Information about how this policy applies to our global company

As a global organization, different Nasdaq entities, products/services and Sites may be subject to different privacy laws based on where our entity operates, where the products/services are delivered and/or where you are located. For example, the European Union General Data Protection Regulation imposes certain requirements on some Nasdaq entities or services that are not applicable to all of our entities or services. Where this Privacy Policy states that a provision applies “to the extent required by applicable law,” such provision will be applicable only to the extent that Nasdaq is subject to legal requirements imposing it.

For purposes of data protection laws, except where this Privacy Policy does not apply, as described below, the Nasdaq entity that will be the “controller” of your Personal Data will be the entity that is contracted to deliver the products or services you (or the company for whom you are working or have a business relationship) are receiving or maintains the Site that you are using. You can identify the Nasdaq company that hosts a particular Site through the Site’s footer or “About” link. A list of Nasdaq’s different business locations is available here. Your Personal Data may be shared with other Nasdaq entities, as detailed in the “How we share your Information” section below.

To the extent required or permitted by applicable law, by visiting or using our Sites, you are consenting to us collecting and Processing information about you in accordance with this Privacy Policy.

Situations where this privacy policy does not apply

This Privacy Policy does not apply in situations where other purpose-specific privacy notices have been posted or Nasdaq is not operating as a data controller, including but not limited to, as set forth below:

• Information Processed by Nasdaq regarding its employees, contingent/contract workers or job applicants, which are covered by distinct relevant privacy policies.
• Information Processed by Verafin Solutions ULC and its subsidiaries and affiliates (“Verafin”), as part of the Nasdaq Verafin products or services, which is governed by the contractual terms and conditions between Verafin and the relevant contracting party or Verafin’s Service Privacy Policy (which applies to Verafin’s services in Europe).
• Situations where Nasdaq’s contract for delivery of products or services with your employer, financial services provider or other representative or intermediary prescribes additional restrictions/requirements on our use and Processing of Information.
• Situations where Nasdaq is delivering products or services as a “data processor,” “service provider” or such other similar term under applicable law, in which case the contractual terms and conditions between Nasdaq and the controller/contracting party shall govern.

In addition, to the extent applicable law conflicts with this Policy, this Policy will be deemed to be modified to the extent necessary to comply with such applicable law.

We collect and Process Personal Data that is reasonably necessary for us to provide the relevant product or service, business relationship and/or communication consistent with the nature of such product, service, business relationship and/or communication. Based on the specific products, services, business relationship or Sites involved as well as requirements under applicable law, we may collect the following categories of Personal Data that you or your representative (such as your employer, financial services provider, legal representative, company where you are an officer, director or significant shareholder) provide to us:

• Name (first and last);
• Email address;
• Social media username;
• Telephone number;
• Mailing address;
• Company;
• Title;
• Business contact data;
• Employment, company officer or director, or shareholder status;
• Social Security Number, Tax or National Identification Number;
• Date of birth;
• Trader identification, client identification, trading “short code” or other unique identifier used to identify you as trader, account owner or other participant in a transaction;
• Career or professional history and educational background;
• Financial holdings data;
• Your recorded voice (where you are advised in advance of the recording);
• Photograph or video recording;
• Communications based on our exchanges with you, including when you contact us;
• Payment data (e.g., bank account or credit card number);
• Username and password;
• Passport or government-issued identification data or identifiers (such as for investigations under our legal authority as a self-regulatory organization, security purposes when visiting our facilities and compliance with applicable laws including “know-your-customer” (KYC) regulations); and
• Any other Personal Data you or your representative volunteers on or provides access to via any or our Sites and/or any Nasdaq community forum, social media offering or blog, including, but not limited to, data related to your use of the Sites and interests in certain products or services.

If you create a Nasdaq account on one of our Sites, we may also collect the following Personal Data from, or about, you:

• Demographic data (such as your city, state, country of residence, postal code, and age);
• Billing address;
• Watchlist preferences and stock picks (e.g., stock symbols);
• Subscription status and preferences;
• User-generated content, such as photos, images, music, videos, comments, questions, messages, works of authorship, and other content or data that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes data on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes data that users can add or can have added to their content, such as keywords, geographical or location data, and other similar data;
• Survey responses; and
• Account details (such as the username and password that you may set to establish an online account on the Site, biographical details, interests, preferences, and any other data that you add to your account profile).

We may also automatically collect the following categories of information from devices (e.g., mobile, computer, laptop, tablet) used to visit or use our Sites (“Device Information”):

• Device data (such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area)
• Online activity data (such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them)
• Communication interaction data (such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails)

Some of the automatic collection described above is facilitated by the following technologies:

• Log files;
• Cookies;
• Clear gifs;
• Session-replay technologies; and
• Flash LSOs

For more information, please see our Cookies Policy (Click here to view our Cookies Policy).

Based on the specific products, services, business relationship or Sites involved (as well as requirements under applicable law), we may collect the following categories of Information on our own or from third parties about you in accordance with applicable law:

• Personal Data about you available in news feeds, exchange data feeds and other public data sources (including the public internet);
• Personal Data provided by relevant regulators, government agencies, self-regulatory organizations, financial service providers, and non-government credentialing or professional organizations;
• Personal Data related to your status under economic sanctions, anti-money laundering and similar laws or other information that may impact our ability to engage in business with you or a company at which you are an employee, officer or director or significant shareholder;
• Personal Data that you, your employer or other representative makes publicly available via your personal or company website or in social media profiles;
• Personal Data related to your professional activities (such as consulting to public retirement funds) that is contained in documents released by a governmental body under Freedom of Information Act, Open Government License or similar laws and regulations;
• Personal Data from event organizers for events that you have attended;
• Information obtained from third-party services, such as social media services, that you use to log into, or otherwise link to, your account on the Sites. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service;
• Personal Data related to your account or subscription on a third-party information service and data feeds available within your account on the Sites;
• Personal Data from companies providing professional contact details and related biographical and employment information to their customers/subscribers; and
• Other Information to the extent permitted by applicable law and reasonably necessary for the performance of our business obligations, compliance with laws applicable to our business or pursuit of our legitimate business interests.

The following is an overview of Nasdaq’s purposes for Processing Information. Often due to the nature of the product or service involved or the context in which the Information is used, it will be apparent how we intend to use the Information. Additional details about Processing related to a particular product or service may be separately posted on the relevant Site or contained in the applicable terms and conditions.

We may use the Information we collect for the purposes identified below. To the extent required by applicable law, each purpose for the Processing of Information is substantiated by one or more lawful bases for Processing. Unless otherwise identified with respect to a particular product or service, our Processing is done based of one or more of the following:

Provide you (or your employer/represented company) with our services and products

• Perform or enter into a contract
• Legitimate business interests
• Comply with a legal obligation
• Consent

Communicate with you about your (or your employer/represented company) accounts or use of our products, services and/or Sites, including our analysis of those communications (including of any recorded calls or other records of communications)

• Perform or enter into a contract
• Legitimate business interests
• Comply with a legal obligation
• Consent

Process transactions through one of our services including, but not limited to, Processing financial transactions initiated by your or your representative and maintaining your personal Nasdaq accounts

• Perform or enter into a contract
• Comply with a legal obligation

Comply with our obligations as an exchange, clearinghouse, broker-dealer, central shares depository, pension system administrator and/or other regulated/licensed business including, but not limited to regulations applicable to our EEA Regulated Entities such as, for example, the Markets in Financial Instruments Regulation

• Perform or enter into a contract
• Comply with a legal obligation

Perform transaction and regulatory reporting requirements under applicable law

• Perform or enter into a contract
• Comply with a legal obligation

Perform our obligations as a self-regulatory organization, trading venue and/or market operator including, but not limited to, conducting surveillance of issuers and trading activities, conducting disciplinary proceedings and reporting suspected to misconduct to regulators and other authorities

• Perform or enter into a contract
• Legitimate business interests
• Comply with a legal obligation

Monitor for security threats and fraud involving the use of our products, services, Sites or physical facilities

• Legitimate business interests
• Comply with a legal obligation

Monitor for compliance with economic sanctions, export control and other trade control restrictions applicable to our business

• Legitimate business interests
• Comply with a legal obligation

Monitor for compliance with preferential pricing and other benefits made available to individuals based on their professional status (such as being a non-professional trader)

• Perform or enter into a contract
• Legitimate business interests
• Comply with a legal obligation

Maintain your status as a representative of an exchange or clearinghouse member or certified advisor to issuers

• Perform or enter into a contract
• Comply with a legal obligation

Register or establish an account for you (or the company for whom you are an employee, officer or director) as a customer

• Perform or enter into a contract
• Legitimate business interests
• Comply with a legal obligation

Register you (or your employer/represented company) to receive services or materials through one or more of our Sites

• Perform or enter into a contract
• Consent

To the extent permitted by applicable law, identify you (or your employer/represented company) as a prospective customer for products or services and provide you with relevant information and/or invitations to events

• Legitimate business interest
• Consent

Manage our relationship with you (or your employer/represented company) as a customer, business prospect and/or information recipient

• Perform or enter into a contract
• Legitimate business interest
• Consent

To pursue or enforce our legal rights related to our business, products, services or Sites and/or defend against claims made against us

• Perform or enter into a contract
• Legitimate business interest

Communicate with you (or your employer/represented company) about your account or use of our products, services or Sites

• Legitimate business interest
• Consent

Create informational materials and statistical extracts for our products and services

• Perform or enter into a contract
• Legitimate business interest
• Consent

Develop, provide content for, operate, deliver, enhance and market our services and Sites (including, without limitation, to build, develop and operate algorithms and models)

• Perform or enter into a contract
• Legitimate business interest
• Consent

Develop, enhance and deliver marketing of our products and services and those of our advertisers, sponsors and partners

• Legitimate business interest
• Consent

Monitor and promote quality control measures regarding our products and services and their performance

• Legitimate business interest
• Consent

Improve the quality of our Sites and tailor them to your preferences

• Legitimate business interest
• Consent

Implement social networking features and functionalities that you have activated or chosen to connect to, or use to log into, the Site (e.g., Facebook “Like” button and LinkedIn integration) ​​​​​​

• Perform or enter into a contract
• Legitimate business interest
• Consent

We also use your Information for compliance with our company policies and procedures, for accounting and financial purposes, and otherwise as required or permitted by applicable law. If you do not provide us with Information as described above, we may not be able to fulfill the applicable purpose of collection, such as completing a contemplated transaction, responding to your queries or providing access to our Sites to you.

With respect to situations where we Process Information based on our legitimate business interest, reflecting that, outside of certain direct consumer interactions, such as personal Nasdaq account services, we are generally a business-to-business product and service provider, we typically collect and Process limited Information about corporate customer points of contact and individuals acting in their professional capacities as part of our overall effect to reduce the privacy impact on individuals. To the extent required by applicable law, you have the right to object to the Processing of your Information based on a legitimate interest as legal basis. Please see the section below regarding your rights to find out more. Where Processing is based on your consent, you have the right to withdraw that consent at any time.

Nasdaq does not engage in decision-making based solely on automated Processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects an individual.

As part of Nasdaq’s surveillance programs for its exchanges, we utilize certain software that uses machine intelligence and learning to identify situations that potentially constitute market abuse, insider trading, fraud or violations of our published rules. Such software relies on identifying patterns indicating misconduct based on past activity. The conduct involved may include conduct by a corporate member, trading algorithm or individual action. Alerts are referred for investigation by our surveillance team which determines which actions to take based on our published rules and applicable law.

From time to time, to the extent permitted by applicable law and subject to any contractual limitations on sharing Information set forth in a relevant contract for products and services, we may share your Information with our affiliates, subsidiaries, business partners, customers/members (such as where we Process your Information in connection with your role with your employer or financial services provider), third party service providers and authorities in the following circumstances:

• Nasdaq Business Units, Affiliates, Subsidiaries, Business Partners and Customers. We may share your Information with our business units, affiliates, subsidiaries, business partners, and customers in the US and worldwide for purposes identified above. A list of Nasdaq’s offices by country is posted here. For certain service offerings, Nasdaq may resell information or services provided by a third party; for such information or services, we may share your Information with the supplier of the information or services in connection with your receipt of the information or services through Nasdaq. To the extent required or permitted by applicable law, by visiting or using our Sites or otherwise providing us with your Information, you consent to this sharing of your Information. Where such consent exists, to opt-out of such sharing, please contact us via email at privacy@nasdaq.com or at the location in the Contact Us section below.
• Service Providers. We may share your Information with third parties who perform functions on our behalf (e.g., hosting or operating our services or Sites, access management, Processing credit card payments, artificial intelligence providers (including generative AI platforms), sending email marketing communications, call recording, summarization and analysis platforms, compliance services (such as WorldCheck), or data analysis). We do not authorize these third parties to use your Information for purposes other than for which it has been provided, and do not authorize these third parties to disclose that Information to unauthorized parties. We require these third parties to maintain appropriate security to protect your Information from unauthorized access or Processing.
• As Required or Appropriate by Law. We may disclose your Information to regulatory authorities (including other self-regulatory organizations), courts, and government agencies where we believe that doing so would be in accordance with or permitted or required by any applicable law, regulation or legal process, to defend the interests, rights, and/or property of Nasdaq or others, or to respond to emergencies. For example, we may disclose your Information under data sharing agreements with other exchanges and self-regulatory organizations to monitor for unlawful conduct or as part of an internal or external investigation. We may also disclose your Information as part of a data-sharing arrangement established under applicable law such as one developed by a government authority to combat financial crime.
• Third Party Platforms. We may share your Information with social media platforms or other third-party platforms that you connect to the Site and where you authorize us to share your Information with them (such as when you use options to access the Site by logging into the third-party platform).
• Payment Processors. Any payment card data you use to make a purchase or payment on the Sites is collected and Processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.
• Advertising Partners. Third-party advertising companies for the interest-based advertising purposes described above.
• Business and Marketing Partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
• Business Transfers. We may transfer your Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets; to the extent that such a transaction results in you being a current or prospective customer, vendor or other third party point-of-contact for both the portion of the business that is transferred and the portion that remains with Nasdaq, your Information may be both transferred to the transferee and retained by Nasdaq. To the extent permitted by applicable law, we may share Information with a prospective buyer or transferee of the business as part of the diligence process provided that we require any such third party to maintain the confidentiality of your Information and protect it with appropriate technical and organizational security measures.
• Other Users and the Public. Your account and other user-generated content data (except for messages) may be visible to other users of the Site and the public. For example, other users of the Site or the public may have access to your information if you chose to make your account or other Personal Data available to them through the Service, such as when you provide comments, reviews, survey responses, or share other content.  This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.

We and our service providers may share your Information with other parties as directed by you or subject to your consent. We and our service providers may also create, share, and otherwise Process aggregated information or de-identified information that does not identify you individually with other parties. For example, from time to time, we may utilize survey responses collected from you on an aggregate, not individually identifiable, basis. We also use this aggregated or de-identified information for our various business purposes, including the creation and sale of other products and services to our clients and potential clients. This aggregate or de-identified information is not traceable to any particular client or user and will not be used by a third party to contact you.

For certain Sites that are intended for public use, news posting and other distribution, the Site works on advertising-supported basis. On such sites, we may participate with third parties who provide services related to the advertising appearing on such Site or provide us information on your use of our Sites; such third parties may operate as a “data controller” with respect to Information collected by them from your use of our site which they may use to provide tailored advertising to you on the Site or other sites of their customers.  We post a current list of such third parties along with a link to their respective privacy policies on our Website Third Party Participant List.

We Process Information within the scope of our marketing and market segmentation. With market segmentation, we mean that we categorize our customer base based on professional affiliations and functions, alignment with our services and products and information gathered from public sources of information.

For customers or users of our Sites, we may also use Information gathered from your use of our products, services and/or Sites for marketing purposes to market our products and services to you, offer products or services of third parties that may be of interest to you (such as ETFs), as well as to tailor advertisements of products and services of our advertisers, sponsors and partners to you when you are on our Sites. You always have the right to request that we stop using your Information for direct marketing purposes.

To the extent required by applicable law, you have the right to object to the Processing of your Information based on a legitimate interest as legal basis. You also always have the right to withdraw your consent at any time when we need your consent in order to Process your Information. If you withdraw your consent, you will no longer receive material and offers that are tailored for you. Please see the section below for more details about your rights.

If you no longer wish to receive direct marketing communications from us, you may opt-out of receiving marketing-related emails by: (1) using the unsubscribe method provided in our communications; (2) if you created an online account when you registered to receive our emails, you may log-in to your account on the applicable Site and make changes to your communication preferences; or (3) you can opt out by updating your preferences in the Email Alert section of our Sites. In particular, you have the right to object our use of your Information for direct marketing and in certain other situations (in accordance with applicable law) by contacting us at privacy@nasdaq.com. If you are having difficulty unsubscribing from our email marketing communications using the above methods, please contact us as at privacy@nasdaq.com.

We will try to comply with your request as soon as reasonably practicable as required by applicable law. Please note that we may need to retain certain Information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law. In addition, please note that even if you opt-out of receiving marketing communications from one or all of our Sites, we may need to send you service-related communications.

We, our service providers and our third-party advertising partners may also Process your Information and details about your interactions (including the data described in the Information we collect from you, your representee, or automatically’ above) with the Sites, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share Information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms.

In this section, we describe the rights and choices available to all users. Users who are located outside of the United States, or in California or other US states with omnibus consumer privacy laws can find more details about their additional rights below.

• Delete your content or cancel your account. You can choose to delete certain content through your account. If you wish to cancel your account, you can do so at any time through your account portal or please contact us. Personal accounts created on nasdaq.com can be deleted at the user’s request. Please note, account deletion will lead to the deletion of all personal data, and it cannot be recovered.
• Linked third-party platforms. If you choose to connect to the Sites through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
• Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Rights for users in the UK, EU and other jurisdictions outside of the United States

To the extent required by applicable law, in our capacity as the controller of your Personal Data, we will also provide you with the opportunity to be informed of whether we are Processing your Personal Data and at any time to access, correct, update, oppose, delete, block, limit or object to our use of your Personal Data. The foregoing rights will be afforded to you free of charge (except to the extent that your requests are manifestly unfounded or excessive, in which case, we may charge an administrative fee or refuse to meet your request). Please note that legal obligations that apply to our business – for example, financial regulations that apply to our EEA Regulated Business - may prevent us from immediately deleting parts of your Information. To exercise your rights, please contact us as detailed under the Contact Us heading below.

To prevent fraudulent activity, we may require you to authenticate your identity when you contact us. We will try to comply with your request as soon as reasonably practicable and within timeframes required by applicable law. Please note that in some instances, due to the nature of the information that we receive, we may require you to provide additional information that will help us identify which Personal Data is yours. For requests subject to the UK or European General Data Protection Regulation, we will respond to your request within one month of our receipt of it. We may extend this period by two further months taking into account the complexity of your request or the number of requests that we have received; we will inform you of any such extension within one month of receiving your request along with the reasons for the delay and information about your right to file a complaint with the supervisory authority.

The following sets out a summary of your rights to the extent that your Personal Data is Processed subject to the European General Data Protection Regulation:

• Right to access, rectification, erasure and restriction of Processing. You have the right to request:
  • Access to your Personal Data. This means that you have the right to request information on our use of your Personal Data. You also have the right to request a copy of the Personal Data being Processed at no cost. However, we may charge you a reasonable administrative fee to provide you with additional copies of the Personal Data. If you make your access request by electronic means such as email, we will provide you with the information in a commonly used electronic format.
  • Rectification of your Personal Data. We will at your request, or at our own initiative, rectify, anonymize, erase or complement Personal Data that you or we discover is inaccurate, incomplete or misleading. You also have the right to complete the Personal Data with additional data if relevant information is missing.
  • Erasure of your Personal Data. You have the right to request that we erase your Personal Data if we do no longer have an acceptable reason for Processing the data. Given this, erasure shall be made by us if:
    • the Personal Data is no longer necessary for the purposes for which it was collected,
    • we use your Personal Data with your consent and you withdraw your consent,
    • you object to the Processing of your Personal Data based on our legitimate interest and there is no overriding legitimate ground for the Processing,
    • the Personal Data has not been lawfully Processed,
    • we are required to erase the Personal Data due to a legal obligation, or
    • you are a child and we have collected the Personal Data in relation to the offer of information society services.

However, there might be requirements under applicable law, or other compelling reasons, that prevents us from immediately erasing your Personal Data. In such case, we will stop using your Personal Data for any other reasons than to comply with the applicable law, or the relevant compelling reason.

• Right to restrict Processing: This means that we temporarily restrict the Processing of your Personal Data. You have the right to request restriction of the Processing when:
  • you have requested rectification of your Personal Data in accordance with this Privacy Policy, during the period of time we are verifying the accuracy of the data,
  • the Processing is unlawful and you do not want the Personal Data to be erased,
  • as data controller, we no longer need the Personal Data for the purposes for which it was collected, but you require us to retain the information for the establishment, exercise or defense of legal claims, or
  • you have objected to our legitimate interest for the Processing in accordance with this Privacy Policy, during the period of time we determine whether the legitimate interest overrides your privacy rights.

We will take all reasonable and possible actions to notify any recipients of your Personal Data regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you with which third parties we have shared your Personal Data.

• Right to object to Processing. You have the right to object to the Processing of your Personal Data based on our legitimate interest. If you object to such Processing, we will only continue with the Processing if we have a compelling legitimate reason for the Processing that outweighs your interest, rights or freedoms, or if continued Processing is necessary for the establishment, exercise or defense of a legal claim.
• Right to portability. You have the right to receive certain of your Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. You only have this right when your Personal Data is Processed by automated means and our legal basis for the Processing is performance of a contract between you and us.
• Right to lodge a complaint. You have the right to lodge any complaints regarding our Processing of your Personal Data with the supervisory authority.

We employ a number of technical, administrative and physical security measures designed to protect your Information. However, no method of transmission over the Internet, or method of electronic storage is 100% secure, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed under the “Contact Us” heading below.

Some of the parties with which we may share your Information, as detailed in “How We Share Your Information”, may be located in countries that do not provide an equivalent level of protection as your home country. Where required, Nasdaq has implemented appropriate cross-border transfer solutions to provide adequate protection for transfers of certain Information, including, but not limited to, the European Commission’s Standard Contractual Clauses (available at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. To the extent permitted by applicable law, by using our Sites, and providing us information about you, you consent to the international transfer of Information about you to the above parties. 

We will retain each category of Information identified above for as long as reasonably necessary to maintain the Sites, to meet legal and accounting obligations, and for the other purposes described in this Privacy Policy, or as otherwise required or permitted by law, unless specifically authorized to be retained longer.

When you use our Sites, we along with our affiliates, subsidiaries and third-party service providers may use “cookies” and similar technologies (e.g., log files, clear gifs, pixel tags and Flash LSOs) (collectively, “technology”). This technology may involve placing small files/code on your device or browser that serve a number of purposes, such as remembering your preferences (e.g., language) and generally improving your experience on our Sites. Specifically, we may use such technology for purposes such as to:

• Allow for the technical operation of the Sites;
• Enhancing the functionality of the Sites and services;
• Provide us with general analytics about our Sites, including demographic data in a non-identifiable form, in order to improve our Sites’ performance and customize users’ experience;
• Enable us to help you make better use of our services or Sites such as by suggesting how you can improve your use of different features or functionality or help address technical issues that you encounter in using our services or Sites;
• Support security measures, such as requiring re-login into your account or additional authentication when using a new device to access our Sites;
• Measure the success of our marketing campaigns and compile statistics about the Site’s usage and email response rates;
• Help our third-party advertising partners collect data about how you use the Sites and services over time, which they use to show you ads on other online services they believe will interest you and measure how the ads perform;
• Allow you to engage in our social media offerings on our Sites (e.g., Facebook “Like” button and LinkedIn integration); and
• More effectively market our Sites and advertise other Sites that may be of interest to you.

To learn more about the technology used on our Sites and how to disable some of the technology, visit our more comprehensive Cookie Statement.

Our Sites may contain links to other websites or services that are not owned or controlled by Nasdaq, including links to websites of our advertisers, sponsors and partners. This Privacy Policy only applies to Information collected by our Sites. We have no control over these third-party websites, and your use of third-party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third-party websites linked to our Sites. Your use of third parties’ websites linked to our Sites is at your own risk, so we encourage you to read the privacy policies of any linked third-party websites when you leave one of our Sites.

None of our Sites are targeted for use by children under the age of eighteen. We do not target any of our products or services or Site content/features for use by children of such age.

Except as otherwise provided, this section applies to residents of California and other states to extent they have privacy laws applicable to us that grant their residents the rights described below.  For purposes of this section, Personal Data has the meaning given to “personal data”, “personal information” or similar terms under the applicable privacy laws of the state in which you reside.  Please note that not all rights listed below may be afforded to all users and that if you are not a resident of the relevant states, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

In some cases, we may provide a different privacy notice to certain categories of residents of these states, such as job applicants, in which case that notice will apply with respect to the activities it describes instead of this section.

Your privacy rights. You may have some or all of the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

• Right to information/know. You can request the following information about how we have collected and used your Personal Data during the past 12 months:
  • The categories of Personal Data that we have collected.
  • The categories of sources from which we collected Personal Data.
  • The business or commercial purpose for collecting and/or selling Personal Data.
  • The categories of third parties with whom we share Personal Data.
  • Whether we have disclosed your Personal Data for a business purpose, and if so, the categories of Personal Data received by each category of third-party recipient.
  • Whether we’ve sold your Personal Data, and if so, the categories of Personal Data sold to each category of third-party recipient.
• Access. You can request a copy of the Personal Data that we have collected about you during the past 12 months.
• Correction. You can ask us to correct inaccurate Personal Data that we have collected about you.
• Deletion. You can ask us to delete the Personal Data that we have collected from you.
• Opt-out.
  • Opt-out of the sharing of Personal Data (i.e., tracking for targeted advertising purposes). You can opt-out of certain tracking activities for targeted advertising (also known as interest-based advertising) purposes.
  • Opt-out of profiling. If we Process your Personal Data for profiling purposes as defined by applicable privacy laws, you can opt-out of such Processing.
  • Opt-out of the sale of Personal Data. You may ask us not to “sell” Personal Data we have collected about you to third parties now or in the future. The right to opt out of Personal Data sales is separate from our direct communications with you for marketing purposes.
• Sensitive Personal Data. You have the right to limit the certain uses or disclosures of sensitive Personal Data; however, we do not use or disclose sensitive Personal Data for purposes that California residents have a right to limit under the CCPA.
• Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form of refusal to provide the services or legally prohibited changes to the price or quality of the services.

Exercising your right to information/know, access, appeal, correction, and deletion. You may submit requests to exercise your right to information/know, access, correction, or deletion by contacting us as provided in the “Contact Us” section.

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

If you are a resident of Virginia, you can ask to appeal any denial of your request in the same manner through which you may submit a request. 

Right to opt-out of the “sale” or “sharing” of your Personal Data. Except as otherwise described below, we do not sell Personal Data for money; however, like many companies, we use services that help deliver interest-based ads to you. Our use of some of these services may be classified under California law as a “sale” or “share” of your Personal Data to the companies that provide the services because they collect information from our users (e.g., device data and online activity data) to help them serve ads more likely to interest you. You can request to opt-out of this “sale” of your Personal Data here: Do Not Sell My Personal Information. Your request to opt-out will apply only to the browser and the device from which you submit the request. We do not have actual knowledge that we have sold or shared the Personal Data of California residents who are under 16 years of age. You can also broadcast the Global Privacy Control (GPC) to opt-out for each participating browser system that you use.  Learn more at the Global Privacy Control website.

Verification of Identity; Authorized Agents. We reserve the right to confirm your residency to process your requests and will need to confirm your identity to process your requests to exercise your information, access or deletion rights. As a part of this process, government identification may be required.

Consistent with applicable law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

Retention. We will retain each category of Personal Data identified below for as long as reasonably necessary to maintain the Sites, to meet legal and accounting obligations, and for the other purposes described in this Privacy Policy, or as otherwise required or permitted by law, unless specifically authorized to be retained longer. We may anonymize and/or aggregate Personal Data and store it in order to analyze aggregate metrics and trends. For more information about our retention policy, including how we determine the appropriate retention period for Personal Data, please see the Retention section earlier in this Privacy Policy.

Deidentification. We do not to attempt to reidentify deidentified information derived from Personal Data, except for the purpose of testing whether our deidentification processes comply with applicable law.

Personal Data that we collect, use and disclose. The chart below summarizes the Personal Data we collect by reference to the categories of Personal Data specified in the CCPA (Cal. Civ. Code §1798.140) and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The terms in the chart refer to the categories of information, statutory categories, and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of Personal Data not described below. The categories of sources from which the Personal Data is or was collected and the business or commercial purposes for collecting such information are as described in the “Information we collect from you, your representative, or automatically” and “How we use your information” sections above.

Shine the light law. Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. You may send us requests for this information to us as provided in the “Contact Us” section. In your request, you must include the statement “Shine the Light Request,” and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

Except to the extent limited by applicable law, we reserve the right to update this Privacy Policy to reflect changes to our practices by prominently posting notice of the update on our Sites. Unless otherwise noted, any updates will become effective 15 days after posting the updates to the Privacy Policy, and apply to all Information collected about you. If we make any changes to this Privacy Policy that materially impact previously collected Information about you, we will, to the extent that we have your email address, notify you by email.