For the purpose of GDPR and the Data Processing Law, Guaranteed Trading Limited is the data controller.
The collection of personal information
The Company collects the necessary information required to open a client’s trading account, perform transactions and safeguard the clients’ assets and privacy and to provide clients with the services they require. In this respect, the Company may ask clients in certain circumstances, to gather information from banks and/or credit agencies, and/or clearing agencies and/or other sources which will help the Company to construct the clients’ profile based on their requirements and preferences in order to provide its services effectively. The Company may collect customer’s credit card data where is necessary to offer the services the customer opted for. In accordance with the recommendations of Payment Card Industry Security Standards Council, customer card details – are protected using Transport Layer encryption – TLS 1.2 and application layer with algorithm AES and key length 256 bit.
The information the Company collects includes information required to communicate with and identify its clients. The Company may also collect certain demographic information, including, birth date, education, occupation, etc. The Company also assesses trading related information.
The Company also collects Non-Personal Information, meaning the information which does not allow us to identify the end-user.
The other type of information that we collect is the Personal Information and this allows us to identify the end-user:
- Identifying documents- documents that we request from you for the proof of identity and your residency. Such information is collected in order to perform transactions through the services provided by the Company.
- Registration information- to provide you with our services, at the registration stage, we ask you to provide us with your name, e-mail, telephone number.
- Voluntary information- when using our services such as customer support or any other means of communication with us we collect the information that you voluntarily provide about yourself.
- Device data- this is the information that we collect from your device and that includes your IP address, unique identifiers and other information that relates to your activity while using the services of the Company.
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you as per the requirements of the Cyprus Securities Exchange Commission (the “CySEC”) and/or the compliance obligations of the Company. These recordings will be Company’s sole property and will constitute evidence of the communications between the Company and you. Such telephone conversations may only be recorded with the use of a warning tone or with any other further notice with which the Company will notify you about the legal reason it has for such processing and will further ask for your consent.
Use of personal information
The Company uses clients’ personal information only as required to provide quality service and security to its clients. This information helps the Company to improve its services, customize browsing experience and enables it to inform its clients of additional products, services or promotions relevant to clients provided that the clients’ have consented to the usage of this data for such purposes.
It shall be noted that the Company may anonymize or de-identify the collected information which, on its own, cannot personally identify you. In addition, the combination of Personal and non-Personal information is considered as Personal information and will be treated so while remaining combined.
The clients’ personal data will be kept to the Company’s records during our contractual relationship with the Client and after the termination of our contractual relationship, for 5 (five) years as per the requirements of CySEC and 7 (seven) years for taxation purposes in order to be able to provide to you the best of our services but also to comply with our legal obligations.
Protection of personal information
Any personal information provided by the client to the Company will be treated as confidential and shared only within the Company and its affiliates and will not be disclosed to any third party except under any regulatory or legal proceedings. In case such disclosure is required to be made by law or any regulatory authority, it will be made on a ‘need-to-know’ basis, unless otherwise instructed by the regulatory authority. Under such circumstances, the Company shall expressly inform the third party regarding the confidential nature of the information.
Affiliates and Partners
The Company may share information with affiliates in the event such information is reasonably required by such affiliate in order to provide the products or services to its clients. The Company may share information with partners, affiliates and associates in order to offer additional similar products and services that meet clients’ needs and which are delivered in a manner that is useful and relevant only where clients have authorized the Company to do so.
Non-affiliated third parties
The Company does not sell, license, lease or otherwise disclose clients’ personal information to third parties, except as described in this Privacy and Data Protection Policy.
The Company reserves the right to disclose personal information to third parties where such disclosure is required by the Law and/or a regulatory or any other government authority. The Company may also disclose information as necessary to credit reporting or collection agencies as reasonably required in order to provide the services to its clients.
In addition, the Company may engage third parties to help carry out certain internal functions such as account processing, fulfillment, client service, client satisfaction surveys or other data collection activities relevant to its business. Use of the shared information is strictly limited to the performance of the above and is not permitted for any other purpose. All third parties with which the Company shares personal information are required to protect such personal information in accordance with provisions of the GDPR and the Data Processing Legislation and in a manner similar to the way the Company protects the same. The Company will not share personal information with third parties which it considers will not provide its clients the required level of protection.
As part of using your personal information for the purposes set out above, non-affiliated third parties are:
- service providers and specialist advisers who have been contracted to provide us with services such as administrative, IT, analytics and online marketing optimization, financial, regulatory, compliance, insurance, research and/or other services,
- payment service providers and banks processing your transactions;
- auditors or contractors or other auditing advisors assisting with or advising on any of our business purposes.
From time to time the Company may contact clients whether by phone or email for the purpose of offering them further information about the Company and financial market trading.
The Company uses all possible means to respect and protect its clients’ privacy. At any time, the client may contact the Company and request:
- Right to access, request copy, correct or delete any Personal Information that the Company collected, and which was subject to processing but also the ways with which this data was obtained, the reason for processing, what data categories were processed and the basis of the automated processing system.
- Right to restrict processing: You have the right to request the restriction or suppression of your personal data. The Company for the purpose of complying with the applicable Laws and Regulations, as described above, may store the personal data for a certain time period but will not use it.
- Right to object: You have the right to object to the processing of your personal data. The Company may be able to continue processing to comply with Laws and Regulations.
- Right to withdraw consent: Where we have obtained your consent to process your personal data you may withdraw this consent at any time. In this case, the Company will be forced to terminate its relationship with you within 10 days.
- Right of erasure: You have the right to request erasure of your personal data. It shall be noted that the Company may refuse to satisfy your request as under any other legal obligations that the Company is subject to, we may be required to keep the information that you provide to us.
- Right for data portability allows you to obtain and reuse your personal data for your own purposes across different services. The Company shall provide such information to you free of charge however, in case of abuse of such right we may charge you a reasonable fee in proportion with your request.
In case you disagree with the way we handle your Personal Data and/or you want to exercise any of your rights above, please contact the Company’s Data Protection Officer and we shall reply to you within 14 calendar days. In case you have unresolved concerns you have the right to complain to the data protection authority.
If you have already accepted to receive any Promotions and Benefits, according to the Terms and Conditions, offered by the Company, you have the right to withdraw this acceptance.
The Company may, based exclusively on each client’s consent, seek to contact clients, whether by phone or by email, for the purpose of informing them of unique promotional offerings provided by the Company for the client.
Any person wishing to withdraw their consent and stop any further contact with the Company at any time whatsoever is entitled to do so through the means to decline receiving such promotional offers from use, available within such promotional material. In case you unsubscribe and/or withdraw your consent the Company will remove your contact details from its marketing distribution list.
Restriction of responsibility
Use of “COOKIES”
- “persistent cookies”- only read by our website, are stored on your devise for a fixed time period and are not deleted when the browser is closed. We use these cookies to know who you are for your next visits allowing us to know your preferences the next time you log-in.
- “session cookies”- these are only stored while the browsing session lasts enabling the normal use of the system and are deleted when the browser is closed.
Please note that you may remove the cookies following your browser settings however, disabling of cookies may limit your online experience as well as the functionality of some of the features for the services we provide may be low.
To use our services a person must be above the age of 18. As per provisions of the GDPR and the Data Processing Law, a minor shall be considered a person below the age of 16 years unless otherwise advised by the Data Processing Law.
The Company reserves the right to access and verify any Personal Data collected and discard any such data in case that the person who shared it with us is a minor. Please contact us at firstname.lastname@example.org in case you have any grounds to believe that a minor has shared any Personal Data with us.
If you have any enquiries regarding the Company’s Privacy and Data protection Policy please email the Company’s Data Protection Officer at email@example.com
The Company shall try to respond to all requests within 14 calendar days. Please note that it may take us longer than 14 calendar days if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 14 (fourteen) calendar days of the receipt of your request and keep you updated.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Cyprus’ Data Protection Authority.