Commission’s Standard Contractual Clauses (available here). To the extent permitted by applicable law, by using our Sites, and providing us information about you, you consent to the international transfer of information about you to our subsidiaries, controlled companies, affiliates, vendors, business partners, and select service providers. Cboe may also disclose your information to international regulatory and government authorities as required by applicable law.
Participation with the EU-U.S., Swiss-U.S. Data Privacy Frameworks
Cboe and its wholly-owned subsidiaries participate and comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-US. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, “DPF Principles”). Cboe has certified to the U.S. Department of Commerce that it adheres to the DPF Principles regarding the processing of personal data from the European Union, the United Kingdom, and Switzerland respectively. If there is any conflict between the terms in this Privacy Notice and Policy and the DPF Principles, the DPF Principles shall govern. For information about the DPF Principles and to view our certification, please visit https://www.dataprivacyframework.gov/. A list of Cboe U.S.-based subsidiaries also adhering to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles can be found here.
Disclosure and Onward Transfers
Cboe is responsible for the processing of personal data it receives under the EU-U.S. DPF, and subsequently may transfer it to third parties acting as agents on our behalf. Cboe complies with the DPF Principles for all onward transfers of personal data from the EU, EEA (and Gibraltar), and Switzerland. Cboe maintains contracts with these third parties that restrict their access, use, and disclosure of personal data in compliance with our DPF obligations. DPF Principles, contractual arrangements, or other applicable law govern liability for Cboe and third-party engagements.
In certain situations, Cboe may be required to disclose personal data in response to lawful requests by public authorities, such as to meet national security requirements, in response to a subpoena, when requested from a governmental, regulatory body or law enforcement agency or any other forum of competent jurisdiction, or to respond to any emergency situation.
Cboe is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Complaint Resolution
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Cboe has committed to refer unresolved privacy complaints under the DPF Principles to a U.S.-based independent third-party dispute resolution mechanism, JAMS. If you do not receive a timely or satisfactory response to a question or complaint from Cboe, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge.
Cboe also commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
Security
Cboe shall exercise reasonable precautions to safeguard and secure personal data retained at Cboe. We hold all information securely, at a secure location on our computer systems and databases (which may be hosted by a third-party on our behalf). Cboe has security protections in place that help to protect against the loss, misuse, and alteration of the data under our control. Security protections use technology consistent with current industry standards. Cboe periodically tests the security protections of its information systems and monitors the effectiveness of its information security controls, systems, and procedures. Cboe takes reasonable steps to review third-party processors of personal data to ensure those third-party processors exercise effective data security protections, in accordance with relevant laws.
Although we take proper measures to safeguard against unauthorized disclosures of data, no assurances can be provided that personal data that we collect will never be disclosed in a manner that is inconsistent with this Privacy Notice and Policy.
Data Retention
Cboe will retain your personal data for as long as your account, membership, customer relationship, or any other business relationship with Cboe, as applicable, is active, or for a reasonable period needed to provide you with products or services. Cboe may retain your data after you cease your relationship with us. To the extent your personal data is retained after a reasonable period has passed, your personal data is aggregated for statistical use only, as permitted by applicable law. Aggregated Data derived from your personal data is not considered personal data as this data is anonymized and does not directly or indirectly reveal your identity.
In addition, personal data may be retained for the period necessary to fulfill the purposes outlined in this Notice and Privacy Policy and as otherwise needed for legal, regulatory, or litigation purposes, as may be required under applicable law. If you wish to cancel your account or request that we no longer use your personal data to provide you with products or services, contact us using the contact information provided below.
Logged Files
Cboe Websites log IP addresses and browser types for administrative purposes, including logging the IP addresses associated with each post to or use of a Cboe Website. Such logs will be reviewed in order to improve the user experience and to improve the materials and content available on a Cboe Website. In addition, such information may be used for information security-related activities in connection with performance monitoring, investigations, questions, claims or complaints relating to use of a Cboe Website.
Cookies
When you use a Cboe Website, Cboe and third party service providers may use "cookies." Cookies involve placing small files/code on your device or browser that serve a number of purposes, such as remembering your preferences (e.g., language) and generally improving your experience on Cboe Websites. Specifically, we may use such technology for purposes such as to:
- Gather analytics about Cboe Websites, including demographic information in a non-identifiable form, in order to improve Cboe Websites' performance and customize users' experience;
- Support security measures, such as requiring re-login into your account; and
- More effectively market Cboe Websites and advertise other websites (including those of our advertising partners) that may be of interest to you.
You can set your browser to notify you when you receive a cookie, giving you the opportunity to decide whether to accept it. You may continue browsing a Cboe Website even if you decide not to accept the cookie, however certain capabilities of Cboe Websites may be impaired. This Privacy Notice and Policy covers the use of cookies by Cboe Websites and does not cover the use of cookies by any service providers to Cboe Websites. [See also the "Select Service Providers" section below.]
Policies for Children
Cboe Websites are not targeted for use by children under the age of 16. We do not target any of our products or services for use by children.
Cboe may collect limited data of individuals under 16 years of age with verified parental consent for the limited purpose of processing beneficiary information related to accounts held by customers, participants, or members. Parents may access, edit, or erase this data by contacting us using the information provided in the “Access to Personal Data” section of this Privacy Notice and Policy.
Third Party Advertisements and Links to Third-Party Websites
Cboe Websites may provide links to other external websites, including third-party websites with which Cboe partners to provide non-targeted advertisements. The listing of a link by Cboe should not be construed as an approval of such websites’ content, or as an indication of the value of any claims, recommendations or other information contained therein. Cboe Website users should be aware that Cboe has no control and is not responsible for the contents or privacy practices of any linked website or any link on a linked website. Cboe urges our users to be aware of when they exit the Cboe Website and to carefully read the privacy statements of each linked website that collects personal data. This Privacy Notice and Policy is applicable only to data collected by a Cboe Website.
Access to Personal Data
If you choose to update or delete personal data previously provided to Cboe, to the extent allowed by law, Cboe will endeavor to correct, update or remove the personal data being maintained by Cboe. You can do this by contacting us via the "Contact Cboe" form located at https://www.cboe.com/Contact or at the contact points specified below. Cboe will respond to your request(s) within the timeframes required by law.
Subject to local law(s), you may have certain rights regarding personal data we have collected about you. Verifiable requests made pursuant to your jurisdiction’s respective privacy laws may be submitted via the “Contact Cboe” form located at https://www.cboe.com/Contact or at the contact points specified below. To help protect your privacy, Cboe takes reasonable steps to verify your identity before granting access to your personal data or responding to your requests.
Choice/Opt-Out
Cboe Websites provide registered users the opportunity to opt out of receiving communications from us at the point where we request data about the user. If you opt in, Cboe may (1) share the data with those organizations with which Cboe has a direct or indirect business relationship; (2) use the data for its own internal purposes, or (3) contact you for market-related research.
If you prefer not to receive traditional mail or other off-line promotions from Cboe or from organizations with which Cboe has a direct or indirect business relationship, send an e-mail via the “Contact Cboe” form located at https://www.cboe.com/Contact. Please include your full name and mailing address. To unsubscribe by postal mail, please write to: Cboe Customer Experiences, 433 W. Van Buren St., Chicago, IL 60607.
To remove yourself from any Cboe e-mail lists, please click on the “update your preferences” or “unsubscribe” options located at the bottom of any Cboe marketing e-mail. To unsubscribe by postal mail, please write to: Cboe Customer Experiences, 433 W. Van Buren St., Chicago, IL 60607. Alternatively, to remove yourself from any Cboe e-mail lists, you may send an e-mail via the “Contact Cboe” form located at https://www.cboe.com/Contact.
If you have any other questions about opting out of any communications from Cboe, send an e-mail via the "Contact Cboe" form located at https://www.cboe.com/Contact. Please also refer to the jurisdiction-specific data subject rights section applicable to you below.
Data Subjects Rights Under GDPR
To the extent provided for under GDPR, effective May 25, 2018, if you are a data subject in the European Union you are entitled to access your personal data; obtain information on the processing of your personal data; have your personal data rectified or erased or their processing restricted; or exercise your right to data portability. You also are entitled to withdraw any consent that you might have given to the processing of your personal data, including any consent for any direct marketing purposes with future effect. These are known as "Data Subjects Rights."
If you would like to exercise your Data Subjects Rights or learn more about the details of the processing of your personal data, please contact us using the information provided below or please fill out a form provided here. Cboe will respond to your request(s) as soon as reasonably practicable within the legally required period of time. To help protect your privacy, Cboe takes reasonable steps to verify your identity before granting access to your personal data or responding to your requests.
If you are not satisfied with Cboe’s response or believe that we are not processing your personal data in accordance with applicable law please contact Cboe’s Data Protection Officer using the contact information provided below. You also may contact or register a complaint with the competent supervisory authority or seek other remedies under applicable law.
Data Subject Rights of Canada Residents
Cboe is committed to protecting the privacy of Cboe customers in Canada and their personal data in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”). Cboe shall comply with all requirements of the PIPEDA alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the PIPEDA, Cboe will adhere to any additional obligations or higher standards of protection enforced by these laws for Canada residents and their data.
Data Subject Rights of United Kingdom Residents
Cboe is committed to protecting the privacy of Cboe customers in the United Kingdom (“UK”) and their personal data in accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”) and the Data Protection Act 2018 (“DPA”). Cboe shall comply with all requirements of the UK GDPR and DPA alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the UK GDPR and/or DPA, Cboe will adhere to any additional obligations or higher standards of protection enforced by these laws for UK residents and their data.
Data Subject Rights of California Residents
Cboe is committed to protecting the privacy of Cboe customers in California and their personal data in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) and California Civil Code Section 1798.83 Shine the Light Law (“STL”). Cboe shall comply with all requirements of the CCPA and STL alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the CCPA and/or STL, Cboe will adhere to any additional obligations or higher standards of protection enforced by these laws for California residents and their data.
Cboe members and customers who are residents of California may request certain information about our disclosure of personal data and information to third parties for direct marketing purposes. To make such a request, please contact our DPO with “Request for California Privacy Information” on the subject line and in the body of your message. We will comply with your request within thirty (30) days or as otherwise required by the statute. Cboe will not discriminate against you for exercising your rights under the CCPA.
Data Subject Rights of Singapore Residents
Cboe is committed to protecting the privacy of Cboe customers in Singapore and their personal data in accordance with Singapore's Personal Data Protection Act ("PDPA"). Cboe shall comply with all requirements of the PDPA alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the PDPA, Cboe will adhere to any additional obligations or higher standards of protection enforced by the PDPA for Singapore residents and their data.
Data Subject Rights of Hong Kong Residents
Cboe is committed to protecting the privacy of Cboe customers in Hong Kong and their personal data in accordance with Hong Kong's Personal Data Ordinance ("PDPO") and other relevant privacy laws. Cboe shall comply with all requirements of the PDPO alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the PDPO, Cboe will adhere to any additional obligations or higher standards of protection enforced by the PDPO for Hong Kong residents and their data.
Data Subject Rights of Japan Residents
Cboe is committed to protecting the privacy of Cboe customers in Japan and their personal data in accordance with Japan’s Act on the Protection of Personal Information (“APPI”) and other relevant privacy laws. Cboe shall comply with all requirements of the APPI alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the APPI, Cboe will adhere to any additional obligations or higher standards of protection enforced by the APPI for Japan residents and their data.
Personal data of Cboe customers in Japan may be shared with Cboe Global Markets, Inc. affiliates (a list of Cboe affiliate or subsidiary companies to whom the personal data may be shared with can be found here.)
To demand disclosure (access), correction, addition, utilization cease, erasing, or deletion of your personal data, please send a request to [email protected]. Please note that Cboe Japan may charge you a reasonable fee for processing data access requests.
If you have any comments or complaints relating to a possible breach of the APPI, please e-mail Cboe Japan at [email protected] or contact the Personal Information Consultation Office of Japan Securities Dealers Association (Phone: 03-6665-6784, website: http://www.jsda.or.jp)
Please refer to the website of the Personal Information Protection Commission (https://www.ppc.go.jp/) for information about how personal information is protected based on what jurisdiction Cboe is located.
Data Subject Rights of Residents of the People’s Republic of China
Cboe is committed to protecting the privacy of Cboe customers in the People’s Republic of China (“PRC”) and their personal data in accordance with the PRC’s Personal Information Protection Law (“PIPL”) and other relevant privacy laws. Cboe shall comply with all requirements of the PIPL alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the PIPL, Cboe will adhere to any additional obligations or higher standards of protection enforced by the PIPL for PRC residents and their data.
Data Subject Rights of Australia Residents
Cboe is committed to protecting the privacy of Cboe customers in Australia and their personal data in accordance with Australia’s Federal Privacy Act of 1988 (“Australian Privacy Act”), the Australian Privacy Principles (“APPs”), and other relevant privacy laws. Cboe shall comply with all requirements of the Australian Privacy Act and APPs alongside the terms of Cboe’s global privacy policy mentioned above. Where policy requirements differ between Cboe’s existing global privacy policies and the requirements of the Australian Privacy Act and APPs, Cboe will adhere to any additional obligations or higher standards of protection enforced by the Australian Privacy Act and APPs for Australia residents and their data.
Under the Australian Privacy Act, you can request access to your personal data information retained by us, or make corrections to the data, or ask us more generally about the kind of personal data we hold and what our policies and practices are in relation to the data. The best way to do this is to send your request to [email protected]. Please note that Cboe Australia may charge you a reasonable fee for processing data access or correction requests.
To remove yourself from any Cboe Australia e-mail newsletters, either click the unsubscribe link at the bottom of any email newsletter you receive or email [email protected] .
If you have any comments or complaints relating to a possible breach of the APPs, please e-mail Cboe Australia Compliance at [email protected] .
Special Cases
Cboe reserves the right to disclose personal data in special cases, when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury or interference with (either intentionally or unintentionally) our rights or property, other Cboe Website users, or anyone else that could be harmed by such activities.
Select Service Providers
We may share your information with third party service providers who perform functions on our behalf. We do not authorize these third parties to use your information for purposes other than the purpose(s) for which it has been provided, and we do not authorize these third parties to disclose or distribute your information to unauthorized parties. All of our service providers are subject to our due diligence process to ensure they maintain appropriate security to protect your information from unauthorized access or processing. The below list is of some key third parties we work with.
Cboe has selected Google Marketing Platform, a subsidiary of Google, LLC ("Google"), as an ad-serving/sales agent for Cboe Websites. Please review Google's privacy policy for information about Google Marketing Platform’s data use policy and security measures as they relate to advertising.
Cboe uses Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies or similar technologies to help Cboe Websites analyze how users use Cboe Websites. Please review "How Google uses data when you use our partners' sites or apps" for information about how Google uses information collected through Google Analytics and how you may refuse the use of cookies.
Cboe has selected Pardot, LLC, a Salesforce company (“Pardot”), as a marketing automation agent. Pardot uses cookies or similar technologies to help Cboe Websites analyze how specific users use the site and to deliver personalized marketing/site content. Please review Pardot's privacy policy for information about Pardot's data use policy and security measures. Please also review "How Does Pardot Track Activities?" for information about how Pardot uses cookies and how you may refuse the use of cookies.
Cboe has selected Stripe, Inc. ("Stripe") as a solution to support online payments through Cboe websites. Please review the Stripe Privacy Policy here for information about Stripe's data use policy and security measures.
Cboe has selected Demandbase, Inc. ("Demandbase") as an account-based marketing tool for real-time B2B marketing, advertising, and personalization services. Demandbase uses your IP address and/or other device identifiers to track user engagement with Cboe Websites and deliver personalized marketing content. Demandbase may be integrated with other Company customer relationship management (CRM) databases. Please review the Demandbase privacy policy here to learn more about how Demandbase handles personal data. To opt-out of cookies and tracking from Demandbase visit demandbase.com/privacy-center.html.
Cboe has selected World-Check, a database screening tool provided by Refinitiv Limited ("Refinitiv"). World-Check is used for due diligence screening which includes identity checks for purposes of fraud and anti-money laundering prevention and measures relating to sanctions, anti-bribery, anti-corruption and anti-terrorism laws. Such identity checks may require verifying personal data through databases and registers of public domain information. Please review the World-Check privacy statement available here: https://www.refinitiv.com/en/products/world-check-kyc-screening/privacy-statement
Notice of Changes
Cboe reserves the right to update or change this Privacy Notice and Policy or any part of it from time to time without prior notice. Cboe encourages you to review this Privacy Notice and Policy periodically for changes. You may at any time contact us to request a copy of this Privacy Notice and Policy.
Contact Information
If you have any questions regarding this Privacy Notice and Policy please contact us using the information below.
Cboe Global Markets, Inc.
Attention: Marketing Technology
433 W. Van Buren Street
Chicago, IL 60607
Fax: 312-786-7367
E-mail: https://www.Cboe.com/Contact
Cboe Global Markets, Inc.
Attention: Membership Services
433 W. Van Buren Street
Chicago, IL 60607
Fax: 312-786-8140
E-mail: [email protected]
Cboe Europe Limited
Attention: Participant Services
11 Monument Street, 5th Floor
London EC3R 8AF UK
E-mail:
[email protected]
Cboe Global Markets, Inc.
Attention: Data Protection Officer
433 W. Van Buren Street
Chicago, IL 60607
E-mail: [email protected]
Cboe Technology Philippines Inc.
Attention: Office of the Data Protection Officer
10th Floor, Unit AB, North Tower, Rockwell Business Center Sheridan, Sheridan Street
Corner United Street, Highway Hills, Mandaluyong City 1550, Philippines
Phone: +63 2 7 918 2227
E-mail: [email protected]
Cboe Australia Pty Ltd
Attention: Legal & Compliance
1 Farrer Place, Sydney
NSW, 2000, Australia
E-mail: [email protected]
Cboe Japan Limited
Attention: Legal & Compliance
Toru Irokawa, Representative Director
5th Floor, Akasaka Intercity 1-11-44 Akasaka
Minato-ku, Tokyo 107-0052
E-mail: [email protected]
1: This Policy is applicable to BIDS Trading L.P. (“BIDS Trading”). BIDS Trading is a subsidiary of BIDS Holdings L.P., which is a wholly-owned subsidiary of Cboe Global Markets. BIDS Trading L.P. is a registered broker-dealer and the operator of the BIDS Alternative Trading System (“ATS”). The BIDS ATS is not a registered national securities exchange or a facility thereof. The BIDS ATS is an independently managed and operated trading venue, separate from and not integrated with the Cboe U.S. securities exchanges.