Menu
EDX Markets Holding Company Inc and its wholly owned U.S. subsidiaries: EDX Clearing LLC, EDX Markets LLC (collectively “EDX”, the “Company”, “us” , “our” or “we”) have created this Privacy Notice and Policy in order to demonstrate our Company’s commitment to the privacy of a) users of a EDX website (“users”); b) EDX customers and prospective customers; c) EDX participants, members, users and such persons’ associated persons and representatives; and d) any other individuals from whom EDX collects personal data during the course of its business activities. This Privacy Notice and Policy describes the personal data we collect, how EDX uses your personal data, with whom we may share such data and how you can contact EDX, access your personal data and exercise your rights regarding EDX’s use of your personal data. Your personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes, in accordance with this Privacy Notice and Policy and applicable data protection laws to which EDX is subject. By using or accessing our website, registering with EDX, and to the extent required or permitted by applicable law, you signify your acknowledgment and assent to EDX collecting and processing information about you in accordance with this Privacy Notice and Policy.
When We Collect Data
We may obtain personal data from you when you use or access our website, attend EDX sponsored events, subscribe to EDX communications or educational opportunities, access EDX facilities, apply for employment with EDX, become a control person or an ultimate beneficial owner of one of EDX’s entities and are required by law to provide
information about you for regulatory purposes, or apply to become a customer of EDX. We may also obtain your personal data from third parties, including third-party partners, applications, advertising networks, government agencies, regulatory bodies, and other market research data companies and organizations. Your personal data may also be obtained for authentication and security purposes in accordance with applicable law.
Based on the specific products, services, business relationship, or websites involved (as well as requirements under applicable law), EDX may collect the following categories of personal data on our own or from third parties about you in accordance with applicable law.
Identity Data: includes first name, last name, username, social media username, photograph, employment, career or professional history, education background, passport or government-issued identification information, or similar identifiers.
Contact Data: includes address, e-mail address, mailing address, business contact information, and telephone number.
Transaction Data: includes bank account, financial holdings information, and details about trades, positions, and other details of services that EDX provides to you, as a customer.
Technical Data: includes internet protocol (IP) address, your login data, browser type and version, cookies, log files, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access EDX websites and online services.
Profile Data: includes your username, password, preferences, or feedback responses.
Usage Data: includes statistical data, analytics, trends, and usage information about how you use our systems, products, and services, such as activity logs and other aggregated quantitative data.
Marketing and Communications Data: includes your preferences in receiving marketing from EDX and your communications preferences.
EDX may also collect, use, and share aggregated data such as statistical or demographic data, which may be used and processed after you cease your relationship with us. Aggregated data derived from your personal data is not considered personal data as this data is anonymized and does not directly or indirectly reveal your identity.
At times, EDX may collect and handle sensitive personal data. EDX will only collect sensitive personal data as permitted by applicable law including, where necessary, with an individual’s consent.
Identifiable Data: includes criminal history for the purpose of evaluating individuals who can access EDX facilities/systems and/or control persons and race/racial origin for the purposes of facilitating these background checks.
Except as otherwise provided in this Privacy Notice and Policy, the following discloses our data processing and dissemination practices.
EDX values your privacy and processes your personal data, as a data controller, in accordance with applicable data protection laws. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
EDX will only collect and process personal data about you where there is a lawful basis to do so. Lawful bases may include:
Consent: EDX will use or process personal data where the data subject has given consent to the processing of their own personal data for one or more specific purposes. EDX may use or process your personal data for direct marketing when you expressly consent to receive direct marketing communications via e-mail. You have the option to withdraw your consent at any time. If you no longer wish to receive marketing communications and to withdraw your consent, please see the “Choice/Opt-Out” section below.
Contractual Obligation: EDX may use or process personal data where processing is necessary for the performance of a contract.
Regulatory Obligation: We will use or process personal data as necessary for compliance with a legal or regulatory obligation to which we or our affiliates are subject. This includes using or processing personal data for: (a) defense of claims and satisfying any government reporting obligations and requests, (b) compliance monitoring; and (3) to identify, investigate, and prevent fraud and other criminal threats or activities.
Legitimate Interests: We will process your personal data for any of our other legitimate interests not described above. These include analyzing use of our website or services, tailoring website and news content, setting preferences in our website or electronic mailings, improving our websites, offering, and managing programs and events, assessing what products and services may be of interest to individuals, fulfilling our obligations to our clients and others, and managing our client and vendor relationships.
We use your personal data only for the purposes explicitly stated in this Privacy Notice and Policy. Should we use or disclose your personal data for any purpose that is additional to or different from the originally specified purpose at the time of collection, the new use is fair, lawful, and transparent and fulfills lawful basis and notice requirements dictated by applicable law and as noted above.
To the extent required by applicable law, each purpose for the processing of personal data is substantiated by lawful basis for processing. EDX processes your personal data for certain purposes which may include some or all of the following:
communications from you or in your interactions with EDX websites and online services
Use of an EDX website may involve the collection of personal data by EDX. There are also cases where users may be asked for personal data on an EDX website. For example, online surveys may be occasionally conducted to better understand the needs and profiles of EDX website users. Our online surveys may ask users for demographic and profile data such as zip code, age, and income level. In addition, personal data is requested if you voluntarily register to receive additional information about EDX or sign up for EDX products and services. Voluntary EDX website registration forms may request user personal data such as name, mailing address, and/or e-mail address. Registered users of EDX websites may have certain “opt-out” choices which are described in the choice/opt-out section below.
EDX will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the business function for which such access is granted. No authorization will be extended to access personal data for personal purposes.
EDX does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, personal data to third parties for monetary or other valuable consideration. From time to time, your personal data may be processed on our behalf by, or shared with, EDX affiliates and other unaffiliated parties (collectively “third parties”). Third parties who process your data may include lawyers, auditors, agents, suppliers, vendors, service providers, contractors who provide any services to EDX, business partners, governmental and judicial bodies, and regulatory agencies as well as any other persons and corporate entities to whom EDX is obliged to disclose such information under applicable law. For data transfers from the EEA to third parties outside of the EEA, EDX relies on appropriate safeguards, as defined in
GDPR, and as approved by the European Commission, to provide an adequate level of protection.
Select third party providers which may process your personal data may be found in the “Service Providers” section below.
EDX may transfer your information to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries, or other assets. To the extent permitted by applicable law, we may share information with a prospective buyer or transferee of the business as part of the diligence process. We require any such third party to maintain the confidentiality of your information and protect it with appropriate technical and organizational security measures.
Where required, EDX has implemented appropriate cross-border transfer mechanisms to provide adequate protection for transfers of certain personal data. To the extent permitted by applicable law, by using our sites, and providing us information about you, you consent
to the international transfer of information about you to our subsidiaries, controlled companies, affiliates, vendors, business partners, and select service providers. EDX may also disclose your information to international regulatory and government authorities as required by applicable law.
EDX is responsible for the processing of personal data it receives under applicable law, and subsequently may transfer it to third parties acting as agents on our behalf. EDX maintains contracts with these third parties that restrict their access, use, and disclosure of personal data. Contractual arrangements and/or other applicable law govern liability for EDX and third-party engagements.
In certain situations, EDX may be required to disclose personal data in response to lawful requests by public authorities, such as to meet national security requirements, in response to a subpoena, when requested from a governmental, regulatory body or law enforcement agency or any other forum of competent jurisdiction, or to respond to any emergency situation.
EDX shall exercise reasonable precautions to safeguard and secure personal data retained by EDX. We hold all information securely, at a secure location on our computer systems and databases (which may be hosted by a third party on our behalf). EDX has security protections in place that help to protect against the loss, misuse, and alteration of the data under our control. Security protections use technology consistent with current industry standards. EDX periodically tests the security protections of its information systems and monitors the effectiveness of its information security controls, systems, and procedures. EDX takes reasonable steps to review third party processors of personal data to ensure those third-party processors exercise effective data security protections, in accordance with relevant laws.
Although we take proper measures to safeguard against unauthorized disclosures of data, no assurances can be provided that personal data that we collect will never be disclosed in a manner that is inconsistent with this Privacy Notice and Policy.
EDX will retain your personal data for as long as your account, membership, customer relationship, or any other business relationship with EDX, as applicable, is active, or for a reasonable period needed to provide you with products or services or for longer time periods to comply with applicable laws and regulations. EDX may retain your data after you cease your relationship with us. Your personal data may be aggregated for statistical use, as permitted by applicable law. Aggregated Data derived from your personal data is not considered personal data as this data is anonymized and does not directly or indirectly reveal your identity.
Personal data may be retained for the period necessary to fulfill the purposes outlined in this Privacy Notice and Policy and as otherwise needed for legal, regulatory, or litigation purposes, as may be required under applicable law or internal policies. If you wish to cancel your account or request that we no longer use your personal data to provide you with products or services, contact us using the contact information provided below.
EDX websites may log IP addresses and browser types for administrative purposes, including logging the IP addresses associated with each post to or use of an EDX website. Such logs may be reviewed in order to improve the user experience and to improve the
materials and content available on the EDX website. In addition, such information may be used for information security-related activities in connection with performance monitoring, investigations, questions, claims, or complaints relating to use of an EDX website.
When you use an EDX website, EDX and third-party service providers may use “cookies.” Cookies involve placing small files/code on your device or browser that serve several purposes, such as remembering your preferences (e.g., language) and improving your experience on EDX websites. Specifically, we may use such technology for purposes such as to:
You can set your browser to notify you when you receive a cookie, giving you the opportunity to decide whether to accept it. You may continue browsing an EDX website even if you decide not to accept the cookie, however certain capabilities of EDX websites may be impaired. This Privacy Notice and Policy covers the use of cookies by EDX websites and does not cover the use of cookies by any service providers to EDX websites. [See also the “Select Service Providers” section below.]
EDX websites are not targeted for use by children under the age of 16. We do not target any of our products or services for use by children.
EDX may collect limited data of individuals under 16 years of age with verified parental consent for the limited purpose of processing beneficiary information related to accounts held by customers, participants, or members. Parents may access, edit, or erase this data by contacting us using the information provided in the “Access to Personal Data” section of this Privacy Notice and Policy.
EDX websites may provide links to other external websites, including third-party websites with which EDX partners to provide non-targeted advertisements. The listing of a link by EDX should not be construed as an approval of such websites’ content, or as an indication of the value of any claims, recommendations or other information contained therein. EDX website users should be aware that EDX has no control and is not responsible for the contents or privacy practices of any linked website or any link on a linked website. EDX urges our users to be aware of when they exit the EDX website and to carefully read the privacy statements of each linked website that collects personal data. This Privacy Notice and Policy is applicable only to data collected by an EDX website.
If you choose to update or delete personal data previously provided to EDX, to the extent allowed by law, EDX will endeavor to correct, update, or remove the personal data being maintained by EDX. You can do this by contacting us via e-mail to
[email protected] or at the contact points specified below. EDX will respond to your request(s) within the timeframes required by law.
Subject to local law(s), you may have certain rights regarding personal data we have collected about you. Verifiable requests made pursuant to your jurisdiction’s respective privacy laws may be submitted via mail to [email protected]. To help protect your privacy, EDX takes reasonable steps to verify your identity before granting access to your personal data or responding to your requests.
EDX websites provide registered users with the opportunity to opt out of receiving communications from us at the point where we request data about the user. If you opt in, EDX may (1) share the data with those organizations with which EDX has a direct or indirect business relationship; (2) use the data for its own internal purposes, or (3) contact you for market-related research.
If you prefer not to receive traditional mail or other off-line promotions from EDX or from organizations with which EDX has a direct or indirect business relationship, send an e-mail
to [email protected]. Please include your full name and mailing address. To unsubscribe by postal mail, please write to one of the mailing addresses listed below.
To remove yourself from any EDX e-mail lists, please click on the “update your preferences” or “unsubscribe” options located at the bottom of any EDX marketing e-mail. To unsubscribe by postal mail, please write to one of the mailing addresses listed below.
Alternatively, to remove yourself from any EDX e-mail lists, you may send an e-mail to [email protected].
If you have any other questions about opting out of any communications from EDX, send an e-mail to [email protected]
Please also refer to the jurisdiction-specific data subject rights section applicable to you below.
To the extent provided for under GDPR, effective May 25, 2018, if you are a data subject in the European Union you are entitled to access your personal data; obtain information on the processing of your personal data; have your personal data rectified or erased or their
processing restricted; or exercise your right to data portability. You also are entitled to withdraw any consent that you might have given to the processing of your personal data, including any consent for any direct marketing purposes with future effect. These are known as “Data Subjects Rights.”
If you would like to exercise your Data Subjects Rights or learn more about the details of the processing of your personal data, please contact us via e-mail to [email protected]. EDX will respond to your request(s) as soon as reasonably practicable within the legally required period of time. To help protect your privacy, EDX takes reasonable steps to verify your identity before granting access to your personal data or responding to your requests.
If you are not satisfied with EDX’s response or believe that we are not processing your personal data in accordance with applicable law, please contact EDX’s Data Protection Officer using the contact information provided below. You also may contact or register a complaint with the competent supervisory authority or seek other remedies under applicable law.
EDX is committed to protecting the privacy of EDX customers in the United Kingdom (“UK”) and their personal data in accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”) and the Data Protection Act 2018 (“DPA”). EDX shall comply with all requirements of the UK GDPR and DPA alongside the terms of this EDX’s Privacy Notice and Policy. Where policy requirements differ between EDX’s existing Privacy Notice and Policy and the requirements of the UK GDPR and/or DPA, EDX will adhere to any additional obligations or higher standards of protection enforced by these laws for UK residents and their data.
EDX is committed to protecting the privacy of EDX customers in California and their personal data in accordance with the California Consumer Privacy Act of 2018 (“CCPA”) and California Civil Code Section 1798.83 Shine the Light Law (“STL”). EDX shall comply with all requirements of the CCPA and STL alongside the terms of this Privacy Notice and Policy. Where policy requirements differ between EDX’s existing EDX policies and the requirements of the CCPA and/or STL, EDX will adhere to any additional obligations or higher standards of protection enforced by these laws for California residents and their data.
EDX members and customers who are residents of California may request certain information about our disclosure of personal data and information to third parties for direct marketing purposes. To make such a request, please contact our Data Protection Officer with “Request for California Privacy Information” on the subject line and in the body of your message. We will comply with your request within thirty (30) days or as otherwise required by statute. EDX will not discriminate against you for exercising your rights under the CCPA.
EDX is committed to protecting the privacy of EDX customers in Singapore and their personal data in accordance with Singapore’s Personal Data Protection Act (“PDPA”). EDX shall comply with all requirements of the PDPA alongside the terms of this EDX Privacy Notice and Policy. Where policy requirements differ between this EDX’s Privacy Notice and Policy and the requirements of the PDPA, EDX will adhere to any additional obligations or
higher standards of protection enforced by the PDPA for Singapore residents and their data.
EDX is committed to protecting the privacy of EDX customers in Hong Kong and their personal data in accordance with Hong Kong’s Personal Data Ordinance (“PDPO”) and other relevant privacy laws. EDX shall comply with all requirements of the PDPO alongside the terms of this EDX Privacy Notice and Policy. Where policy requirements differ between this EDX’s Privacy Notice and Policy and the requirements of the PDPO, EDX will adhere to any additional obligations or higher standards of protection enforced by the PDPO for Hong Kong residents and their data.
EDX is committed to protecting the privacy of EDX customers in Japan and their personal data in accordance with Japan’s Act on the Protection of Personal Information (“APPI”) and other relevant privacy laws. EDX shall comply with all requirements of the APPI alongside the terms of this EDX Privacy Notice and Policy. Where policy requirements differ between this EDX’s Privacy Notice and Policy and the requirements of the APPI, EDX will adhere to any additional obligations or higher standards of protection enforced by the APPI for Japan residents and their data.
Personal data of EDX customers in Japan may be shared with the Company’s affiliates.
To demand disclosure (access), correction, addition, utilization cease, erasing, or deletion of your personal data, please send a request to [email protected]. Please note that EDX may charge you a reasonable fee for processing data access requests.
If you have any comments of complaints relating to a possible breach of the APPI, please e-mail EDX at [email protected] or contact Personal Information Consultation Office of Japan Securities Dealers Association (Phone: 03-6665-6784, website: http://www.jsda.or.jp)
Please refer to the website of the Personal Information Protection Commission (https://www.ppc.go.jp/) for information about how personal information is protected based on what jurisdiction EDX is located.
EDX reserves the right to disclose personal data in special cases, when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury or interference with (either intentionally or unintentionally) our rights or property, other EDX website users, or anyone else that could be harmed by such activities. We may also disclose personal data without notice to you in response to a subpoena, or when requested from a governmental, regulatory body or law enforcement agency or any other forum of competent jurisdiction when we believe in good faith that such disclosure is required, or to respond to any emergency situation.
We may share your information with third party service providers who perform functions on our behalf. We do not authorize these third parties to use your information for purposes other than the purpose(s) for which it has been provided, and we do not authorize these third parties to disclose or distribute your information to unauthorized parties. All of our service providers are subject to our due diligence process to ensure they maintain appropriate security to protect your information from unauthorized access or processing.
EDX reserves the right to update or change this Privacy Notice and Policy or any part of it from time to time without prior notice. EDX encourages you to review this Privacy Notice and Policy periodically for changes. You may at any time contact us to request a copy of this Privacy Notice and Policy.
If you have any questions about this Privacy Notice and Policy or our privacy practices, please contact us at [email protected] or by writing to us at:
EDX Markets Holding Company Inc. and EDX Markets LLC
33-41 Newark Street, 5th Floor, Hoboken, New Jersey 07030
EDX Clearing LLC
200 West Madison, Suite 1450, Chicago, Illinois 60606
