Personal Data

Personal data refers to any information that can identify you as an individual. To provide our Services effectively, we may collect, store, and process various types of personal data. This may include, but is not limited to:

• Full name;
• Title or prefix;
• Email address;
• Postal address;
• Telephone number;
• Passport or identification numbers;
• Nationality and date of birth;
• Bank account details;
• CV and employment history;
• Personal trading statements;
• IP address;
• Passwords and login credentials;
• Investor categorization and suitability assessments.

We collect this information when you provide it to us directly, such as when entering into agreements, submitting forms on our Site, or communicating with us through various channels.

Failure to Provide Personal Data

If we are required by law or a contract to collect specific personal data and you fail to provide that data, we may be unable to perform the services you have requested. In such instances, we may have to cancel the service but will notify you if this is the case.

Personal Data

We collect personal data from you in the following ways:

• Direct Interactions: This includes when you provide us with your nformation by filling out forms, submitting inquiries, registering for our Services, or communicating with us via phone, email, or in person.
• Automated Technologies: As you interact with our Site, we may collect certain data automatically, such as IP addresses and browsing behavior. We use cookies and similar technologies for this purpose (refer to our Cookie Policy for more details).

We may also ask for additional personal information to complete your investor profile, such as identification documents and tax-related information, in order to comply with regulatory requirements.

We process personal data fairly, lawfully, and only for legitimate purposes. Your personal data will be used where:

• It is necessary to perform the Services you request from us;
• We are required by law to collect and process certain information;
• It is needed to comply with regulatory or legal obligations.

Some examples of how we may use your personal data include:

• Verifying your identity and conducting due diligence;
• Assessing whether you qualify for our Services;
• Managing transactions such as deposits or withdrawals;
• Ensuring compliance with regulatory obligations, including anti-money laundering (AML) and Know Your Customer (KYC) requirements;
• Managing communications, including service updates and regulatory notices.

To fulfill our obligations and provide you with the best service, we may share your personal data with:

• Service providers (e.g., legal, financial, or regulatory bodies);
• Professionals such as lawyers, notaries, auditors, and consultantsconducting services on our behalf.

We ensure that all third-party service providers respect the confidentiality of your personal data and comply with applicable data protection laws.

We may transfer personal data to countries outside the European Economic Area (EEA) in connection with the purposes outlined in this Policy. These countries may not offer the same level of data protection as those within the EEA. However, when such transfers take place, we will ensure that appropriate measures are in place to safeguard your personal data. This may include the use of standard contractual
clauses approved by the European Commission to ensure that your personal data is protected to EU standards.

Your data may be processed, transferred, and stored outside of the EEA, including by our third-party service providers or partners. These jurisdictions may have different data protection laws compared to your home country. We will take all reasonable measures to ensure your data is adequately protected, regardless of where it is processed. This includes implementing appropriate safeguards such as standard contractual clauses or equivalent legal mechanisms for data protection.

If you would like further information about how your data is protected when transferred outside of the EEA, please contact us using the details provided in the “Contact Us” section below.

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting requirements. In some instances, we may retain your data for a longer period, such as when it is required for legal disputes or regulatory inquiries. Once your personal data is no longer needed for these purposes, we will take steps to delete or securely anonymize it.

You have several rights under data protection laws concerning the processing of your personal data. These rights include, but are not limited to:

• Right to be Informed: You have the right to receive clear, concise, and transparent information about how we process your data.
• Right of Access: You have the right to request a copy of your personal data that we hold and to verify that we are lawfully
• processing it.
• Right to Rectification: You can request that any incomplete or inaccurate personal data we hold about you be corrected.
• Right to Erasure: Also known as the “right to be forgotten,” you can request the deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected. There are legal exceptions to this right.
• Right to Restrict Processing: You can request that we limit the processing of your personal data under certain circumstances, such as if you contest its accuracy or object to the processing.
• Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit this data to another controller where feasible.
• Right to Object: You have the right to object to our processing of your personal data in certain circumstances, including for direct marketing purposes.

You will not have to pay a fee to access your personal data or to exercise your other rights. However, we may charge a reasonable fee if your request is excessive, unfounded, or repetitive. Alternatively, we may refuse to comply with your request in such circumstances.

We implement appropriate security measures to protect your personal data from unauthorized access, misuse, disclosure, or destruction. These measures include both technical and organizational protections to safeguard your personal data’s
integrity and confidentiality.

We also ensure that employees involved in processing personal data are properly trained on the importance of data privacy and confidentiality, particularly regarding the GDPR. Your personal data may be stored both electronically and in
hard-copy format.

However, we cannot be held responsible for unauthorized access to your personal data caused by your negligence, such as sharing passwords or login credentials with unauthorized individuals.

If you have any questions about this Policy or how we handle your personal data, please contact us at [email protected]. We may request additional information to verify your identity before processing certain requests
related to your personal data.

We aim to respond to all legitimate requests within one month. If it takes longer, we will notify you and keep you informed of the progress.

You also have the right to file a complaint with the Cyprus Data Protection Commissioner or the relevant data protection authority in your jurisdiction. More information about the Cyprus Data Protection Commissioner can be found at www.dataprotection.gov.cy. We would appreciate the opportunity to address your concerns directly before you escalate them, so please contact us first.