Effective Date: 12,Aug,2022.
FXON Ltd., (herein after “the Company”, “us”, “our” or “we”) is committed to complying with applicable laws wherever we do business. This is not only vital to our continued success in an increasingly regulated global marketplace, but also reflects our commitment to conduct business in accordance with the highest legal and ethical standards.
We ask that you read this privacy notice carefully as we would like to inform you that your privacy on the internet is of crucial importance to us and it also contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
1. The personal information we collect and use
Data Controllers and Contracting Parties
FXON Ltd., collects, uses and is responsible for certain personal information about you. Regardless of whether you reside inside or outside the “Designated Countries”, the Company will be the controller of your personal data provided to, or collected by or for, or processed in connection with our services and regulated activities.
Whether information has to be provided by you, and if so why
The provision of “Your Data” (please see next paragraph) is required from you to enable us to provide our services. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
Information collected by us
In the course of your registration as a client, signing up for a demo or a live account with the Company or filling any other form on our Website, subscribing to our services, news or offers, marketing communications or posting material, the following information about you (“Your Data”) will be collected and stored for administrative, service related and/or legal purposes.
We will limit the collection of personal information to what is necessary to administer our business and carry out our regulated activities in an effort to provide you with superior service.
Information that you provide to us directly:
- Personal information, such as names, addresses, personal registration number, national identification number, passport number and e-mail addresses etc (“Personal Information”)., and
- Financial information, trading experience and employment information for appropriateness assessment will also be collected.
However, the meaning of data ‘provided to’ the Company is not limited to this. It is also personal data resulting from observation of your activities (e.g. where using a device or service). This may include:
- history of website usage or search activities, details of your visits to our Website including, communication data
- traffic and location data; or
- website traffic pattern information, including IP addresses, operating system and browser type, for system administration and to report aggregate information to our advertisers. This kind of information is only used in masked or aggregated form, which means that the individual user will not be recognizable. These data do not identify any individual.
- Communications between you and the Company via email, or telephone call.
Your e-mail address may be used by the Company in relation to its products and services (including any marketing campaigns related to these products or services). If you do not wish to receive such marketing material and marketing communications, you can opt-out at any time by clicking on ‘unsubscribe’ or by sending an email stating so to [email protected].
2. The type of data collected and purpose of collection
The type of data we collect along with the purpose for collection is listed below:
PERSONAL DATA TYPE:
Personal information such as gender, name, date of birth and address.
To meet our anti money laundering (AML) and other regulatory obligations in relation to Know Your Client (KYC) and client due diligence. To verify your identity using our verification processes.
Contact information (email address and phone number).
In order to send you correspondence in relation to the services provided and to fulfil our regulatory and compliance obligations.
Employment information, financial information, relevant education and trading experience.
In order to comply with KYC obligations and in order to meet our regulatory obligations relating to assessing the appropriateness of our products and services.
Ethnicity, citizenship and social security numbers or national identity and passport numbers.
In order to comply with KYC and regulatory trade reporting and other AML obligations.
Proof of photo ID, address verification.
In order to comply with KYC and regulatory trade reporting and other AML obligations.
Unique device number (IP address) and device information including version of web browser you use.
When you visit our website, navigate through the pages or fill in any forms, we may collect your unique device number or IP address in order to set up your profile.
Financial sanctions and credit header information
In order to perform our electronic AML screening checks and to comply with other fraud detection policies. This may generate further information on your credit history, criminal convictions or political interests leading to us making decisions based on the results of these check.
3. How we use your personal information
We use information held about you in the following ways:
- to ensure that the content in our website is presented to you in the most effective manner and to improve the content of our website.
- to communicate with you and contact you and to provide you with products and services that you request from us or, where you have consented to be contacted, for products and services that we feel may be of interest to you;
- managing and administering the products and services provided to you;
- keeping you updated as a client in relation to changes to our services and relevant matters;
- provide, improve, test, and monitor the effectiveness of our Services.
- develop and test new products and features.
- monitor metrics such as total number of visitors, traffic, and demographic patterns.
- diagnose or fix technology problems.
- to carry out our obligations arising from any contracts entered between you and us.
- we may also use your data, or permit selected third parties and our processors to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by email.
- to notify you about updates to the website.
- to send out newsletters or information about other opportunities that we believe will be of interest to you. We will only send this to you if you have indicated that you wish to receive such information and we will respect your wish not to do so if you communicate such wish to us. You can opt-out from receiving marketing communications at any time if you do not
- if you do not wish to receive such marketing material by clicking on ‘unsubscribe’ or by sending an email stating so to [email protected].
- to promote safety and security. We use the information we have to help verify accounts and activity, and to promote safety and security on our regulated services, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect your account using teams of IT specialists, automated systems, and advanced technology such as encryption.
4. Who we share your personal information with?
We will not rent or sell your information to third parties outside the Company (or the group of companies of which the Company is a part) without your consent. We also impose strict restrictions on how our processors can use and disclose the data we provide. Here are the types of third parties we share information with:
- Service providers and other partners: We transfer information to service providers (processors), and other partners who globally support our business, such as providing technical infrastructure services, trading platforms analyzing how our Services are used such as measuring the effectiveness of ads and services, providing client service and support, client on-boarding, client identity verification, including PEPs and sanctions, conducting marketing communications and design, services related to our website management, services related to software and business development services.
- We may need to transfer personal data to recipients outside the European Union; these activities can include dealings with foreign public entities (only when necessary and under request), the outsourcing of services to external providers located outside the EU and/or processing the data outside the EU (e.g. cloud computing, client identity verification and individuals from outside the EEA accessing to our web-services), see paragraph Transfer of your information out of the EEA).
- Measurement and Analytics Services: Partners who use our analytics services like Google Analytics (Non-Personally Identifiable Information Only). We do not share information that personally identifies you (personally identifiable information is information like name or email address that can by itself be used to contact you or identifies who you are) with advertising, measurement or analytics partners.
The Company does extensive due diligence before choosing processors assuring that they provide sufficient safeguards, in particular in terms of expert knowledge, data governance, data security, cyber resilience, reliability and resources to implement technical and organizational measures which will meet the requirements of this General Personal Data Regulation, including for the security of processing.
We routinely share your personal data with our processor, which makes it possible to operate our Company, where processing is to be carried out on behalf of the controller (us). Our processor provides sufficient safeguards to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of General Personal Data Regulation and ensure the protection of the rights of the data subject.
The processing is governed by a contract or other legal act under Union or Member State law, binding the processor to the controller (FXON Ltd.).
This data sharing with our processor enables us to proceed with our regulated activities and duties to KYC in order to meet our regulatory obligations relating to assess the appropriateness of our products and services, provide support to clients, etc. Some of those third party recipients (processors) may be based outside the European Economic Area; if the third party recipient is located outside the EU/EEA in a country not ensuring an adequate level of data protection, the transfer will only be completed if a written agreement has been entered into between the Company and the third party. The written agreement shall be based on the Standard Contractual Clauses approved by the European Commission (and any updated versions). — for further information including on how we safeguard your personal data when these cases occur, see paragraph ‘Transfer of your information out of the EEA.
We will share personal information with law enforcement or other authorities if required by applicable law.
5. Cookie Data
6. How our global services operate
Transfer of your information out of the EEA
We and our processors when data is transferred outside the EEA utilize standard contract clauses approved by the European Commission.
How do we respond to legal requests or prevent harm?
We access, preserve and share your information with regulators, law enforcement or others by request:
- We can respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
- When we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of the services or products, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), you or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive information from third-parties about the reliability of your account to prevent fraud, abuse and other harmful activity on and off our Products.
Information we receive about you (including financial transaction as data related to deposits and withdrawals) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or investigations of possible violations of our terms or policies, or otherwise to prevent harm. We also retain information from accounts disabled for terms violations for at least a year to prevent repeat abuse or other term violations.
You have a number of important rights. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information.
- The right to access personal data. Your request should be made in writing to [email protected]. We may ask you for proof of identity before providing you with the data. There is usually no charge for such requests, however in limited circumstances we may be able to charge an administrative fee (and we will inform you in response to your request if that is the case).
- The right to request that your personal data is corrected if it is found to be inaccurate: require us to correct any mistakes in your information which we hold.
- The right to request that your personal data is erased where it is no longer necessary. In some circumstances this right may not apply e.g. if there is some other compelling reason for us to keep or process your data (and we will inform you in response to your request if that is the case).
- Right to data portability: to receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party (another controller) in certain situations.
- The right to withdraw consent to processing at any time, where relevant i.e. where we are relying on your consent to process the data and not another legal reason for processing.
- The right to object at any time to processing of personal information concerning you for direct marketing.
- The right not to be subject to a decision which is based solely on automated processing, including profiling which produces legal effects concerning them or similar significantly affects them.
- The right to object in certain other situations to our continued processing of your personal information.
If you would like to exercise any of those rights, please:
- email, call or write to us at [email protected].
- let us have enough information to identify you (eg account number, user-name, registration details),
- let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you would like to unsubscribe from any emailing or any marketing communications, you send an email to [email protected] stating so.
7. Legal basis for processing personal data
Reasons we can collect and use your personal information: Lawful basis for processing
Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract to conduct regulated activities, when processing is necessary for the entry into, or performance of contract with the data subject or in order to take steps at this or their request prior to the entry into a contract.
Compliance with legal obligations
Processing is necessary for compliance with our legal obligation. The Company has the necessity for compliance with a legal obligation.
Data will only be processed where it is necessary for the purposes of the legitimate interests pursued by FXON Ltd., and these interests or fundamental rights are not overridden by the interests, rights and freedoms of the data subject and that the processing would not cause unwarranted harm. For instance, it is a legitimate interest of the Company to process personal data on data subjects in order to expand the business, develop new business relations prevention of fraud, maintaining the security of our systems if/when necessary, enhancing, modifying or improving our services. The data subject must be given information on the specific legitimate interest if a processing is based on this provision.
8. Keeping your personal information secure
Your Data is stored and kept confidential according to the legislation on protection of personal data and processing thereof applicable in the jurisdiction in which the Company with which you have signed up is located.
We have appropriate security measures in place to prevent personal information from being accidentally lost, misused, modification, disclosure or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
9. How long your personal information will be kept
You can close your account any time, but for audit trail purposes the Company shall hold personal data for a period of at least five years after closing the account in order for us to comply with our record keeping obligations.
At the end of that period, we will delete all personal data relating to you, unless a legal requirement requires them to keep the data for a prolonged period of time, or Data Subject has expressly consented to their data being held for an extended period of time.
10. What happens in the event of a change of control
11. How to complain
We hope that our client support or compliance team can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in the Seychelles the Data Protection Act (the 'Act') was enacted in 2003 (Act No. 9 of 2003) with the aim of protecting the fundamental privacy rights of individuals against the use of data concerning them without their informed consent. The Act will come into operation on such date as the Minister notifies in the official Gazette.
The Act has not yet come into operation.
12. How to contact us
If you wish to contact us with any queries, concerns or complaints, you can email us at [email protected] or write to: Global Gateway 8, Rue de la Perle, Providence, Mahe, Seychelles.
13. National requirements
The Company shall comply with the relevant data protection laws and regulations. If the applicable national legislation requires a higher level of protection for personal data than such policies/guidelines, such stricter requirements are to be complied with.
14. Do you need extra help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).