Privacy Policy

1. Introduction

As part of our daily business operations we need to collect personal information from our clients and prospective clients in order to provide them with our products and services and ensure that we can meet their needs when providing these products and services as well as when providing them with respective information.

Your privacy is of utmost importance to us and it is our policy to safeguard and respect the confidentiality of information and the privacy of individuals. This Privacy Policy sets out how Trading Point collects, uses and manages your personal information we receive from you or a third party in connection with our provision of services to you or which we collect from your use of our services and/or our website (e.g., your full name, mailing address, identification number, passports, driver’s license etc., henceforth “personal data”). The Privacy Policy also informs you of your rights with respect to the processing of your personal data.

Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Policy.

Please note that if you are a contractor to the Company or a third-party service provider, your personal information will be used in connection with your contractual relationship.

This Privacy Policy applies to the processing activities performed by the Company to the personal data of its clients, former clients, potential clients, contractors, third party service providers and website visitors (hereinafter collectively referred to as “Data Subjects”). This Privacy Policy does not apply to websites operated by any other organisations or other third parties.

2. Safeguarding the confidentiality of your personal information and protecting your privacy

The Company respects the privacy of Data Subjects and it is therefore committed to taking all reasonable steps to safeguard their personal data and to process the same in accordance with the GDPR and all other relevant applicable Cyprus and EU law (collectively referred to as “Applicable DP Laws”).

We have the necessary and appropriate technical and organisational measures and procedures in place to ensure that your information remains secure at all times. We regularly train and raise awareness to all of our employees on the importance of maintaining, safeguarding and respecting your personal information and privacy. We regard breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal from employment of any employees breaching such privacy. We have also a Data Protection Officer (who is a staff member of an associated XM Group entity) to ensure that our Company manages/processes your personal information in compliance with Applicable DP Laws and in accordance with this Privacy Policy.

The personal information you provide us with when registering yourself as a user of the Company’s site(s) or of its services is classified as registered information, which is protected in several different ways. You can access your registered information after logging into the Members Area by entering a username and a password that you select.  It is your responsibility to make sure that your password is only known to you and not disclosed to anyone else. Registered information is securely stored in a safe location and only authorised personnel have access to it via a username and a password. All personal information is transferred to the Company over a secure 128-bit SSL connection and thus all reasonable measures are taken to prevent unauthorised parties from viewing any such information. Personal information provided to the Company that does not classify as registered information is also kept in a safe place and accessible by authorised personnel only via a username and a password.

Transmission of information via the internet is not always completely secure but the Company tries to protect your personal data by taking significant precautions. Once we have received your information, we will apply procedures and security features to try to prevent unauthorised access.

3. Collection of Information

In order to establish a business relationship with us, you must first complete and submit an application form (i.e., Suitability Questionnaire) along with the required information. By completing this application form, you are requested to disclose personal data in order to enable the Company to assess your application and comply with the relevant laws and pertinent regulations. The information you provide may also be used by the Company to inform you regarding its services, in response to specific requests from you.

The information that we may collect regarding:

a)  physical persons opening or maintaining an individual account;
b)  physical persons opening or managing a corporate account on behalf of a legal entity (i.e. “authorised persons/signatories”); and
c)  physical persons who effectively direct the legal entity that wishes to open or maintains a corporate account (i.e., directors) and the legal entity’s shareholders;

during the account opening procedure or throughout our business relationship, includes:

  • full name, residential address and contact details (e.g., email address, telephone number, fax etc.);
  • date of birth, place of birth, gender, citizenship;
  • identification and verification information which includes information necessary to verify your identity (e.g., identity number, passport number, driver’s licence, etc.) and background information we receive about you from public records or from other entities not affiliated with us;
  • other verifiable information such as social security and tax registration numbers;
  • information about your income and wealth, including details about your and source of funds, assets and liabilities, bank account information, trading statements, FATCA and CRS information and financial statements;
  • account balances, trading activity, your inquiries and our responses;
  • information on whether you hold a prominent public function (PEP);
  • profession and employment details;
  • authentication data (e.g., signature);
  • location data;
  • trading performance, knowledge and experience;
  • any other information customarily used to identify you and about your trading experience which is relevant to us providing our services to you.

We obtain this information in a number of ways through your use of our services including through our website, the Account Opening Application, when you deposit and withdraw funds and from information provided in the course of the ongoing communication between us. We may also collect this information about you from third parties such as your payment service providers and through publicly available sources.

We also keep records of your trading behaviour, including records regarding:

  • products you trade with us and their performance;
  • historical data about the trades and investments you have made including the amount invested;
  • your preference for certain types of products and services.

If you choose not to provide the necessary information we need to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service.

We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our business relationship with you. These recordings will be our sole property and will constitute evidence of the communications between us. Further, if you visit any of our offices or premises, we may have CCTV which will record your image.

4.  Lawful basis for processing your personal information and purposes

We may process your personal data on the following bases and for the following purposes:

a)  Performance of a contract
We process personal data in order to provide our services and products, as well as information regarding our products and services based on the contractual relationship with our clients (i.e., so as to perform our contractual obligations). In addition, processing of personal data takes place to be able to complete our client on-boarding/acceptance procedures.

In view of the above, we need to verify your identity in order to accept you as our client and we will need to use those details in order to effectively monitor your trading account with us.  This may include third parties carrying out credit or identity checks on our behalf.  The use of your personal information is necessary for us to know who you are as we have a legal obligation to comply with ‘Know Your Customer’ and customer due diligence’ regulatory obligations.

b)  Compliance with a legal obligation
There are a number of legal obligations imposed by relevant laws to which we are subject as well as specific statutory requirements (e.g., anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws). There are also various supervisory authorities whose laws and regulations apply to us.  Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, payment processing, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.

These obligations apply at various times, including client on-boarding/acceptance, payments and systemic checks for risk management.

c)  For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Despite that, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

  • initiating legal claims and preparing our defence in litigation procedures;
  • means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures;
  • recording telephone calls and setting up CCTV systems (e.g., at our premises for security reasons);
  • measures to manage business and for further developing products and services;
  • sharing your personal data within the XM Group for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework;
  • risk management.

d)  You have provided your consent
Our storage and use of your personal data is based on your consent (other than for the reasons described or implied in this policy when your consent is not required). You may revoke consent at any time; however, any processing of personal data prior to the receipt of your revocation will not be affected.

e)  To assess the suitability of our services/products for the Clients

f)  To provide you with products and services, or information about our products and services, and to review your ongoing needs
Once you successfully open an account with us we will need to use your personal information to perform our services and comply with our obligations to you. It is also in our legitimate interests to try to ensure that we are providing the best products and services, so we may periodically review your needs based on our assessment of your personal information to try to ensure that you are getting the benefit of the best possible products and services from us.

g)  To investigate or settle enquiries or disputes
We may need to use personal information collected from you to investigate issues or to settle disputes with you because it is in our legitimate interests to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.

h)  To comply with applicable laws, court orders, other judicial process, or the requirements of any applicable regulatory authorities
We may need to use your personal information to comply with any applicable laws and regulations, court orders or other judicial process, or the requirements of any applicable regulatory authority.  We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.

i)  Data analysis
Our website and e-mails may contain web beacons or pixel tags or any other similar type of data analysis tools which allow us to track receipt of correspondence and to count the number of users that have visited our website or opened our correspondence. We may aggregate your personal information (such as trading history) with the personal information of our other clients on an anonymous basis (that is, with your personal identifiers removed) so that more rigorous statistical analysis of general patterns may lead to us providing better products and services.

If your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. If your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.

j)  Internal business purposes and record keeping
We may need to process your personal information for internal business and research purposes as well as for record keeping purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal obligations.  This may include any communications that we have with you in relation to the services and products we provide to you and our relationship with you.   We will also keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you.

k)  Legal Notifications
Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal information to send you these legal notifications.  You will continue to receive this information from us even if you choose not to receive direct marketing information from us.

l)  Corporate restructuring
If we undergo a corporate re-structuring or part or all of our business is acquired by a third party, we may need or choose to use your personal information in association with that re-structuring or acquisition.  Such use may involve sharing your information as part of a due diligence enquiries or disclosures pursuant to legal agreements. It is our legitimate interest to use your information in this way, provided we comply with any legal obligation we have to you.

m)  Physical Security
If you enter any of our premises we may record your image on our CCTV for security reasons.  We may also take your details to keep a record of who has entered our premises on any given day.  It is in our legitimate interest to do this to maintain a safe and secure working environment.

5)  Disclosure of your personal information

The Company will not disclose any of its clients’ confidential information to a third party, except: (a) to the extent that it is required to do so pursuant to any applicable laws, rules or regulations; (b) if there is a duty to disclose; (c) if our legitimate business interests require disclosure; or (d) at your request or with your consent or to Persons described in this policy. The Company will endeavour to make such disclosures on a ‘need-to-know’ basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third party regarding the confidential nature of any such information.

As part of using your personal data for the purposes set out above, the Company may disclose your personal information to the following:

  • any members of the XM Group, which means that any of our ultimate holding companies and their respective subsidiaries may receive such information;
  • our associates and service providers, for business purposes, including third parties such as business service providers and specialist advisers who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, research or other services;
  • business parties, credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law; and
  • anyone authorised by you.

If the Company discloses your personal information to business parties, such as card or other payment processing companies or banks, in order to perform the services requested by clients, such third parties may store your information in order to comply with their legal and other obligations.

Generally, we require that organisations outside the XM Group who handle or obtain personal information to acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with the all relevant data protection laws and this Privacy Policy. Third party service providers such as credit referencing agencies (if and when applicable) may keep a record of any searches performed on our behalf and may use the search details to assist other companies in performing their searches. Please note that the use of your personal information by external third parties who act as data controllers of your personal information is not covered by this Privacy Policy and is not subject to our privacy standards and procedures.

Clients accept and consent that the Company may, from time to time, analyse the data collected while visiting our website or by other means for statistical purposes in order to improve the Company’s business activities.

6)  Data Transfers

If we transfer your personal information outside the European Economic Area (EEA) to other XM Group companies as well as service providers (i.e., processors) who are engaged on our behalf, we will ensure that the transfer is lawful and that processors in third countries are obliged to comply with the European data protection laws or other countries’ laws which are comparable and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46. If we make transfers to processors in the USA, we may in some cases rely on applicable standard contractual clauses, binding corporate rules, the EU-US Privacy Shield or any other equivalent applicable arrangements and provided always that the necessary notifications have been made to and/or the necessary authorisations or approvals have been obtained by the relevant supervisory authority, if applicable.

In view of the above, your personal information may be processed by staff in the XM Group operating outside the EEA who work for us, another XM Group entity or for one of our service providers. Such staff may be, among others, engaged in the fulfilment of your requests, the execution of your instructions and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing. The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

7)  Information collected from your use of our services

Tracking systems used on the Company’s website may collect your personal data in order to optimise the services provided to you. The website collects information in the following ways:

  • Device information
  • By recognizing your device used to access and use the Company’s website, we can provide you with the most appropriate version of our website.
  • Log information
  • Logging certain behaviors on the website enables the company to track user action and therefore troubleshoot any issues that may occur.
  • Location information
  • Using your IP address helps us localize our website content, which we provide to you based on your country, and improve your user experience on our site(s).
  • Cookies

Cookies are text files with a small amount of data sent from our website to your browser and stored on your computer’s hard drive. Cookies help us improve the performance of our website(s) and our website visitors’ experience, track your referrer (if any) and improve our future advertising campaigns.

8)  Cookies

Internet cookies are small pieces of data sent from our website(s) to your browser and stored on your computer’s hard drive when using our website(s), and they may include a unique identification number. The purpose of collecting this information is to provide you with a more relevant and effective experience on our website(s), including the presentation of our web pages according to your needs or preferences.

Cookies are frequently used on many websites on the internet, and you can choose if and how a cookie will be accepted by changing your preferences and options in your browser. You may not be able to access some parts of our website(s) if you choose to disable the cookie acceptance in your browser, particularly in the Company’s Members Area and other secure parts of our website(s). We therefore recommend that you enable cookie acceptance in order to benefit from all our online services.

Furthermore, we use cookies for re-marketing features in order to allow us to reach out to users who have previously visited our website(s) and have shown an interest in our products and services. Periodically, we may use third party vendors, such as Google and AdRoll, to display our ads over the internet to you, based on your previous use of our website. You can opt out this particular use of cookies at any time by visiting Google’s Ads Settings page and the DoubleClick opt-out page (or as they later update those facilities).

The Company uses session ID cookies and persistent cookies. A session ID cookie expires after a set amount of time or when the browser window is closed. A persistent cookie remains on your hard drive for an extended time period. You can remove persistent cookies by following directions provided in your web browser’s ‘Help’ file.

For further details about our Cookie policy and how our cookies work, please read our Cookies Policy.

9)  How we obtain your consent

If our use of your personal information requires your consent, such consent will be provided in accordance with the express written terms which govern our business relationship, or any other contract we may have entered into with you or as set out in our communication with you from time to time.
If we rely on your consent as our legal basis for holding and processing your personal information, you have the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Policy.

10)  Storage of your personal information and retention period

Safeguarding the privacy of your information is of utmost importance to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in a combination of secure computer storage facilities and paper-based files and other records and we take the necessary measures to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.

When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a further period of time (after you cease being our client). For example, we are subject to certain anti-money laundering laws which require us to retain the following, for a period of 5 years after our business relationship with you has ended:

  • a copy of the documents we used in order to comply with our customer due diligence obligations;
  • supporting evidence and records of transactions with you and your relationship with us

Also, the personal information we hold in the form of a recorded communication, by telephone, electronically, in person or otherwise, will be held in line with local regulatory requirements or longer if you have legitimate interests (such as handling a dispute with you).

We may keep your data for longer than the aforementioned retention periods if we cannot delete it for legal, regulatory or other lawful grounds.

11)  Your rights regarding your personal information

The rights that might be available to you in relation to the personal information we hold about you are outlined below.

Information and Access
If you ask us, we will confirm whether we are processing your personal information and, if so, what information we process and, if requested, provide you with a copy of that personal information (along with certain other details) within a maximum period of thirty (30) days from the date of your request. If you require additional copies, we may need to charge a reasonable administration fee.

Rectification
It is an important to us that your personal information is up to date. We will take all reasonable steps to make sure that your personal information remains accurate, complete and up-to-date. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal information to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.

You may inform us at any time that your personal details have changed by e-mailing us at support@trading-point.com. The Company will change your personal information in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof, i.e. personal information that we are required to keep for regulatory or other legal purposes.

Erasure
You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it or you withdraw your consent (if applicable) provided that we have no legal obligation to retain that data. Such request will be subject to any retention limits we are required to comply with in accordance with applicable laws and regulations and subject to section ‘Storage of Your Personal Information and Retention Period’. If we have disclosed your personal information to others, we will let them know about the erasure where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.

Processing restrictions
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. It will not stop us from storing your personal information. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your personal information to others, we will inform about the restriction if possible. If you ask us, if possible and lawful to do so, we will also tell you with whom we have shared your personal information so that you can contact them directly.

Data Portability
Under the General Data Protection Regulation (679/2016), you have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.

Objection
You can ask us to stop processing your personal information, and we will do so, if we are:

  • relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
  • processing your personal information for direct marketing; or
  • processing your personal information for research unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest (such as by a regulatory or enforcement agency).

Automated decision-making and profiling
If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our services or products with you, if we agree to such request (i.e., end our relationship with you).

12)  Choice to opt-out

If you do not want us to use your personal information, you must inform the Company by sending an email to dpo@trading-point.com. If you decide to do so, we may not be able to continue to provide information, services and/or products requested by you and we will have no liability to you in this respect.

13)  Data Protection Officer

Our Data Protection Officer’s contact details are:
Email Address: dpo@trading-point.com
Address: 12 Richard & Verengaria Street, Araouzos Castle Court, 3042 Limassol, Cyprus

14)  Legal Disclaimer

The Company reserves the right to disclose your personally identifiable information as required by rules and regulations and when the Company believes that disclosure is necessary to protect our rights and/or to comply with any judicial and/or other proceedings, court order, legal process served or pursuant to governmental, intergovernmental and/or other regulatory bodies. The Company shall not be liable for misuse or loss of personal information and/or otherwise on the Company’s website(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorised use of your personal information due to misuse or misplacement of your passwords, negligent or malicious intervention and/or otherwise from your end.

15)  Changes in this Privacy Policy

Our Privacy Policy is reviewed from time to time to take into account new laws and technologies, changes to our operations and practices, and to ensure that it remains appropriate to the changing environment.

If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

16)  If You Have a Complaint

If you have a concern about any aspect of our privacy practices, you can submit a complaint. This will be acted upon promptly. To make a complaint, please contact us via email at complaints@trading-point.com.

If you are not satisfied with our response to your complaint, you have the right to submit a complaint with our supervisory authority, the Office of the Commissioner for Personal Data Protection (the “Commissioner”). You can find details about how to do this on the Commissioner’s website at http://www.dataprotection.gov.cy or by calling them on +357 22818456.

17)  How to Contact Us

If you have any enquiries regarding this Privacy Policy, please e-mail us at tpam@trading.com support@trading-point.com or at or at dpo@trading-point.com.