Pepperstone logo
Pepperstone logo

Privacy Policy

Pepperstone EU Limited


Company Number: ΗΕ 398429

CIF Licence Number: 388/20

Version Number: 1

Date Updated: October 2020



1. Introduction

Your privacy is very important to us. We’re committed to protecting and respecting your personal data, ensuring that when you choose us to use our services, you know what data we collect about you and how we use and protect that personal data. This Privacy Policy describes the types of personal data that we collect about you when you choose to use our services, how we’ll use your personal data and how we’ll keep it safe. Please take the time to read this Privacy Policy carefully so that you can understand how we handle your personal data.

2. Who we are

2.1 Pepperstone EU Limited is a limited company registered under organisation number 556444, at Arch. Makariou III, 195, Neocleous House, 3030, Limassol, Cyprus. Pepperstone EU Limited is part of the Pepperstone group of companies which includes Pepperstone Group Limited, our Australian parent company. Both companies are separate data controllers but are collectively referred to in this Privacy Policy as “Pepperstone”, “we” or “our” or “us”.

2.2 We’re an online trading platform which assists retail and institutional investors to trade in the margin foreign exchange market (“Forex”) and other derivative instruments. Our online trading platforms operate through the following websites:

pepperstone.com/en-eu/

pepperstone.com/it-it/

pepperstone.com/fr-fr/

pepperstone.com/es-es/

pepperstone.com/pl-pl/

(our “Websites”) and the Pepperstone mobile applications (the “Apps”).

2.3 “Client”, “you” or “your” means an individual who’s the subject of the personal data that we process as a data controller.

3. Scope of this Privacy Policy

3.1 This Privacy Policy (together with our Terms and Conditions of Service and any other documents referred to in it) sets out the basis on which we’ll process any personal data we collect from you, or that you provide to us. This Privacy Policy also sets out how you can instruct us if you prefer to limit the use of your personal data and the procedures that we have in place to safeguard your privacy.

3.2 For the purpose of this Privacy Policy, Data Protection Legislation means: (i) the General Data Protection Regulation 2016/679 (the “GDPR”) applicable in the European Union, including Cyprus and (ii) the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (“Law 125(I)2018”), as updated replaced and amended from time to time. For the purpose of the Data Protection Legislation, the data controllers are Pepperstone EU Limited and Pepperstone Group Limited.

3.3 By using our Websites or our Apps, applying for an account with us or giving us information, you agree that you understand how we collect, use and disclose your personal data, in line with this Privacy Policy. If you don’t agree with this Privacy Policy, you mustn’t use our Website or our Apps, access our services or provide any information to us.

4. Data we collect (or receive) about you

4.1 The personal data we collect (or receive) about you may include your:

(a) name and address;

(b) e-mail address;

(c) username, password;

(d) IP address;

(e) phone numbers (which could be your home, work or mobile numbers);

(f) credit card details;

(g) source of wealth information;

(h) occupation;

(i) bank account details, including institution name, branch, account name, bank identifier;

(j) bank account number or IBAN; or

(k) trading experience information.

4.2 We’re required to identify you if you’re opening a new account or adding a new signatory to an existing account under anti-money laundering laws. We’ll ask you to submit identity documents, which we’ll then keep in our system in compliance with our anti-money laundering obligations. The types of identity documents that we’ll ask you for can include:

(a) passport;

(b) driver’s licence;

(c) national identity card (if applicable);

(d) utility bills;

(e) trust deed;

(f) a credit check; or

(g) other information we consider necessary to our functions and activities.

4.3 Where it’s necessary to do so, wealso collect data regarding the following individuals:

(a) trustees;

(b) partners;

(c) company directors and officers;

(d) officers of co-operatives and associations;

(e) client agents; or

(f) individuals dealing with us on a “one-off” basis.

4.4 In certain situations, you can have the option of not identifying yourself, or of using a pseudonym, when you deal with us. But we can only provide you with this option when it’s practicable for us and when we’re not legally required to identify you.

5. How we collect your personal data

5.1 We may collect (or receive) and process your personal data when:

(a) you contact us, whether through our Website, our Apps or otherwise (for example, via our online form, by e-mail, post, fax or phone). For example, if you submit a complaint, report a problem with our services or our Websites or our Apps or otherwise liaise with our sales team, technical support or any other department in our company. We’ll keep records of this correspondence, including information that you provide when you open or update your trading account such as your name, e-mail, country, password, etc;

(b) we ask you to complete surveys that we use for research purposes, although you don’t have to respond to them;

(c) you use and interact with our Website or our Apps including your device’s manufacturer and model, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, web browser, platform, mobile carrier, and your ISP. We may collect details of your visits to our Website or our Apps (including, but not limited to, traffic data, location data, weblogs and other communication data). We do this via email and website cookies, and similar tracking technology built into our Websites and Apps. We make cookie policies available on each of our Websites and Apps to give you more detailed information on how we use them;

(d) you login to your trading account to use our platform technology and other features and functionalities;

(e) you use the online trading products we provide to you. Please note that we don’t disclose these details to any third parties other than those who need to know this information in the context of the services we provide; or

(f) you use social media, including “like” buttons and similar functions made available by social media platforms.

6. How we may use your personal data

6.1 We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data (see below).

6.2 We may process your personal data for the purpose of:

(a) dealing with your inquiries and requests, including contacting you if necessary. Lawful Basis: your consent or performance of our contract with you;

(b) notifying you about important changes or developments to our Websites, our Apps or to our products or services (e.g. changes of features or enhancements). Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(c) carrying out our obligations arising from any contracts connected to you. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(d) providing and personalising our services, enhancing client experience and tailoring our services to you. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(e) giving you access to all parts or features of our Websites, our Apps or our services. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(f) where applicable, processing your payments. Lawful Basis: performance of our contract with you or necessary for our legitimate interests or to comply with our legal obligations;

(g) administering your registration and/or membership and other trading account records. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(h) market research, analysis and creating statistics. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;

(i) sending you marketing communications, for instance, to contact you from time to time regarding things you have told us you want to hear about, such as new products, special offers, competitions and sponsored events. If you use our Apps, we may use push notifications to highlight when we’ve added new offers and promotions that may be of interest to you. Lawful Basis: your consent or necessary for our legitimate interests;

(j) preventing, detecting and investigating potentially prohibited or illegal activities, and enforcing our Terms and Conditions of Service. Lawful Basis: to comply with our legal obligations or necessary for our legitimate interests;

(k) improving and developing our Website, our Apps or our products and services, as well as collecting feedback from you about our Websites, our Apps, and other activities. For example: a. we may need to gauge whether a new product, website feature or App is likely to appeal to a large proportion of our client base. If it doesn’t, we’ll want to know why; or b. occasionally we may invite you to review a Website or App. If we do, it’s possible that we will use independent research and feedback providers to act on our behalf. Lawful Basis: your consent or necessary for our legitimate interests; Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(l) ensuring that content from our Website is presented in the most effective manner for you and for your computer or mobile device. Lawful Basis: performance of our contract with you or necessary for our legitimate interests;

(m) ensuring we’ve got adequate security measures and services in place so you can safely access our Websites and our Apps. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests;

(n) complying with all the applicable laws and regulations. Lawful Basis: to comply with our legal obligations;

(o) debt recovery or debt tracing, crime, fraud and money laundering compliance. Lawful Basis: to comply with our legal obligations or necessary for our legitimate interests;

(p) recruitment purposes if you’ve applied for a position with us, including contacting you to discuss a role and to assess your suitability. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;

(q) monitoring how people use our Websites and our Apps to see if they’re being abused or threatened, for example, by internet trolls posting inappropriate comments in review areas or by would-be hackers looking to undermine our security. Lawful Basis: your consent, performance of our contract with you or necessary for our legitimate interests;

(r) allowing us to understand our client base across all our businesses. We do this by merging your details with information from other clients of our Websites and Apps. We can then spot trends and common factors among clients, plus we can tailor our business approach, our marketing communications, our digital and social media, our Websites and Apps to the things we believe you and other people like you would be most interested in. This process involves the analysis of many human traits and is sometimes called profiling ‘market segmentation’ or ‘client segmentation’. Among other things, we look at common trends or ‘segments’ based on people’s geographic location, trading behaviour, online behaviours, engagement with marketing activities (e.g. email opens and clicks), preferences, and any other personal information you have submitted to us or arising from your use of our Websites or our Apps. Lawful Basis: processing is necessary for our legitimate interests; and

(s) testing new systems and processes as we roll them out (but generally only in anonymous form) to make sure they work correctly and meet the standards we set for ourselves. Lawful Basis: processing is necessary for our legitimate interests.

6.3 We may take steps to verify the data we collect. For example, if you provide a birth certificate as identification, we may verify this against government records to protect against impersonation, or we may check with your employer that the employment and remuneration information you’ve provided in an application for credit is accurate. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.

6.4 We may check some of the information that you provide to us against third party databases to confirm that it’s accurate. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.

6.5 We may have access to your financial information, such as your billing address, bank account details and payment history to allow us to take payments from you in connection with the online trading products you purchase, send you refunds or enable our support team to deal with your enquiries. We don’t disclose these details to any third parties other than those who need to know this information for the performance of the services that you’ve requested. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.

6.6 We may also collect social media content if it’s in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage on websites such as YouTube, Facebook and Twitter. We may process this information as necessary to respond to any social media posts or other public comments you might make, whether they’re directed to us or about us, our Websites, mobile Apps or other activities, to resolve disputes, provide technical support and troubleshoot problems, as permitted by law. Lawful Basis: performance of our contract with you, to comply with our legal obligations or necessary for our legitimate interests.

6.7 If you’re an existing client, we may contact you by email, SMS, phone or post with information, products or services that you request from us or with information, products or services which are similar to the services we’re providing to you (independently or jointly with others), unless you’ve opted out of being contacted for these purposes. If you change your mind about being contacted in the future, please let us know.

6.8 We don’t sell, rent, or otherwise provide your personal data to third parties unless you consent to this or it’s necessary to provide you with our services, conduct our associated business activities or as described in this Privacy Policy. We may share information with any member of our group of companies, which means our subsidiaries, our ultimate holding company and its other subsidiaries (the “Affiliates”).

6.9 We may place a cookie on your device when you access our Websites or our Apps. These cookies will let us know when you’ve accessed our Websites or downloaded or used our Apps. We’ll share this information with our advertising providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). The cookies will let our advertising providers know when to serve ads and who to serve the ads to, ensuring that our ads are only served to people who have previously visited our Websites or used or downloaded our Apps (“Retargeting”). This is further explained in our Cookies Policy available on our Website here.

6.10 You may ask us to provide you with information about our services or about services offered jointly with or on behalf of other organisations by sending us an e-mail to compliance.eu@pepperstone.com.

6.11 If you stop using our Website, our Apps or our services, or your permission to use our Website, our Apps or our services is terminated, we may continue to use and disclose your personal data in compliance with this Privacy Policy (as amended from time to time) and as permitted by law. If you want us to stop emailing you with information about our Website, our Apps or our services, please unsubscribe or send your request to the contact details above.

7. Your contact information

You can change your contact details at any time by updating your profile within your trading account. You can also update your communication preferences by changing your settings related to your notification choices.

8. The security of your personal data

8.1 Nobody can guarantee the security of the Internet. Please be aware that communications over the Internet, such as emails/webmails, aren’t secure unless they’ve been encrypted. Your communications may route through a number of countries before being delivered.

8.2 We can’t accept responsibility for any unauthorised access or loss of personal data that’s beyond our control. That said, the protection of your personal data is extremely important to us and we have put a range of security procedures in place to keep it safe, as set out in this Privacy Policy.

8.3 Your trading account is protected by your user name and password. You shouldn’t share your username and password with anyone else. When using social networking, group chat and forum features, please ensure that you don’t submit any personal data that you don’t want to be seen, collected or used by other users.

8.4 We’ll use reasonable endeavours to implement appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss. Our security measures include:

(a) educating our employees about their obligations regarding your personal data;

(b) requiring our employees to use passwords and two-factor authentication when accessing our systems;

(c) encrypting data sent from your computer to our systems during internet transactions and client access codes transmitted across networks;

(d) employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;

(e) using dedicated secure networks or encryption when we transmit electronic data for outsourcing purposes;

(f) practising a clean desk policy in all our premises and providing secure storage for physical records; and

(g) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorised access to buildings.

8.5 We won’t disclose your personal data to government institutions or authorities except when we’re compelled to by law (e.g. when requested by regulatory bodies or law enforcement organisations in compliance with applicable laws).

9. Who we’ll disclose your personal data to

9.1 We may disclose your personal data for processing (for the purposes set out in this Privacy Policy) to:

(a) our affiliated product and service providers and external product and service providers that we may act as agent for (so that they can provide you with the product or service you’re asking for or in which you’ve expressed an interest);

(b) any person acting on your behalf, including your financial adviser, solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;

(c) your nominated employment reference (to confirm details about you);

(d) introducing brokers, referral affiliates and agents who refer your business to us;

(e) credit reporting agencies;

(f) other financial institutions and organisations at their request if you seek credit from them (so that they can assess whether to offer you credit);

(g) our employees, our Affiliates and their employees. For instance, Pepperstone EU Limited and Pepperstone Group Limited are part of the Pepperstone group of companies and will share your information;

(h) auditors, contractors or other advisers auditing, assisting with or advising on any of our business purposes;

(i) analytics and search engine providers that assist us in the improvement and optimisation of our Websites or our Apps;

(j) our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;

(k) government bodies and law enforcement agencies where required by law and in response to legal and regulatory requests;

(l) any third-party where disclosure is required to enforce or apply our Terms and Conditions of Service or other relevant agreements;

(m) to protect the rights, property, integrity or security of our company, our clients or others (including, without limitation, you). This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction purposes;

(n) to our advertising providers for re-targeting purposes; and

(o) if you’ve given consent, to selected third parties that may contact you about products and services which may be of interest to you in any jurisdiction where we operate.

9.2 Any social media posts or comments you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) that you’ve used and could be made public. We don’t control these platforms and we’re not responsible for them sharing information in this way. So, before you make any remarks or observations on social media, you should review the terms and conditions and privacy policies of the platforms you use. That way, you’ll understand how the platforms will use your information and how you can stop them from using it in certain ways if you’re unhappy about it.

9.3 We use banking agents, for example, local businesses, to help provide you with face-to-face banking services. These agents collect personal data on our behalf.

9.4 We have confidentiality arrangements in place to cover off any situations where your personal data may become known to our contractors, agents and outsourced service providers. We don’t permit our contractors, agents and outsourced service providers to use or disclose personal data for any purposes other than our own.

9.5 Mobile app platforms:

(a) our Apps run on third party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone and Google’s Android platform which powers Android-based smartphones; and

(b) your use of our Apps is also subject to the relevant mobile app platform provider’s terms and conditions and privacy policy. You should review their terms and conditions and privacy policy to ensure you understand the kinds of data (if any) they’ll gather about you, how they’ll use that data, and what you may be able to do if you’re unhappy about it.

9.6 Before we use or disclose any government related identifier of yours, we’ll ensure that the use or disclosure is:

(a) reasonably necessary for us to verify your identity for the purposes of our activities or functions; or

(b) reasonably necessary for us to fulfil our obligations to a government agency or authority; or

(c) required or authorised by or under a Cyprus law, regulation or a court/tribunal order; or

(d) reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

10. Your rights regarding your personal data

10.1 You’re entitled to exercise these rights regarding your personal data, with some exceptions which we’ve explained below:

(a) request access to your personal data (commonly known as a “data subject access request”);

(b) request correction of the personal data that we hold about you;

(c) request erasure of your personal data. Please note that for legal reasons we might not always be able to comply with these requests. We’ll let you know if this is the case when you make your request;

(d) object to processing of your personal data if we’re relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. You also have the right to object if we’re processing your personal data for direct marketing purposes. Please note that in some cases, we may prove that we’ve got compelling legitimate grounds to process your information which override your rights and freedoms;

(e) ask us to suspend the processing of your personal data, if:

(i) you want us to establish the data’s accuracy;

(ii) our use of the data is unlawful but you don’t want us to erase it;

(iii) you need us to hold the data even if we no longer require it, so that you can use it to establish, exercise or defend legal claims; or

(iv) you’ve objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;

(f) request the transfer of your personal data to you or to a third party. We’ll provide you, or a third party that you’ve chosen, with your personal data in a structured, commonly used, machinereadable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially consented to us using or where we used the information to perform a contract with you; and

(g) withdraw consent at any time if we’re relying on your consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll let you know if this is the case at the time you withdraw your consent. Please write to:

The Head of Compliance

Pepperstone EU Limited

compliance.eu@pepperstone.com

10.2 Please quote your name and address when you write to us and provide brief details of the data that you would like a copy of or which you would like to be corrected (this helps us to locate your data more easily).

10.3 We’ll require proof of your identity before providing you with details of any personal data we may hold about you.

10.4 We try to respond to all legitimate requests within 1 (one) month. It might take us longer than this if your request is particularly complex or if you’ve made a number of requests. We’ll let you know if this situation applies to you within 1 month of receiving your request and keep you updated.

10.5 We may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. We may also refuse to comply with your request in these circumstances.

11. Access to a credit report about you

11.1 You have the right to ask for a copy of any credit report that we’ve obtained about you from a credit- reporting agency. Please note that we might not have retained a copy of the report after we’ve used it, so the best means of obtaining an up-to-date copy is to get in touch with the credit-reporting agency directly.

11.2 You have a right to have any inaccuracies corrected or, if there’s any dispute about accuracy, to have a note added to your credit reporting agency file explaining your position.

11.3 We’re required to let you know if we decline your credit application wholly or partly because of adverse information on your credit report.

12. Cookies

We use cookies to store and collect information about your use of our Website. Cookies are small text files stored by the browser on your equipment’s hard drive. They send information stored on them back to our web server when you access our Website. These cookies enable us to put in place personal settings and load your personal preferences to improve your experience. You can find out more about our cookies on our “Cookie Policy” available on our Website here.

13. Where we store and process your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff who work for us or one of our suppliers or Affiliate companies outside the EEA. Our staff outside of the EEA may be engaged in, among other things, the fulfilment of your request, the processing of your payment details and the provision of support services. By submitting your personal data to us, you agree to your personal data being transferred, stored and processed in this way. We’ll take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

14. Your consent and changes to this Privacy Policy

14.1 We can amend or modify this Privacy Policy from time to time. If we do, we’ll post the updated version on our Website and on our Apps. It’s your responsibility to check the Privacy Policy every time you submit your personal data to us.

14.2 We’ll let you know as soon as is practicable if our purposes for processing your personal data change, and seek your consent if we’ve introduced a new purpose for processing.

15. Use of your personal data submitted to other websites

15.1 Except as otherwise stated, this Privacy Policy only addresses the use and disclosure of personal data that we receive about you or collect from you.

15.2 If you disclose your personal data to others (e.g. websites we link to), different rules may apply to their use or disclosure of the data that you disclose to them. We’re not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our website.

15.3 We recommend that you check the policy of each website you visit and contact the owner or operator of that website if you have concerns or questions.

16. Data retention

16.1 We’ll only retain your personal data for as long as you’ve consented to it or for as long as is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, by law we have to keep basic information about our clients (including contact, identity, financial and transaction data) typically for six years after they cease being clients for tax purposes.

16.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

16.3 In some circumstances you can ask us to delete your data.

16.4 In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In these situations, we may use this information indefinitely without further notice to you.

17. Further information

17.1 If there’s something that we’ve done, or failed to do regarding your personal data, whether positive or negative, please let us know. Your comments enable us to learn as a business and continuously improve our services.

17.2 If you think there’s a problem with the way that we’re handling your data, you have the right to complain to the Office of the Commissioner for Personal Data Protection.

17.3 Questions, comments and requests regarding this Privacy Policy should be addressed to:

The Head of Compliance

Pepperstone EU Limited

compliance.eu@pepperstone.com

18. Your duty to tell us about changes

18.1 It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by emailing us at support@pepperstone.com.

Please note that Pepperstone EU Limited’s Head of Compliance deals with data protection-related queries and client complaints only. For general sales, billing and product support enquiries please contact Pepperstone’s support team at support@pepperstone.com.