Privacy Policy

1. Information We Collect

1.1 Personal Information

When you register for an account or use our services, we collect:

• Identity Information: Full name, date of birth, nationality, government-issued ID
• Contact Information: Email address, phone number, residential address
• Financial Information: Bank account details, payment card information, income, net worth, source of funds
• Trading Information: Trading experience, investment knowledge, risk tolerance
• Employment Information: Occupation, employer name, employment status

1.2 Automatically Collected Information

We automatically collect certain information when you visit our website or use our platforms:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referring URLs
• Location Data: General geographic location based on IP address
• Platform Activity: Login times, trading activity, account interactions

1.3 Information from Third Parties

We may receive information about you from:

• Credit reference agencies and fraud prevention services
• Identity verification providers
• Payment processors and banks
• Public databases and registries
• Marketing partners (with your consent)

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Account Management

• To create and manage your trading account
• To verify your identity and perform KYC/AML checks
• To process your deposits and withdrawals
• To execute and manage your trades
• To provide customer support

2.2 Legal and Regulatory Compliance

• To comply with legal obligations and regulatory requirements
• To prevent fraud, money laundering, and terrorist financing
• To respond to legal requests and court orders
• To enforce our Terms and Conditions
• To maintain records as required by financial regulations

2.3 Service Improvement

• To analyze and improve our services and platforms
• To develop new features and products
• To monitor and ensure platform security
• To conduct research and analysis

2.4 Communications

• To send important account notifications and updates
• To provide trading confirmations and statements
• To send educational content and market analysis (with consent)
• To inform you about new products and services (with consent)

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity

We need to process your information to fulfill our contract with you, including providing trading services and executing transactions.

3.2 Legal Obligation

We are required to process certain data to comply with financial regulations, AML/KYC requirements, and other legal obligations.

3.3 Legitimate Interests

We process data for our legitimate business interests, such as:

• Fraud prevention and security
• Service improvement and development
• Risk management
• Direct marketing (where allowed by law)

3.4 Consent

For certain activities, such as marketing communications and non-essential cookies, we rely on your explicit consent, which you can withdraw at any time.

4. Data Sharing and Third Parties

We may share your information with the following categories of recipients:

4.1 Service Providers

• Payment Processors: To process deposits and withdrawals
• Cloud Storage Providers: To securely store data
• Identity Verification Services: To verify your identity
• Customer Support Tools: To provide customer service
• Analytics Providers: To analyze platform usage

4.2 Regulatory and Legal Authorities

We may share information with:

• Financial regulators (FCA, CySEC, ASIC)
• Law enforcement agencies
• Courts and tribunals
• Tax authorities
• Financial ombudsman services

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 Third-Party Safeguards

All third parties are required to:

• Maintain appropriate security measures
• Process data only for specified purposes
• Comply with GDPR and other applicable laws
• Return or delete data when no longer needed

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to enhance your experience and improve our services.

5.2 Types of Cookies We Use

5.3 Managing Cookies

You can control cookies through:

• Our cookie consent banner
• Your browser settings
• Third-party opt-out tools

For more information, see our Cookie Policy.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

6.1 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

• Email: dpo@capitalfxmarkets.com
• Phone: +1-800-FOREX-99
• Or use the form on our Contact page

We will respond to your request within 30 days.

6.2 Right to Complain

If you believe we have not handled your data properly, you have the right to lodge a complaint with:

• UK: Information Commissioner's Office (ICO)
• EU: Your local Data Protection Authority

7. Data Security

We implement robust security measures to protect your personal information:

7.1 Technical Safeguards

• Encryption: All data transmissions use SSL/TLS encryption
• Secure Storage: Data is encrypted at rest using industry-standard protocols
• Firewalls: Advanced firewall systems protect our infrastructure
• Access Controls: Multi-factor authentication and role-based access
• Monitoring: 24/7 security monitoring and intrusion detection

7.2 Organizational Safeguards

• Regular security audits and penetration testing
• Employee training on data protection
• Strict access controls and confidentiality agreements
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

7.3 Your Responsibility

You can help protect your account by:

• Using a strong, unique password
• Enabling two-factor authentication
• Not sharing your login credentials
• Logging out after each session
• Reporting suspicious activity immediately

8. International Data Transfers

8.1 Cross-Border Transfers

As a global business, we may transfer your data to countries outside the European Economic Area (EEA) that may have different data protection laws.

8.2 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses: EU-approved data transfer agreements
• Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
• Binding Corporate Rules: Internal data protection standards
• Additional Safeguards: Encryption and access controls

8.3 Countries We Transfer To

We may transfer data to:

• United States (for cloud storage and analytics)
• Australia (for regulatory compliance)
• Other jurisdictions where our service providers operate

9. Data Retention

9.1 Retention Periods

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory obligations
• Resolve disputes and enforce agreements
• Protect our legitimate interests

9.2 Specific Retention Periods

• Account Information: 7 years after account closure (regulatory requirement)
• Transaction Records: 7 years (MiFID II requirement)
• KYC/AML Documents: 7 years after relationship ends
• Marketing Consents: Until withdrawn or 3 years of inactivity
• Website Logs: 90 days

9.3 Secure Deletion

When data is no longer needed, we securely delete or anonymize it using industry-standard methods.

10. Contact Us

Data Protection Officer

For any privacy-related questions or to exercise your rights, please contact our Data Protection Officer:

Policy Updates

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on our website. The "Last Updated" date at the top indicates when the policy was last revised.

Our Privacy Commitments