DMIST Privacy Statement

The Derivatives Market Institute for Standards (“DMIST” or “us” or “our”) is a standards body in the exchange traded and cleared derivatives industry.  DMIST was formed to encourage widespread adoption of standards in the exchange traded and cleared derivatives industry that will help make markets more efficient, resilient, and competitive for all.  This Privacy Statement describes the personal data processing and protection measures undertaken by DMIST in servicing the industry.

This Privacy Statement does not address our data processing in connection with employment matters. We provide a separate privacy notice to job applicants and employees.

We collect personal information (also known as "personal data") from our participants, representatives, industry contacts, stakeholders, and visitors to our websites (collectively, “constituents”). The information we collect is primarily the data you provide directly to us and is used in connection with our mission.

We conduct the following types of activities to carry out our mission:

• advocate on behalf of our constituents;
• conduct research;
• educate through conferences, webinars, and e-learning programs;
• provide access to written resources, databases of information, collections of materials, and documentation;
• create opportunities for constituents to participate in our numerous board(s) and/or working groups;
• distribute information about the industry and DMIST services and activities through our communications, publications, and our websites;
• provide a venue, at conferences and other meetings, for constituents to meet, network, and learn about service providers, vendors, and innovators who support the industry; and
• facilitate communication among constituents and staff, including by providing member directories.

These and related activities form part of our core mission.

We collect and process personal information to carry out our mission and to fulfill your requests. We process personal information consistent with our commitment to fair and transparent information practices and our legitimate business interest in furthering our mission.

More information about our data practices is available at these links:

1. DEFINITIONS
2. WHEN DO WE COLLECT PERSONAL INFORMATION, AND WHAT TYPE OF INFORMATION IS COLLECTED?
3. HOW DO WE USE THE INFORMATION WE COLLECT ABOUT YOU?
4. ENTITIES WE SHARE YOUR PERSONAL INFORMATION WITH
5. HOW WE STORE YOUR PERSONAL INFORMATION
6. HOW WE PROTECT INFORMATION YOU GIVE US
7. CONSENT TO RECEIVE DMIST COMMUNICATIONS AND MANAGEMENT OF PERSONAL INFORMATION
8. CAN I HAVE MY INFORMATION UPDATED, CORRECTED, OR DELETED?
9. FOR RESIDENTS OF THE EUROPEAN UNION ANDTHE UNITED KINGDOM
10. FOR RESIDENTS OF OTHER COUNTRIES
11. RETENTION OF PERSONAL INFORMATION
12. COOKIES
13. OTHER WEBSITES
14. CHANGES TO OUR PRIVACY STATEMENT
15. HOW TO CONTACT US
16. APPLICABLE LAW

1. DEFINITIONS

The words “using” and “processing” include, but are not limited to, collecting, storing, evaluating, modifying, deleting, combining, disclosing, and transferring information.

“Personal information”  or "Personal Data" is any information that can be used to identify an individual or an identifiable individual and may include, but is not limited to, your name, physical address, email address, phone number, member number, passport number or another national identifier (for security at conferences, as an example), gender, login information, marketing preferences, company affiliation, job title or function, profession, committee membership, zip code, IP Address, photo, or payment card information. Personal information can also include information that does not identify you directly but could be combined with other information in a way that enables you to be identified.

“Non-personal information” is information that cannot be used or combined with other information to identify or contact you, including browser types, domain names, and statistical data involving the use of our website.

“Affiliate” means any person or entity which DMIST directly or indirectly controls, or is controlled by, or is under common control with, whether by ownership or otherwise.

2. WHEN DO WE COLLECT PERSONAL INFORMATION AND WHAT TYPE OF INFORMATION IS COLLECTED?

We may collect personal information (see the definition above) when you or a representative acting on your behalf:

• Apply for participation in DMIST (or the organization that you represent applies for participation and supplies your contact details);
• Register, subscribe, or request to be added to one of our events, publications, or services;
• Volunteer for our activities, including with a working group or an affiliate of DMIST;
• Contact us for information about us or our products or services;
• Become a service provider to the organization;
• Wisit our website; or
• Otherwise provide personal information to us.

We may collect any personal information necessary for legitimate business purposes.  We will use this information consistent with the reasons for its initial collection and consistent with our mission.

We may also collect personal information from trusted third-party sources and engage third parties to collect personal information to assist us. See below for more information under “Other Entities.”

DMIST collects personal and non-personal information from its websites through the use of cookies and log files. More information about how we use cookies and how to disable them is available here.

When we receive your personal information from someone who reasonably purports to be your representative or acting on your behalf (for example, someone at your firm or an affiliated firm), we assume the transmitted information was authorized, consistent with applicable law and your firm's corporate policies.

3. HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT ABOUT YOU?

DMIST respects the privacy of our constituents. Personal information, such as names, email addresses, telephone numbers, and other volunteered contact information, is treated appropriately in view of our mission.

We process personal information to carry out activities that advance our mission.  In addition,  DMIST may use your personal information for operational, legal, administrative, and other purposes permitted by applicable law. The activities include:

• fulfill our obligations as a participant-driven standards body, such as alerting you to our meetings, events or activities and providing you with publications or news alerts;
• monitor participation and performance in our meetings and programs;
• answer your questions;
• manage board(s) and working group(s);
• manage all billing processes;
• provide participant administrative services;
• report results or progress in connection with our initiatives;
• provide participant directories;
• offer and support requested services;
• analyze and monitor the use of our services and websites;
• offer you other related products and services;
• communicate for marketing or other participant communication or satisfaction purposes;
• invite you to participate in mailings or other events, which may include surveys or participation in industry initiatives that we announce from time to time; and
• support our legal and compliance obligations. 

The legal basis for processing this information is primarily legitimate business interest, fulfillment of a transaction or contract, or consent in appropriate circumstances.

4. ENTITIES WE SHARE YOUR PERSONAL INFORMATION WITH

To carry out our mission, we may share personal and non-personal information with certain third parties.

Affiliated Entities

We may share your information with an affiliate, including the Futures Industry Association (“FIA”) and the Institute for Financial Markets (“IFM”), or any service companies performing business and administrative operations on our or an affiliate's behalf. For example, DMIST may share personal information to make it possible for a DMIST participant to attend an FIA event or to receive communications about IFM’s products or services.

Third-Party Service Providers

We may also share your information with third-party service providers as necessary to carry out our mission and legitimate business functions. These service providers may include: database management platforms, credit card processors, data storage, and web-hosting companies. Our policy is to prohibit service providers from using your personal information for any reason other than to facilitate or support DMIST’s or an affiliates’ business.

Event Attendees

Should you register for or attend one of our or our affiliates’ conferences, programs, or events, DMIST or its affiliates may share your personal information with current or prospective attendees, sponsors, or exhibitors as part of a registration roster or interactive mobile application. DMIST and its affiliates limit such information to your name, title, firm and/or office location, unless we have received affirmative consent to share additional personal information. We do not retain control over the processing of such information by these third parties. Accordingly, they may process the data at their discretion and as permitted by applicable law, including their own commercial and marketing purposes.

DMIST or its affiliates may take photos and recordings of our conferences, events, and programs and those in attendance.  We will use the recorded media and/or photos to publicize the conference, event, or program. We may also post the recorded media and/or photos on our website, to social media, or other public forums. We consider your attendance at our conferences, events, and programs as evidencing your consent to our use of such recorded media and photos.

Aggregated, Non-Personally Identifiable Information

We reserve the right to disclose aggregated, non-personally identifiable information collected from our constituents to third parties for any purpose. 

Other Entities

We also may disclose your personal information to:

• compilers of participant directories;
• payment networks and the members of such networks;
• courts, independent auditors, law enforcement agencies and other governmental authorities, bodies or agencies in response to subpoenas, to prevent fraud, or during an audit or examination, or as otherwise required by law or requested by competent authorities;
• collection agencies, credit reporting agencies, business credit bureaus, or other parties associated with collecting any debt owed to us;
• service providers that support our human resources, accounting, and payroll departments; and
• entities or persons to whom we transfer the whole or any part of our business or services.

Our policy is to prohibit service providers from using or disclosing your personal information for any purpose other than to provide the products or services for which DMIST or an affiliate contracted with them or as required by law.

5. HOW WE STORE YOUR PERSONAL INFORMATION

We transmit, collect, and store your personal information in all jurisdictions where we or an affiliate have offices to enable us to provide services and benefits.   At present, DMIST and its affiliates have offices in the United States, the United Kingdom, Belgium, the Netherlands, and Singapore, as well as an affiliated entity in Japan. Potential data processing sites include jurisdictions (such as the United States and Japan) that do not have data protection laws as strict as other jurisdictions in which we operate (such as the United Kingdom, Belgium, and Singapore).

As a global organization, we understand our obligations under the jurisdictions' data protection and privacy laws in which we operate.  We seek to conform to data protection and privacy best practices and international guidelines.

DMIST (via its parent company FIA) implements organizational and security measures that it believes are appropriate to safeguard your personal information.

6. HOW WE PROTECT INFORMATION YOU GIVE US

DMIST and its affiliates restrict your personal information to those employees who need to know that information. We have implemented appropriate technical and administrative processes to protect personal data commensurate with the sensitivity of the information collected. Recognizing that technology is continually developing, we implement new procedures and technology improvements, as appropriate, to further safeguard your personal information.

7. CONSENT TO RECEIVE DMIST COMMUNICATIONS AND MANAGEMENT OF PERSONAL INFORMATION

We want to inform you by email, mail, or telephone about our services and events that may interest you using the contact information you provide us. We find that our constituents expect to receive information on our range of services.

If you or your representative provides us with your contact information, we treat that as an affirmative act that evidences your consent to send you information about DMIST’s services and events and any other correspondence that a person would reasonably expect to receive from a participant-focused standards body and its affiliates.

You may request at any time that we cease contacting you regarding any services or offerings.

Additionally, you may ask, subject to our business needs and legal obligations, that we not share your contact information with third parties in connection with our events and services. 

Additionally, you may request that we remove your name from our system or amend or update inaccurate or stale data in our system. Our ability to honor that request is subject to our legal obligations and our business needs.

Also, you may at any time rescind any consent(s) you have previously provided regarding our processing of your personal information.

Any such requests can be made by any of the methods set out below in the HOW TO CONTACT US Section.

8. CAN I HAVE MY INFORMATION UPDATED, CORRECTED OR DELETED?

We strive to make sure that our information is reliable, accurate, and current. While personal information is maintained by DMIST, you may access your personal information as permitted by law to ensure that it is accurate.

In particular, you may request that we update, correct or delete the personal information maintained about you on our systems (subject to our data retention policies, described in the following section).

To protect your privacy and security, we may take reasonable steps to verify your identity before making corrections. We will implement your request as soon as and to the extent reasonably and technically practicable. 

9. FOR RESIDENTS OF THE EUROPEAN UNION ANDTHE UNITED KINGDOM

The General Data Protection Regulation (GDPR), and the national equivalent in the UK, provide residents of those countries with certain rights in their personal information.  You have the right to access your information, and in some circumstances to correct or erase it.  You may also restrict or object to its use.  

EU and UK residents have the right to lodge a complaint with a data protection authority in an EU member state or in the UK.  For more information, please contact your local data protection authority.  

We respond to all requests from EU or UK residents wishing to exercise their data protection rights in accordance with applicable data protection laws. 

In the event we are unable to resolve any complaints you may have about our handling of your personal data, EU and UK residents have the right, under certain conditions, to invoke a binding arbitration.

10. FOR RESIDENTS OF OTHER COUNTRIES

If the laws of your country are not mentioned above, you may also have rights under your home jurisdiction’s laws to access, erase, correct, and move your personal data. For more information, please contact us at info@dmist-standards.org if you wish to exercise your rights.

You may have rights to file a complaint with a regulator in your jurisdiction if we do not adequately address your requests or concerns.  By contacting us at info@dmist-standards.org you may obtain a list of various data protection authorities who you may contact about enforcing your data rights.

RETENTION OF PERSONAL INFORMATION

DMIST will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements and legal obligations, resolve disputes, protect our assets, and enforce our agreements.

12. COOKIES

As with most websites, our websites may use small pieces of code called “cookies” to log certain information from each visitor to the sites. When you first visit our websites, we may send you a cookie. A cookie is a small file that can be placed on your computer’s hard drive for record-keeping purposes. The data collected is anonymized and gathered only on an aggregate basis. In general, we use cookies to help measure traffic to different parts of our websites, improve our content, and prevent malicious activity. More detailed information on our use of cookies is available in our cookie policy.

13. OTHER WEBSITES

Our websites may contain links to other websites. Our privacy policies and this Privacy Statement only apply to our websites. When you link to other websites, you should read their privacy policies.

14. CHANGES TO OUR PRIVACY STATEMENT

We will periodically review our privacy policies and update this Privacy Statement to reflect any material changes.

15. HOW TO CONTACT US

You may contact us if you have any questions about our privacy policies or the personal data we hold about you.  Contact information:

By email: 

info@dmist-standards.org

By mail: 

Attn: FIA Legal

Futures Industry Association

2001 K Street NW

Suite 725, North Tower

Washington, DC 20006

 17. APPLICABLE LAW

The laws of the United States, and, in particular, the State of New York, govern this Privacy Statement.

 © DMIST 2023. ALL RIGHTS RESERVED.