Informativa sulla privacy
Capital Com SV Investments Limited (“we”, “CAPITAL.COM”, the “Company”) is responsible for the protection of the privacy and the safeguarding of the personal data of our clients and potential clients (“you”). Your privacy is important to us.
This Privacy Policy outlines how we manage the personal data we collect from your use of our services, applications or our website capital.com, through your interaction with us on social media or your other dealings with us. When doing that we act as data processor in accordance to the principles contained in The General Data Protection Regulation (GDPR) (EU) 2016/679. The Company’s contact with regards to any queries about Data protection will be the Compliance Department which can be contacted through email on: compliance@capital.com
1. Consent
Whenever we collect and process your personal data we do this as a data controller and with your explicit consent and for legitimate purposes. Within the categories of internal, external, financial, social and tracking data, the Company collects the following personal data:
1.1 Contact details
1.1.1 Category of personal data
Contact and Identity data
1.1.2 What information falls under this category
First name, Last name, date of birth, address, e-mail, phone number
1.1.3 Purpose of processing or legal basis
In order for the Company to provide financial services the Company is obligated to attain the contact and identity details from their clients (Know Your Client procedure). In order to comply with The Prevention and Suppression of Money Laundering and Terrorist Financing Laws Of 2007, 2010, 2012 And 2013 - 188(I)/2007 58(I)/2010 80(I)/2012 192(I)/2012 101(I)/2013, the company is obligated to retrieve this personal data from the clients.
1.1.4 Source of the data
The data is retrieved during the on-boarding procedure by the client
1.1.5 Existence of automated decision making or profiling
There is no automated decision making within this category of personal data.
1.1.6 Statutory obligation or Contractual requirement. Consequence of not providing the data by the client
Statutory obligation. If you decide not to provide this data, the agreement between you and the Company cannot be established. It is a regulatory obligation. The collection of your phone number is a contractual requirement.
1.2 Economic and appropriateness information
1.2.1 Category of personal data
Social and Financial data
1.2.2 What information falls under this category
- Economic profile: Employment status; Annual income; Source of income; current value of wealth; annual investment plans; investment objectives.
- Appropriateness information: Trading experience; Level of education
- Tax identification number
1.2.3 Purpose of processing or legal basis
The economic profile and the appropriateness information is all requested under the obligation of Part 2 section 25 of the Law L.87(I)/2017 regarding the provision of investment services, the exercise of investment activities and the operation of regulated markets. In the context of improving international tax compliance with the common reporting standard (CRS) for the automatic exchange of financial account information developed by the Global Forum of the Organisation for Economic Co-Operation and Development (OECD), the Republic of Cyprus signed on 29 October 2014, following a Council of Ministers decision dated October 22, 2014, the Multilateral Competent Authority Agreement for the automatic exchange of financial information of financial accounts. Under this agreement the Company is obligated to require the Tax Identification number of all trading clients.
1.2.4 Source of the data
The data is retrieved during the on-boarding procedure by the client
1.2.5 Existence of automated decision making or profiling
Automated conclusions are made based on your input in the relevant questionnaires. If you do not have enough knowledge or experience you will not be allowed to trade.
1.2.6 Statutory obligation or Contractual requirement. Consequence of not providing the data by the client
Statutory obligation. If you decide not to provide this data, the agreement between you and the Company cannot be established. It is a regulatory obligation.
1.3 Internet Protocol Address
1.3.1 Category of personal data
Tracking data
1.3.2 What information falls under this category
IP-address, device id, trading behaviour
1.3.3 Purpose of processing or legal basis
The purpose for acquiring and tracking the IP address is mainly for anti-fraud reasons. The Company is dealing with important data of clients and has implemented effective anti-fraud systems. These systems use the IP-Address and Device ID to detect potential fraud situations.
In order for the Company to provide our customised artificial intelligence service the tracking of the client experience is necessary.
1.3.4 Source of the data
The data is retrieved during the use of the application
1.3.5 Existence of automated decision making or profiling
The Anti-fraud systems detect possible patterns that can suggest that there could be fraudulent conduct with regards to your account. At this moment, the system warns the Company and you, in order verify.
Based on trading behaviour SMARTFEED can send you tips and related news.
1.3.6 Statutory obligation or Contractual requirement. Consequence of not providing the data by the client
Contractual requirement. If you decide not to provide access to this data. Anti-fraud systems will not be able to function correctly and the risk of being a victim of fraud will increase. Relevant news with regards to your preferable instruments and tips with regards to your trading behaviour will not be customised.
1.4 Communication recording
1.4.1 Category of personal data
Communication
1.4.2 What information falls under this category
Recording of phone calls, e-mails, chats.
1.4.3 Purpose of processing or legal basis
According to Commission Delegated Regulation (EU) 2017/565 of 25 April 2016, the Company shall establish, implement and maintain an effective recording of telephone conversations and electronic communications policy. Firms shall ensure the quality, accuracy and completeness of the records of all telephone recordings and electronic communications.
1.4.4 Source of the data
The data is retrieved during the phone calls, chats and e-mail communications.
1.4.5 Existence of automated decision making or profiling
There is no automated decision making within this category of personal data.
1.4.6 Statutory obligation or Contractual requirement. Consequence of not providing the data by the client
Statutory obligation. If you decide not to provide this data, the agreement between you and the Company cannot be established. It is a regulatory obligation.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Consent is required for Organisation Name to process both types of personal data, but it must be explicitly given. Clients consent to the collection, processing, storage and use of personal information by the Company as outlined below when accepting the Company’s Privacy Policy. Potential clients will be prompted to consent to the same by accepting this Privacy Policy through means that would allow us to trace and record that such consent has been properly given in the first place.
With regards to our collection and processing of your personal data you have the right to:
- unconditionally withdraw your consent to the collection, processing, storage and use of personal information by the Company. The client is also allowed to partially give consent to specific collection, processing and storage of personal data. At the time of giving consent you will be given several options to specify your consent. For withdraw of consent please see section 8.
- Erasure of personal details for non-active clients. The Company is obligated by the Cyprus authorities to keep records of client’s details and trades for a period of 5-6 years (see more in section 6). After this period clients can opt to erase their details.
- Rectify your personal details on your request.
- Object to processing after giving the Company consent to collect, process and store your personal data. This may result in ending the business relationship with the Company.
If you want to make use of any of the above rights please contact our compliance department stating your account number and question related to any of the above rights at: compliance@capital.com
2. Collection & Usage of Personal Information
CAPITAL.COM may collect the necessary Personal data for any legitimate purpose related to our services, which include, among others, assisting you in opening your trading account, performing transactions, safeguarding your assets and privacy, providing client support, customizing your browsing experience, improving your overall customer experience and ensuring that you are always kept up to date with our latest products and services.
In this respect, CAPITAL.COM gathers information from its clients and potential client and may, in certain circumstances, gather information from banks, agencies and/or other sources which will help CAPITAL.COM to construct its clients’ and potential client profiles.
CAPITAL.COM also collects the necessary information to ensure its compliance with the applicable laws and regulations, including any relevant anti money laundry rules and the Foreign Account Tax Compliance Act (FATCA) and the OECD Common Reporting Standard (CRS).
We will not hold any information about your debit or credit cards, or any payment method used by you to make a deposit not required by the Applicable Regulations (as defined in the Company’s Terms & Conditions), and will at all times be in compliance with the undertaken cardholder data security standards. For this reason we only work with trusted and regulated Payment Service Providers.
The information CAPITAL.COM collects includes information required to communicate with and identify its clients and potential clients. The Company may also collect certain demographic information, including, birth date, education, occupation, etc. CAPITAL.COM can also assess trading related information. We neither collect nor process any sensitive data, including data concerning racial or ethnic origin, political convictions, religious or philosophical beliefs, participation in a body, association or a trade union, health, personal life, as well as data relevant to criminal prosecutions or convictions.
We may collect information in a form that does not, on its own, allow to identify any specific individual (i.e. not personally identifiable information), including such information as language, zip code, area code, unique device identifier, referrer URL, location, and the time zone. We may collect, use, transfer, and disclose such not personally identifiable information for whatever legal purpose this information may serve as long as it is not traceable to the original owner and therefore not categorised as personal data.
Our website capital.com, e-mails and messages may contain data analysis tools which allow us to track receipt of correspondence & messages and to count the number of users that have visited our website or opened our correspondence & messages. Such information is completely anonymized and is not personally identifiable.
3. Protection of Personal Information
Any personal information provided by you to CAPITAL.COM will be treated as confidential and shared only within the Company and its affiliates and will only be disclosed to a third party taking in account the principle of data minimisation (only the necessary info) or under any regulatory or legal proceedings. In case such disclosure is required to be made by law and/or any regulatory authority, it will be made on a ‘need-to-know’ basis, unless otherwise instructed by the law and/or regulatory authority. Under such circumstances, CAPITAL.COM will expressly inform the third party of the confidential nature of the information. See the list of third parties in section 4.
4. Affiliates, Partners and Non-Affiliated Third Parties
CAPITAL.COM does not sell, license, lease or otherwise disclose your personal information to third parties, except as described in this Privacy Policy.
CAPITAL.COM may share information with its affiliates, including those located outside the European Economic Area (EEA), in the event such information is reasonably required by such affiliate to provide the services to you. In case any information is provided to affiliates outside the EEA, the Company will do so in full compliance with the applicable EU-wide data protection regulations.
The personal data is shared with the following category of affiliates/partners:
# | Category | Location | Access | Purpose |
1 | Payment service providers | EU | ACCOUNTING | Payments processing, Antifraud/Risk check System, Application logs for payment system |
2 | Banks | EU | ACCOUNTING | Payment requisites |
3 | Marketing | EU | MARKETING | Marketing analytics |
4 | Marketing | EU | MARKETING | Marketing attribution automation |
5 | Development | United States | MARKETING PRODUCT MANAGERS | Product analytics |
6 | Customer support | EU | SUPPORT | Customer Support Automation |
7 | Storage/Backup | Ireland | DEVELOPMENT | Application logs for payment system, Document storage |
8 | Communication | Ireland | MARKETING | Email communication, campaigns, transactional emails, SMS communication, transactional SMS |
All the mentioned partners only get the minimum amount of personal data in order for them to provide their service to our company and therefore to you. In addition, CAPITAL.COM may engage third parties to carry out certain internal functions such as account processing, fulfilment, client service, client satisfaction surveys or other data collection activities relevant to its business. The use of the shared information is strictly limited to the performance of the above and is not permitted for any other purpose. All third parties with which CAPITAL.COM shares personal information are required to protect such personal information in accordance with all relevant laws & regulations and in a manner similar to the way the Company protects the same. CAPITAL.COM will not share personal information with third parties which are considered as not being able to provide its clients and potential client with the required level of protection.
CAPITAL.COM will not engage any business introducers and no information will be passed by the Company to such entities.
5. Contacting Clients
5.1 Client Communications
From time to time CAPITAL.COM may contact you by email or by telephone or message you and we may keep a record of such communications for quality assurance and any other lawful and legitimate business purposes. The relevant records will be our sole property and you accept that they will constitute evidence of the communications between us and will be kept for as long as necessary to reach the purposes they were initially made for. We will use the phone number and e-mail specified by you during your account opening or any other dealing with us. Any person wishing to opt out of further contact with the Company is entitled to do so at any time. The respective “unsubscribe” link will be provided in the relevant e-mail communications of the Company. To opt out of communications via telephone and messages please email us at GDPR@capital.com.
5.2 Live Chats
The Company’s site offers live chat services for your assistance 24/7. The Company reserves the right to store the chat records giving you the possibility to retrieve any previous history of communication with us. Storing chat records will also help the Company to ensure a continuous internal control regarding our live chat. The Company shall use live chat data only for purposes of business relationship between you and the Company.
5.3 Identify verification via video communications
The Company may proceed to communicate with you via video for the verification of your identity following the rules applicable to the Company.
6. Storage
We store the gathered personal information for a reasonable period necessary to fulfil the purposes for collecting it in the first place. In any case the gathered information will be stored for a period not less than the one we are required to observe in order to comply with the applicable rules and regulations, namely 5 years with regards to obligations (Directive D144-2007-08 Of 2012 Part VII Record Keeping Paragraph 31) under the Cyprus Security and Exchange Commission (CySEC) and 6 years with regards Accountancy data obligated by the Cyprus Tax law. The authorities can request a longer period if they deem necessary. If Client has not been actively making use of our financial services for 5 - 6 years (depending on the data), we will remove any details that will identify you or we will securely destroy the records, Unless we substantiate why we need the data for a longer period of time.
7. Use of "COOKIES"
CAPITAL.COM uses cookies to secure its clients’ trading activities and to enhance the performance of its website capital.com. The cookies used by the Company do not contain personal information or other sensitive information.
CAPITAL.COM may share its website’s usage statistics with reputable advertising companies and with its affiliated marketing company. It is noted that the information collected by such advertising company is not personally identifiable. To administer and improve its website capital.com, the Company may use third parties to track and analyse usage and statistical volume information. The third party may use cookies to track behaviour and may set cookies on behalf of the Company. These cookies do not contain any personally identifiable information.
For more information on how we utilize cookies, please refer to our Cookies Policy.
8. Privacy Policy Updates and Contact
CAPITAL.COM may update this Privacy Policy from time to time. In the event the Company materially changes this Policy including how it collects, processes or uses your personal information, active clients will be notified as provided for Clause 19 (“Amendments”) of the Company’s Terms & Conditions. Potential clients are notified by means of the publication of the updated Privacy Policy on our website capital.com.
CAPITAL.COM encourages you to periodically review this Privacy Policy so that you are always aware of what information the Company collects, how it uses it and to whom it may disclose it, in accordance with the provisions of this Privacy Policy.
To withdraw your consent for receiving specific marketing material, you can simply send an email to GDPR@capital.com with in the subject “withdrawal” mentioning one or more of the following categories of email updates, you do not want to receive anymore.
- Newsletters
- Trading tips
- Educational services
- Product update summaries
Furthermore, if you have any complaints in relation to the areas discussed above please forward your complaint to us by email. The responsible person for the privacy policy of the Company is the Head of Compliance Mr. Clyde Zorgvol. You can reach his department by email: GDPR@capital.com
As a Client of the Company you have the right to lodge a complaint at the Cyprus Data Protection Commissioners ‘Office.
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy
Privacy Policy V5.0 20180801