Pepperstone Privacy Policy

Pepperstone Markets Limited

Company: Pepperstone Markets Limited

IBC No.: 177174 B

SIA Reg. No: SIA-F217

Review: Annual

Date Updated: August 2022

Section A – Introduction

1. Introduction

1.1 Protecting your privacy and keeping your personal information confidential is very important to us. This Privacy Policy (“Policy”) sets out how we collect and manage your personal and sensitive information, in compliance with applicable privacy laws.

1.2 This Policy describes the types of personal information that we collect about you when you choose to use our services, how we’ll use your personal information and how we’ll keep it safe. Please take the time to read this Policy carefully so that you can understand how we handle your personal information.

2. Who we are

2.1 Pepperstone Markets Limited is a limited company registered under company number 177174 B with a business address at Sea Sky Lane, B201, Sandyport, Nassau, New Providence, The Bahamas. Pepperstone Markets Limited is part of the Pepperstone group of companies which includes Pepperstone Group Limited. Both companies are separate data controllers but are collectively referred to in this Policy as “Pepperstone” “we” “us” or “our”.

2.2 We’re an online trading platform which assists clients to trade over- the-counter derivatives, including margin foreign exchange (“Forex”) contracts and contracts-for-difference (“CFDs”). Our online trading platforms operate through the www.pepperstone.com/en website (our “Website”) and the Pepperstone mobile applications (the “Apps”).

2.3 “Client”, “you” or “your” means an individual who’s the subject of the personal information thatwe process as a data controller.

2.4 We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

Attn: Data Protection Officer

Email: compliance.bs@pepperstone.com

Phone Number: +1786 628 1209

3. Scope of this Privacy Policy

3.1 This Policy (together with our Terms and Conditions and any other documents referred to in it) sets out the basis on which we’ll process any personal information we collect from you, or that you provide to us. This Policy also sets out how you can instruct us if you prefer to limit the use of your personal information and the procedures that we have in place to safeguard your privacy.

3.2 By using our Websites or our Apps, applying for an account with us or giving us information, you’re indicating that you understand how we collect, use and disclose your personal information in line with this Policy. If you don’t agree with this Policy, you mustn’t use our Website and our Apps, access our services or provide any information to us.

Section B – Collection of personal information

4. What personal information we collect (or receive) about you

4.1 Personal information (also known as ‘personal data’) is any information or opinion about you that is capable (or reasonably capable) of identifying you, whether the information or opinion is true or not, and regardless of whether the information is recorded in a material form.

4.2 Sensitive information includes things like your racial or ethnic origin, political opinions or membership of political associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or criminal record. Your health, genetic and biometric information and biometric templates are also sensitive information. Sensitive information is also personal information for the purposes of privacy laws. We’ll only collect sensitive information about you if we have your consent, or if we’re required or authorised by law.

4.3 The personal information we collect about you generally includes the following:

(a) name;

(b) date of birth;

(d) IP address;

(e) phone numbers, including home, mobile and work;

(f) username, password;

(g) information relating to an individual’s source of wealth;

(h) occupation;

(i) bank account details, including institution name, branch, account name, bank identifier, and account number or IBAN;

(j) security questions and answers;

(k) information relating to your trading experience;

(l) identification documentation, as required under applicable anti-money laundering laws

(i) passport;

(ii) driver’s licence;

(iii) national identity card (if applicable);

(iv) utility bills;

(v) trust deed;

(vi) a credit or bankruptcy check; and/or

(vii) other information we consider necessary to our functions and activities.

4.4 We’re required by law to identify you if you’re opening a new account or adding a new signatory to an existing account. AML Laws require us to sight and record details of certain documents (i.e. photographic and non photographic documents).

4.5 Where necessary, we also collect information on the following individuals:

(a) trustees;

(b) partners;

(d) officers of co-operatives and associations;

(e) client’s agents;

(f) beneficial owners of the client; and

(g) persons dealing with us on a “one-off” basis.

4.6 We may take steps to verify the information we collect. For example, a birth certificate provided as identification may be verified with government-held records (such as births, deaths and marriages registers) to protect against impersonation, or we may verify with an employer that employment and remuneration information provided in a credit application is accurate.

5. Why we collect your personal information

5.1 We use your personal information to:

(a) verify your identity;

(b) provide you with the products and services that you’ve asked for;

(d) enable secure access to our client area;

(e) unless you tell us otherwise, keep you informed about our products and services and those of our relevant business and initiative partners, and tailor this information to your needs and interests;

(f) respond to any feedback, queries or complaints;

(g) provide you with technical support;

(h) participate in any third party acquisition or potential acquisition of an interest in us or our assets;

(i) comply with our legal obligations under the applicable laws; and

(j) take measures to detect and prevent fraud, crime or other activity which may cause harm to our business or our products and services.

6. How we collect personal information

6.1 We may collect personal information about you directly from you or from sources other than you. “Sources other than you” may include your agents, family members, friends, related entities, affiliates or divisions.

6.2 We may collect (or receive) and process your personal information when:

(a) you apply for an account with us;

(b) you contact us, whether through our Website, our Apps or otherwise (for example, via our online form, by e-mail, post, fax or phone), as we may keep a record of that correspondence. For example, if you submit a complaint, report a problem with our services or our Website or our Apps or otherwise liaise with our sales, technical support or any other department in our company. This includes information provided by you when you update your account such as your name, e-mail, country, password, etc;

(d) you use and interact with our Website or our Apps including your device’s manufacturer and model, IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, web browser, platform, mobile carrier, and your ISP. We may collect details of your visits to our Website or our Apps (including, but not limited to, traffic data, location data, weblogs and other communication data). We do this via email and website cookies, and similar tracking technology built into our Website and Apps. Our cookie policy is available on our Website and Apps to give you more detailed information on how we use them;

(e) you use your account to login to and use our platform technology and other features and functionalities;

(f) you use the online trading products we provide to you. Under no circumstances are these details disclosed to any third parties other than those who need to know this information in the context of the services we provide; or

(g) you use social media, including “like” buttons and similar functions made available by social media platforms.

7. How we may use your personal information

7.1 We may process your personal information for the purpose of:

(a) dealing with your inquiries and requests, including contacting you where necessary;

(b) notifying you about important changes or developments to our Website, our Apps or to our products or services (e.g. changes of features or enhancements);

(d) providing and personalising our services, enhancing client experience and tailoring our services to you;

(e) providing you access to all parts or features of our Website, our Apps or our services;

(f) where applicable, processing your payments;

(g) administering your registration and/or membership and other account records;

(h) market research, analysis and creating statistics;

(i) sending you marketing communications, for instance, to contact you from time to time regarding things you have told us you want to hear about, such as new products, special offers, competitions and sponsored events. If you use our Apps, we may use push notifications to highlight when we have added new offers and promotions that may be of interest to you;

(j) preventing, detecting and investigating potentially prohibited or illegal activities, and enforcing our Terms and Conditions;

(k) improving and developing our Website, our Apps or our products and services, as well as collecting feedback from you about our Websites, our Apps, and other activities. For example:

(i) we may need to gauge whether a new product, website feature or App is likely to appeal to a large proportion of our client base. If not, we will want to know why; or

(ii) occasionally we may invite you to review a website or App. If we do, it is possible that we will use independent research and feedback providers to act on our behalf;

(l) ensuring that content from our Website is presented in the most effective manner for you and for your computer or mobile device;

(m) ensuring we have adequate security measures and services so you can safely access our Website and our Apps;

(n) complying with all the applicable laws and regulations;

(o) debt recovery or debt tracing, crime, fraud and money laundering compliance;

(p) recruitment purposes if you have applied for a position with us including to contact you to discuss a role with us and to assess your suitability;

(q) monitoring how people use our Website and our Apps to see if they are being abused or threatened, for example, by internet trolls posting inappropriate comments in review areas or by would-be hackers looking to undermine our security;

(r) allowing us to understand our client base across all our businesses. We do this by merging your details with information from other clients of our Website and Apps. We can then spot trends and common factors among clients, plus we can tailor our business approach, our marketing communications, our digital and social media, our Website and Apps to the things we believe you and other people like you would be most interested in. This process involves the analysis of many human traits and is sometimes called profiling ‘market segmentation’ or ‘client segmentation’. Among other things, we look at common trends or ‘segments’ based on people’s geographic location, trading behaviour, online behaviours, engagement with marketing activities (e.g. email opens and clicks), preferences, and any other personal information you have submitted to us or arising from your use of our Website or our Apps; and

(s) testing new systems and processes as we roll them out (but generally only in anonymous form) to make sure they work correctly and meet the standards we set for ourselves.

7.2 We may take steps to verify the information we collect. For example, we may verify with an employer that employment and remuneration information provided in an application for credit is accurate.

7.3 We may check some of the information that you provide to us against third party databases to confirm that it is accurate.

7.4 We may have access to your financial information, such as your billing address, bank account details and payment history in order to allow us to take payments from you in connection with the online trading products you purchase, send you refunds or enable our client service to deal with your enquiries. Under no circumstances are these details disclosed to any third parties other than those who need to know this information for the performance of the services requested.

7.5 We may also collect social media content where this is in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage on websites such as YouTube, Facebook and Twitter. We may process this information as necessary to respond to any social media posts or other public comments you might make, whether they’re directed to us or about us, our Websites, mobile Apps or other activities, to resolve disputes, provide technical support and troubleshoot problems, as permitted by law.

7.6 We may contact you with information, products or services that you request from us or with information, products or services which are similar to the services we are providing to you (independently or jointly with others), unless you have opted out to be contacted for such purposes. We may contact you for this purpose by post, telephone, SMS and other messaging services as well as by email. If you change your mind about being contacted in the future, please let us know.

7.7 If you choose to post messages on any online forum or other message platforms that we may make available for this purpose on our Apps or our Website, we may collect that information you provide to us. We may process this information as necessary to respond to any social media posts or other public comments you might make, whether they are directed to us or about us, our Website, Apps or other activities, to resolve disputes, provide technical support and troubleshoot problems, as permitted by law.

7.8 We may place a cookie on your device when you access our Website or our Apps. These cookies will let us know when you have accessed our Website or downloaded or used our Apps. We will share this information with our advertising providers such as Facebook or Twitter (e.g. IP addresses or unique mobile identifiers). The cookies will let our advertising providers know when to serve ads and to whom, ensuring that our ads are served only to people who have previously visited our Website or used or downloaded our Apps (“Retargeting”). This is further explained in our Cookies Policy available on our website here.

7.9 If you stop using our Website, our Apps or our services, or your permission to use our Website, our Apps or our services is terminated, we may continue to use and disclose your personal information in accordance with this Policy (as amended from time to time) and as permitted by law. However, if you wish us to stop e-mailing you with information in connection with our Website, our Apps or our services, please unsubscribe or send your request to the contact details set out below.

8. How we process your personal information

8.1 Our basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, we’ll process your personal information where:

(a) you’ve consented to the use and disclosure your personal information for our intended purposes either before or at the time that we collect it;

(b) we need the personal information to perform our contract with you; or

(c) the processing is in our legitimate interests (or those of a third party) and not overridden by your data protection interests or fundamental rights and freedoms.

8.2 In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect vital interests.

8.3 Where we rely on consent, if you don’t give us your consent or withdraw your consent, we may not be able to provide you with the products or services you ask for. 8.4 You can withdraw your consent at any time. To withdraw your consent, please email support@pepperstone.com in the first instance.

9. Incomplete or inaccurate information

9.1 If you provide us with incomplete or inaccurate information, we may not be able to provide you with the products or services that you ask for. You can change your contact details at any time by updating your profile within your account.

10. Aggregated Data

10.1 Aggregated data is general data about groups of people which doesn’t identify anyone personally, for example the number of people in a particular industry that engage in forex trading. We use aggregated data to:

(a) help us to understand how you use our products and services and improve your experience with us; and

(b) customise the way that we communicate with you about our products and services so that we can interact with you more effectively.

10.2 We may share aggregated data with our business or industry partners.

11. Anonymity and pseudonymity

11.1 In certain situations we may be able to give you the option of using a pseudonym or remain anonymous when you deal with us. We’re only able to provide you with this option when it’s practical for us to do so, and if we’re not required by law to identify you.

Section C – Security of your personal information

12. How we protect your personal information

12.1 Nobody can guarantee the security of the internet. Please be aware that communications over the internet, such as emails/webmails, aren’t secure unless they’ve been encrypted. Your communications may route through a number of countries before being delivered.

12.2 We can’t accept responsibility for any unauthorised access or loss of personal information that’s beyond our control. That said, the protection of your personal information is extremely important to us and we have put a range of security procedures in place to keep it safe, as set out in this Policy.

12.3 Your account is protected by your username and password. You shouldn’t share your username and password with anyone else. When using social networking, group chat and forum features, please ensure that you don’t submit any personal information that you don’t want to be seen, collected or used by other users.

12.4 We’re committed to protecting the personal information we hold about you from misuse, unauthorised access and disclosure. We’ve implemented a range of practices and policies to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them. Our security measures include:

(a) educating our employees about their obligations when they collect and handle personal
information;

(b) requiring our employees to use passwords when accessing our systems;

(c) encrypting data sent from your computer to our systems during internet transactions and
client access codes transmitted across networks;

(d) employing firewalls, intrusion detection systems and virus scanning tools to protect
against unauthorised persons and viruses from entering our systems;

(e) using dedicated secure networks or encryption when we transmit electronic data for
purposes of outsourcing;

(f) practising a clean desk policy for all premises and providing secure storage for physical records; and

(g) employing physical and electronic security measures such as swipe cards, alarms, cameras and guards (as required) to protect against unauthorised access to buildings.

12.5 Where we identify that we no longer need certain personal information, we ensure that it’s effectively and securely destroyed. For example, we may shred paper records or use other means such as degaussing (de-magnetism of a device) and deletion in the case of electronic equipment and records.

Section D – Use or disclosure of personal information

13. Who we share personal information with

13.1 We may share your information with any member of our group of companies, which means our subsidiaries, our ultimate holding company and its other subsidiaries (“Affiliates”) and third parties that we outsource functions to or partner with, in certain limited situations where it’s necessary for us to provide our products and services or perform associated business activities.

13.2 These entities and third parties include:

(a) our affiliated product and service providers and external product and service providers that we may act as agent for (so that they can provide you with the product or service you’re asking for or in which you’ve expressed an interest);

(b) any person acting on your behalf, including your financial adviser, solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;

(d) introducing brokers, affiliates and agents who refer your business to us;

(e) credit reporting agencies;

(f) our third party business partners or joint initiative providers;

(g) other financial institutions and organisations that we deal with in the course of our business or at their request, if you seek credit from them (so that they can assess whether to offer you credit);

(h) our employees, our Affiliates and their employees. For instance, Pepperstone Limited and Pepperstone Group Limited are part of the Pepperstone group of companies and will share your information;

(i) auditors we appoint to ensure the integrity of our operations;

(j) analytics and search engine providers that assist us in the improvement and optimisation of our Websites or our Apps;

(k) our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;

(l) government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;

(m) any third-party where disclosure is required to enforce or apply our Terms and Conditions or other relevant agreements to protect the rights, property, integrity or security of our company, our clients, or others (including, without limitation, you). This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction purposes;

(n) to our advertising providers for re-targeting purposes;

o) if you’ve given your consent, to selected third parties that may contact you about products and services which may be of interest to you in any jurisdiction where we operate; and

(p) other organisations who assist us to provide products and services by performing functions such as client contact, banking, payments, data processing, debt recovery, marketing and advertising, data analysis, business intelligence, website and technology services. They may also provide products and services that integrate with or complement our products and services.

13.3 We take our obligations to protect your information extremely seriously and make every effort to deal only with parties who share and demonstrate the same attitude. Each of the third parties that we contract with is carefully selected and is only authorised to use your personal information in a secure way, that’s necessary for them to perform their services to us.

13.4 We don’t sell, rent, or otherwise provide your personal information to third parties unless you consent to this or it’s necessary to provide you with our services, conduct our associated business activities or as described in this Policy.

13.5 Any social media posts or comments that you send to us (on our Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) that you’ve used and could be made public. We don’t control these platforms and we’re not responsible for them sharing your information in this way. So, before you make any social media posts, you should review the terms and conditions and privacy policies of the platforms that you use. That way, you’ll understand how the platforms will use your information and how you can stop them from using it in certain ways if you’re unhappy about it.

13.6 Mobile app platforms:

(a) our Apps run on third-party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone, and Google’s Android platform which powers Android- based smartphones; and

(b) your use of our Apps is also subject to the relevant mobile app platform provider’s terms and conditions and privacy policy. You should review their terms and conditions and privacy policy to ensure you understand the kinds of information (if any) they’ll gather about you, how they will use that information, and what you may be able to do if you are unhappy about it.

13.7 We won’t adopt a government related identifier (such as your passport, national ID or driver’s license number) as our own identifier unless required or authorised to do so under any applicable law, regulation or court/tribunal order. Before we use or disclose any government related identifier of yours, we’ll ensure that the use or disclosure is:

(a) reasonably necessary for us to verify your identity for the purposes of our activities or functions;

(b) reasonably necessary for us to fulfil our obligations to a government agency or authority;

(d) reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

14. Disclosure required by law

14.1 We’ll also disclose your personal information if we’re required by law or permitted to do so under applicable privacy laws.

Section E – Your Rights in Relation to Your Personal Information

15. Your Rights

15.1 You’re entitled to exercise these rights regarding your personal information, with some exceptions which we’ve explained below:

(a) request access to your personal information;

(b) request correction of the personal information that we hold about you;

(c) request erasure of your personal information. Please note that for legal reasons we might not always be able to comply with these requests. We’ll let you know if this is the case when you make your request;

(d) object to processing of your personal information if we’re relying on a legitimate interest (or those of a third party) and you feel it impacts on your fundamental rights and freedoms. You also have the right to object if we’re processing your personal information for direct marketing purposes. Please note that in some cases, we may prove that we’ve got compelling legitimate grounds to process your information which override your rights and freedoms;

(e) ask us to suspend the processing of your personal information, if:

(i) you want us to establish the information's accuracy;

(ii) our use of the information is unlawful but you don’t want us to erase it;

(iii) you need us to hold the information even if we no longer require it, so that you can use it to establish, exercise or defend legal claims; or

(iv) you’ve objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it;

(f) request the transfer of your personal information to you or to a third party. We’ll provide you, or a third party that you’ve chosen, with your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially consented to us using or where we used the information to perform a contract with you; and

(g) withdraw consent at any time if we’re relying on your consent to process your personal information. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll let you know if this is the case at the time you withdraw your consent. Please contact:

Attn: Data Protection Officer

Email: compliance.bs@pepperstone.com

15.2 Please quote your name and address when you write to us and provide brief details of the information that you would like a copy of or which you would like to be corrected (this helps us to locate your information more easily).

15.3 We’ll require proof of your identity before providing you with details of any personal information we may hold about you.

15.4 We try to respond to all legitimate requests within 1 (one) month. It might take us longer than this if your request is particularly complex or if you’ve made a number of requests. We’ll let you know if this situation applies to you within 1 month of receiving your request and keep you updated.

15.5 In some cases we may ask you to pay an administrative fee to cover costs associated with your request. We’ll confirm the cost with you and confirm that you want to proceed before actioning your request.

16. Access to a credit report about you

16.1 You have the right to ask for a copy of any credit report we have obtained about you from a credit- reporting agency. However, the best means of obtaining an up-to-date copy is to get in touch with the credit-reporting agency directly, as we may not have retained a copy after we have used it.

16.2 You have a right to have any inaccuracies corrected or, if there’s any dispute about accuracy, to have a note added to your credit reporting agency file explaining your position.

16.3 If we decline your credit application wholly or partly because of adverse information on your credit report, we will let you know and tell you how you can go about getting a copy of your credit report.

Section F – Cookies

17. Why we use cookies

17.1 We use cookies to store and collect information about your use of our Website. Cookies are small text files stored by the browser on your equipment's hard drive. They send information stored on them back to our web server when you access our Website. These cookies enable us to put in place personal settings and load your personal preferences to improve your experience. You can find out more about our cookies in our “Cookies Policy” available on our Website here.

Section G – Cross border disclosure of personal information

18. Disclosing personal information to cross border recipients

18.1 Some of our Affiliates and third parties that we share information with may be located in Australia, the United Kingdom, Cyprus and other countries. We’ll only disclose your personal information to an offshore recipient once we have taken reasonable contractual and practical steps to ensure that:

(a) the overseas recipient doesn’t breach applicable privacy laws; or

(b) you’ll be able to take action to enforce the protection of a law or binding scheme that has the effect of protecting the information in a way that’s at least substantially similar to the way in applicable privacy laws protect the information; or

(c) you’ve consented to the disclosure after we expressly tell you that there’s no guarantee that the overseas recipient won’t breach applicable privacy laws; or

(d) the disclosure of the information is required or authorised by or under an applicable law or a court/tribunal order; or

(e) any other situation that is permitted under applicable privacy laws.

Section H – Data Retention

19. How long we’ll keep your personal information

19.1 We’ll only retain your personal information for as long as you have consented to it, or for as long as is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, under tax laws we have to keep basic information about our clients (including contact, identity, financial and transaction data), typically between seven and ten years after they cease being clients.

19.2 To decide on the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

19.3 In some circumstances you can ask us to delete your personal information, see Section E of this Policy above.

19.4 In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes. In these situations, we may use this information indefinitely without further notice to you.

Section I – Contacting us and complaints

20. How to contact us

20.1 If you have any questions or would like further information about our privacy and information handling practices, please contact us by email at support@pepperstone.com.

21. Making a complaint

21.1 We offer a free internal complaint resolution scheme to all of our clients. If you have a privacy complaint, please contact us using the details above to discuss your concerns.

21.2 To assist us in helping you, please gather all supporting information and any documents relating to your complaint and provide it to us for assessment. We’ll try to resolve your complaint as quickly as possible, and in any event within 30 days of hearing from you. If your complaint takes longer to resolve, we’ll keep you informed of our progress.

Section J – General

22. Your consent and changes to this Policy

22.1 We can amend or modify this Policy from time to time. If we do, we’ll post the updated version on our Website and on our Apps. It’s your responsibility to check the Policy every time you submit your personal information to us.

22.2 We’ll let you know as soon as is practicable if our purposes for processing your personal information change and seek your consent if we’ve introduced a new purpose for processing.

23. Use of your personal information submitted to other websites

23.1 Except as otherwise stated, this Policy only addresses the use and disclosure of personal information that we receive about you or collect from you.

23.2 If you disclose your personal information to others (e.g. websites that we link to), different rules may apply to their use or disclosure of the information that you disclose to them. We’re not responsible for the privacy policies and practices of other websites, even if you accessed the third-party website using links from our website.

23.3 We recommend that you check the policy of each website you visit and contact the owner or operator of that website if you have concerns or questions.

24. Your duty to tell us about changes

24.1 It’s important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us by emailing us at support@pepperstone.com.