Version 2 August 2022
1.1. Titanedge Securities Ltd hereinafter referred to as “the Company” is a Cypriot Investment Firm (“CIF”) which owns and operates the trade name and domain “TradeEU” (http://www.tradeeu.com). The Company is incorporated and registered under the laws of the Republic of Cyprus, with registration number HE 411909 and is authorized and regulated by the Cyprus Securities and Exchange Commission (“CySEC”), with CIF license number 405/21. The Company’s registered office is located at 4 Spyrou Kyprianou, Papavasiliou Court, 3rd Floor, Office 301, 4001 Mesa Geitonia, Limassol, Cyprus.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.
‘Cross-border processing’ means either: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
“Data Protection Laws” means any data protection laws applicable in the Republic of Cyprus, as of 25 May 2018, the General Protection Regulation 2016/679 on the protection of natural persons with regards to the procession of personal fata and on the free movement of such data and any subsequent re-enactment, replacement or amendment of such laws.
“Data Security Breach” means any breach of the minimum information security requirements or any obligations or duties owed by the Company to the user relating to the confidentiality, integrity or availability of confidential information or personal data.
“GDPR” means EU General Data Protection Regulation 2016/679
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity or that natural person.
“Personal data breach” means a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consolation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location of movements.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed whether a third party or not. However public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject; controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Personal data breach” means breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Generic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that person and which result, in particular, from an analysis of a biological sample from the natural person in question
‘Main establishment’ means:
(a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;
(b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
‘Representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
All terms shall bear the same meaning as attributed by the General Data Protection Regulation and their cognate terms shall be construed accordingly.
3. COLLECTION AND PROCESSING OF PERSONAL DATA
3.2. The Company is the data controller as the Company collects the relevant data and determines the purposes, conditions and means of the processing of personal data while the processor is the person/entity who processes personal data on behalf of the controller. The Company will collect and hold personal data about the user when he/she completes the online application for a live or demo account or other type of form or when participating in any other service the Company promotes through this website. By completing any application and/or any other requested form the user, he/she gives private information in order to enable the Company to evaluate your request/application and to comply with Laws and Regulations governing the provision of Forex/CFDs and/or any other financial services or instruments. This information is also used to contact the user about the Company’s services if he/she consents to this during the registration process.
3.3. The Company via the registration process on its website, collects identification documents of the users as potential customers as per the internal policies and procedures of the Company in order to evaluate whether a business relationship will be established with the prospective user. As such the Company collects the personal data of each prospective user which is solely processed for evaluation purposes and subsequently filed electronically and/or physically on the drive, server and files of the Company on the Company’s premises. Such data is only processed for the purpose of collection which is the determination as to whether a business relationship will be established, marketing purposes, evaluation of the services provided by the Company and/or any such purposes as may be related to the above-mentioned reasons. The Company collects certain personal data in order to meet the needs of its customers through the efficient provision of services. By collecting certain personal data, the Company is able to monitor and improve the services it offers to its existing and potential customers.
3.4. Personal data collected by the Company includes but is not limited to:
- Personal details such as name and surname, telephone number and / or e-mail address, educational background;
- Financial details such as estimated annual income and net worth, trading experience and investment knowledge;
- Identity Verification Documents such as passport and ID, utility bills, and/or bank statements/card copies or the company’s incorporation certificates and any other corporate documents.
It is understood that the Company retains the right to request additional information as it may deem to be necessary according to the circumstances of each case.
3.5. The Company may originate information from the user’s use of this website (i.e. cookies) and may store this information with his/her personal profile. This information may include site areas visited, pages viewed, frequency and duration of visits, types of transactions conducted, documents downloaded and other websites which may have referred the user or to which he/she links.
It is further noted that the Company may also process personal data where processing is required by the Applicable Legislation to which the Company is subject to.
4. USE OF PERSONAL DATA
4.1. The Company may use the user’s information for any one or more of the following purposes:
- To confirm the user’s identity and residential address;
- To maintain the user’s personal profile;
- To assess the appropriateness and suitability to the products and services we provide;
- To provide the services to the user as per his/her request including processing transactions;
- To provide the user with transaction and post transaction related services;
- To inform the user of products and/or services that may be of interest to you;
- To keep the user updated on the issues that are relevant to your business relationship with us;
- To tailor the website to the user’s needs and interests;
- To analyze impersonalized statistical data to enable the Company to provide the user with better products and/or services.
- To administer the user’s account and monitor its conduct and assess and analyze any credit limit including, the interest rate, fees and other charges to be applied to the Customer’s Trading Account;
- To pass the user’s personal data to third parties for marketing purposes according to the consent provided during the registration process;
4.2. Retention of Personal Data
The Company will, retain the user’s Personal Data on record for a period of at least five (5) years or as it will be required by the regulatory framework on the prevention of money laundering and terrorist financing, which is calculated after the execution of the transactions or the termination of the business relationship or in case of termination of our business relationship.
4.3. Monitoring and Recording
The Company will, as required by Law 87(I)/2017 regarding the provision of investment services, the exercise of investment activities and the operation of regulated markets, monitor and record any communication the user has with the Company whether in writing, by phone or by electronic mail which will be recorded and stored as per the internal policies and procedures of the Company.
5. COMPANY’S OBLIGATIONS
The Company or processor shall take the following measures:
- Evaluate the risks inherent in the processing and implement measures in order to mitigate those risks, such as encryption. The measures implemented shall ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. In assessing data security risk, consideration shall be given to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage.
- Take reasonable steps to ensure that:
- Employees are informed of the confidential nature of the Personal Data;
- Processing of Personal Data shall be performed in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments;
- Personnel is adequately trained in the processing and handling of Personal Data.
- Shall not transfer any personal data outside European Economic Area unless the prior written consent of the user has been obtained and the following conditions are fulfilled:
- the user or the Company has provided appropriate safeguards in relation to the transfer;
- the user has enforceable rights and effective legal remedies;
- the Company complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any Personal Data that is transferred;
- the Company complies with reasonable instructions notified to it in advance by the user with respect to the processing of the Personal Data.
- Shall notify the user without undue delay after becoming aware of a potential data security breach;
- At the written direction of the user or on termination of the business relationship return personal data or copies thereof to the user unless required by the applicable Legislation to store such personal data.
- Maintain complete and accurate records and information to demonstrate compliance with the applicable Legislation.
- In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay. The notification shall at least:
- Describe the nature of the personal data breach;
- Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
- Describe the likely consequences of the personal data breach;
- Describe the measures taken or proposed to be taken by the Company to address the personal data breach including, where appropriate, measures to mitigate its possible adverse effects.
Actions to be taken in the event of data breach:
1. Containment and recovery
The immediate priorities of the Company in case of a data breach is to contain the breach, assess the potential adverse consequences for the client(s), based on how serious and substantial these are and how likely they are to happen and to limit the scope. In case of such breach, the Management of the Company shall take the lead on investigating the breach. The steps to be taken where personal data has been breached are among others the following:
- Inform the recipient not to pass it on or discuss it with anyone else;
- Inform the recipient to destroy or delete the personal data they have received and for them to confirm in writing that they have done so;
- Explain to the recipient the implications if they further disclose the data;
- Where relevant, inform the data subjects whose personal data is involved what has happened so that they can take any necessary actions to protect themselves.
2. Assessing the risk
The Company shall at the same time assess the potential adverse consequences for its client(s) and how serious or substantial these may be and how likely they are to happen. To this effect the Company shall assess the nature of the data breached and the potential purpose for such breach and where it may be used in a manned to harm the data object. Further, it needs to assess how many objects are potentially affected by such breach and the harm that may be suffered by them as a result of such breach. The third step to be taken is the consideration for breach notification to the object and/or authority and then the Company shall review the incident in question and take further action in order to prevent future breaches.
6. DISCLOSURE OF PERSONAL DATA
6.1. The Company and/or its processor may be obligated to disclose any personal data regarding any of its users to any relevant competent authority as may be required under the Legislation from time to time in any of the following situations:
- To protect the Company’s rights and/or comply with any court order or judicial proceedings;
- To avoid any potential fraud;
- To conform with the Law or Comply with legal proceedings;
- To protect and defend the rights or property of the Company’s website(s);
- To act in urgent cases to protect the personal safety of users of the company, its website or the public.
6.2. The Company may also disclose the user’s personal data to the below processors of data:
- The Company’s Introducing Brokers, Agents, Affiliates, business partners or any other third party that the Company may outsource its operations to, who process data on behalf of the Company and who may only use it for the same purposes as the Company.
- Companies it hires to provide limited services on our behalf, including packaging, mailing and delivering purchases, postal mail, etc. The Company will ensure that none of the user’s Personal Data will be delivered to those companies; the companies will only be subject to the information they need to deliver the service, and they are prohibited from using the information for any other purpose.
- Financial institutions and other similar organizations that it deals with in the course of its corporate activities, or those that are nominated by the user;
- External service providers and professional advisers (which may be located overseas) that provide services to the Company;
- Any organization at the user’s request or any persons acting on your behalf, including the user’s financial adviser, broker, solicitor or accountant;
- Any third parties where this is necessary to process a transaction or provide services which the user has requested; or any authority to whom the Company is required to disclose such information by law.
It is noted that the Company shall undertake to ensure that such sub-processing is capable of providing the level of protection with the regards to the processing of personal data and further ensure that the same data protection obligations shall also apply to such processors.
6.4. The Company may combine the user’s personally identifiable data with information from other users of this web-site to create impersonalized statistical data. The Company may provide this statistical data to its business partners or third parties. Under no circumstances will the user be able to be identified from this statistical data; the user will remain anonymous.
The Company takes all necessary precautions to control the processing of such data solely for the purposes specified in this policy however it shall not be responsible for any leakage of personal data which falls outside its contemplation.
7. USER’S RIGHTS
7.1. The user(s) is not obligated to provide any of the personal data requested by the Company. In the absence of this information, however, the Company may not be able to open a trading account for the user where the information is requested in on an application form, or to provide the user with any other services, information or assistance the user may request. Under the Cyprus data protection legislation, the user may have (subject to certain exceptions) the right to request any personal data the Company holds about the user and to inform the Company of any inaccuracy.
7.2. The user(s) may inform the Company at any time that his/her personal details have changed or that he/she wishes the Company to delete personal data held by emailing us at [email protected] . The Company exercising its discretion may change or delete the user’s personal data in accordance with the user’s instructions, except to the extent that the Company is required to hold such personal data for regulatory or legal purposes, and/or for the provision of its services as requested.
7.3. The user(s) has the right to rectification as he/she has the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the user shall have the right to have incomplete personal data completed, including by means a supplementary statement.
7.4. The user(s) has the right to be forgotten (Data Erasure) by the Company and to have their personal data deleted, seize further dissemination of their data and potentially have third parties halt processing their data when such data is no longer being relevant to the original purposes for processing, or a data subject withdraws his/her consent. The user(s) may send such request via email to [email protected] and it shall be upon the Company’s discretion according to the public interest and availability of the data unless the Company has a legal obligation to maintain such data.
7.5. The user(s) has right to access to obtain from the Company confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the Company shall provide a copy of the personal data, free of charge in an electronic format of the personal data submitted by the user(s) enhancing transparency as to the data obtained by the Company. It is noted however that according to the policies and procedures of the Company, the user is required to complete the registration form by completing the required details and upon registration the user receives the pdf format of the submitted information to the Company.
7.6. The user(s) has the right to object where personal data are processed for direct marketing purposes. The user(s) shall have the right to object at any time to processing of personal data concerning him/her for such marketing which includes profiling to the extent that it is related to such direct marketing. Where the user(s) objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
7.7. Without prejudice to any other administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, each user shall have the right to an effective judicial remedy where he/she considers that his/her rights have been infringed as a result of the processing of his/her personal data in non-compliance with the Regulation. Proceedings against controller or processor can be brought before the Republic of Cyprus or in the member state where the user has his/her habitual residence.
It is noted that the Company has implemented appropriate technical and organisational measures in an effective way in order to meet the requirements of the regulatory framework and protect the rights of users. The Company only collects and maintains the required data as it is obligated for the purpose of performing the business operations as this is required under the Law whereas such data is processed for the same reason.
8.1. The user upon completion of step one of the registration process of the Company, in order to proceed to stage two has to click on the consent box to the Company’s policies. The user also acknowledges and accepts that (s)he may be contacted by phone or email for getting further information about the Company, Forex/CFD trading or financial market trading and the Company’s products. In addition, the Company may, on occasion, seek to contact users, whether by phone or by email, for the purpose of informing them of unique promotional offerings provided by the Company.
8.2. Any user wishing to opt out of further contact with the Company at any time whatsoever is entitled to do so, simply by contacting the Company whether by phone at +357 25261736 or email on [email protected] and requesting that no further contact on behalf of the Company be made. It is hereby noted that the Company shall exercise its discretion to withhold such personal data and information as per the provisions of Law 2007-2018 on the prevention and suppression of money laundering and terrorist financing, as amended and any other related Regulation and/or Directive.
The Company adopts strong measures to protect the security of the user’s Personal Data and to ensure it is not accessed by unauthorized persons. Access to Personal Data is restricted to employees and authorized service providers who need it to perform their work. The Customer must not share or disclose his/her log in details with any third party. The Company takes strong precautions to protect Customer’s personal data from loss, theft, copying, misuse, unauthorized access or disclosure, alteration, or destruction.
12. RESTRICTION OF RESPONSIBILITY
13. AMENDMENTS OF POLICY
Tradeeu is the trading name of Titanedge Securities Ltd with Registration Number HE 411909 regulated and authorized by the Cyprus Securities and Exchange Commission under license number 405/21.