Risk warning: Trading CFDs and FX carries significant risk and is not suitable for everyone. You have no ownership of the underlying asset. Pepperstone Financial Services (DIFC) Limited is regulated by the DFSA. Arranging for Pepperstone Group Limited, AFSL 414530, the product issuer.

PERSONALPARTNERSGROUPPROFESSIONAL
ABOUT USHELP & SUPPORT

Privacy Policy

Homepage/Privacy Policy/

Ready to trade?

It's quick and easy to get started. Apply in minutes with our simple application process.

Pepperstone Financial Services (DIFC) Limited


DIFC CL: 3460

DFSA No: F004356

Version: 2.0

Review: Annual

Date: October 2020



Pepperstone Financial Services (DIFC) Limited is registered in the Dubai International Financial Centre under No: CL3460 and is regulated by Dubai Financial Services Authority under No: F004356


1. Introduction

Your privacy is very important to us. We are committed to protecting and respecting your personal data, ensuring that when you choose us to use our services, you know what data we collect about you and how we use and protect that personal data. This Privacy Policy describes the types of personal data we collect about you when you choose to use our services, how we will use your personal data and how we will keep it safe. Please take the time to carefully read and understand our Privacy Policy.

2. Who we are

2.1 Pepperstone Financial Services (DIFC) Limited is a limited company with company number 3460, whose registered office is at Al Fattan Currency House, Office 1502 A, Level 15, Tower 2, P. O. Box 482087, DIFC – Dubai, United Arab Emirates. Pepperstone Financial Services (DIFC) Limited is part of the Pepperstone group of companies which includes Pepperstone Group Limited. Both companies are separate data controllers but are collectively referred to in this Privacy Policy as “Pepperstone”, “we” or “our” or “us”.

2.2 We are an online trading platform which assists retail and institutional investors to trade in the margin foreign exchange market (“Forex”) and other derivative instruments. Our online trading platforms operate through the www.pepperstone.com/ae website (our “Website”) and the Pepperstone mobile applications (the “Apps”).

2.3 “Client”, “you” or “your” means an individual who’s the subject of the personal data that we process as a data controller.

2.4 We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

Attn: Data Protection Officer

Pepperstone Financial Services (DIFC) Limited

Al Fattan Currency House,

Office 1502 A, Level 15, Tower 2,

P. O. Box 482087

DIFC – Dubai

United Arab Emirates

Email: compliance.ae@pepperstone.com

Toll Free Number: +971 4 573 4100

You have the right to make a complaint at any time to the DIFC data protection commissioner (“DP Commissioner”), the DIFC supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the DP Commissioner so please contact us in the first instance.

3. Scope of this Privacy Policy

3.1 This Privacy Policy (together with our Terms and Conditions and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Privacy Policy also sets out how you can instruct us if you prefer to limit the use of your personal data and the procedures that we have in place to safeguard your privacy.

3.2 For the purpose of this Privacy Policy, Data Protection Legislation means: (i) DIFC Data Protection Law, being Law No. 5 of 2020. For the purpose of the Data Protection Legislation, the data controllers are Pepperstone Financial Services (DIFC) Limited and Pepperstone Group Limited.

3.3 By using our Website or our Apps, registering with us or submitting information to us you signify that you have read and understood our collection, use and disclosure of your personal data in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, you must not use our Website and our Apps, access our services or submit information to us.

4. Data We May Collect (or Receive) About You

4.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

4.2 The personal data we collect (or receive) about you may include your:

(a) name and address;

(b) e-mail address;

(c) username, password;

(d) IP address;

(e) phone numbers (which could be your home, work or mobile numbers);

(f) credit card details;

(g) source of wealth;

(h) occupation;

(i) bank account details, including institution name, branch, account name, bank identifier;

(j) bank account number or IBAN; or

(k) trading experience information, , including your understanding of relevant risks and ability to withstand financial loss.

4.3 We are required by law to identify you if you are opening a new account or adding a new signatory to an existing account. Anti-money laundering laws require us to sight and record details of certain documents (i.e. photographic and non-photographic documents) in order to meet the standards,set under those laws. Identification documentation, as required under anti-money laundering laws or other legislation relevant to the services we provide to you, includes:

(a) passport;

(b) driver’s licence;

(c) national identity card (if applicable);

(d) utility bills;

(e) trust deed;

(f) a credit check on the individual;

(g)information relating to your source of wealth; or

(h) other information we consider necessary to our functions and activities.

4.4 Where it’s necessary to do so, wealso collect data regarding the following individuals:

(a) trustees;

(b) partners;

(c) shareholders;

(d) beneficial owners;

(e) company directors and officers;

(f) officers of co-operatives and associations;

(g) client agents; or

(h) individuals dealing with us on a “one-off” basis.

4.5 You have the option of not identifying yourself, or of using a pseudonym, when dealing with us in relation to a particular matter. However, we can only provide you with this option when it is not impracticable for us to do so and when no law requires identification. If you fail to provide information that we request which is mandatory, we may not be able to proceed with your request. This will include any information required for legal purposes or information that we require to start a business relationship with you. All mandatory questions will be marked.

5. How we collect your personal data

5.1 We may collect (or receive) and process your personal data when:

(a) you contact us, whether through our Website, our Apps or otherwise (for example, via our online form, by e-mail, post, fax or phone), as we may keep a record of that correspondence. For example, if you submit a complaint, report a problem with our services or our Website or our Apps or otherwise liaise with our sales, technical support or any other department in our company. This includes information provided by you when you update your trading account such as your name, e-mail, country, password, etc;

(b) we ask you to complete surveys that we use for research purposes, although you don’t have to respond to them;

(c) you use and interact with our Website or our Apps including your device’s manufacturer and model, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, web browser, platform, mobile carrier, and your ISP. We may collect details of your visits to our Website or our Apps (including, but not limited to, traffic data, location data, weblogs and other communication data). We do this via email and website cookies, and similar tracking technology built into our Websites and Apps. We make cookie policies available on each of our Websites and Apps to give you more detailed information on how we use them;

(d) you use your trading account to login to and use our platform technology and other features and functionalities;

(e) you use the online trading products we provide to you. Under no circumstances are these details disclosed to any third parties other than those who need to know this information in the context of the services we provide; or

(f) you use social media, including “like” buttons and similar functions made available by social media platforms.

6. How We May Use Your Personal Data

We may process your personal data for one or more lawful bases of processing as provided in the Data Protection Legislation (“Lawful Basis”) depending on the specific purpose for which we are using your data (see below). We may process your personal data for the purpose of:

(a) dealing with your inquiries and requests, including contacting you where necessary. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract;

(b) notifying you about important changes or developments to our Website, our Apps or to our products or services (e.g. changes of features or enhancements). Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract;

(c) carrying out our obligations arising from any contracts connected to you. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract;

(d) providing and personalising our services, enhancing client experience and tailoring our services to you. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(e) providing you access to all parts or features of our Website, our Apps or our services. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller

(f) where applicable, processing your payments. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract;

(g) administering your registration and/or membership and other trading accounts records Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract;

(h) market research, analysis and creating statistics. Lawful Basis: a Data Subject has given consent to the Processing of that Personal Data for specific purposes or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(i) sending you marketing communications, for instance, to contact you from time to time regarding things you have told us you want to hear about, such as new products, special offers, competitions and sponsored events. If you use our Apps, we may use push notifications to highlight when we have added new offers and promotions that may be of interest to you. Lawful Basis: a Data Subject has given consent to the Processing of that Personal Data for specific purposes or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(j) preventing, detecting and investigating potentially prohibited or illegal activities, and enforcing our Terms and Conditions of Service. Lawful Basis: Processing is necessary for compliance with Applicable Law that a Controller is subject to or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(k) improving and developing our Website, our Apps or our products and services, as well as collecting feedback from you about our Websites, our Apps, and other activities. For example:

(i) we may need to gauge whether a new product, website feature or App is likely to appeal to a large proportion of our client base. If not, we will want to know why; or

(ii) occasionally we may invite you to review a website or App. If we do, it is possible that we will use independent research and feedback providers to act on our behalf. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract, or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(l) ensuring that content from our Website is presented in the most effective manner for you and for your computer or mobile device. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract, or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(m) ensuring we have adequate security measures and services so you can safely access our Website and our Apps. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller, or Processing is necessary for compliance with Applicable Law that a Controller is subject to;

(n) complying with all the applicable laws and regulations. Lawful Basis: Processing is necessary for compliance with Applicable Law that a Controller is subject to;

(o) debt recovery or debt tracing, crime, fraud and money laundering compliance. Lawful Basis: Processing is necessary for compliance with Applicable Law that a Controller is subject to;

(p) recruitment purposes if you have applied for a position with us including to contact you to discuss a role with us and to assess your suitability. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(q) monitoring how people use our Website and our Apps to see if they are being abused or threatened, for example, by internet trolls posting inappropriate comments in review areas or by would-be hackers looking to undermine our security. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller;

(r) allowing us to understand our client base across all our businesses. We do this by merging your details with information from other clients of our Website and Apps. We can then spot trends and common factors among clients, plus we can tailor our business approach, our marketing communications, our digital and social media, our Website and Apps to the things we believe you and other people like you would be most interested in. This process involves the analysis of many human traits and is sometimes called profiling ‘market segmentation’ or ‘client segmentation’. Among other things, we look at common trends or ‘segments’ based on people’s geographic location, trading behaviour, online behaviours, engagement with marketing activities (e.g. email opens and clicks), preferences, and any other personal information you have submitted to us or arising from your use of our Website or our Apps. Lawful Basis: Processing is necessary for the purpose of legitimate interests pursued by a Controller; and

(s) testing new systems and processes as we roll them out (but generally only in anonymous form) to make sure they work correctly and meet the standards we set for ourselves. Lawful Basis: Processing is necessary for the purpose of legitimate interests pursued by a Controller.

6.3 We may take steps to verify the data we collect. For example, we may verify with an employer that employment and remuneration information provided in an application for credit is accurate. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller

6.4 We may check some of the information that you provide to us against third party databases to confirm that it is accurate. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller

6.5 We may have access to your financial information, such as your billing address, bank account details and payment history in order to allow us to take payments from you in connection with the online trading products you purchase, send you refunds or enable our client service to deal with your enquiries. Under no circumstances are these details disclosed to any third parties other than those who need to know this information for the performance of the services requested. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller.

6.6 We may also collect social media content where this is in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage on websites such as YouTube, Facebook and Twitter. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller.

6.7 If you are an existing client, we may contact you with information, products or services that you request from us or with information, products or services which are similar to the services we are providing to you (independently or jointly with others), unless you have opted out to be contacted for such purposes. We may contact you for this purpose by post, telephone and SMS as well as by email. If you change your mind about being contacted in the future, please let us know. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller.

6.8 We do not sell, rent, or otherwise provide your personal data to third parties unless you consent to this or it is necessary to provide you with our services, conduct our associated business activities or as described in this Privacy Policy. We may share information with any of our Affiliates. “Affiliates” means, with respect to an entity, any entity that directly or indirectly Controls, is Controlled by or is under common Control with such entity. “Control” means in respect of a body corporate, the right to appoint majority of the directors or to control the management or policy decisions exercisable by a person or persons acting individually or in concert, directly or indirectly, including by virtue of their shareholding or management rights or shareholders agreements or voting agreements or in any other manner. For the avoidance of doubt, this includes (but is not limited to) members of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries.

6.9 If you choose to post messages on any online forum or other message platforms that we may make available for this purpose on our Apps or our Website, we may collect that information you provide to us. We may process this information as necessary to respond to any social media posts or other public comments you might make, whether they are directed to us or about us, our Website, Apps or other activities, to resolve disputes, provide technical support and troubleshoot problems, as permitted by law. Lawful Basis: Processing is necessary for the performance of a contract to which a Data Subject is a party, or in order to take steps at the request of a Data Subject prior to entering into such contract or Processing is necessary for the purpose of legitimate interests pursued by a Controller.

6.10 We may place a cookie on your device when you access our Website or our Apps. These cookies will let us know when you have accessed our Website or downloaded or used our Apps. We will share this information with our advertising providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). The cookies will let our advertising providers know when to serve ads and to whom, ensuring that our ads are served only to people who have previously visited our Website or used or downloaded our Apps (“Retargeting”). This is further explained in our Cookies Policy available on our website here. Lawful Basis: a Data Subject has given consent, which complies with Article 12 of the Data Protection Legislation, to the Processing of that Personal Data for specific purposes or Processing is necessary for the purpose of legitimate interests pursued by a Controller.

6.11 You may ask us to provide you with information about our services or about services offered jointly with or on behalf of other organisations by sending us an e-mail to compliance.ae@pepperstone.com or writing to us at:

Attn: Data Protection Officer

Pepperstone Financial Services (DIFC) Limited

Al Fattan Currency House,

Office 1502 A, Level 15,

Tower 2,

P. O. Box 482087

DIFC – Dubai United Arab Emirates

Toll Free Number +971 4 573 4100

6.12 If you stop using our Website, our Apps or our services, or your permission to use our Website, our Apps or our services is terminated, we may continue to use and disclose your personal data in accordance with this Privacy Policy (as amended from time to time) and as permitted by law. However, if you wish us to stop e-mailing you with information in connection with our Website, our Apps or our services, please unsubscribe or send your request to the contact details set out above.

7. Your Contact Information

Where applicable, you can change your contact details at any time by updating your profile within your trading account. You can also update your communication preferences by changing your settings related to your notification choices.

8. Data Security

8.1 The Internet is not a secure medium. Please be aware that communications over the Internet, such as emails/webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered. This is the nature of the Internet.

8.2 The protection of your personal data is extremely important to us and we have put in place a range of security procedures to protect it, as set out in this Privacy Policy.

8.3 Where you have been allocated a trading account, this area is protected by your user name and password, which you should never divulge to anyone else.

8.4 We will use reasonable endeavours to implement appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. For instance, our security measures include, but are not limited to:

(a) educating our employees about their obligations regarding your personal data;

(b) requiring our employees to use passwords and two-factor authentication when accessing our systems;

(c) encrypting data sent from your computer to our systems during internet transactions and client access codes transmitted across networks;

(d) employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;

(e) using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;

(f) practising a clean desk policy in all premises occupied by us and our related bodies corporate and providing secure storage for physical records; and

(g) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.

8.5 We will ensure that your information will not be disclosed to government institutions or authorities except if required by law (e.g. when requested by regulatory bodies or law enforcement organisations in accordance with applicable legislation).

8.6 Certain services may include social networking, chat room or forum features. When using these features please ensure that you do not submit any personal data that you do not want to be seen, collected or used by other users.

9. To Whom Will Your Data be Disclosed?

9.1 Your personal data may, for the purposes set out in this Privacy Policy, be disclosed for processing to:

(a) our affiliated product and service providers and external product and service providers for whom we act as agent (so that they may provide you with the product or service you seek or in which you have expressed an interest);

(b) any person acting on your behalf, including your financial adviser, solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;

(c) your nominated employment reference (to confirm details about you);

(d) introducing brokers, affiliates and agents who refer your business to us;

(e) credit reporting agencies;

(f) other financial institutions and organisations at their request if you seek credit from them (so that they may assess whether to offer you credit);

(g) our employees, our Affiliates and their employees. For instance, Pepperstone Financial Services (DIFC) Limited and Pepperstone Group Limited are part of the Pepperstone group of companies and will share your information;

(h) auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes;

(i) analytics and search engine providers that assist us in the improvement and optimisation of our Website or our Apps;

(j) our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;

(k) government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;

(l) any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions of Service or other relevant agreements;

(m) to protect the rights, property, integrity or security of our company, our clients, or others (including, without limitation, you). This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;

(n) to our advertising providers for re-targeting purposes; and

(o) where you have consented to this, to selected third parties that may contact you about products and services which may be of interest to you in any jurisdiction where we operate.

9.2 Any social media posts or comments you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are written and could be made public. Other people, not us, control these platforms. We are not responsible for this kind of sharing. So, before you make any such remarks or observations, you should review the terms and conditions and privacy policies of the social media platforms you use. That way, you will understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you are unhappy about it.

9.3 We use banking agents, for example, local businesses, to help provide you with face-to-face banking services. These agents collect personal data on our behalf.

9.4 In all circumstances where personal data may become known to our contractors, agents and outsourced service providers, there are confidentiality arrangements in place. Contractors, agents and outsourced service providers are not able to use or disclose personal data for any purposes other than our own.

9.5 Mobile app platforms:

(a) our Apps run on third party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone and Google’s Android platform which powers Android-based smartphones; and

(b) if you use any of our Apps, your usage of those apps is also subject to the relevant mobile app platform provider’s terms and conditions and privacy policy. You should review their terms and conditions and privacy policy to ensure you understand what information (if any) they will gather about you, how they will use that information, and what you may be able to do if you are unhappy about it.

9.6 Before using or disclosing a government related identifier of an individual, we will ensure that such use or disclosure is:

(a) reasonably necessary for us to verify your identity for the purposes of our activities or functions; or

(b) reasonably necessary for us to fulfil our obligations to a government agency or authority; or

(c) required or authorised by or under a DIFC or UAE law, regulation or a court/tribunal order; or (d) reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

10. Your Rights in Relation to Your Personal Data

Please note that these rights do not apply in all circumstances. Under the correct circumstances, you have rights under the Data Protection Legislation in relation to your personal data. You are entitled to:

(a) request access to your personal data (commonly known as a “data subject access request”);

(b) request correction of the personal data that we hold about you;

(c) request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;

(d) object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

(e) request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

(i) if you want us to establish the data’s accuracy;

(ii) where our use of the data is unlawful, but you do not want us to erase it;

(iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

(iv) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it;

(f) object to any decision based solely on automated processing, including Profiling, which produces legal consequences concerning you or other seriously impactful consequences and to require such decision to be reviewed manually. Note that this right does not apply if the decision is necessary for entering into, or performance of, the contract between you and us;

(g) request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine- readable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially provided consent for us to use or where we used the information to perform a contract with you; and

(h) withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please write to:

Attn: Data Protection Officer

Pepperstone Financial Services (DIFC) Limited

Al Fattan Currency House, Office 1502 A, Level 15,

Tower 2,

P. O. Box 482087

DIFC – Dubai United Arab Emirates

compliance.ae@pepperstone.com

Toll Free Number: +971 4 573 4100

10.2 Please quote your name and address. We should be grateful if you would also provide brief details of the data that you would like a copy of or which you would like to be corrected (this helps us to more readily locate your data).

10.3 We will require proof of your identity before providing you with details of any personal data we may hold about you.

10.4 We try to respond to all legitimate requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request citing the reason for the delay and we will action your request within 2 (two) months.

10.5 We may charge you a reasonable fee to you when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. Alternatively, we may refuse to comply with your request in these circumstances.

11. Access to a Credit Report About

11.1 You You have the right to ask for a copy of any credit report we have obtained about you from a credit- reporting agency. However, as we may not have retained a copy after we have used it, the best means of obtaining an up-to-date copy is to get in touch with the credit-reporting agency directly.

11.2 You have a right to have any inaccuracies corrected or, if there is any dispute as to accuracy, to have a note added to your credit reporting agency file explaining your position.

11.3 If we decline your credit application wholly or partly because of adverse information on your credit report, we are required to tell you of that fact.

12. Cookies

We use cookies to store and collect information about your use of our Website. Cookies are small text files stored by the browser on your equipment’s hard drive. They send information stored on them back to our web server when you access our Website. These cookies enable us to put in place personal settings and load your personal preferences to improve your experience. You can find out more about our cookies on our “Cookies Policy” available on our Website here.

13. Where We Store and Process Your Personal Data

The data that we collect from you may be transferred to, and stored at our company headquarters in Melbourne, Australia. It may also be processed by staff operating outside the DIFC who work for us or for one of our suppliers or Affiliate companies. Such staff may be engaged in, among other things, the fulfilment of your request, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. Where data is transferred to a jurisdiction that is not deemed adequate by the Commissioner (of Data Protection in the DIFC), we will only process your data within the Law’s guidelines. You can request a copy of our safeguards from the Data Protection Officer who will assess the validity of your request.

14. Your Consent and Changes to this Privacy Policy

14.1 We keep our Privacy Policy under regular review and reserve the right to amend or modify this Privacy Policy and if we do so we will post the changes on our Website and on our Apps. It is your responsibility to check the Privacy Policy every time you submit your personal data to us.

14.2 In the event that our purposes for processing personal data change, we will contact you as soon as practicable and seek your consent where such notification relates to a new additional purpose for processing.

15. Use of Your Personal Data Submitted to Other Websites

15.1 Except as otherwise expressly included in this Privacy Policy, this document addresses only the use and disclosure of personal data that we receive about you or collect from you.

15.2 If you disclose your personal data to others (e.g. websites we link to), different rules may apply to their use or disclosure of the data that you disclose to them. We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our website.

15.3 We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.

16. Data Retention

16.1 We will only retain your personal data for as long as you have consented to it or when is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, by law we have to keep basic information about our clients (including contact, identity, financial and transaction data) typically for six years after they cease being clients for tax purposes.

16.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

16.3 In some circumstances you can ask us to delete your data.

16.4 In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

17. Further Information

17.1 If you would like to let us know about something we have done or failed to do in relation to your personal data, whether positive or negative, please let us know. Your comments enable us as an organisation to learn and continuously improve our services.

17.2 If you think there is a problem with the way we are handling your data, you have the right to complain to the DIFC Commissioner of Data Protection.

17.3 Questions, comments and requests regarding this Privacy Policy should be addressed to:

Attn: Data Protection Officer

Pepperstone Financial Services (DIFC) Limited

Al Fattan Currency House,

Office 1502 A, Level 15,

Tower 2,

P. O. Box 482087

DIFC – Dubai United Arab Emirates

compliance.ae@pepperstone.com

Toll Free Number: +971 4 573 4100

18. Your Duty to Inform Us of Changes

18.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

18.2 If your personal details change, please help us to keep your information up to date by notifying us at support.ae@pepperstone.com

Please note that Pepperstone Financial Services (DIFC) Limited’s Compliance department deals with data protection-related queries and client complaints only. For general sales, billing and product support enquiries please contact Pepperstone’s support team at support.ae@pepperstone.com.