Privacy Policy

Last updated August 1, 2025

At CIX Trading Inc. (CIX, we, us, our, or otherlike terms) we take privacy seriously. We are therefore committed to protecting your personal information and the personal information of our clients, subscribers, employees, and website users.

As operators of an Alternative Trading System (ATS)1, we may collect certain personal information in the course of operating our business—whether from users of our systems, employees, service providers, or regulators. This Privacy Policy (the Policy) explains how we collect, use, store, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). Our privacy program is structured around PIPEDA’s 10 Fair Information Principles.

1. Application of the Privacy Policy

This Privacy Policy applies to personal information that we may collect through:

  • Our trading platform and associated services
  • Our website(s) and client portals;
  • Communications with Subscribers, clients, and regulatory bodies;
  • Any other interactions with individuals in the course of operating as a registered ATS in Canada.

This Policy does not apply to business contact information used solely for communicating in relation to business matters.

2. Collection of Personal Information

We collect only that personal information which is necessary for the purposes identified in this Policy or as required by applicable laws and regulations. The personal information we collect from you may include:

  • Identification information (name, title, company affiliation)
  • Contact information (address, phone number, email);
  • Professional or employment-related information;
  • Account or subscriber information;
  • Regulatory or compliance-related information;
  • Website usage data and technical information (e.g., IP address, browser type).

We may collect this information directly from you, from your employer or firm, or from authorized third parties (e.g., regulatory bodies or trading participants).

3. How we apply PIPEDA to personal information

Below is how we apply PIPEDA’s 10 Fair Information Principles to any personal information we collect.

Principle 1 - Accountability

We believe that we are responsible for any personal information under our control, including any data we may transfer to our vetted third parties for processing. We have appointed a Chief Privacy Officer (CPO) responsible for ensuring compliance with this Policy and applicable privacy laws. We train all of our employees on privacy protocols, and our internal procedures are reviewed regularly. We require that any of our third-party vendors handling personal data comply with our privacy and security standards using contractual means.

Principle 2 - Identifying Purposes

We clearly explain why we collect personal information before or at the time of collection. We do not use the information for unrelated purposes without obtaining additional consent from you for the new purpose.

Examples of the purposes we may use your personal information for include, but are not limited to:

  • Verifying eligibility and onboarding trading participants;
  • Administering and operating our ATS;
  • Monitoring compliance with applicable rules, agreements, and regulatory requirements;
  • Reporting to our regulators, including the Ontario Securities Commission (OSC) and the Canadian Investment Regulatory Organization (CIRO);
  • Detecting and preventing fraud or unauthorized activity;
  • Communicating with clients, participants, and regulators;
  • Managing subscriptions, support requests, and system access;
  • Analyzing and improving our services and system performance.

Principle 3 - Consent

We strive to obtain your meaningful consent for the collection, use, or disclosure of your personal information, unless otherwise permitted or required by law. Your consent may be express (e.g., signed forms) or implied (e.g., submission of personal information for a known business purpose). You may withdraw your consent at any time, subject to legal and contractual restrictions. We will explain the implications of withdrawing consent to you when applicable.

Principle 4 - Limiting Collection

We only collect personal information necessary for the purposes we have identified to you. Examples include collecting names and email addresses of our vendors or employees, but not personal data unrelated to our business operations. We do not collect sensitive information unless strictly required for compliance or contractual purposes.

Principle 5 - Limiting Use, Disclosure, and Retention

We use and disclose personal information solely for the purposes identified at the time of collection or as required by law. We retain this information only as long as necessary to fulfill those purposes and meet legal obligations. Afterward, we ensure that data is securely deleted, anonymized, or archived in compliance with our data retention policy.

Examples of when or to whom we may disclose your personal information include but are not limited to:

  • To regulatory authorities as required by law or regulation;
  • To third-party service providers engaged to support ATS operations (e.g., IT service providers, data centers), under appropriate confidentiality agreements;
  • To other marketplaces, clearing agencies, or participants where necessary for trade reporting or compliance;
  • As part of a corporate transaction, such as a merger or acquisition, with adequate safeguards in place;
  • As required by applicable legal or regulatory obligations.

Where personal information is transferred or stored outside of Canada (e.g., by third-party service providers), it may be subject to the laws of that jurisdiction. We take reasonable steps to ensure that such transfers are made in compliance with PIPEDA and that adequate safeguards are in place.

You should know that we do not sell or rent personal information to third parties for marketing purposes.

Principle 6 - Accuracy

We make reasonable efforts to ensure your personal information is accurate, complete, and up to date. You may request corrections or updates to your information at any time. Accurate records are essential for efficient service delivery, compliance monitoring, and accountability.

Principle 7 - Safeguards

We employ technical, organizational, and physical measures to protect personal data against unauthorized access, loss, theft, or misuse. Security practices include encrypted communication channels, password-protected systems, role-based access controls, and secure office environments. Our service providers are also subject to appropriate safeguards through contractual obligations.

Principle 8 - Openness

This Privacy Policy is publicly available and provides a clear overview of our privacy practices. We communicate our policies openly to staff, contractors, and third parties. Additional explanations or copies of internal procedures are available upon request through the CPO.

Principle 9 - Individual Access

You may access your personal information that we hold at CIX by submitting a written request to our CPO. If we are permitted to do so by law, we will also provide you with information about how your personal information has been used or disclosed, if applicable. If you identify an error or omission, we will correct or annotate the record accordingly unless restricted by law. We aim to handle all privacy requests promptly, within 30 days.

You can write to or call our Chief Privacy Officer with your questions, concerns, or complaints at:

CIX Chief Privacy Officer
Anastassia Tikhomirova, CIPP/C
120 Adelaide Street, Suite 2210
Toronto, Ontario, M5H 1TS
Email: privacyofficer@thecix.ca
Phone: 416-989-0730

Principle 10 - Challenging Compliance

If you have any concerns or complaints about our privacy practices, you can address them to our CPO. Rest assured, we investigate all privacy complaints and take corrective action if needed. If the matter cannot be resolved internally, you may contact the Office of the Privacy Commissioner of Canada for further assistance.

4. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or other relevant factors. Any updates will be posted on our website with the effective date noted above.

We encourage you to review this Policy periodically.

1. We are currently seeking regulatory approval to operate an ATS in Ontario.
Email
info@thecix.ca
2210 - 120 Adelaide St West
Toronto, ON M5H 1P9
Canada
Trading & Markets
CIX IntelligentCross MIDPOINTCIX IntelligentCross ASPENCIX IntelligentCross ASPEN VERTIntelligentCross Optimization CycleMarket Data
Company
About CIXLeadership & TeamResourcesFAQCareersContact Us
© 2025 CIX - Markets Evolved.
Terms & ConditionsPrivacy PolicySite Feedback
CIX Trading Inc. (CIX, us, we, or other like terms) is the operator of CIX, an alternative trading system (ATS) currently pursuing regulatory approval and registration in Canada. The Ontario Securities Commission (OSC) is our principal regulator. In Canada, ATSs are also required to be registered as investment dealers, and, upon approval, CIX will be regulated by the Canadian Investment Regulatory Organization (CIRO) as both a Dealer Member and a Marketplace Member. Upon approval, CIX will operate three separate trading venues: CIX IntelligentCross MIDPOINT, CIX IntelligentCross ASPEN VERT, and CIX IntelligentCross ASPEN.

By accessing and using this site, thecix.ca (the Site), you agree to the Site’s Terms & Conditions as well as our Privacy Policy.

© 2025 CIX Trading Inc. © 2025 Imperative Execution Inc. All rights reserved.