CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 70% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money. Please refer to our Risk Disclosure Statement
PERSONALPROFESSIONAL
SUPPORT
en
Trading
Trading
Ways to trade
CFD trading
Trading platforms
All platforms 
Web platform
Mobile apps
MT4
TradingView
API documentation
Trading info
Margin Calls
How withdrawals work
Fraud prevention
Trading tools
CFD calculator
Demo trading
Markets
Markets
Our markets
Forex
Shares
Indices
Commodities
Cryptocurrencies
Market updates
Market analysis
Pricing
Pricing
Pricing
Charges and fees
Our business model
Capital.com's pricing
Markets pricing
Learn
Learn
For trading beginners
Trading Essentials
Risk-management
Market guides
Demo trading
Investmate app
Glossary
For experienced traders
Trading Strategies
Technical analysis
Market analysis
Trading Psychology
IPO Trading
About
About
About us
Leadership team
Why Capital.com?
Our history
Our offices
Contact us
Whitepaper
Is capital.com safe?
Investor Relations
Careers
Get help
Help
Client vulnerability
Work for us
Careers
Legal documentation
Terms and policies
Complaints Procedure (CCSV)
Compliance & Legals
Open platformuser
PERSONALPROFESSIONAL
SUPPORT
en
Open platformuser

1. Introduction

Capital Com SV Investments Limited (hereinafter the “Company”, “we”, “Capital Com”, “Capital.com”) is an investment firm regulated by the Cyprus Securities and Exchange Commission (the “CySEC”) for the provision of investment and ancillary services under the license number 319/17 and registered in the Republic of Cyprus under the registration number 354252. Our business address is Vasileiou Makedonos 8, Kinnis Business Center, 2nd floor, 3040, Limassol, Cyprus.

This privacy policy (the “Policy” or “Privacy Policy”) explains how Capital Com collects, processes and discloses personal information through its websites, mobile applications, and other online products and services that fall under this Policy (collectively, the “Services”) or when you otherwise interact with us.

The Services include providing:

  1. the Capital.com trading platform for investing in stocks & for CFDs trading which users can sign up for an account with Capital.com;

  2. the Capital.com educational app Investmate;

  3. any other site, web platform, mobile application or other service facilitated by Capital.com.

Capital Com is responsible for the protection of the privacy and the safeguarding of the personal data of our Clients including:

  • Retail Clients

  • Professional Clients

  • Eligible Counterparties

  • Website visitors (hereinafter “you”).

Your privacy is important to us. This Privacy Policy outlines how we collect, process, manage the personal data we collect from your use of our services, applications or our website capital.com, through your interaction with us on social media or your other dealings with us. When doing that we act as data controller in accordance with the principles contained in the General Data Protection Regulation (GDPR) (EU) 2016/679.

Should you have any question or concern regarding your personal data please contact us at: gdpr@capital.com. We have appointed a Data Protection Officer to assist us with compliance with applicable privacy regulations. To communicate with our DPO, please email dpo@capital.com.

2. What kind of personal data do we collect?

  • Identity data includes full name or its parts, username or similar identifier, marital status, title, date and place of birth, nationality, tax number, gender, information from your identity document(s), employment status and related information and your pictures/pictures of your identity or other document(s) we may request from time to time.

  • Contact data includes billing address, residential address, email address and telephone number.

  • Screening data includes close connections, political background and information pertaining to sanctions and adverse media.

  • Risk assessment data includes client risk score and client risk categorisation.

  • Economic and appropriateness data includes employment status, annual income, source of income, current value of wealth, investment plans, investment objectives, trading experience, level of education.

  • Financial data includes bank account and payment card details.

  • Transaction data includes details about payments to and from you in relation to our services.

  • Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.

  • Communication data includes communication between you and Capital, including chats, call recordings and emails.

  • Profile data includes your username and password, your interests, preferences, feedback and survey responses.

  • Usage data includes information about how you access our Services and use our Services, including user sessions (screen) recordings in some cases.

3. Purposes for which we use personal data

Capital.com, as a data controller, may only use your personal data if there is a lawful basis for such use. The most common lawful bases used by Capital.com are:

  • Consent: in some cases, we may process your personal data only if we obtain your prior consent;

  • Performance of a contract: we will require your personal data to be able to offer you the Services in accordance with the contract terms between you and us;

  • Compliance with a legal obligation: due to the nature of the Services we provide, the laws applicable to our activities require us to collect and store certain data about you; and

  • Legitimate interests: sometimes we rely on our legitimate interests to process your data (e.g. to improve our Services) and we will do so except where such interests are overridden by your interests or fundamental rights and freedoms.

Below you will find a table describing how we may use your personal data and which of the legal bases are used by Capital to ensure lawful data processing.

Purpose/Activity Type of data Lawful basis for processing
To create your account

- Identity data
- Contact data
- Technical data

 Performance of a contract when we provide our Services to you
To verify your identity, carry out checks that we are required to conduct by applicable laws and regulations, including KYC, anti-money laundering, fraud, sanctions, PEP checks and perform client risk categorisation - Identity data
- Contact data
- Screening data
- Transaction data
- Risk assessment data
- Technical data
- Communication data
- Financial data
- Usage data		 Compliance with our legal obligations under applicable AML/CFT obligations, namely the Prevention and Suppression of Money Laundering and Terrorist Financing Laws (2007-2021)
To obtain and assess economic profile,appropriateness information, target market information and categorise the client - Economic,Appropriateness and target market information Compliance with our legal obligations under applicable laws regulating the provision of investment services, namely the Investment Services and Activities and Regulated Markets Law of 2017 and AML/CFT obligations, namely the Prevention and Suppression of Money Laundering and Terrorist Financing Laws (2007-2021)
To provide our services and process transactions including payments, fees and charges - Identity data
- Contact data
- Financial data
- Transaction data
- Technical data
- Profile data		 Performance of a contract when we provide our Services to you
To monitor your transactions for the purposes of detection, storage and reporting of fraudulent activities - Identity data
- Contact data
- Screening data
- Risk assessment data
- Financial data
- Transaction data
- Technical data		 Compliance with our legal obligations under applicable AML/CFT obligations, namely the Prevention and Suppression of Money Laundering and Terrorist Financing Laws (2007-2021)
To provide customer support - Identity data
- Contact data
- Financial data
- Transaction data
- Technical data		 Performance of a contract when we provide our Services to you
To send you service notifications related to your use of the Services - Contact data
- Communication data		 Performance of a contract when we provide our Services to you
To record and store communication with you - Identity data
- Contact data
- Communication data		 Compliance with our legal obligations under applicable laws regulating the provision of investment services, namely the Investment Services and Activities and Regulated Markets Law of 2017
To send you updates and marketing communication as well as to deliver relevant content to you, including ads, suggestions, personalised offers and recommendations - Identity data
- Contact data
- Financial data
- Transaction data
- Technical data
- Profile data
- Usage data		 - Consent
- Our legitimate interests to promote our Services
To perform data analytics with respect to our Services for improvement purposes - Technical data
- Usage data		 Our legitimate interests to improve our Services
To manage and protect our business and website including system maintenance - Identity data
- Technical data		 - Our legitimate interests to improve our Services and protect personal data and the Services
- Performance of a contract when we provide our Services to you
To help us improve our Services by completing a survey, feedback, or review - Identity data
- Profile data		 Consent

If you fail or refuse to provide your personal data we need to provide the Services to you or if the processing of personal data is necessary for compliance with our legal obligations (e.g. compliance with anti-money laundering rules), you will not be able to access the Services.

4. Cookies

We may use cookies for various purposes when you access or use the Services. Please review our Cookie Policy to find out more about our use of cookies and further information, including your right to withdraw consent or object to our use of third-party tracking at any time but doing so, may affect the functionality of Services we are able to provide you with.

5. Sources of personal data

Most of the personal data we process about you is received directly from you. For example, when you register to use the Services or communicate with us, we may receive your identity and contact data from you.

In other cases, we may receive personal data about you from various third parties and publicly accessible sources, including but not limited to social media, search engines, company registers, banks, payment service providers, KYC service providers, advertising networks, analytics providers and screening data vendors.

If you choose to sign in to our Services using a third-party service, such as Google, Facebook, and Apple, you direct the service to send us certain social account information such as your email address. We use this data only to set up, where needed, and authenticate your account with us. Google, Facebook, Apple etc. are independent controllers of the personal data they process to provide their authentication services.

When you use the Services we may also automatically collect technical data through the use of cookies and similar technologies.

6. Automated decision-making with respect to your personal data

To offer you the Services and comply with our obligations under applicable laws, we will make a decision about you based solely on automated processing. Such cases include:

  1. When you submit your economic and appropriateness data in the relevant questionnaire, our system will automatically make a decision whether you can be allowed to trade. We may deny your access to the Services due to lack of experience and/or knowledge.

  2. Our anti-fraud systems may automatically detect patterns that may suggest fraudulent activities with respect to your account. We will warn you about such activities to prevent possible fraud.

  3. Our systems automatically determine the client’s risk profile based on a number of risk factors we consider in accordance with the laws and our internal procedures. The risk score allows Capital to determine the appropriate customer due diligence procedures it must follow.

7. How do we protect your personal data?

We take all reasonable and appropriate technical and organisational measures to protect all personal data collected by us from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.

8. How long do we keep your personal data?

Generally, we will retain your personal data for as long as necessary to fulfil the specific purpose we collected it for, including the purpose of satisfying any legal, accounting, reporting requirements and our legitimate interests. For example, your personal data will be generally stored for the period required by the Prevention and Suppression of Money Laundering and Terrorist Financing Laws (2007-2021), namely not less than five (5) years after the end of the business relationship with Capital Com. We may store certain personal data for not less than six (6) years to meet our bookkeeping obligations under the tax legislation of Cyprus.

In certain cases the authorities may require us to store the personal data longer if they deem it necessary (e.g. in case of an ongoing investigation). If you have not been actively making use of our financial services for 5–6 years (depending on the data), we will remove any details that will identify you or we will securely destroy the records, unless we substantiate why we need the data for a longer period of time.

9. Your rights

With regards to our collection and processing of your personal data you have the right to (subject to applicable exceptions):

  1. Obtain confirmation from us as to whether we process your personal data.

  2. Access your personal data processed by Capital Com.

  3. Correct your personal data.

  4. Withdraw consent and remove your personal data we collected on the basis of your consent.

  5. Obtain restriction of processing, for instance, where you contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data.

  6. Have your personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

  7. Erasure of your personal data under certain circumstances. Capital Com is obligated by the Cyprus authorities to keep records of clients’ details and trades for a minimum period of five to six (5–6) years from the end of the business relationship with you according to the relevant regulations. See more information about our data retention obligations in section “How long do we keep your personal data” above.

  8. Object to our processing of your personal data when the processing is related to the performance of our task carried in the public interest or the exercise of official authority vested in us, or if we process your data for the purposes of our legitimate interests and you believe that such interests are overridden by your interests or fundamental rights and freedoms. If you make a request objecting to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing.

If you wish to make use of any of the above rights please contact our compliance department stating your account number and question related to any of the above rights at: gdpr@capital.com.

Capital Com will endeavour to provide you with information on the actions it has taken on your request related to your rights, specified above, within one (1) month of receipt of the request. That period may be extended by two (2) further months if the request is complex, or if Capital Com is in the process of resolving a large number of requests. We will inform you if any such extension is required within one (1) month of receipt of the request, together with the reasons for the delay.

10. How do we share your personal data?

We do not share your personal information with third parties, except as described in this Privacy Policy.

Capital Com Group and Affiliates
Capital Com is part of the Capital Com Group of companies that all have a role in offering a complete service to our clients. For this reason, the Company may share information with its subsidiaries and affiliated companies, including those located outside the European Economic Area (EEA), in the event such information is reasonably required by the subsidiary to provide the Services to you.

Service providers and partners:

Category Purpose
Identity verification service providers - Document validation and verification
- PEP (politically exposed persons) and sanctions screening
- Risk assessment and scoring
Anti-fraud system providers - Detection and prevention of fraudulent transactions/activities
Payment service providers - Payment processing- Anti-fraud/risk check system
- Application logs for payment system
Banks - Facilitation of money transfers
Marketing - Marketing analytics and reporting
- Marketing attribution automation
Business intelligence providers - Product analytics
Project management and customer support providers - Automation of customer support processes
Cloud service providers - Hosting of personal data
- Storage/Backup
Communication providers - Email and voice communication
- Sending transactional emails and SMS
- Call recording, monitoring and transcription
Social network platforms - Managing our relationships with clients
- Promoting the Services
Professional Consultants - Receiving professional services

In case your personal data is provided to subsidiaries and service providers outside the EEA, we will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses as adopted by the European Commission. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. Moreover, Capital requires its service providers to implement appropriate security measures to ensure the protection of your personal data in accordance with applicable data protection legislation.

When required by the applicable laws, we may disclose your personal data to the relevant government agencies and regulatory authorities, including the Unit for Combating Money Laundering (MOKAS) and the CySEC.

Some of our service providers require us to include information about their privacy practices in our Privacy Policy:

  • ComplyAdvantage. We may use ComplyAdvantage for customer screening and monitoring. Please refer to ComplyAdvantage’s Privacy Policy to learn more about how ComplyAdvantage handles your personal data.

  • GBG. We may use GBG to verify information you give to us during the onboarding process. We do so to prevent fraud and comply with our AML obligations. Please refer to GBG’s Privacy Policy to learn more about how GBG handles your personal data.

  • In some cases we may use Fabrick for IBAN verification services in relation to our clients. Specifically, we may share the client’s IBAN and tax code with Fabrick. We perform IBAN checks based on our legitimate interest in preventing payment fraud. Please refer to Fabrick’s Privacy Policy for more details on how Fabrick processes personal data.

11. Privacy Policy updates

Capital Com may update this Privacy Policy from time to time. In the event we materially change this Policy including how it collects, processes or uses your personal information, active clients will be notified in accordance with Capital Com’s Terms & Conditions. Potential clients are notified by means of the publication of the updated Privacy Policy on our website capital.com.

12. Contact information

If you have questions about this Privacy Policy or our privacy practices, or if you are seeking to exercise any of your rights you can contact us at: gdpr@capital.com. You can also reach out to our Data Protection Officer by email: dpo@capital.com.

You have the right to lodge a complaint at the Office of the Commissioner for Personal Data Protection of Cyprus.

  • Office address: Kypranoros 15, Nicosia 1061 , Cyprus

  • Postal address: P.O.Box 23378, 1682 Nicosia

  • Tel: +357 22818456

  • Fax: +357 22304565

  • Email: commissioner@dataprotection.gov.cy

 

Privacy Policy_V9.1_20250625