Pepperstone Limited
Date: March 2022
Company Nr.: 08965105
FRN: 684312
Version: 6.0
Review: Annual
Section A – Introduction
1. Introduction
1.1 Your privacy is very important to us, and we’re committed to protecting and respecting your personal data. This Privacy Policy describes the types of personal data that we collect about you when you choose to use our services, how we’ll use your personal data and how we’ll keep it safe. Please take the time to read this Privacy Policy carefully so that you can understand how we handle your personal data.
1.2 This Privacy Policy (together with our Terms and Conditions of Service and any other documents referred to in it) sets out the basis on which we’ll process any personal data we collect from you, or that you provide to us. Please take the time to read this Policy carefully so that you can understand how we handle your personal data. All personal data in our possession is subject to our current Policy.
1.3 For the purpose of this Privacy Policy, Data Protection Law means the General Data Protection Regulation ((EU) 2016/679) as implemented by the Data Protection Act 2018.
1.4 By using our Websites or our Apps, applying for an account with us or giving us information, you’re indicating that you understand how we collect, use and disclose your personal data in line with this Privacy Policy. If you don’t agree with this Privacy Policy, you mustn’t use our Website and our Apps, access our services or provide any information to us.
1.5 If you’re a Pepperstone employee, a Pepperstone contractor, or a third-party vendor, we’ll handle your personal data in-line with the terms of with your employment agreement, your contractual relationship, or our separate policies that we provide to you, as relevant, independent of this Privacy Policy.
2. Why we collect your personal information
1.1 Pepperstone Limited is a limited company registered under company number 08965105 at 70 Gracechurch Street, London, EC3V 0HR. Pepperstone Limited is partof the Pepperstone group of companies which includes Pepperstone Group Limited.For the purpose of the Data Protection Law the data controllers are Pepperstone Limited and Pepperstone Group Limited. Both companies are collectively referred to in this Privacy Policy as “Pepperstone”, "we" or “our” or “us”.
2.2 We’re an online trading platform which assists retail and institutional investors to trade over- the-counter derivatives, including margin foreign exchange (“Forex”) contracts, spread-bets and contracts-fordifference (“CFDs”). Our online tradingplatforms operate through the following websites: https://pepperstone.com/en-gb, https://pepperstone.com/fr-fr/, (our “Websites”) and the Pepperstone mobile applications (the “Apps”).
2.3 “Client”, “you” or “your” means an individual who’s the subject of the personal data that we process as a data controller.
2.4 We’ve appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:
Attn: Data Protection Officer
Email:compliance.uk@pepperstone.com
Section B – Collection of personal information
3. What personal data we collect (or receive) about you
3.1 If you’re an existing or potential client, the personal data we collect (or receive) about you may include the following:
(a) name, address and contact details;
(b) date of birth and gender;
(c) location data (such as IP address);
(d) username, password, security questions and answers;
(e) information relating to an individual’s source of wealth;
(f) occupation;
(g) bank account details, including institution name, branch, account name, bank identifier, and account number or IBAN;
(h) information relating to your trading experience;
(i) identification documentation, as required under applicable anti-money laundering laws (“AML Laws”), including:
(i) passport;
(ii) driver’s licence;
(iii) national identity card (if applicable);
(iv) utility bills;
(v) trust deed; 4
(vi) a credit or bankruptcy check; and/or
(vii) other information we consider necessary to our functions and activities.
3.2 Sensitive information includes things like your ethnic origin, political opinions, religious or similar beliefs, trade union membership, health, sexual orientation or criminal record. We’ll only collect sensitive information about you if we have your consent, or if we’re required or authorised by law.
3.3 Where necessary, we also collect information on the following individuals:
(a) company directors, officers, partners and trustees;
(b) a client’s agents;
(c) beneficial owners of a client; and
(d) persons dealing with us on a “one-off” basis.
3.4 We’re required by AML Laws r to sight and record details of certain documents and we may take steps to verify the information we collect.
4. How we collect your personal data
4.1 We may collect personal data about you directly from you or from sources other than you. Sources other than you may include third parties such as your agents, family and friends, our business partners and related entities.
4.2 We may collect (or receive) and process your personal data when:
(a) you apply for an account with us;
(b) you contact us, whether through our Website, our Apps or otherwise (for example, via our online form, by e-mail, post, phone, instant message or Live Chat);
(c) we ask you to complete surveys that we use for research purposes, although you don’t have to respond to them;
(d) you use your trading account and our products and services. Under no circumstances do we share these details with any third parties other than those who need to know this information in the context of the services we provide; or
(e) you use and interact with our Website or our Apps or through the use of email and website cookies, and similar tracking technology built into our Website and Apps. Our cookie policy is available on our Website and Apps to give you more detailed information on how we use them; or
(f) you use social media, including “like” buttons and similar functions made available by social media platforms.
5. How we may use your personal data
5.1 We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data (see below).
5.2 We may process your personal data in the following ways:
| Purpose of data processing | Lawful basis |
| Verifying your identity, establishing and administering your trading account and providing you with technical support. | Your consent, performance of ourcontract with you, to comply with our legal obligations or necessary for our legitimate interests. |
| Providing you with the products and services that you’ve asked for and carrying out our obligations arising from any contracts connected to you. | Your consent, performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests. |
| Dealing with and responding to your inquiries, requests, complaints or feedback, including contacting you where necessary. | Your consent, performance of our contract with you or necessary for our legitimate interests |
| Processing your payments, where applicable. | Performance of our contract with you or necessary for our legitimate interests or tocomply with our legal obligations. |
| Unless you tell us otherwise, keeping you informed about our products and services and those of our relevant business and initiative partners, and tailoring this information to your needs and interests. We may contact you for this purpose by email, post, telephone, SMS and other messaging services. | Your consent or necessary for our legitimate interests. |
| Monitoring, improving and developing our Website, our Apps or our products and services, as well as collecting feedback from you about our Websites, our Apps, and other activities, including market research, analysis and creating statistics. | Your consent, performance of our contract with you or necessary for our legitimate interests. |
| Ensuring we have adequate security measures and services so you can safely access our Website and our Apps. | Performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests. |
| Preventing, detecting and investigating potentially prohibited or illegal activities, and enforcing our Terms and Conditions. | Performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests. |
| Recruitment purposes if you‘ve applied for a position with us including to contact you to discuss a role with us and to assess your suitability. | Your consent or necessary for our legitimate interests. |
| Complying with all the applicable laws and regulations. | To comply with our legal obligations. |
6. Recording communications
6.1 We’ll record all communications between you and us, subject to applicable laws. This applies whether the communication is in electronic form, by telephone, in person or otherwise. Telephone conversations may be recorded without warning or further notice. In addition, we’ll record telephone calls with you for evidence and quality assurance purposes.
7. Incomplete or inaccurate information
7.1 We may not be able to provide you with the products or services that you ask for if you don’t provide us with accurate and complete information. You can change your contact details at any time by updating your profile within your Secure Client Area.
8. Aggregated Data
8.1 Aggregated data is general data about groups of people which doesn’t identify anyone personally, for example the number of people in a particular industry that engage in forex trading. We use aggregated data to:
(a) help us to understand how you use our products and services and improve your experience with us; and
(b) customise the way that we communicate with you about our products and services so that we can interact with you more effectively.
8.2 We may share aggregated data with our business or industry partners.9. Anonymity and pseudonymity
9.1 In certain situations we may be able to give you the option of using a pseudonym or remain anonymous when you deal with us. We’re only able to provide you with this option when it’s practical for us to do so, and if we’re not required by law to identify you.
9.2 We may share aggregated data with our business or industry partners.
Section C – Security of your personal data
10. How we protect your personal data
10.1 We’re committed to protecting the personal data we hold about you from misuse, unauthorised access and disclosure. We’ve implemented a range of practices and policies to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them. Our security measures include:
(a) implementing stringent IT security policies and providing regular training to employees on cyber vigilance and personal data protection;
(b) requiring our employees to use passwords and two-factor authentication when accessing our systems;
(c) encrypting data sent from your computer to our systems during internettransactions and client access codes transmitted across networks;
(d) employing firewalls, intrusion detection systems, monitoring and the latestpatches and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
(e) using dedicated secure networks or encryption when we transmitelectronic data externally (e.g. for outsourcing purposes);
(f) conducting regular risk assessments and security testings (with bothinternal and external IT security specialists) of our infrastructure;
(g) practising a clean desk policy in all our premises and providing secure storagefor physical records;and
(h) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.
10.2 Your trading account is protected by your username and password. You shouldn’t share your username and password with anyone else. Please ensure that you don’t submit any personal data that you don’t want to be seen, collected or used by other users when you use social media platforms, group chat and forums.
Section D – Use or disclosure of personal data
11. Who we’ll disclose your personal data to
11.1 We may disclose your personal data for processing (for the purposes set out in this Privacy Policy) to:
(a) any member of our group of companies, which means our subsidiaries, our ultimate holding company and its other subsidiaries (“Affiliates”);
(b) our affiliated product and service providers and external product and service providers that we may act as agent for (so that they can provide you with the product or service you’re asking for or in which you’ve expressed an interest);
(c) any person acting on your behalf or authorised by you, including your financial adviser, multi-account manager (MAM), solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;
(d) credit reporting agencies;
(e) introducing brokers, affiliates and agents who refer your business to us;
(f) third party service providers and specialist advisers who provide us with administrative, IT, financial, legal, regulatory, compliance, insurance, research or other services;
(g) other organisations who assist us to provide products and services by performing functions such as client contact, banking, payments, data processing, debt recovery, marketing and advertising, data analysis, business intelligence, website and technology services;
(h) analytics and search engine providers that assist us in the improvement and optimisation of our Websites or our Apps;
(i) your nominated employment referee (to confirm details about you);
(j) our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;
(k) courts, tribunals, government bodies, law enforcement agencies or other third parties where required by law or where permitted to do so under the Data Protection Law; and
(l)if you’ve given your consent, to selected third parties that may contact you about products and services which may be of interest to you in any jurisdiction where we operate.
11.2 We take our obligations to protect your information extremely seriously and make every effort to deal only with parties who share and demonstrate the same attitude. Each of the third parties that we contract with is carefully selected and is only authorised to use your personal data in a secure way, that’s necessary for them to perform their services to us. We ensure that confidentiality arrangements are in place and that the third parties comply with all relevant Data Protections Laws and this Policy.
11.3 We don’t sell, rent, or otherwise provide your personal data to third parties unless you consent to this or it’s necessary to provide you with our services, conduct our associated business activities or as described in this Policy.
11.4 Any social media posts or comments that you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) that you’ve used and could be made public. We don’t control these platforms and we’re not responsible for them sharing your information in this way. So, before you make any social media posts, you should review the terms and conditions and privacy policies of the platforms that you use. That way, you’ll understand how the platforms will use your information and how you can stop them from using it in certain ways if you’re unhappy about it.
11.5 Mobile app platforms:
(a) our Apps run on third-party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone, and Google’s Android platform which powers Android- based smartphones; and
(b) your use of our Apps is also subject to the relevant mobile app platform provider’s terms and conditions and privacy policy. You should review their terms and conditions and privacy policy to ensure you understand the kinds of data (if any) they’ll gather about you, how they will use that data, and what you may be able to do if you are unhappy about it.
11.6 Please note that the processing of your personal data by external third parties acting as controllers of your personal data is not covered by this Policy and is not subject to our data protection standards and practices.
Section E – Your rights regarding your personal data
12. Your rights
12.1 You’re entitled to exercise these rights regarding your personal data, with some exceptions which we’ve explained below:
(a) request access to your personal data (commonly known as a "data subject access request");
(b) request correction of the personal data that we hold about you;
(c) request erasure of your personal data. Please note that for legal or regulatory reasons we might not always be able to comply with these requests. We’ll let you know if this is the case when you make your request;
(d) object to processing of your personal data if we’re relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. You also have the right to object if we’re processing your personal data for direct marketing purposes. Please note that in some cases, we may prove that we’ve got compelling legitimate grounds to process your information which override your rights and freedoms;
(e) ask us to suspend the processing of your personal data, if:
(i) you want us to establish the data's accuracy;
(ii) our use of the data is unlawful but you don’t want us to erase it;
(iii) you need us to hold the data even if we no longer require it, so that you can use it to establish, exercise or defend legal claims; or
(iv) you’ve objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it;
(f) request the transfer of your personal data to you or to a third party. Note that this right only applies to automated information (i.e. not to hard copies) which you initially consented to us using or where we used the information to perform a contract with you; and
(g) withdraw consent at any time if we’re relying on your consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll let you know if this is the case at the time you withdraw your consent. Please contact:
Attn: Data Protection Officer
Email: compliance-uk@pepperstone.com
12.2 Please quote your name and address when you write to us and provide brief details of the data that you would like a copy of or which you would like to be corrected (this helps us to locate your data more easily). We’ll require proof of your identity before providing you with details of any personal data we may hold about you.
12.3 We try to respond to all legitimate requests within 1 (one) month. It might take us longer than this if your request is particularly complex or if you’ve made a number of requests. We’ll let you know if this situation applies to you within 1 month of receiving your request and keep you updated.
12.4 We may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. We may also refuse to comply with your request in these circumstances. We’ll confirm the cost with you and confirm that you want to proceed before actioning your request.
Section F – Cookies and Third Party Websites
13. How we use cookies
13.1 We use cookies to store and collect information about your use of our Website or our Apps. Cookies are small text files stored by the browser on your equipment's hard drive. They send information stored on them back to our web server when you access our Website or downloaded or used our Apps. These cookies enable us to put in place personal settings and load your personal preferences to improve your experience. We’ll share this information with our advertising providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). You can find out more about our cookies in our “Cookies Policy” available on our Website here.
14. Use of your personal data submitted to other websites
14.1 Except as otherwise stated, this Privacy Policy only addresses the use and disclosure of personal data that we receive about you or collect from you.
14.2 If you disclose your personal data to others (e.g. websites that we link to), different rules may apply to their use or disclosure of the data that you disclose to them. We’re not responsible for the privacy policies and practices of other websites, even if you accessed the third-party website using links from our website.
14.3 We recommend that you check the policy of each website you visit and contact the owner or operator of that website if you have concerns or questions.
Section G – Where we store and process your personal data
15. Transfers outside of the EEA
15.1 The personal data we collect from you may be transferred to, and stored at, a destination outside the United Kingdom and European Economic Area ("EEA"), including places such as Australia, Singapore and the United States. It may also be processed by staff who work for us or one of the suppliers of our Affiliate companies outside the UK and EEA. Our staff outside of the UK and EEA may be engaged in, among other things, the fulfilment of your request, the processing of your payment details and the provision of support services. By submitting your personal data to us, you agree to your personal data being transferred, stored and processed in this way. We’ll take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
15.2 If we transfer personal data to third parties located in territories that don’t have adequate data protection laws, we enter into agreements with the recipients which provide adequate and appropriate protection by means of standard contractual clauses introduced by the European Commission.
15.3 When we make transfers to U.S., we sometimes rely on applicable standard contractual clauses, Binding Corporate Rules, the EU-US Privacy Shield, or equivalent applicable rules. If you’d like a copy of these rules, please contact us using the contact details below.
Section H – Data retention
16. How long we’ll keep your personal data
16.1 We’ll only retain your personal data for as long as you have consented to it, or for as long as is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, under tax laws we have to keep basic information about our clients (including contact, identity, financial and transaction data), typically for six years after they cease being clients.
16.2 In some circumstances you can ask us to delete your personal data, see Section E of this Policy above.
16.3 Where we identify that we no longer need certain personal data, we ensure that it’s effectively and securely destroyed.
Section I – Contacting us and complaints
17. How to contact us
17.1 If you have any questions or would like further information about our privacy and information handling practices, please contact:
The Data Protection Officer
Pepperstone Limited
70 Gracechurch Street, London,
EC3V 0HR
compliance.uk@pepperstone.com
Please note that Pepperstone Limited’s Head of Compliance deals with data protection- related queries and client complaints only. For general sales, billing and product support enquiries please contact Pepperstone’s support team at support@pepperstone.com.
18. Making a complaint
18.1 We offer a free internal complaint resolution scheme to all of our clients. If you have a privacy complaint, please contact us using the details above to discuss your concerns.
18.2 So that we can deal with your complaint efficiently, please gather all supporting information and any documents relating to your complaint and provide it to us for assessment. We’ll try to resolve your complaint as quickly as possible, and in any event within 30 days of hearing from you. If your complaint takes longer to resolve, we’ll keep you informed of our progress.
18.3 If you think there’s a problem with the way that we’re handling your personal data, you have the right to complain to the Information Commissioners Office at:
(a) https://ico.org.uk/make-a-complaint/; or
(b) by calling their helpline on 0303 123 1113.
Section J – Further information
19. Your consent and changes to this Privacy Policy
19.1 We can amend or modify this Privacy Policy from time to time. If we do, we’ll post the updated version on our Website and on our Apps. It’s your responsibility to check the Privacy Policy every time you submit your personal data to us.
20. Your duty to tell us about changes
20.1 It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by emailing us at support@pepperstone.com.