US - EU SAFE HARBOR PRIVACY STATEMENT
Intercontinental Exchange, Inc. (“ICE”) is committed to preserving personal privacy. As part of that commitment, ICE complies with the U.S.-EU Safe Harbor Framework administered by the United States Department of Commerce in consultation with the European Commission and self-certifies, on an annual basis, its adherence to the Safe Harbor Principles with respect to personal information within the scope of this Statement. For more information about the Safe Harbor Principles, please visit the U.S. Department of Commerce website at http://www.export.gov/safeharbor/.
This Statement applies to personal information received by ICE in the United States from the European Economic Area and Switzerland including, but not limited to, personal information collected in the context of the employment relationship of employees at ICE's European subsidiaries and personal information collected from customers of ICE.
"Agent" means any third party that processes, collects, or uses personal information pursuant to the instructions of, and solely for the benefit of, ICE, or to which ICE discloses personal information for use on its behalf.
"ICE" means Intercontinental Exchange, Inc. and all its wholly‐owned U.S. subsidiaries and affiliates, including NYSE Euronext, NYSE Governance Services, Inc. and ICE Futures U.S., Inc.
"Personal information" means information that identifies or reasonably may identify a natural person. Personal information does not include anonymized information or aggregate information to the extent an individual's identity cannot reasonably be derived from such information.
"Sensitive personal information" means personal information that reveals a natural person's race, ethnic origin, political opinions, religious or philosophical beliefs, criminal record, or trade union membership, or that concerns a natural person's sex life or health.
The privacy principles in this Statement are based on and shall be interpreted in a manner not inconsistent with the Safe Harbor Principles.
ICE will notify individuals about the purposes for which it collects and uses their personal information, the types of third parties to which it may disclose their personal information, the choices and means that it offers for limiting its use and disclosure of such personal information, and how individuals can contact ICE with any inquiries or complaints. ICE will provide such notice when individuals are first asked to provide their personal information or as soon as reasonably practicable thereafter, and before ICE uses or discloses the information for a purpose other than for which it was collected. ICE may provide notice through this Statement or other means.
Specifically, ICE uses human resources data received from the EU for managing personnel and personnel related matters. These matters include the following: recruitment, appraisals, promotions, career development, administering salary & payment administration (including reviews, wages and other awards such as stock grants and bonuses), health care plans, training, leave & transfers, managing employee work schedules, creating and maintaining internal employee directories for communications and emergencies. ICE Group Business Operations receives data from the EU for operating and managing the IT and communications systems, managing product and service development, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, and re-organizations or dispositions, supporting facilities management, and system access entitlement and de-entitlement; Compliance uses human resources data and employee provided data for purposes of : complying with legal and other requirements, such as income tax and national insurance deductions, record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaint or claim and complying with internal policies and procedures, and risk management activities; and Monitoring compliance with internal policies, including those applicable to the use of company resources, and the Code of Business Conduct, as permitted by applicable law. ICE also receives certain Client/Customer contact information such as name, email address, birth date (for identification purposes) mailing address, phone number(s), information about their business. ICE uses personal information concerning current, former, and prospective vendors and service providers to manage its supply chain and business administration activities. In addition, ICE may disclose personal information to vendors, suppliers, contractors, and service providers who assist ICE in meeting compliance obligations.
ICE will offer individuals the choice to opt out of having their personal information disclosed to a third party that is not an agent or used for a purpose incompatible with the purpose(s) for which it was collected originally or subsequently authorized.
To the extent required by the Safe Harbor Principles, ICE will offer individuals the choice to opt in to having their sensitive personal information disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally or subsequently authorized.
In the event ICE transfers personal information to a third party that is not an agent, it will do so consistent with any notice provided to individuals and any choice they have exercised regarding such transfer. With respect to third party agents, ICE will transfer personal information only to agents that (1) have given ICE contractual assurances that they will afford a level of privacy protection to the personal information that is at least equivalent to the level of privacy protection required by the Safe Harbor Principles, (2) subscribe to the Safe Harbor Principles, or (3) are subject to EU Directive 95/46/EC or other law providing an adequate level of privacy protection.
Upon an individual's request, ICE will offer individuals reasonable access to their personal information and will afford individuals a reasonable opportunity to correct, amend, or delete inaccurate information. For security purposes, the individual may need to provide ICE with various pieces of personal information to process the request. ICE may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive under the circumstances or as otherwise permitted by the Safe Harbor Principles.
ICE will take reasonable measures including technical, physical, and administrative measures and training, as appropriate, to protect personal information from loss, misuse, and unauthorized disclosure, access, alteration, and destruction.
ICE will take reasonable measures to ensure that personal information is relevant for its intended use, processed in a way that is compatible with the purposes for which it was collected or subsequently authorized, reliable for its intended use, accurate, complete, and current.
ICE will conduct periodic assessments to confirm the accuracy of this Statement and verify its adherence to the Safe Harbor Principles. ICE will investigate suspected failures to comply with this Statement or the Safe Harbor Principles and will take all appropriate action to remedy any such issues.
Any questions, concerns, or complaints concerning the collection, use, or disclosure of personal information by ICE should be directed to its Legal Department at the address given below. ICE will conduct a reasonable investigation of and will attempt to resolve any complaints in accordance with the principles contained in this Statement. For complaints that cannot be resolved between ICE and the complainant, ICE agrees to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles. The contact information for the panel is:
European Commission, Directorate General Justice, Data Protection Panel
B-1049 Brussels, Belgium
T: (32-2) 299 11 11 / F: (32-2) 298 80 94
ICE's adherence to the Safe Harbor Principles may be limited by any applicable legal, regulatory, ethical, or public interest consideration, and as expressly permitted or required by any applicable law, rule, or regulation. Examples of such limitations include (1) exceptions to the opt-in requirements for sensitive personal information permitted by Commission Decision 2000/520/EC of 26 July 2000, (2) exceptions on access as permitted by Safe Harbor Principles, or (3) limitations under applicable European Economic Area member state directives. ICE also may disclose personal information reasonably related to the sale or disposition of all or part of its business. In addition, ICE reserves all rights to use public information or information as to which an individual has given explicit consent for use, consistent with the Safe Harbor Principles.
This Statement may be amended from time to time in accordance with the Safe Harbor Principles. Appropriate notice will be given concerning such amendments.
If an employee of ICE or of its European subsidiaries would like to access personal information maintained by ICE, the employee should make a written request to his or her local human resources representative. Otherwise, questions, concerns, or complaints concerning the collection, use, or disclosure of personal information by ICE pursuant to this Safe Harbor Privacy Statement should be directed by mail or electronic mail to the following address:
ICE Legal Department
Safe Harbor Inquiry
5660 New Northside Drive, 3rd Floor
Atlanta, GA 30328
Last Amended: July 14, 2015