Administrative Arrangements with Authorities in the European Economic Area (EEA) and the United Kingdom
How and why the CFTC may process and transfer personal data: The CFTC only collects and processes personally identifiable information (personal data) for the purpose of fulfilling its mandate and responsibilities under the Commodity Exchange Act (CEA) and other federal laws. Personal data in the CFTC’s possession only is transferred pursuant to relevant statutory or regulatory provisions and, where applicable, subject to agreements or cooperation arrangements signed with other entities.
Types of entities to which personal data may be transferred: In limited circumstances, where necessary and appropriate the CFTC may share personal data for official purposes with third parties, including regulators, law enforcement agencies, and other public authorities, and may be obliged to disclose certain information under legal requirements such as pursuant to legally enforceable demands. The CFTC has in place appropriate technical and organizational measures to protect personal data that are transferred.
Information about any applicable delay or restrictions on safeguards: Given the often sensitive nature of our work, and the risk of prejudice to the discharge of our public functions and to individuals involved in them, in some cases it may be necessary to restrict certain safeguards in accordance with appropriate legal authority. In each case, the CFTC will assess whether the restriction is appropriate.
Contact details: For questions regarding CFTC Privacy, please contact: [email protected].