Trade Capital Markets (TCM) Limited (referred to as “we”, “us”, “our”, “ours”, “ourselves” and ‘’the Company”) is authorised and regulated by the Cyprus Securities and Exchange Commission (“CySEC”) as a Cyprus Investment Firm (“CIF”) with CIF license number 227/14, to conduct designated Investment and Ancillary Services and Activities to the Client under the Provision of Investment Services, the Exercise of Investment Activities, the Operation of Regulated Markets and Other Related Matters Law of 2017, Law 87(Ι)/2017, as subsequently amended or replaced from time to time (“the Law”) and authorised by the FSCA, South Africa (FSP No. 47857).
The Company is registered in Cyprus under the Companies Law, with registration number HE 324232. Its registered office is at 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus, telephone: + 357 22 030446, email: firstname.lastname@example.org
This Privacy Notice Policy (“Privacy Notice”) is issued pursuant to and reflects compliance with the requirements and/or obligations and/or duties introduced by the EU General Data Protection Regulation 2016/679 (“GDPR”), as amended and replaced from time to time, the e-privacy Directive 2002/58/EC as amended and replaced by the Directive 2009/136/EC, as amended and replaced from time to time, their implementing legislations and the Cyprus Law on Data Protection, as amended and replaced from time to time (collectively referred to as the “Data Protection Laws”), in regards with any and all Personal Data or Information (“Personal Data” or “Data”) processing activities carried out by the Company.
2.SCOPE AND OBJECTIVE OF THE PRIVACY NOTICE
The Company respects individuals’ rights to privacy and the protection of Personal Data. The scope of this Privacy Notice is to explain and elaborate on how we collect, use, process and store Personal Data in the course of our business.
Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Company may update the Privacy Notice from time to time. When we make any updates, we will communicate such updates to you and publish the updated Privacy Notice on our websites, namely https://www.tradecapitalmarkets.com, www.trade.com.
We would encourage you to visit our websites regularly to stay informed about the purposes of processing of your Personal Data and your rights to control how we collect, use or process your Personal Data.
3.THE PERSONAL DATA WE PROCESS
We collect, use and process various categories of Personal Data at the start of, and for the duration of, your business relationship with us. The Company will limit the collection and processing of Personal Data to the necessary Data to meet the purpose and legal basis as described in Section 5 of this Privacy Notice.
Personal Data may, inter alia, include:
- Basic Personal Data, including but not limited to name, residential address, date of birth, email address, telephone number, citizenship, marital status, family and next of kin information and contact details of such persons;
- Financial status information including but not limited to source of income, gross income, net worth, transactional and trading history, deposits and withdrawal requests, financial needs and goals;
- Purpose and reason of account including but not limited to the nature of the transactions and the anticipated account turnover;
- Employment status information including the industry of employment and position of employment;
- Education information including but not limited to field of study and level of study;
- Visual images including but not limited to copies of passports, identity cards and driver’s license;
- Online profile and social media information and activity based on your interaction with us, our websites and applications including but not limited to trading account profile, login information, Internet Protocol (IP) address, smart device information, location coordinates, mobile phone network information, searches and site visits;
- Trading experience information;
- Bank account details including but not limited to IBAN number, SWIFT code, account number and Sort Code (where applicable).
The Company may also process certain special categories of Personal Data for specific and limited purposes and only on the basis of an explicit consent granted by you or on any other legal basis, as described in the Section 5 of this Privacy Notice.
These special categories of Personal Data include:
- Physical or psychological health details or medical conditions;
- Information about racial or ethnic origin;
- Religious or philosophical beliefs;
- Biometric information, relating to the physical, physiological, or behavioural characteristics of a person, including but not limited to using voice recognition or similar technologies whatsoever to prevent fraud and/or money laundering activities.
When you open an account with us, a unique account number will be issued as well as a User ID and password. Only certain employees of the Company shall have access to your account number and User ID. However, please note that you are fully responsible for the secrecy of your account number, User ID and password. As a result, if you disclose your account number, User ID and/or password by any means, to any person, you shall be considered as fully responsible for such action.
Subject to the Law, the Company may process Personal Data about criminal convictions or offences and/or alleged offences for specific and limited activities and purposes including but not limited to perform checks to prevent and detect crime and comply with the Law relating to Anti-money laundering and terrorist financing, fraud, bribery, corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing Data between credit or financial organisations, CySEC or other Competent or other authorities, including non-governmental authorities in any jurisdiction within or outside the European Economic Area (“EEA”).
4.HOW PERSONAL DATA IS COLLECTED
Your Personal Data is collected:
- From you;
- From third parties – including subsidiaries or sister companies of the Company, third parties who provide services to you or us including but not limited to Business Introducers (hereinafter referred to as the “BIs”), Affiliates and/or Tied Agents, established or located within and/or outside the EEA;
- Credit reference and fraud prevention agencies, banks, or other financial institutions, third authentication service providers and the providers of public registers;
- During our business relationship with you and the way you operate your account/s including but not limited to your trading activity, deposits, withdrawals;
- From the technology that you use to access our services including location data from your mobile phone, or an IP address or telephone number and how you use it;
- From publicly available sources including the press, company registers and online search engines whatsoever.
It is your duty and responsibility to provide us with updates as to the Personal Data provided in order for such Data to remain current, accurate and correct and you acknowledge that we rely on the Personal Data provided to us in carrying out our obligations, under the law and our business relationship with you.
Where you are a non-physical person providing to us Personal Data of any other individual or where you are an individual providing us with Personal Data of any individual other than yourself, you hereby undertake and represent that such individual, whose Personal Data is collected, used, processed and stored in accordance with this Privacy Notice, has been fully informed of and clearly consented in writing to such collection, use, processing and store of his/her Personal Data under this Privacy Notice and that he/she has been informed of his/her rights in relation to the Personal Data which is collected, used, processed and stored, under this Privacy Notice.
5.PURPOSE AND LEGAL BASIS OF PROCESSING CLIENTS’ PERSONAL DATA
We would like to ensure that you fully understand the purpose and the legal basis of collecting, using, processing, and storing of your Personal Data. Thus, in this Section we will describe the purposes for which your Personal Data may be used as well as the legal basis of processing of your Personal Data.
We will only collect, use, process, store, share or transfer your Personal Data where it is necessary for us to carryout our lawful business activities and provide our services and/or products.
We have described the Legal Basis for which your Personal Data may be used in the following terms.
We may process your Personal Data where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations or duties under such contract.
The Data that may be collected, used, processed, and stored on the basis of contractual necessity include, inter alia, the following:
- Client’s name;
- IP address;
- Date of birth;
- Bank Account details;
- History of Transactions;
- Payment method information;
- Withdrawal information;
- Information about payment cancellation;
- Wire transfer Document; and
- Payment method ownership.
Please note that if you do not agree to provide us with the Data outlined above, we may be obliged to suspend the operation of your account and/or the services and/or products provided to you.
5.3.Legal and Regulatory Obligations
When you register for a product or service and throughout your relationship with us, we are required by the Law to collect, use, process, and store certain Personal Data about you. This may include Personal Data necessary:
- To comply with any and all legal or regulatory obligations whatsoever under the Laws and Regulations, in any jurisdiction, within or outside the EEA;
- To be used in the Courts, Law Enforcement Agencies, Regulatory Agencies, and other public or Competent or tax authorities or other authorities, governmental or not, in any jurisdiction, within or outside the EEA;
- To carry out checks in relation to anti-money laundering and terrorist financing, bribery, fraud, and/or sanctions whatsoever as required by the laws and regulations;
- To protect our rights, privacy, safety, or property whatsoever; and/or
- To be used for the prevention, detection, or investigation of crimes whatsoever.
The Data that may be collected, used, processed, and stored on the basis of legal or regulatory obligations of the Company include, inter alia, the following:
- Client’s name;
- Date of birth;
- Information on whether you are an US citizen;
- Anticipated account turnover;
- Purpose and reason for account (e.g., speculation, hedging);
- Information about the Nature of transactions;
- Information about your source of income;
- Information about your Gross income;
- Information about your Net worth;
- Politically Exposed Person (“PEP”) status;
- Information about trading experience;
- Copy of Passport, national ID or drivers’ license;
- Third party proof of identity;
- Telephone recordings/telephone verification between you and the Company or Company’s employees, associates, whatsoever, in regards with your trading activity or Orders or provision of services or enquiries or complaints or support or verification whatsoever;
- Tax Identification Number (“TIN”);
- Citizenship; and
- Trading activity/transactions [Trade Repositories (“CCPs”), Approved Reporting Mechanisms, (“ARMs”)].
Please note that if you don’t agree to provide us with the Data outlined above we may have to suspend the operation of your account and/or the services and/or products provided to you.
6.LEGITIMATE INTEREST OF THE COMPANY
We may collect, process, use, and store your Personal Data where it is in our legitimate interests and without prejudicing your interests or fundamental rights and freedoms.
We may process your Personal Data to manage our business, financial affairs as well as to protect our employees, Clients, and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing of your Data to:
- Monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
- Ensure business continuity and disaster recovery responding to information technology and business emergencies;
- Ensure network and information security, including but not limited to monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications, trading or other systems and websites, prevention or detection of crime and protection of your Personal Data;
- Provide assurance on the management of the Company’s material risks;
- Perform general, financial, and regulatory accounting and reporting; and
- Protect our legal rights and interests.
It is in the Company’s interest to ensure that we provides you with the most appropriate products and services. This may require processing of your Data to enable us to:
- Understand your actions, behaviour, preferences, expectations, feedback, and financial history in order to improve our products and services, develop new products, new business opportunities and services, and to improve the relevance of products offered;
- Monitor and improve the performance and effectiveness of products and services.
The Data that may be collected, used, processed, and stored on the basis of legitimate interest of the Company include, inter alia, the following:
- Address, ZIP code, country of location;
- Information about employment status;
- Information about industry of employment;
- Information about position of employment;
- Information about level of education;
- Information about field of study;
- Utility bill;
- Bank confirmation letter;
- Declaration of address;
- Deposit Statement;
- Copy of Bank statement;
- Telephone recordings/telephone verification (for the purpose of customer service or support improvement whatsoever);
- Payment method ownership;
- Telephone number, email, fax (only for the purposes of the Section 9 of this Privacy Notice);
- Copy of Credit Card; and
- Bank Account details.
Please note that if you don’t agree to provide us with the Data outlined above, we may have to suspend the operation of your account and/or the services and/or products provided to you.
7.SPECIAL CATEGORY OF DATA - CLIENT’S CONSENT
For special category of data as well as for research or statistical we may only collect, use, process, and store Personal Data where an explicit consent has been granted.
The Data that may be collected, used, processed, and stored on the basis of legitimate interest of the Company include, inter alia, the following:
- Telephone number (for statistical or market research purposes whatsoever).
The Company takes all the appropriate measures to make sure that you are fully informed about your rights in regards with all Personal Data we collect, process, use and store.
As a result, all rights, and the circumstances under which such rights may be exercised are described in the table below. In the event you wish to exercise any of the rights described below or if you have any queries about how we collect, use, process or store your Personal Data that are not answered in this Privacy Notice, or if you wish to complain to our Data Protection Officer, please contact us at email@example.com or at +357 22030446 or at our office address: 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus.
Please note that in some cases, if you do not agree to the way we collect, use, process or store your Personal Data, it may not be possible for us to continue providing you with our services and/or Products and as a result your account will be suspended and/or closed.
8.2.Explanation of Client’s Right
Access – You have the right to get access to the Personal Data including the records of any and all telephone conversations, email and/or text message correspondence, between you and the Company, held by the Company.
If you would like a copy of your Personal Data held by the Company, please contact us at firstname.lastname@example.org or at +357 22030446 or at our office address: 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus.
Rectification – You have a right to rectification of inaccurate Personal Data and to update incomplete Personal Data.
In case you believe that any of the Personal Data held by the Company is inaccurate, you are entitled to request to restrict the processing of that Personal Data and rectify the inaccuracies.
Please note that if you request us to restrict processing your Personal Data we may have to suspend the operation of your account and/or the services and/or products provided.
Erasure – You have a right to request to delete your Personal Data.
You may request to delete your Personal Data in case you believe that:
·the Company no longer needs to process your Personal Data for the purposes for which it was provided;
·the Company requested your consent to process your Personal Data but you withdraw your consent;
·the Company is not using your Personal Data in a lawful manner.
Please note that if you request us to restrict processing your Personal Data we may have to suspend the operation of your account and/or the services and/or products
Restriction – You have a right to request us to restrict the processing of your Personal Data.
You may request us to restrict processing your Personal Data in case you believe that:
·any of your Personal Data held by the Company is inaccurate;
·the Company no longer needs to process your Personal Data for the purposes for which it was provided, but you require such Data to establish, exercise or defend legal proceedings;
·the Company is not using your Data in a lawful manner.
Please note that if you request us to restrict processing your Personal Data we may have to suspend the operation of your account and/or the services and/or products provided
Portability – You have a right to data portability.
Where the Company asks for your permission in order to process your Personal Data or where you have provided us with Data for the purposes of entering into a contract with us, you have a right to receive the Personal Data you provided to us in a portable format. Where it is feasible, you may also request us to provide it directly to third parties. However, in such case the Company shall not be responsible for any such third parties’ use of your Personal Data, which will be governed by their agreement with you and any privacy statement they provide to you.
Objection – You have a right to object to the processing of your Personal Data.
You have a right to object to us processing your Personal Data on the basis of the legitimate interest as described in the Section 5 of this Privacy Notice – unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your Personal Data to investigate and protect us or others from legal proceedings.
Marketing – You have a right to object to direct marketing.
You have a right to object at any time to collect, use, process or store your Personal Data for direct marketing purposes, including profiling you for the purposes of direct marketing.
Withdraw consent – You have a right to withdraw your consent.
In case in which the Company relies on your permission to process your Personal Data, you have a right to withdraw your consent at any time by sending a written request at email@example.com or at our office address: 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus.
The Company is always making it clear where a consent is required in order to process your Personal Data.
Raise a complaint – You have a right to raise a complaint with the Data Protection Commissioner’s Office.
If you wish to make a complaint, you can contact our Data Protection Officer who will investigate the matter.
Not be subject to automated decision-making processing (including profiling) – You have the right not to be subject to automated decision making.
Even though you have the right not to be subject to a decision, based solely on automated processing of Personal Data the Company takes an automated-decision by processing your Personal Data in accordance with the Section 5 of this Policy and in the following cases:
·obtaining your IP address
·scoring your assessment test
·verifying the authenticity and validity of identification documents including but not limited to passport, identity card, driver’s license, using credit reference and fraud prevention.
9.CHANGES TO THE WAY WE USE CLIENT’S PERSONAL DATA
The Company reserves the right to change the way and/or the purpose of processing and use of your Personal Data.
As a result, where the Company decides to process or use your Personal Data for purpose other than the purpose for which such Personal Data were initially collected, processed and used and stored, it shall provide you with all relevant information of such change including the new purpose under which such Personal Data will be used and/or processed as well as all of your rights as described in the Section 7 of this Privacy Notice.
Please note that if you do not agree to such changes of processing your Data, we may have to suspend the operation of your account and/or the services and/or products provided to you.
We may directly contact you to provide you with information in regards with the operation and maintenance of your account including updated information about how we collect, use, process and store your Personal Data by telephone, fax, email or otherwise.
11. HOW WE USE AND SHARE PERSONAL DATA WITH SUBSIDIARIES AND SISTER COMPANIES
We will only use and share your Personal Data where it is necessary for us to lawfully carry out our business activities and/or provide our services. Your Personal Data may be shared with and used, processed, and stored by subsidiaries and/or other group companies.
12. SHARING WITH THIRD PARTIES
We will not share your Personal Data with anyone outside Trade Capital Markets (TCM) Limited or any of its subsidiaries or group companies except:
- Where we have your explicit and written consent;
- It is required for your product or service;
- Where it is requested by CySEC or any other regulatory authority having control or jurisdiction over the Company or you or your associates whatsoever or in whose territory the Company has Clients;
- With Competent authorities to investigate or prevent fraud, money laundering or other illegal activity;
- It is reasonably required so as to execute orders and for the provision of ancillary services;
- With credit reference and fraud prevention agencies, third authentication service providers, banks and other financial institutions for credit checking, fraud prevention, anti-money laundering purposes, identification, or due diligence checks of the Client. To do so they may check your details supplied against any particulars on any database (public or otherwise) to which they have access. They may also use your details in the future to assist other companies for verification purposes. A record of the search will be retained by the Company;
- With any of the Company’s professional advisors provided that in each case the relevant professional shall be informed about the confidential nature of such Data and commit to the confidentiality obligations herein as well;
- With other service providers who create, maintain or process databases (whether electronic or not), offer record keeping services, email transmission services, messaging services or similar services which aim to assist the Company collect, storage, process and use your Personal Data or get in touch with you;
- With Trade Repository or similar under the Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties (CCPs) and trade repositories (TRs) (EMIR);
- With Approved Reporting Mechanisms (ARM) under the Regulation (EU) No. 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No. 648/2012 (MIFIR);
- Market research organisations that provide telephone or email surveys with the purpose to improve the services of the Company, in accordance with the Section 7. In such cases only the contact details will be provided;
- With successors or assignees or transferees or buyers, with five (5) Business Days prior written notice to you;
- With such third parties as we see fit to assist us in enforcing our legal or contractual rights against you including but not limited to debt collection agencies and legal advisors. You acknowledge that any of the persons listed in the previous sentence may be either within or outside the EEA;
- It is required by the law and by law enforcement agencies, judicial bodies, the financial ombudsman, government entities, tax authorities or regulatory bodies and/or other competent authorities, governmental or not, whatsoever, established or located within or outside the EEA;
- With Affiliates, Tied Agents and/or BIs established or located within or outside the EEA;
- With Payment Service Providers (hereinafter referred to as the “PSPs”);
- With software, platform support or cloud hosting companies; and
- With internal and external auditors whatsoever.
You accept and acknowledge that the Company, as a Foreign Financial Institution (FFI), is required to disclose Personal Data in relation to any US reportable person as per Foreign Account Tax Compliance Act (FATCA) reporting regulations. The Company is undertaking all reasonable steps in relation to maintaining compliance with FATCA and may ask from time to time for additional information from US reportable persons so that it can maintain appropriate records.
You accept and acknowledge that the Company is required to disclose Personal Data reportable under the CRS Decree. The Company is undertaking all reasonable steps in relation to maintaining compliance with CRS and may ask you from time to time for additional information so that it can maintain appropriate records.
Our third parties to which we share and/or transfer your Personal Data are not allowed to use or disclose or share whatsoever for any other purpose other than the purpose to provide services, as agreed, to us.
In the event that additional authorised users are added to your account (joint account) we may share information about the use of the account by any authorised user with all other authorised users.
We will not disclose to any third party your Personal Data for its own marketing purposes without your consent.
Please note that your Personal Data is shared, transferred, collected, processed, and stored in the following countries (EEA and non-EEA): UK, Cyprus, Bulgaria, Ireland, your country of residence, and/or Albania.
If you would like a copy of your Personal Data held by the third parties or if you want to receive more details on how your Personal Data is collected, used, processed or stored by the third parties please contact us at firstname.lastname@example.org or at +357 22030446 or at our office address: 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus.
13. TRASFERING THE INFORMATION OUTSIDE THE REPUBLIC OF CYPRUS
We may share or transfer your Personal Data to organisations including Company’s subsidiaries or group companies in other countries only if we ensure that such organisations maintain the same or equivalent Personal Data protective measures in accordance with the Laws.
In the event that we share or disclose Personal Data to countries outside of the EEA we will only do so where:
- the European Commission has decided that the country or the organisation we are sharing your Personal Data with will protect your Data adequately;
- the transfer has been authorised by the relevant data protection authority;
- we have entered into a contract with the organisation with which we are sharing your Personal Data (on terms approved by the European Commission) to ensure your Personal Data is adequately protected.
14. MARKETING MATERIAL
By registering to our services and subject to any preferences you have expressed (where applicable), we may use your personal information, including but not limited to your email and phone number to deliver marketing and event communications to you across social networks, email, telephone, text messaging direct mail push notifications or otherwise. We will do this either until you withdraw your consent, or it ceases to be valid or during the period of your relationship with the Company and unless specifically instructed otherwise by you for a reasonable time after the end of your relationship with us.
If we or our Associates send you a marketing email or other marketing communication, it will include instructions on how to opt out of receiving these marketing communications in the future. You can also manage your information and update your marketing preferences in the Notifications section of your account on our website. You may unsubscribe anytime by clicking the unsubscribe link located on our electronic commercial information or by written request at email@example.com or at our office address: 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus.
We note that even if you opt out of receiving marketing communications, we may still send you important information related to your account and our services to you.
Except where we use your Personal Data for marketing purposes on the basis of your prior express and informed written consent and subject to any opt out preferences you notify to us in respect of marketing communications, we process Personal Data for marketing purposes only as necessary on the lawful basis and for the purpose of our legitimate interests in promoting our products and services to you.
15. MONITORING OF CALLS, EMAILS, TEXT MESSAGES AND OTHER COMMUNICATION
16. HOW LONG WE STORE YOUR DATA
We will store your Personal Data for as long as it is required for legal or business purposes. We are obliged by the law to retain your Personal Data for five (5) years or up to seven (7) years if requested by CySEC, after the termination of our Client Agreement. When your Personal Data is not needed, we securely delete or destroy it. Where we keep and process your Personal Data for marketing purposes based on your consent, we shall retain it until your consent is withdrawn or ceases to be valid.
17. COOKIES POLICY
18. SECURITY INFORMATION
We are committed to ensuring that your Personal Data is secure with us and with the third parties who act on our behalf. For more information about the steps, we are taking to protect your Personal Data please contact us at firstname.lastname@example.org or at +357 22030446 or at our office address: 148 Strovolos Avenue, 1st Floor, Strovolos 2048 Nicosia, Cyprus.