privacy and Policy

1. This Notice CME Group Inc. and each of its subsidiaries and affiliates (collectively known as 'CME Group', 'we' and 'us') are committed to safeguarding personal data. CME Group is the controller or processor of personal data according to the privacy laws and regulations applicable to it. The purpose of this privacy notice is to explain how CME Group processes personal data so that users understand what is collected, what is done with it, who it is disclosed to, and the rights available. Processing may include the collection, storage, modification, access, or destruction of personal data, completed manually or through automatic means, including through the use of artificial intelligence ('AI') technologies. 2. Who This Notice Applies To This Notice applies to individuals who have any of the following relationships with CME Group: Relationship Description Communicator An individual who contacts CME Group online, by telephone, post or any other method Contributor An individual who contributes to CME Group's Political Action Committee (PAC) Corporate representative An individual who is a representative of any corporate customer Purchaser An individual who purchases anything from CME Group Service user An individual who uses any of CME Group's platforms or services Shareholder An individual who holds a direct or indirect equitable interest in CME Group Subscriber An individual who subscribes to receive communications from CME Group Supplier An individual who provides services to CME Group Web visitor An individual who visits www.cmegroup.com or any of CME Group's social media pages 3. What Personal Data Is Collected CME Group may collect, store, and use the following categories of personal data: • Account preferences and analytics — information regarding stated preferences and use of services • Authentication details — credentials including user ID, password, and memorable information • Communication records — records of any communications exchanged, including via email, website, telephone, social media, and letter • Contact details — name, title, home address, office address, company name, job role, telephone numbers, and personal email address • Device and electronic information — IP address, cookies, activity logs, device type, operating system, browser, unique device identifiers and geolocation data • Financial details — credit and/or debit card details • Identification information — name, date of birth, passport, visa, driver's license, government-issued identification numbers • Financial status — information about creditworthiness and financial standing • Biometric identifiers — where applicable for membership applications 4. How Data Is Used CME Group uses personal data for the following purposes: • Event planning — inviting users to events and conferences, and registering attendance • Improving products and services — analyzing usage to evaluate and improve services; reviewing interactions with AI tools to improve enterprise technologies • Know-your-client checks — performing credit checks for membership applications • Managing customer services — providing assistance with access to products and services; responding to queries and complaints • Managing accounts — maintaining account security and providing access to account information • Marketing — contacting users about services, events, industries, and product announcements (with consent) • Membership applications — creating user profiles, setting up accounts, and making products/services available • Personalizing services — sending news and product updates; suggesting personalized content based on AI-driven analysis of interactions 5. Data Sharing CME Group may disclose personal data to: • Corporate representatives and government/law enforcement agencies (for legal requirements) • Service providers and third-party processors • Event coordinators and sponsors • Credit reporting bodies (for know-your-client checks) • Regulatory authorities as required by law 6. International Transfers of Data CME Group may transfer personal data internationally in connection with its global operations, subject to appropriate safeguards as required by applicable law. 7. Your Rights Users may have certain rights in relation to their personal data, including the right to access, correct, delete, or restrict processing of their data, subject to applicable law. California residents have additional rights under the California Consumer Privacy Act (CCPA). 8. Data Security CME Group implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. 9. Data Retention CME Group retains personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. 10. Cookies CME Group uses cookies and similar technologies on its website. Users can manage their cookie preferences through the Cookie Settings option. 11. Children's Data CME Group's services are not directed at children, and CME Group does not knowingly collect personal data from children.