Date: March 2022
Company Nr.: 08965105
Section A – Introduction
2. Why we collect your personal information
2.2 We’re an online trading platform which assists retail and institutional investors to trade over- the-counter derivatives, including margin foreign exchange (“Forex”) contracts, spread-bets and contracts-fordifference (“CFDs”). Our online tradingplatforms operate through the following websites: https://pepperstone.com/en-gb, https://pepperstone.com/fr-fr/, (our “Websites”) and the Pepperstone mobile applications (the “Apps”).
2.3 “Client”, “you” or “your” means an individual who’s the subject of the personal data that we process as a data controller.
Attn: Data Protection Officer
Section B – Collection of personal information
3. What personal data we collect (or receive) about you
3.1 If you’re an existing or potential client, the personal data we collect (or receive) about you may include the following:
(a) name, address and contact details;
(b) date of birth and gender;
(c) location data (such as IP address);
(d) username, password, security questions and answers;
(e) information relating to an individual’s source of wealth;
(g) bank account details, including institution name, branch, account name, bank identifier, and account number or IBAN;
(h) information relating to your trading experience;
(i) identification documentation, as required under applicable anti-money laundering laws (“AML Laws”), including:
(ii) driver’s licence;
(iii) national identity card (if applicable);
(iv) utility bills;
(v) trust deed; 4
(vi) a credit or bankruptcy check; and/or
(vii) other information we consider necessary to our functions and activities.
3.2 Sensitive information includes things like your ethnic origin, political opinions, religious or similar beliefs, trade union membership, health, sexual orientation or criminal record. We’ll only collect sensitive information about you if we have your consent, or if we’re required or authorised by law.
3.3 Where necessary, we also collect information on the following individuals:
(a) company directors, officers, partners and trustees;
(b) a client’s agents;
(c) beneficial owners of a client; and
(d) persons dealing with us on a “one-off” basis.
3.4 We’re required by AML Laws r to sight and record details of certain documents and we may take steps to verify the information we collect.
4. How we collect your personal data
4.1 We may collect personal data about you directly from you or from sources other than you. Sources other than you may include third parties such as your agents, family and friends, our business partners and related entities.
4.2 We may collect (or receive) and process your personal data when:
(a) you apply for an account with us;
(b) you contact us, whether through our Website, our Apps or otherwise (for example, via our online form, by e-mail, post, phone, instant message or Live Chat);
(c) we ask you to complete surveys that we use for research purposes, although you don’t have to respond to them;
(d) you use your trading account and our products and services. Under no circumstances do we share these details with any third parties other than those who need to know this information in the context of the services we provide; or
(f) you use social media, including “like” buttons and similar functions made available by social media platforms.
5. How we may use your personal data
5.1 We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data (see below).
5.2 We may process your personal data in the following ways:
|Purpose of data processing||Lawful basis|
|Verifying your identity, establishing and administering your trading account and providing you with technical support.||Your consent, performance of ourcontract with you, to comply with our legal obligations or necessary for our legitimate interests.|
|Providing you with the products and services that you’ve asked for and carrying out our obligations arising from any contracts connected to you.||Your consent, performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.|
|Dealing with and responding to your inquiries, requests, complaints or feedback, including contacting you where necessary.||Your consent, performance of our contract with you or necessary for our legitimate interests|
|Processing your payments, where applicable.||Performance of our contract with you or necessary for our legitimate interests or tocomply with our legal obligations.|
|Unless you tell us otherwise, keeping you informed about our products and services and those of our relevant business and initiative partners, and tailoring this information to your needs and interests. We may contact you for this purpose by email, post, telephone, SMS and other messaging services.||Your consent or necessary for our legitimate interests.|
|Monitoring, improving and developing our Website, our Apps or our products and services, as well as collecting feedback from you about our Websites, our Apps, and other activities, including market research, analysis and creating statistics.||Your consent, performance of our contract with you or necessary for our legitimate interests.|
|Ensuring we have adequate security measures and services so you can safely access our Website and our Apps.||Performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.|
|Preventing, detecting and investigating potentially prohibited or illegal activities, and enforcing our Terms and Conditions.||Performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.|
|Recruitment purposes if you‘ve applied for a position with us including to contact you to discuss a role with us and to assess your suitability.||Your consent or necessary for our legitimate interests.|
|Complying with all the applicable laws and regulations.||To comply with our legal obligations.|
6. Recording communications
6.1 We’ll record all communications between you and us, subject to applicable laws. This applies whether the communication is in electronic form, by telephone, in person or otherwise. Telephone conversations may be recorded without warning or further notice. In addition, we’ll record telephone calls with you for evidence and quality assurance purposes.
7. Incomplete or inaccurate information
7.1 We may not be able to provide you with the products or services that you ask for if you don’t provide us with accurate and complete information. You can change your contact details at any time by updating your profile within your Secure Client Area.
8. Aggregated Data
8.1 Aggregated data is general data about groups of people which doesn’t identify anyone personally, for example the number of people in a particular industry that engage in forex trading. We use aggregated data to:
(a) help us to understand how you use our products and services and improve your experience with us; and
(b) customise the way that we communicate with you about our products and services so that we can interact with you more effectively.8.2 We may share aggregated data with our business or industry partners.
9. Anonymity and pseudonymity
9.1 In certain situations we may be able to give you the option of using a pseudonym or remain anonymous when you deal with us. We’re only able to provide you with this option when it’s practical for us to do so, and if we’re not required by law to identify you.
9.2 We may share aggregated data with our business or industry partners.
Section C – Security of your personal data
10. How we protect your personal data
10.1 We’re committed to protecting the personal data we hold about you from misuse, unauthorised access and disclosure. We’ve implemented a range of practices and policies to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them. Our security measures include:
(a) implementing stringent IT security policies and providing regular training to employees on cyber vigilance and personal data protection;
(b) requiring our employees to use passwords and two-factor authentication when accessing our systems;
(c) encrypting data sent from your computer to our systems during internettransactions and client access codes transmitted across networks;
(d) employing firewalls, intrusion detection systems, monitoring and the latestpatches and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
(e) using dedicated secure networks or encryption when we transmitelectronic data externally (e.g. for outsourcing purposes);
(f) conducting regular risk assessments and security testings (with bothinternal and external IT security specialists) of our infrastructure;
(g) practising a clean desk policy in all our premises and providing secure storagefor physical records;and
(h) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.
10.2 Your trading account is protected by your username and password. You shouldn’t share your username and password with anyone else. Please ensure that you don’t submit any personal data that you don’t want to be seen, collected or used by other users when you use social media platforms, group chat and forums.
Section D – Use or disclosure of personal data
11. Who we’ll disclose your personal data to
(a) any member of our group of companies, which means our subsidiaries, our ultimate holding company and its other subsidiaries (“Affiliates”);
(b) our affiliated product and service providers and external product and service providers that we may act as agent for (so that they can provide you with the product or service you’re asking for or in which you’ve expressed an interest);
(c) any person acting on your behalf or authorised by you, including your financial adviser, multi-account manager (MAM), solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;
(d) credit reporting agencies;
(e) introducing brokers, affiliates and agents who refer your business to us;
(f) third party service providers and specialist advisers who provide us with administrative, IT, financial, legal, regulatory, compliance, insurance, research or other services;
(g) other organisations who assist us to provide products and services by performing functions such as client contact, banking, payments, data processing, debt recovery, marketing and advertising, data analysis, business intelligence, website and technology services;
(h) analytics and search engine providers that assist us in the improvement and optimisation of our Websites or our Apps;
(i) your nominated employment referee (to confirm details about you);
(j) our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;
(k) courts, tribunals, government bodies, law enforcement agencies or other third parties where required by law or where permitted to do so under the Data Protection Law; and
(l)if you’ve given your consent, to selected third parties that may contact you about products and services which may be of interest to you in any jurisdiction where we operate.
11.2 We take our obligations to protect your information extremely seriously and make every effort to deal only with parties who share and demonstrate the same attitude. Each of the third parties that we contract with is carefully selected and is only authorised to use your personal data in a secure way, that’s necessary for them to perform their services to us. We ensure that confidentiality arrangements are in place and that the third parties comply with all relevant Data Protections Laws and this Policy.
11.3 We don’t sell, rent, or otherwise provide your personal data to third parties unless you consent to this or it’s necessary to provide you with our services, conduct our associated business activities or as described in this Policy.
11.4 Any social media posts or comments that you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) that you’ve used and could be made public. We don’t control these platforms and we’re not responsible for them sharing your information in this way. So, before you make any social media posts, you should review the terms and conditions and privacy policies of the platforms that you use. That way, you’ll understand how the platforms will use your information and how you can stop them from using it in certain ways if you’re unhappy about it.
11.5 Mobile app platforms:
(a) our Apps run on third-party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone, and Google’s Android platform which powers Android- based smartphones; and
11.6 Please note that the processing of your personal data by external third parties acting as controllers of your personal data is not covered by this Policy and is not subject to our data protection standards and practices.
Section E – Your rights regarding your personal data
12. Your rights
12.1 You’re entitled to exercise these rights regarding your personal data, with some exceptions which we’ve explained below:
(a) request access to your personal data (commonly known as a "data subject access request");
(b) request correction of the personal data that we hold about you;
(c) request erasure of your personal data. Please note that for legal or regulatory reasons we might not always be able to comply with these requests. We’ll let you know if this is the case when you make your request;
(d) object to processing of your personal data if we’re relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. You also have the right to object if we’re processing your personal data for direct marketing purposes. Please note that in some cases, we may prove that we’ve got compelling legitimate grounds to process your information which override your rights and freedoms;
(e) ask us to suspend the processing of your personal data, if:
(i) you want us to establish the data's accuracy;
(ii) our use of the data is unlawful but you don’t want us to erase it;
(iii) you need us to hold the data even if we no longer require it, so that you can use it to establish, exercise or defend legal claims; or
(iv) you’ve objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it;
(f) request the transfer of your personal data to you or to a third party. Note that this right only applies to automated information (i.e. not to hard copies) which you initially consented to us using or where we used the information to perform a contract with you; and
(g) withdraw consent at any time if we’re relying on your consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll let you know if this is the case at the time you withdraw your consent. Please contact:
Attn: Data Protection Officer
12.2 Please quote your name and address when you write to us and provide brief details of the data that you would like a copy of or which you would like to be corrected (this helps us to locate your data more easily). We’ll require proof of your identity before providing you with details of any personal data we may hold about you.
12.3 We try to respond to all legitimate requests within 1 (one) month. It might take us longer than this if your request is particularly complex or if you’ve made a number of requests. We’ll let you know if this situation applies to you within 1 month of receiving your request and keep you updated.
12.4 We may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. We may also refuse to comply with your request in these circumstances. We’ll confirm the cost with you and confirm that you want to proceed before actioning your request.
Section F – Cookies and Third Party Websites
14. Use of your personal data submitted to other websites
14.2 If you disclose your personal data to others (e.g. websites that we link to), different rules may apply to their use or disclosure of the data that you disclose to them. We’re not responsible for the privacy policies and practices of other websites, even if you accessed the third-party website using links from our website.
14.3 We recommend that you check the policy of each website you visit and contact the owner or operator of that website if you have concerns or questions.
Section G – Where we store and process your personal data
15. Transfers outside of the EEA
15.2 If we transfer personal data to third parties located in territories that don’t have adequate data protection laws, we enter into agreements with the recipients which provide adequate and appropriate protection by means of standard contractual clauses introduced by the European Commission.
15.3 When we make transfers to U.S., we sometimes rely on applicable standard contractual clauses, Binding Corporate Rules, the EU-US Privacy Shield, or equivalent applicable rules. If you’d like a copy of these rules, please contact us using the contact details below.
Section H – Data retention
16. How long we’ll keep your personal data
16.1 We’ll only retain your personal data for as long as you have consented to it, or for as long as is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, under tax laws we have to keep basic information about our clients (including contact, identity, financial and transaction data), typically for six years after they cease being clients.
16.2 In some circumstances you can ask us to delete your personal data, see Section E of this Policy above.
16.3 Where we identify that we no longer need certain personal data, we ensure that it’s effectively and securely destroyed.
Section I – Contacting us and complaints
17. How to contact us
17.1 If you have any questions or would like further information about our privacy and information handling practices, please contact:
The Data Protection Officer
70 Gracechurch Street, London,
Please note that Pepperstone Limited’s Head of Compliance deals with data protection- related queries and client complaints only. For general sales, billing and product support enquiries please contact Pepperstone’s support team at email@example.com.
18. Making a complaint
18.1 We offer a free internal complaint resolution scheme to all of our clients. If you have a privacy complaint, please contact us using the details above to discuss your concerns.
18.2 So that we can deal with your complaint efficiently, please gather all supporting information and any documents relating to your complaint and provide it to us for assessment. We’ll try to resolve your complaint as quickly as possible, and in any event within 30 days of hearing from you. If your complaint takes longer to resolve, we’ll keep you informed of our progress.
18.3 If you think there’s a problem with the way that we’re handling your personal data, you have the right to complain to the Information Commissioners Office at:
(a) https://ico.org.uk/make-a-complaint/; or
(b) by calling their helpline on 0303 123 1113.
Section J – Further information
20. Your duty to tell us about changes
20.1 It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by emailing us at firstname.lastname@example.org.