Data Protection And Marketing Communication Policy
Centralspot Trading Limited, “the Company”,”we” or “us” is responsible for the protection of the privacy and the safeguarding of clients’ personal financial information and data. By opening a trading account with the Company, the client hereby gives its consent to such collection, processing, storage and use of personal information by the Company as explained below and in accordance to applicable data protection legislation (including but not limited to the General Protection Regulation (EU) 2016/679 (the “GDPR” and the Cyprus Law for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data (Law 125(I)/2018)(the “Data Processing Law”).
For the purpose of GDPR and the Data Processing Law, Centralspot Trading Limited is the data controller.
You” or the “Data Subject” means the user who is using the Company’s services and who may choose to provide his/her Personal Data to the Company and/or whose Personal Data may be subject to Processing (as hereinafter defined)
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The collection of personal information
The Company collects the necessary information required to open a client’s trading account, perform transactions and safeguard the clients’ assets and privacy and to provide clients with the services they require. In this respect, the Company may ask clients in certain circumstances, to gather information from banks and/or credit agencies, and/or clearing agencies and/or other sources which will help the Company to construct the clients’ profile based on their requirements and preferences in order to provide its services effectively. The Company may collect customer’s credit card data where is necessary to offer the services the customer opted for. In accordance with the recommendations of Payment Card Industry Security Standards Council, customer card details – are protected using Transport Layer encryption – TLS 1.2 and application layer with algorithm AES and key length 256 bit.
The information the Company collects includes information required to communicate with and identify its clients. The Company may also collect certain demographic information, including, birth date, education, occupation, etc. The Company also assesses trading related information.
The Company also collects Non-Personal Information, meaning the information which does not allow us to identify the end-user.
The other type of information that we collect is the Personal Information and this allows us to identify the end-user:
- Identifying documents- documents that we request from you for the proof of identity and your residency. Such information is collected in order to perform transactions through the services provided by the Company.
- Registration information- to provide you with our services, at the registration stage, we ask you to provide us with your name, e-mail, telephone number.
- Voluntary information- when using our services such as customer support or any other means of communication with us we collect the information that you voluntarily provide about yourself.
- Device data- this is the information that we collect from your device and that includes your IP address, unique identifiers and other information that relates to your activity while using the services of the Company.
We collect your personal information in most cases directly from you. We may also collect information from third parties such as our partners, service providers such as Thomson Reuters (World-Check) and publicly available websites (i.e. social media platforms), to comply with our legal and regulatory obligations, offer Services we think may be of interest, to help us maintain data accuracy and provide and enhance the Services.
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you as per the requirements of the Cyprus Securities Exchange Commission (the “CySEC”) and/or the compliance obligations of the Company. These recordings will be Company’s sole property and will constitute evidence of the communications between the Company and you. Such telephone conversations may only be recorded with the use of a warning tone or with any other further notice with which the Company will notify you about the legal reason it has for such processing and will further ask for your consent.
Use of personal information
The Company uses clients’ personal information only as required to provide quality service and security to its clients. This information helps the Company to improve its services, customize browsing experience and enables it to inform its clients of additional products, services or promotions relevant to clients provided that the clients’ have consented to the usage of this data for such purposes.
It shall be noted that the Company may anonymize or de-identify the collected information which, on its own, cannot personally identify you. In addition, the combination of Personal and non-Personal information is considered as Personal information and will be treated so while remaining combined.
The Company may disclose your Personal Data if it is under a duty to disclose or share your personal data and transaction data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
In the event that that the Company sell or buy any business or assets, it may disclose your personal data and transaction data to the prospective seller or buyer of such business or assets. If substantially all of the assets of the Company are acquired by a third party, personal data and transaction data held by it about its customers will be one of the transferred assets;
We will use all reasonable endeavours to ensure that any companies to whom we disclose your confidential information is compliant with the GDPR (or an equivalent standard) as regards its use and storage of your Personal Data.
The Company respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. Your principal rights under the GDPR are as follows:
- the right for information;
- the right to access;
- the right to rectification;
- the right to erasure; the right to be forgotten;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to withdraw consent;
You shall have the right to exercise any of those rights, as long as such requests do not conflict with the laws of the Republic of Cyprus.
If you want to exercise any of those rights, you should contact our Data Protection Officer (DPO) through the contact information via email to [email protected]
You should put your request in written with your own words and send it to the DPO by e-mail. We will acknowledge your request within seventy-two (72) hours and handle it promptly. We are going to process and reply to your request within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law. We will retain your Personal Data for as long as your account is active, as needed to provide you services, or to comply with our legal obligations, resolve disputes and enforce our agreements.
You have the right to lodge a complaint with a supervisory authority which is the Commission for personal data protection in Cyprus you may exercise through the contact information listed below:
DATA COMMISSIONER OF THE REPUBLIC OF CYPRUS
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
(t) +357 22818456
(f) +357 22304565
The clients’ personal data will be kept to the Company’s records during our contractual relationship with the Client and after the termination of our contractual relationship, for 5 (five) years as per the requirements of CySEC and 7 (seven) years for taxation purposes in order to be able to provide to you the best of our services but also to comply with our legal obligations.
Protection of personal information
Any personal information provided by the client to the Company will be treated as confidential and shared only within the Company and its affiliates and will not be disclosed to any third party except under any regulatory or legal proceedings. In case such disclosure is required to be made by law or any regulatory authority, it will be made on a ‘need-to-know’ basis, unless otherwise instructed by the regulatory authority. Under such circumstances, the Company shall expressly inform the third party regarding the confidential nature of the information.
Affiliates and Partners
The Company may share information with affiliates in the event such information is reasonably required by such affiliate in order to provide the products or services to its clients. The Company may share information with partners, affiliates and associates in order to offer additional similar products and services that meet clients’ needs and which are delivered in a manner that is useful and relevant only where clients have authorized the Company to do so.
Non-affiliated third parties
The Company does not sell, license, lease or otherwise disclose clients’ personal information to third parties, except as described in this Privacy and Data Protection Policy.
The Company reserves the right to disclose personal information to third parties where such disclosure is required by the Law and/or a regulatory or any other government authority. The Company may also disclose information as necessary to credit reporting or collection agencies as reasonably required in order to provide the services to its clients.
In addition, the Company may engage third parties to help carry out certain internal functions such as account processing, fulfillment, client service, client satisfaction surveys or other data collection activities relevant to its business. Use of the shared information is strictly limited to the performance of the above and is not permitted for any other purpose. All third parties with which the Company shares personal information are required to protect such personal information in accordance with provisions of the GDPR and the Data Processing Legislation and in a manner similar to the way the Company protects the same. The Company will not share personal information with third parties which it considers will not provide its clients the required level of protection.
As part of using your personal information for the purposes set out above, non-affiliated third parties are:
- service providers and specialist advisers who have been contracted to provide us with services such as administrative, IT, analytics and online marketing optimization, financial, regulatory, compliance, insurance, research and/or other services,
- payment service providers and banks processing your transactions;
- auditors or contractors or other auditing advisors assisting with or advising on any of our business purposes.
From time to time the Company may contact clients whether by phone or email for the purpose of offering them further information about the Company and financial market trading.
The Company uses all possible means to respect and protect its clients’ privacy. At any time, the client may contact the Company and request:
- Right to access, request copy, correct or delete any Personal Information that the Company collected, and which was subject to processing but also the ways with which this data was obtained, the reason for processing, what data categories were processed and the basis of the automated processing system.
- Right to restrict processing: You have the right to request the restriction or suppression of your personal data. The Company for the purpose of complying with the applicable Laws and Regulations, as described above, may store the personal data for a certain time period but will not use it.
- Right to object: You have the right to object to the processing of your personal data. The Company may be able to continue processing to comply with Laws and Regulations.
- Right to withdraw consent: Where we have obtained your consent to process your personal data you may withdraw this consent at any time. In this case, the Company will be forced to terminate its relationship with you within 10 days.
- Right of erasure: You have the right to request erasure of your personal data. It shall be noted that the Company may refuse to satisfy your request as under any other legal obligations that the Company is subject to, we may be required to keep the information that you provide to us.
- Right for data portability allows you to obtain and reuse your personal data for your own purposes across different services. The Company shall provide such information to you free of charge however, in case of abuse of such right we may charge you a reasonable fee in proportion with your request.
In case you disagree with the way we handle your Personal Data and/or you want to exercise any of your rights above, please contact the Company’s Data Protection Officer at
[email protected] and we shall reply to you within 14 calendar days. In case you have unresolved concerns you have the right to complain to the data protection authority. You can find details about how to do this on the following website:
If you have already accepted to receive any Promotions and Benefits, according to the Terms and Conditions, offered by the Company, you have the right to withdraw this acceptance.
The Company may, based exclusively on each client’s consent, seek to contact clients, whether by phone or by email, for the purpose of informing them of unique promotional offerings provided by the Company for the client.
Any person wishing to withdraw their consent and stop any further contact with the Company at any time whatsoever is entitled to do so through the means to decline receiving such promotional offers from use, available within such promotional material. In case you unsubscribe and/or withdraw your consent the Company will remove your contact details from its marketing distribution list.
Restriction of responsibility
Use of “COOKIES”
- “persistent cookies”- only read by our website, are stored on your devise for a fixed time period and are not deleted when the browser is closed. We use these cookies to know who you are for your next visits allowing us to know your preferences the next time you log-in.
- “session cookies”- these are only stored while the browsing session lasts enabling the normal use of the system and are deleted when the browser is closed.
Please note that you may remove the cookies following your browser settings however, disabling of cookies may limit your online experience as well as the functionality of some of the features for the services we provide may be low.
To use our services a person must be above the age of 18. As per provisions of the GDPR and the Data Processing Law, a minor shall be considered a person below the age of 16 years unless otherwise advised by the Data Processing Law.
The Company reserves the right to access and verify any Personal Data collected and discard any such data in case that the person who shared it with us is a minor. Please contact us at [email protected] in case you have any grounds to believe that a minor has shared any Personal Data with us.
If you have any enquiries regarding the Company’s Privacy and Data protection Policy please email the Company’s Data Protection Officer at [email protected]
The Company shall try to respond to all requests within 14 calendar days. Please note that it may take us longer than 14 calendar days if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 14 (fourteen) calendar days of the receipt of your request and keep you updated.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Cyprus’ Data Protection Authority.
You can find details about how to do this on the following website: