Spread bets and CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 65% of retail investor accounts lose money when trading spread bets and CFDs with this provider. You should consider whether you understand how spread bets and CFDs work and whether you can afford to take the high risk of losing your money.
PERSONALPROFESSIONAL
SUPPORT
en
Trading
Trading
Ways to trade
CFD trading
Spread betting
1X
Trading platforms
All platforms 
Web platform
Mobile apps
MT4
TradingView
API documentation
Trading info
Margin calls
Fraud prevention
Market abuse
Trading tools
Demo trading
CFD calculator
Markets
Markets
Our markets
Shares
Forex
Indices
Commodities
Market updates
Market analysis
Pricing
Pricing
Pricing
Charges and fees
Our business model
Markets pricing
Learn
Learn
For trading beginners
Trading essentials
Risk management
Market guides
Demo trading
Investmate app
For experienced traders
Trading strategies
Trading psychology
Technical analysis
Market analysis
IPO Trading
About
About
About us
Why Capital.com?
Our history
Our offices
Leadership team
Client funds
Is capital.com safe?
Investor Relations
Whitepaper
Contact us
Get help
Help
Client vulnerability
Complaints
Terms and policies
Work for us
Tech recruitment
Careers
Open platformuser
PERSONALPROFESSIONAL
SUPPORT
en
Open platformuser

1. Introduction

Capital Com (UK) Limited (hereinafter the “Company”, “we”, “Capital.com”) is an investment firm authorised and regulated by the Financial Conduct Authority (“the FCA”) for the provision of investment and ancillary services under the FRN number 793714 and registered in England and Wales under the registration number 10506220. Our business address is 2nd floor, 4 Orchard Place, London SW1H 0BF.

This privacy policy (the “Policy” or “Privacy Policy”) explains how Capital.com collects, processes and discloses personal information through its websites, mobile applications, and other online products and services that fall under this Policy (collectively, the “Services”) or when you otherwise interact with us.

The Services include providing:

  • the Capital.com trading platform for investing in stocks and for CFD trading and Spread Betting which users can sign up for an account with Capital.com;
  • the Capital.com educational app Investmate;
  • any other site, web platform, mobile application or other service facilitated by Capital.com.

Capital.com is responsible for the protection of the privacy and the safeguarding of the personal data of our Clients including (i) Retail Clients and/or (ii) Professional Clients, acting as the counterparty of the Company having agreed to the Terms and Conditions of the Company, as well as website visitors (hereinafter “you”).

Your privacy is important to us. This Privacy Policy outlines how we collect, process, manage the personal data we collect from your use of our services, applications or our website capital.com, through your interaction with us on social media or your other dealings with us. When doing that we act as data controller in accordance with the principles contained in the UK General Data Protection Regulation and Data Protection Act 2018.

Should you have any question or concern regarding your personal data please contact us at: gdpr.uk@capital.com. We have appointed a Data Protection Officer to assist us with compliance with applicable privacy regulations. To communicate with our DPO, please email dpo@capital.com.

2. What kind of personal data do we collect?

  • Identity data includes full name or its parts, username or similar identifier, marital status, title, date and place of birth, nationality, tax number, gender, information from your identity document(s), employment status and related information and your pictures / pictures of your identity (including biometric information such as a visual image of your face) or other document(s) we may request from time to time.
  • Contact data includes billing address, residential address, email address and telephone number.
  • Screening data includes close connections, political background and information pertaining to sanctions and adverse media.
  • Risk assessment data includes client risk score and client risk categorisation.
  • Economic and appropriateness data includes employment status, annual income source of income, current value of wealth, annual, investment plans, investment objectives, trading experience, level of education.
  • Financial data includes bank account and payment card details.
  • Transaction data includes details about payments to and from you in relation to our services.
  • Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.
  • Communication data includes communication between you and Capital, including chats, call recordings and emails.
  • Profile data includes your username and password, your interests, preferences, feedback and survey responses.
  • Usage data includes information about how you access our Services and use our Services, including user sessions (screen) recordings in some cases.

3. Purposes for which we use personal data

Capital.com, as a data controller, may only use your personal data if there is a lawful basis for such use. The most common lawful bases used by Capital.com are:

  • consent: in some cases, we may process your personal data only if we obtain your prior consent;
  • performance of a contract: we will require your personal data to be able to offer you the Services in accordance with the contract terms between you and us;
  • compliance with a legal obligation: due to the nature of the Services we provide, the laws applicable to our activities require us to collect and store certain data about you; and
  • legitimate interests: sometimes we rely on our legitimate interests to process your data (e.g. to improve our Services) and we will do so except where such interests are overridden by your interests or fundamental rights and freedoms.

Below you will find a table describing how we may use your personal data and which of the legal bases are used by Capital to ensure lawful data processing:

Purpose/Activity Type of data Lawful basis for processing
To create your account ● Identity data
● Contact data
● Technical data		 Performance of a contract when we provide our Services to you
To verify your identity, carry out checks that we are required to conduct by applicable laws and regulations, including: “know your customer” (KYC), anti-money laundering, fraud, sanctions, politically exposed person (PEP) and liveness checks and perform client risk categorisation ● Identity data
● Contact data
● Screening data
● Transaction data
● Risk assessment data
● Technical data
● Communication data
● Financial data
● Usage data		 Compliance with our legal obligations under applicable AML/CFT obligations, namely the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
To obtain and assess economic profile and appropriateness information and categorise the client ● Economic and Appropriateness data Compliance with our legal obligations under applicable laws including obligations under the Rules of the Financial Conduct Authority (FCA) and AML/CFT obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
To provide our services and process transactions including, payments, fees and charges ● Identity data
● Contact data
● Financial data
● Transaction data
● Technical data
● Profile data		 Performance of a contract when we provide our services to you
To monitor your transactions for the purposes of detection, storage and reporting of fraudulent activities ● Identity data
● Contact data
● Screening data
● Risk assessment data
● Financial data
● Transaction data
● Technical data
● Usage data		 Compliance with our legal obligations under applicable AML/CFT obligations, namely the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
To provide customer support ● Identity data
● Contact data
● Financial data
● Transaction data
● Technical data		 Performance of a contract when we provide our Services to you
To send you service notifications related to your use of the Services ● Contact data
● Communication data		 Performance of a contract when we provide our Services to you
To record and store communication with you ● Identity data
● Contact data
● Communication data		 Compliance with our legal obligations under applicable laws, including obligations under the Rules of the Financial Conduct Authority (FCA)
To send you updates and marketing communication as well as to deliver relevant content to you, including ads, suggestions, personalised offers and recommendations ● Identity data
● Contact data
● Financial data
● Transaction data
● Technical data
● Profile data
● Usage data
  • Consent, or
  • Our legitimate interests to promote our Services
To measure and improve the effectiveness of our advertising campaigns ● Contact data
● Technical data		 Consent
To perform data analytics with respect to our Services for improvement purposes ● Technical data
● Usage data		 Our legitimate interests to improve our Services
To manage and protect our business and website including system maintenance ● Identity data
● Technical data
● Usage data
  • Our legitimate interests to improve our Services and protect personal data and the Services;
  • Performance of a contract when we provide our Services to you
To help us improve our Services by completing a survey, feedback, or review ● Identity data
● Profile data		 Consent

If you fail or refuse to provide your personal data we need to provide the Services to you or if the processing of personal data is necessary for compliance with our legal obligations (e.g. compliance with anti money laundering rules), you will not be able to access the Services.

4. Cookies

We may use cookies for various purposes when you access or use the Services. Please review our Cookie Policy to find out more about our use of cookies.

5. Sources of personal data

Most of the personal data we process about you is received directly from you. For example, when you register to use the Services or communicate with us, we may receive your identity and contact data from you.

In other cases, we may receive personal data about you from various third parties and publicly accessible sources, including but not limited to social media, search engines, company registers, banks, payment service providers, KYC service providers, advertising networks, analytics providers and screening data vendors.

If you choose to sign in to our Services using a third-party service, such as Google, Facebook, and Apple, you direct the service to send us certain social account information such as your email address.

When you use the Services we may also automatically collect technical data through the use of cookies and similar technologies.

6. Automated decision-making with respect to your personal data

To offer you the Services and comply with our obligations under applicable laws, we will make a decision about you based solely on automated processing. Such cases include:

  1. When you submit your economic and appropriateness data in the relevant questionnaire, our system will automatically make a decision whether you can be allowed to trade. We may deny your access to the Services due to lack of experience and/or knowledge.
  2. Our anti-fraud systems may automatically detect patterns that may suggest fraudulent activities with respect to your account. We will warn you about such activities to prevent possible fraud.
  3. Our systems automatically determine the client’s risk profile based on a number of risk factors we consider in accordance with the laws and our internal procedures. The risk score allows Capital to determine the appropriate customer due diligence procedures it must follow.

7. How do we protect your personal data?

We take all reasonable and appropriate technical and organisational measures to protect all personal data collected by us from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.

8. How long do we keep your personal data?

Generally, we will retain your personal data for as long as necessary to fulfil the specific purpose we collected it for, including the purpose of satisfying any legal, accounting, reporting requirements and our legitimate interests. For example, your personal data will be generally stored for the period required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 or the Rules of the Financial Conduct Authority (FCA), namely not less than 5 years after the end of the business relationship with Capital.com. We may store certain personal data for not less than 6 years to meet our book keeping obligations under the tax legislation of the UK.

In certain cases the authorities may require us to store the personal data longer if they deem necessary (e.g. in case of an ongoing investigation). If you have not been actively making use of our financial services for 5-6 years (depending on the data), we will remove any details that will identify you or we will securely destroy the records, unless we substantiate why we need the data for a longer period of time.

9. Your rights

With regards to our collection and processing of your personal data you have the right to (subject to applicable exceptions):

  1. Obtain confirmation from us as to whether we process your personal data.
  2. Access your personal data processed by Capital.com.
  3. Correct your personal data.
  4. Withdraw consent and remove your personal data we collected on the basis of your consent.
  5. Obtain restriction of processing, for instance, where you contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data.
  6. Have your personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
  7. Erasure of your personal data under certain circumstances. Capital.com is obligated by the UK authorities to keep records of client’s details and trades for a minimum period of five to six (5-6) years from the end of business relationship with you according to the relevant regulations. See more information about our data retention obligations in section “How long do we keep your personal data” above.
  8. Object to the processing of your personal data which is based on the legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing.

If you wish to make use of any of the above rights please contact our compliance department stating your account number and question related to any of the above rights at: gdpr.uk@capital.com.

Capital.com will endeavour to provide you with information on the actions it has taken on your request with respect to your rights, specified above, within one month of receipt of the request. That period may be extended by two further months if the request is complex, or if Capital.com is in the process of resolving a large number of requests. We will inform you if any such extension is required within one month of receipt of the request, together with the reasons for the delay.

10. How do we share your personal data?

We do not share your personal information with third parties, except as described in this Privacy Policy.

Capital.com is part of the Capital.com Group of companies that all have a role in offering a complete service to our clients. For this reason, the Company may share information with its subsidiaries or affiliated companies, including those located outside the UK or European Economic Area (EEA), in the event such information is reasonably required by the subsidiary to provide the Services to you.

Capital.com may also engage service providers and partners to assist with delivery of the Services:

Category Purpose
Identity verification service providers – Document validation and verification
– Liveness checks
– PEP (politically exposed persons) and sanctions screening
– Risk assessment and scoring
Anti-fraud system providers – Detection and prevention of fraudulent transactions/activities
Payment service providers – Payment processing
– Anti-fraud/risk check system
– Application logs for payment system
Banks – Facilitation of money transfers
Marketing – Marketing analytics and reporting
– Marketing attribution automation
Business intelligence providers – Product analytics
Project management and customer support – Automation of customer support processes
Cloud service providers – Hosting of personal data
– Storage/Backup
Communication providers – Email and voice communication
– Sending transactional emails and SMS
– Call recording, monitoring and transcription
Performance monitoring providers – User sessions (screen) recording and monitoring
Social network platforms – Managing our relationships with clients
– Promoting the Services
Professional Consultants – Receiving professional services
Advertising analytics – Receiving advertising analytics and reporting

In case your personal data is provided to subsidiaries and service providers outside the UK or the EEA, we will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses as adopted by the European Commission. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA. Moreover, Capital requires its service providers to implement appropriate security measures to ensure the protection of your personal data in accordance with applicable data protection legislation.

When required by the applicable laws, we may disclose your personal data to the relevant government agencies and regulatory authorities, including but not limited to but not limited to the UK Financial Intelligence Unit (UK FIU) and the FCA.

Some of our service providers require us to include information about their privacy practices in our Privacy Policy:

  • ComplyAdvantage. We may use ComplyAdvantage for customer screening and monitoring. Please refer to ComplyAdvantage’s Privacy Policy to learn more about how ComplyAdvantage handles your personal data.
  • GBG. We may use GBG to verify information you give to us during the onboarding process. We do so to prevent fraud and comply with our AML obligations. Please refer to GBG’s Privacy Policy to learn more about how GBG handles your personal data.
  • EUID. If you opt-in to targeted advertising, we may share your email address with The UK Trade Desk Ltd (“TTD”) which transforms such data into a string of text and numbers known as an advertising identifier (“EUID”) so that it is no longer recognisable as such. The EUID allows Capital to measure and improve its digital marketing campaigns while complying with data protection laws. TTD is a joint controller for EUID and you can get more information about how they process your data by accessing TTD’s privacy notice. You may withdraw your consent for targeted advertising based on EUID by opting out using this link.

11. Privacy Policy updates

Capital.com may update this Privacy Policy from time to time. In the event we materially change this Policy including how it collects, processes or uses your personal information, active clients will be notified as in accordance with the Capital.com’s Terms & Conditions. Potential clients are notified by means of the publication of the updated Privacy Policy on our website capital.com.

12. Contact information

If you have questions about this Privacy Policy or our privacy practices, or if you are seeking to exercise any of your rights you can contact us at gdpr.uk@capital.com. You can also reach out to our Data Protection officer by email: dpo@capital.com

You have the right to lodge a complaint at the UK Information Commissioner’s Office, the details of which are set out below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Website: https://ico.org.uk

Privacy Policy_Sept2024