Pepperstone EU Limited
Company Number: ΗΕ 398429
CIF Licence Number: 388/20
Version Number: 1
Date Updated: October 2020
2. Who we are
2.2 We’re an online trading platform which assists retail and institutional investors to trade in the margin foreign exchange market (“Forex”) and other derivative instruments. Our online trading platforms operate through the following websites:
(our “Websites”) and the Pepperstone mobile applications (the “Apps”).
2.3 “Client”, “you” or “your” means an individual who’s the subject of the personal data that we process as a data controller.
4. Data we collect (or receive) about you
4.1 The personal data we collect (or receive) about you may include your:
(a) name and address;
(b) e-mail address;
(c) username, password;
(d) IP address;
(e) phone numbers (which could be your home, work or mobile numbers);
(f) credit card details;
(g) source of wealth information;
(i) bank account details, including institution name, branch, account name, bank identifier;
(j) bank account number or IBAN; or
(k) trading experience information.
4.2 We’re required to identify you if you’re opening a new account or adding a new signatory to an existing account under anti-money laundering laws. We’ll ask you to submit identity documents, which we’ll then keep in our system in compliance with our anti-money laundering obligations. The types of identity documents that we’ll ask you for can include:
(b) driver’s licence;
(c) national identity card (if applicable);
(d) utility bills;
(e) trust deed;
(f) a credit check; or
(g) other information we consider necessary to our functions and activities.
4.3 Where it’s necessary to do so, wealso collect data regarding the following individuals:
(c) company directors and officers;
(d) officers of co-operatives and associations;
(e) client agents; or
(f) individuals dealing with us on a “one-off” basis.
4.4 In certain situations, you can have the option of not identifying yourself, or of using a pseudonym, when you deal with us. But we can only provide you with this option when it’s practicable for us and when we’re not legally required to identify you.
5. How we collect your personal data
5.1 We may collect (or receive) and process your personal data when:
(a) you contact us, whether through our Website, our Apps or otherwise (for example, via our online form, by e-mail, post, fax or phone). For example, if you submit a complaint, report a problem with our services or our Websites or our Apps or otherwise liaise with our sales team, technical support or any other department in our company. We’ll keep records of this correspondence, including information that you provide when you open or update your trading account such as your name, e-mail, country, password, etc;
(b) we ask you to complete surveys that we use for research purposes, although you don’t have to respond to them;
(c) you use and interact with our Website or our Apps including your device’s manufacturer and model, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, web browser, platform, mobile carrier, and your ISP. We may collect details of your visits to our Website or our Apps (including, but not limited to, traffic data, location data, weblogs and other communication data). We do this via email and website cookies, and similar tracking technology built into our Websites and Apps. We make cookie policies available on each of our Websites and Apps to give you more detailed information on how we use them;
(d) you login to your trading account to use our platform technology and other features and functionalities;
(e) you use the online trading products we provide to you. Please note that we don’t disclose these details to any third parties other than those who need to know this information in the context of the services we provide; or
(f) you use social media, including “like” buttons and similar functions made available by social media platforms.
6. How we may use your personal data
6.1 We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data (see below).
6.2 We may process your personal data for the purpose of:
(a) dealing with your inquiries and requests, including contacting you if necessary. Lawful Basis: your consent or performance of our contract with you;
(b) notifying you about important changes or developments to our Websites, our Apps or to our products or services (e.g. changes of features or enhancements). Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(c) carrying out our obligations arising from any contracts connected to you. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(d) providing and personalising our services, enhancing client experience and tailoring our services to you. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(e) giving you access to all parts or features of our Websites, our Apps or our services. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(f) where applicable, processing your payments. Lawful Basis: performance of our contract with you or necessary for our legitimate interests or to comply with our legal obligations;
(g) administering your registration and/or membership and other trading account records. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(h) market research, analysis and creating statistics. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
(i) sending you marketing communications, for instance, to contact you from time to time regarding things you have told us you want to hear about, such as new products, special offers, competitions and sponsored events. If you use our Apps, we may use push notifications to highlight when we’ve added new offers and promotions that may be of interest to you. Lawful Basis: your consent or necessary for our legitimate interests;
(j) preventing, detecting and investigating potentially prohibited or illegal activities, and enforcing our Terms and Conditions of Service. Lawful Basis: to comply with our legal obligations or necessary for our legitimate interests;
(k) improving and developing our Website, our Apps or our products and services, as well as collecting feedback from you about our Websites, our Apps, and other activities. For example: a. we may need to gauge whether a new product, website feature or App is likely to appeal to a large proportion of our client base. If it doesn’t, we’ll want to know why; or b. occasionally we may invite you to review a Website or App. If we do, it’s possible that we will use independent research and feedback providers to act on our behalf. Lawful Basis: your consent or necessary for our legitimate interests; Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(l) ensuring that content from our Website is presented in the most effective manner for you and for your computer or mobile device. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;
(m) ensuring we’ve got adequate security measures and services in place so you can safely access our Websites and our Apps. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests;
(n) complying with all the applicable laws and regulations. Lawful Basis: to comply with our legal obligations;
(o) debt recovery or debt tracing, crime, fraud and money laundering compliance. Lawful Basis: to comply with our legal obligations or necessary for our legitimate interests;
(p) recruitment purposes if you’ve applied for a position with us, including contacting you to discuss a role and to assess your suitability. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
(q) monitoring how people use our Websites and our Apps to see if they’re being abused or threatened, for example, by internet trolls posting inappropriate comments in review areas or by would-be hackers looking to undermine our security. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;
(r) allowing us to understand our client base across all our businesses. We do this by merging your details with information from other clients of our Websites and Apps. We can then spot trends and common factors among clients, plus we can tailor our business approach, our marketing communications, our digital and social media, our Websites and Apps to the things we believe you and other people like you would be most interested in. This process involves the analysis of many human traits and is sometimes called profiling ‘market segmentation’ or ‘client segmentation’. Among other things, we look at common trends or ‘segments’ based on people’s geographic location, trading behaviour, online behaviours, engagement with marketing activities (e.g. email opens and clicks), preferences, and any other personal information you have submitted to us or arising from your use of our Websites or our Apps. Lawful Basis: processing is necessary for our legitimate interests; and
(s) testing new systems and processes as we roll them out (but generally only in anonymous form) to make sure they work correctly and meet the standards we set for ourselves. Lawful Basis: processing is necessary for our legitimate interests.
6.3 We may take steps to verify the data we collect. For example, if you provide a birth certificate as identification, we may verify this against government records to protect against impersonation, or we may check with your employer that the employment and remuneration information you’ve provided in an application for credit is accurate. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.
6.4 We may check some of the information that you provide to us against third party databases to confirm that it’s accurate. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.
6.5 We may have access to your financial information, such as your billing address, bank account details and payment history to allow us to take payments from you in connection with the online trading products you purchase, send you refunds or enable our support team to deal with your enquiries. We don’t disclose these details to any third parties other than those who need to know this information for the performance of the services that you’ve requested. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.
6.6 We may also collect social media content if it’s in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage on websites such as YouTube, Facebook and Twitter. We may process this information as necessary to respond to any social media posts or other public comments you might make, whether they’re directed to us or about us, our Websites, mobile Apps or other activities, to resolve disputes, provide technical support and troubleshoot problems, as permitted by law. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.
6.7 If you’re an existing client, we may contact you by email, SMS, phone or post with information, products or services that you request from us or with information, products or services which are similar to the services we’re providing to you (independently or jointly with others), unless you’ve opted out of being contacted for these purposes. If you change your mind about being contacted in the future, please let us know.
6.9 We may place a cookie on your device when you access our Websites or our Apps. These cookies will let us know when you’ve accessed our Websites or downloaded or used our Apps. We’ll share this information with our advertising providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). The cookies will let our advertising providers know when to serve ads and who to serve the ads to, ensuring that our ads are only served to people who have previously visited our Websites or used or downloaded our Apps (“Retargeting”). This is further explained in our Cookies Policy available on our Website here.
6.10 You may ask us to provide you with information about our services or about services offered jointly with or on behalf of other organisations by sending us an e-mail to email@example.com.
7. Your contact information
You can change your contact details at any time by updating your profile within your trading account. You can also update your communication preferences by changing your settings related to your notification choices.
8. The security of your personal data
8.1 Nobody can guarantee the security of the Internet. Please be aware that communications over the Internet, such as emails/webmails, aren’t secure unless they’ve been encrypted. Your communications may route through a number of countries before being delivered.
8.3 Your trading account is protected by your user name and password. You shouldn’t share your username and password with anyone else. When using social networking, group chat and forum features, please ensure that you don’t submit any personal data that you don’t want to be seen, collected or used by other users.
8.4 We’ll use reasonable endeavours to implement appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. Our security measures include:
(a) educating our employees about their obligations regarding your personal data;
(b) requiring our employees to use passwords and two-factor authentication when accessing our systems;
(c) encrypting data sent from your computer to our systems during internet transactions and client access codes transmitted across networks;
(d) employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
(e) using dedicated secure networks or encryption when we transmit electronic data for outsourcing purposes;
(f) practising a clean desk policy in all our premises and providing secure storage for physical records; and
(g) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.
8.5 We won’t disclose your personal data to government institutions or authorities except when we’re compelled to by law (e.g. when requested by regulatory bodies or law enforcement organisations in compliance with applicable laws).
9. Who we’ll disclose your personal data to
(a) our affiliated product and service providers and external product and service providers that we may act as agent for (so that they can provide you with the product or service you’re asking for or in which you’ve expressed an interest);
(b) any person acting on your behalf, including your financial adviser, solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;
(c) your nominated employment reference (to confirm details about you);
(d) introducing brokers, referral affiliates and agents who refer your business to us;
(e) credit reporting agencies;
(f) other financial institutions and organisations at their request if you seek credit from them (so that they can assess whether to offer you credit);
(g) our employees, our Affiliates and their employees. For instance, Pepperstone EU Limited and Pepperstone Group Limited are part of the Pepperstone group of companies and will share your information;
(h) auditors, contractors or other advisers auditing, assisting with or advising on any of our business purposes;
(i) analytics and search engine providers that assist us in the improvement and optimisation of our Websites or our Apps;
(j) our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;
(k) government bodies and law enforcement agencies where required by law and in response to legal and regulatory requests;
(l) any third-party where disclosure is required to enforce or apply our Terms and Conditions of Service or other relevant agreements;
(m) to protect the rights, property, integrity or security of our company, our clients or others (including, without limitation, you). This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction purposes;
(n) to our advertising providers for re-targeting purposes; and
(o) if you’ve given consent, to selected third parties that may contact you about products and services which may be of interest to you in any jurisdiction where we operate.
9.2 Any social media posts or comments you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) that you’ve used and could be made public. We don’t control these platforms and we’re not responsible for them sharing information in this way. So, before you make any remarks or observations on social media, you should review the terms and conditions and privacy policies of the platforms you use. That way, you’ll understand how the platforms will use your information and how you can stop them from using it in certain ways if you’re unhappy about it.
9.3 We use banking agents, for example, local businesses, to help provide you with face-to-face banking services. These agents collect personal data on our behalf.
9.4 We have confidentiality arrangements in place to cover off any situations where your personal data may become known to our contractors, agents and outsourced service providers. We don’t permit our contractors, agents and outsourced service providers to use or disclose personal data for any purposes other than our own.
9.5 Mobile app platforms:
(a) our Apps run on third party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone and Google’s Android platform which powers Android-based smartphones; and
9.6 Before we use or disclose any government related identifier of yours, we’ll ensure that the use or disclosure is:
(a) reasonably necessary for us to verify your identity for the purposes of our activities or functions; or
(b) reasonably necessary for us to fulfil our obligations to a government agency or authority; or
(c) required or authorised by or under a Cyprus law, regulation or a court/tribunal order; or
(d) reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
10. Your rights regarding your personal data
10.1 You’re entitled to exercise these rights regarding your personal data, with some exceptions which we’ve explained below:
(a) request access to your personal data (commonly known as a “data subject access request”);
(b) request correction of the personal data that we hold about you;
(c) request erasure of your personal data. Please note that for legal reasons we might not always be able to comply with these requests. We’ll let you know if this is the case when you make your request;
(d) object to processing of your personal data if we’re relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. You also have the right to object if we’re processing your personal data for direct marketing purposes. Please note that in some cases, we may prove that we’ve got compelling legitimate grounds to process your information which override your rights and freedoms;
(e) ask us to suspend the processing of your personal data, if:
(i) you want us to establish the data’s accuracy;
(ii) our use of the data is unlawful but you don’t want us to erase it;
(iii) you need us to hold the data even if we no longer require it, so that you can use it to establish, exercise or defend legal claims; or
(iv) you’ve objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
(f) request the transfer of your personal data to you or to a third party. We’ll provide you, or a third party that you’ve chosen, with your personal data in a structured, commonly used, machinereadable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially consented to us using or where we used the information to perform a contract with you; and
(g) withdraw consent at any time if we’re relying on your consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll let you know if this is the case at the time you withdraw your consent. Please write to:
The Head of Compliance
Pepperstone EU Limited
10.2 Please quote your name and address when you write to us and provide brief details of the data that you would like a copy of or which you would like to be corrected (this helps us to locate your data more easily).
10.3 We’ll require proof of your identity before providing you with details of any personal data we may hold about you.
10.4 We try to respond to all legitimate requests within 1 (one) month. It might take us longer than this if your request is particularly complex or if you’ve made a number of requests. We’ll let you know if this situation applies to you within 1 month of receiving your request and keep you updated.
10.5 We may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. We may also refuse to comply with your request in these circumstances.
11. Access to a credit report about you
11.1 You have the right to ask for a copy of any credit report that we’ve obtained about you from a credit- reporting agency. Please note that we might not have retained a copy of the report after we’ve used it, so the best means of obtaining an up-to-date copy is to get in touch with the credit-reporting agency directly.
11.2 You have a right to have any inaccuracies corrected or, if there’s any dispute about accuracy, to have a note added to your credit reporting agency file explaining your position.
11.3 We’re required to let you know if we decline your credit application wholly or partly because of adverse information on your credit report.
13. Where we store and process your personal data
14.2 We’ll let you know as soon as is practicable if our purposes for processing your personal data change, and seek your consent if we’ve introduced a new purpose for processing.
15. Use of your personal data submitted to other websites
15.2 If you disclose your personal data to others (e.g. websites we link to), different rules may apply to their use or disclosure of the data that you disclose to them. We’re not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our website.
15.3 We recommend that you check the policy of each website you visit and contact the owner or operator of that website if you have concerns or questions.
16. Data retention
16.1 We’ll only retain your personal data for as long as you’ve consented to it or for as long as is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, by law we have to keep basic information about our clients (including contact, identity, financial and transaction data) typically for six years after they cease being clients for tax purposes.
16.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
16.3 In some circumstances you can ask us to delete your data.
16.4 In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In these situations, we may use this information indefinitely without further notice to you.
17. Further information
17.1 If there’s something that we’ve done, or failed to do regarding your personal data, whether positive or negative, please let us know. Your comments enable us to learn as a business and continuously improve our services.
17.2 If you think there’s a problem with the way that we’re handling your data, you have the right to complain to the Office of the Commissioner for Personal Data Protection.
The Head of Compliance
Pepperstone EU Limited
18. Your duty to tell us about changes
18.1 It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by emailing us at firstname.lastname@example.org.
Please note that Pepperstone EU Limited’s Head of Compliance deals with data protection-related queries and client complaints only. For general sales, billing and product support enquiries please contact Pepperstone’s support team at email@example.com.