HTFX (EU) LTD (hereafter “the Company”), is responsible for the protection of the privacy and the safeguarding of clients’ personal and financial information. This policy statement will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. The Company keeps any personal data of its clients and its potential clients in accordance with the applicable data protection laws and regulations EU General Data Protection Regulation (“GDPR“).
By opening a Demo or Live account with the Company, the client hereby gives its consent to such collection, processing, storage and use of personal information by the Company as explained below.
The collection of personal information
The Company collects the necessary information required to open a client’s Demo or Live account, perform transactions and safeguard the clients’ assets and privacy and to provide clients with the services they require. In this respect, the Company gathers information from clients and may, in certain circumstances, gather information from banks and/or credit agencies, and/or clearing agencies and/or other sources which will help the Company to construct the clients’ profile based on their requirements and preferences in order to provide its services effectively.
Personal data collected bit is not limited to:
- Personal details such as first name, last name, nationality, date of birth, postal address, telephone number, fax and email address;
- Identity Verification Documents such as passport and ID, utility bills and/or bank statements or your company incorporation certificates/details;
- Family and Professional details such as information on your marital status, education, profession, employer name, knowledge in forex industry and risks;
- Financial detailssuch as annual income, net worth, source of funds, anticipated account turnover, bank account, IBAN number SWIFT/BIC number, bank statements, payment card details and copies, E-wallet information;
- Tax details such as country of tax residence and tax identification number;
- If you are a corporate client we are required to collect additional information such as corporate documents of address, shareholders, directors, officers including additional personal information on the Shareholders and Directors;
We may also collect your information in regard to your use of our Website and may store this information with your personal profile. This information may include site area visited, pages viewed, frequency, duration of visit and trading activities.
We need to collect your personal data as part of statutory obligations or as part of the contractual arrangements we have with you. If you fail to provide that data when requested, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.
Usage of personal information
HTFX (EU) LTD processes your Personal Data for one or more of the following purposes:
Performance of a contract
The processing of your personal data is necessary in order to provide our services and products, as well as information regarding our products and services based on the contractual relationship with you but also to be able to complete our acceptance procedure so as to enter into a business relationship with prospective customers. The purpose of processing personal data depends on whether the customer is a natural or legal entity, depends on the classification/ categorisation of the client (i.e. retail, professional) and to the requirements for each service.
Compliance with a legal obligation
There are a number of legal obligations imposed by relevant laws to which we are subject, as well as specific statutory requirements. There are also various supervisory authorities whose laws and regulations apply to us. Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, payment processing, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
These obligations apply at various times, including client on-boarding/acceptance, payments and systemic checks for risk management.
For the purposes of safeguarding legitimate interests
The processing of your personal data is necessary for the purposes of the legitimate interests pursued by HTFX (EU) LTD, where those interests do not infringe your interests, fundamental rights and freedoms. These legitimate interests include business or commercial interests and examples of relevant processing activities include: preparing our defence in litigation procedures; preventing fraud and money laundering activities; managing business and further developing and marketing of products and services; means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures.
The Company may use client data, such as location or trading history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. If you do not want to receive information of this nature for any reason, they can contact the Company at the following address: email@example.com
Protection of personal information
Any personal information provided by the client to the Company will be treated as confidential and shared only within the Company and its affiliates and will not be disclosed to any third party except under any regulatory or legal proceedings. In case such disclosure is required to be made by law or any regulatory authority, it will be made on a ‘need-to-know’ basis, unless otherwise instructed by the regulatory authority. Under such circumstances, the Company shall expressly inform the third party regarding the confidential nature of the information.
Retention of Personal Information
The Company will, as required by Law, retain your Personal Data on record for a period of at least five (5) years, which is calculated after the execution of the transactions or the termination of the business relationship or in case of termination of our business relationship.
When we no longer need personal data, we securely delete or destroy it.
Disclosure of your personal data
In the course of the performance of our contractual and statutory obligations and for legitimate business purposes, your personal data may be disclosed to various departments within the Company but also to other companies of the Group. Various service providers and suppliers may also receive your personal data so that we may perform our obligations.
The Company may be required to provide your personal data to Cyprus Securities and Exchange Commission and other regulatory and government bodies in Cyprus and other countries as may be required by law from time to time.
Based on the above the Company may disclose your personal information to the following:
- Service providers, for business purposes, including third parties such as IT and system administration and professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- Any authority to whom the Company is required to disclose such information be law;
- Payment service providers;
- Our group companies and affiliates; and
- anyone authorised by you.
All third parties with which the Company shares personal information are required to protect such personal information in accordance with all relevant legislation and in a manner similar to the way the Company protects the same. The Company will not share personal information with third parties which it considers will not provide its clients the required level of protection.
In cases where clients have been introduced by a Business Introducer, such Business Introducer may have access to clients’ information. Hence, clients hereby consent to the sharing of information with such Business Introducer.
From time to time the Company may contact clients whether by phone or email for the purpose of offering them further information about the Company’s contract for differences trading. In addition, the Company may, on occasion, seek to contact clients, whether by phone or by email, for the purpose of informing them of unique promotional offerings provided by the Company for the client. Clients consent to the receipt of such contact when they consent to our terms and conditions of use when registering with the Company. Any person wishing to opt out of further contact with the Company at any time whatsoever is entitled to do so, simply by contacting the Company whether by phone or email and requesting that no further contact on behalf of the Company be made.
Monitoring and Recording
The Company will, as required by Law, monitor and record any communication you have with us whether in writing, by phone or by electronic email.
HTFX (EU) LTD does not provide any services to children, nor processes any personal data in relation to children, where ‘children’ are individuals who are under the age of eighteen (18).
The rights that might be available to you in relation to the personal information we hold about you are outlined below:
Information and access: The right to request access to, or copies of the personal information that we hold about you, together with information regarding the processing of those personal data.
Rectification: The right to request rectification of any inaccurate personal data concerning you.
Request erasure: The right to request to delete or remove personal data where there is no good reason for us continuing to process it. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Objection: The right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on a legitimate interest pursued by the Company. We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedom or for the establishment, exercise or defence of legal claims. You also have the right to object where your personal data are processed for direct marketing purposes and we shall stop the processing of your personal data for such purposes.
Data portability: The right to have your personal data transferred to another controller, to the extent applicable
Processing restrictions: The right to request restriction to the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. It will not stop us from storing your personal information. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your personal information to others, we will inform about the restriction if possible. If you ask us, if possible and lawful to do so, we will also tell you with whom we have shared your personal information so that you can contact them directly.
In order to exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us at the following address: firstname.lastname@example.org. If you feel that your concerns have not been adequately addressed by us, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus. You can find information about submitting a complaint on their website (http://www.dataprotection.gov.cy).
Automated decision-making and profiling
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you for data assessments (including on payment transactions) which are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.
Transfers outside of the European Economic Area
As a general rule, the client data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA. When you give us your personal data, you agree to us doing this. This exception applies to the transfer of client data when it is required by law, e.g. reporting obligation under tax law and other tax treaties. (FATCA and CRS)
Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
Upon request, the client may receive further details on client data transfers to countries outside the EU/EEA.
Other related information
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device.
Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features in an attempt to prevent unauthorised access.
When you email the Company (via the “Contact Us” page), a person may be requested to provide some additional personal data, like their name or email address. Such data will be used to respond to their query and verify their identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.
Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by sending an email to email@example.com . You also have the right to complain to the Office of the Commissioner for Personal Data Protection in Cyprus. Instructions as to how to submit a complaint can be found in their website: www.dataprotection.gov.cy .