Privacy at the Small Exchange
The Exchange is committed to protecting your personal information and recognizes the need for appropriate protection and management of any information you share with our Exchange. As such, the Exchange respects your privacy, particularly with regard to the storage, access, and use of personally identifiable data collected through any of our systems.
Federal law and CFTC Regulations give you the right to limit some but not all sharing of information. Further, applicable law also requires the Exchange to tell you how the Exchange collects, shares, and protects your personal information. The Exchange will maintain your personal information in a secure format and, except, as set forth herein, at no time will the Exchange permit access your confidential information without a lawful basis.
The Exchange encourages you to read this notice carefully to understand the way we collect, use, disclose and protect your personal information with respect to privacy. If you do not agree with the terms of this Policy, please do not access the site.
Why does the Small Exchange collect Member and Participant information?
There are several important reasons why the Exchange collects personal information but may vary depending on the type of services requested of the Exchange.
The information the Exchange gathers is necessary to communicate information or data relevant for the administration of your business with the Exchange; such as to process Transactions, communicate with you about your business with the Exchange, safeguard individuals and/or the Exchange, comply with federal and state laws and CFTC regulations, and/or comply with the requests of appropriate law enforcement organizations.
Finally, the Exchange may choose to gather information to help the Exchange assess your needs and preferences, as well as, to improve Exchange products and services.
What information does the Small Exchange collect?
Information the Exchange may collect directly from you:
The information the Exchange collects from you may be referred to as “Personally Identifiable Information” (“PII”), this term applies to the PII the Exchange gathers from an individual or entity either directly from you, and/or those individuals or entities authorized to act on your behalf, that identifies a Participant by non-public information that is associated with an individual, entity, Exchange Member or Participant.
Such information that the Exchange collects directly from you includes, but is not limited to, information required to facilitate your particular business with the Exchange. Generally, the information collected may include your name, job title, physical address, email address, home phone number, cell phone number, Social Security Number, Tax ID Number, date of birth, and employer’s name and address.
Further, depending on the type of product or service received from the Exchange we may collect additional information that includes but is not limited to, full name, entity name, photo identification, business phone, email address, business website, Internet Protocol (“IP”) address, financial information (personal and/or business), regulatory registration ID and/or business license or certificates.
If you are participating in contests, giveaways, surveys, or providing feedback, the Exchange may collect personal and other information you provide when entering contests or giveaways and/or responding to surveys and/or providing feedback. The Exchange may publish your name, city and/or state, social media identifier (e.g., Twitter handle), survey results, feedback provided, and results as related to contests and giveaways. This may be published on the Exchange’s website, social media accounts, emails or other forms of communicating with the public.
Information the Small Exchange may collect indirectly from you:
The Exchange asks you to provide “Non-Personally Identifiable Information” (“NPII”) defined as information that is not associated or linked to PII and may not permit the identification of individual persons by itself. This information aids the Exchange in anticipating the needs and requests of its Participants to help ensure the Exchange is meeting the needs of its Participants.
NPII the Exchange collects indirectly from you includes, but is not limited to, your Internet Protocol (“IP”) address, browser type, operating system, Internet Service Provider (“ISP”), time stamps, Transactions, products or services used, referral site(s), and banner ads you may click through.
The Exchange reserves the right to share this NPII with any of its authorized third- party service providers (collectively referred to as “third-parties”) to measure the overall effectiveness of the Exchange’s products and services, online advertising, content, and distribution.
When does the Small Exchange collect information?
You directly provide the majority of the information the Exchange collects when you perform various actions on the Exchange’s website and/or through the use of products and services offered by the Exchange, any of its affiliated companies and/or third-parties.
Listed below are some of the specific means by which the Exchange collects information directly from you:
- When you start the Community Member or membership process with the Exchange
- When you agree to the Exchange’s agreements
- When you agree to the provisions of Market Data Agreements relating to receipt, use or distribution of Exchange market data.
- When you read or agree to the Exchange’s policies, rules and disclosures
- When you access the website, access the Exchange electronic Trading System, and other tools or systems provided by the Exchange
- When you purchase products or services from the Exchange, the Exchange may, under certain circumstances, collect personal information for billing purposes
- When participants utilize Exchange Systems, information will be collected and used to authenticate your access to these systems including but not limited to device type, operating system, browser, IP address and country of origin, when appropriate
- When you send us an email with questions or comments
- When you voluntarily submit information in response to a promotion, offer or participation in the trading of Exchange listed product or service
Listed below are some of the specific means by which the Exchange collects information indirectly from you:
- When we analyze the usage of our website
- When we analyze the usage of our trading facilities
- When we provide products and services to you
- When we obtain information from other sources such as credit agencies, affiliates, business partners, regulatory agencies, regulatory service providers, mandated information sharing networks, and governmental agencies
How does the Small Exchange use your personal information?
A primary goal of the Exchange is to have long-term relationships with its Members, Community Members, and Participants, and the Exchange understands that upholding the trust of our Participants is critical to achieving that goal. Therefore, the Exchange uses personal information only as appropriate to administer its business with you, facilitate an orderly market, fulfill its regulatory obligations, provide you quality service, as well as, appropriate security while participating on the Exchange.
The Exchange may use the information collected from you to verify your identity and contact you.
Additionally, the Exchange may use this information during the process of establishing and approving memberships, establishing a Community Membership to the Exchange, establishing connectivity to the Exchange, issuing an Exchange identifier, issuing a username and password, maintaining necessary records, monitoring and surveilling trading activity, contacting you regarding Participant related information, as well as, providing other support services the Exchange offers to its Members, Community Members, and Participants.
The Exchange may analyze the data collected to administer an orderly market and determine if a violation of Exchange Rules has occurred.
The Exchange may, under certain circumstances, collect personal information for billing purposes when you purchase products or services from the Exchange.
For those Participants who utilize the Exchange’s Trading Systems, information will be collected and used to authenticate your access to these systems.
The Exchange may also use demographic information collected from its Members, Community Members, and Participants provided by other third-parties in order to conduct a fair and equitable market, provide security for the marketplace, develop new products, support new lines of business, and establish new services for Members, Community Members, and Participants.
Members, Community Members, and Participants are to be aware that the Exchange retains information for the duration of a business relationship in accordance with internal policies. Additionally, there are published regulatory requirements that mandate certain information be retained and accessible for a specified period of time, the general rule is the Exchange and its Regulatory Service Providers will retain such information for a minimum of five (5) years.
What does the Small Exchange share with affiliated companies and Third-Party Providers?
- The Exchange may disclose personal information in order to administer or process Transactions effected on the Exchange, product or service you have authorized or requested, or in the context of facilitating the settlement of a transaction. An applicable example of this would be if the Exchange is required to deliver personal information about you to third-parties relating to the settlement of Transactions, as well as, validating Participant identities when performing an electronic transfer of funds and/or wires for payments in accordance with your business with the Exchange.
- The Exchange may disclose personal information about you to third-parties to fulfill its obligations as a regulated Designated Contract Market (“DCM”), to governmental agencies as required by law or regulation, or in response to mandatory regulatory or legal requests.
- The Exchange may disclose personal information when necessary to protect your rights, property, security, and that of the Exchange, to facilitate the integrity of our market in a fair and equitable manner and to mitigate risk to you and the Exchange.
- The Exchange may disclose personal information to help the Exchange improve its services to you. In that regard, the Exchange may engage another entity, such as its Designated Clearing Organization (“DCO”), to help the Exchange carry out certain internal functions including, but not limited to, Participant processing, fulfillment, retention requirements or other data collection activities relevant to our business with you.
- The Exchange may, if and when appropriate, disclose Participant information to a purchaser of its capital stock, business or assets or to an affiliate-successor.
- The Exchange may use personal information should you decide to participate in certain promotions and special offers due to the fact that the promotion may require the Exchange to gather and share your personal information, such as supplying personal information to the promotion sponsor, which may be a third-party or the Exchange’s affiliate company. For example, it is common practice for a referral program to require that the Exchange provide your name as a reference to a prospective Member or Participant. You should understand that, if at any time, should you choose to purchase a product or service offered by another company, any personal information you share with the company would no longer be under the jurisdiction of this Policy.
All third-parties with which the Exchange shares personal information have their own privacy policies and, while they are expected to protect personal information in a manner that aligns, with the protocols described in this Policy, you should visit their website(s) to view their respective privacy policies.
In the event the Exchange proposes to share Community Member, Member or Participant information in a manner not covered in this Policy, it is the Exchange’s responsibility to notify you of this change by making an updated Policy available to you on the Exchange website, as well as, notifying you via email that an updated Policy is available for your review.
Can you opt-out of sharing personal information with non-affiliated third-parties for marketing purposes?
The Exchange does not share information with non-affiliated third- parties for marketing purposes unless the Exchange has record of your prior consent. You may respectively decline to share your information if and when there is a time that the Exchange requests your consent before disclosing any information to a non-affiliated third-party.
Can you opt-out of receiving marketing information?
Yes. If you opt-out of marketing emails regarding news about new products and services, the Exchange will always honor your request. However, from time to time, the Exchange needs to send you certain notifications that contain important information about your business with the Exchange, such as changes to your information provided to the Exchange, and due to the important, sometimes time-sensitive, nature of these notifications, we cannot prevent the delivery of these message(s) via an opt-out service.
If you want to opt-out of receiving all direct marketing communication from the Exchange, you can send an email to email@example.com with the word “Unsubscribe” in the subject line. You will receive an email confirming your desire to opt-out of all direct marketing communication from the Exchange.
Should you unsubscribe from all direct marketing communications, you acknowledge that you are no longer going to be notified of additional product and service offerings or inquiries. An opt-out election must be made for each business relationship maintained by the Exchange.
In accordance with Commodity Futures Trading Commission (“CFTC”) Regulation 38.7, information collected for the purposes of fulfilling its regulatory requirements will not be used for business or marketing purposes unless the person from whom the data is collected clearly consents of the data being used in this manner.
The Exchange is not responsible for the privacy policies or the content of websites to which the Exchange links. The Exchange has no governance over the use or protection of information provided by you when visiting those websites, nor any control over the information collected by those websites.
How does the Small Exchange protect your personal information?
The Exchange takes the safety of all data submitted to the Exchange very seriously and employs industry standard and commercially reasonable measures to ensure that data is protected from being accessed by any unauthorized persons. Any access to personal information by Exchange employees is strictly controlled and audited. The Exchange utilizes multiple layers of firewalls, network segregation, intrusion prevention, and password policies to work to prevent a security breach or violation by unauthorized parties.
The Exchange website requires a secure layer authentication. A person authorized to utilize the Exchange’s website or Trading Systems must log in with their credentials to access their information or access the systems provided by the Exchange. The credentials are transmitted directly to the Exchange’s Trading Systems without any intermediate storage in the web application.
Any communication between employees of the Exchange and a Community Member, Member, or Participant regarding sensitive, private information requires authentication of identity.
All communications with the Exchange website or Trading Systems are encrypted with Transport Layer Security and sent over a secure channel. All controls may be updated as technology becomes available or as appropriate.
How does the Small Exchange use information collected from cookies and/or other tracking techniques?
PII or otherwise sensitive, private information (such as Exchange Identifying Number, username or password) are not contained in the cookies used by the Exchange.
You and the Exchange may use both session cookies, which expire once you close your browser, and persistent cookies, which stay on your computer until you delete them, to provide you with a more personal and interactive experience with the Exchange.
The Exchange utilizes cookies for marketing purposes, to collect information about participant’s identities as they interact with the website and systems of the Exchange, and to manage personalized settings on the website or systems. Cookies provide a convenience factor for the Exchange’s website and system’s users by creating a more streamlined login process and preserving a personalized user experience between sessions. The information collected from cookies is used to improve the functionality of the Exchange systems by avoiding duplicate data entry, when appropriate, facilitating navigation, increasing the relevance of content and enhancing security.
You can set your browser to alert you when a cookie is being used, the duration of the cookie, and to inform you of where your information is being returned. You then have the opportunity to accept or reject the cookie. Additionally, you may set your browser to refuse all cookies or accept only cookies returned to the originating servers.
Persistent cookies can be removed by following your Internet browser’s help directions. You may generally disable the cookie feature on the browser without affecting their ability to use the Exchange website or systems; however, there are exceptions where cookies are used as an essential feature to allow the successful completion of a desired action. Disabling cookies may limit your use of the many convenience features offered by the Exchange.
The Exchange may share website usage information about visitors to approved and reputable advertising companies for improved targeting on the Exchange website and on other sites. For this purpose, pixel tags may be used to note the pages you have visited. It should be noted that information collected by the advertising companies through the use of these pixel tags is not PII, and that the advertising companies have their own privacy policies.
To improve the Exchange website, systems and services offered to you, the Exchange may use a third-party to track and analyze usage, traffic volume, and other statistical information, such as page requests, your initiated actions, and click through paths. The data that is collected for the purpose of tracking and analyzing behavior on the website and through the use of Exchange products is property of the Exchange.
Can Members and Participants update their information?
You can review, change or correct any of your PII at any time. You are responsible for maintaining the accuracy and completeness of the information provided to the Exchange. We strongly encourage you to review your information regularly to ensure it is up to date.
If you have any questions regarding the information you have provided to the Exchange or believe there to be incorrect information, please have your administrator log into the website to make the changes or contact the Exchange support team at firstname.lastname@example.org or (312) 858-6990.
What if there are changes to this Policy?
The Exchange reserves the right to modify this Policy at any time. Therefore, the Exchange encourages you to review it frequently. If the Exchange makes changes to this Policy, the Exchange will post the updated Policy to the website www.thesmallexchange.com. The Exchange will note the month and year of the most recent Policy in the document footer.
Your rights regarding your personal information under European Union law
To the extent required by applicable law, in our capacity as the controller of your PII, we will also provide you with the opportunity to be informed of whether we are processing your PII and at any time to access, correct, update, oppose, delete, block, limit or object to our use of your PII.
The foregoing rights will be afforded to you free of charge (except to the extent that your requests are manifestly unfounded or excessive, in which case, we may charge an administrative fee or refuse to meet your request).
Please note that legal obligations that apply to our business – for example, financial regulations that apply to our EEA Regulated Business - may prevent us from immediately deleting parts of your information. To exercise your rights, please contact us at email@example.com or (312) 858-6990.
To prevent fraudulent activity, we may require you to authenticate your identity when you contact us. We will try to comply with your request as soon as reasonably practicable and within timeframes required by applicable law. Please note that in some instances, due to the nature of the information that we receive, we may require you to provide additional information that will help us identify which information is yours.
For requests subject to the European General Data Protection Regulation (GDPR”), we will respond to your request within one (1) month of our receipt of it. We may extend this period by two (2) further months taking into account the complexity of your request or the number of requests that we have received; we will inform you of any such extension within one (1) month of receiving your request along with the reasons for the delay and information about your right to file a complaint with the supervisory authority.
The following sets out a summary of your rights to the extent that your PII is processed subject to the GDPR:
- Right to access, rectification, erasure and restriction of processing. You have the right to request:
However, there might be requirements under applicable law, or other compelling reasons, that prevents us from immediately erasing your PII. In such case, we will stop using your PII for any other reasons than to comply with the applicable law, or the relevant compelling reason.
- Right to restrict processing. This means that we temporarily restrict the processing of your PII. You have the right to request restriction of the processing when:
We will take all reasonable and possible actions to notify any recipients of your PII regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you with which third-parties we have shared your PII.
- Right to object to processing. You have the right to object to the processing of your PII based on our legitimate interest. If you object to such processing, we will only continue with the processing if we have a compelling legitimate reason for the processing that outweighs your interest, rights or freedoms, or if continued processing is necessary for the establishment, exercise or defense of a legal claim.
- Right to portability. You have the right to receive certain of your PII in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. You only have this right when your personal data is processed by automated means and our legal basis for the processing is performance of a contract between you and us.
Right to lodge a complaint. You have the right to lodge any complaints regarding our processing of your personal data with the supervisory authority.