Privacy Policy
1. Introduction
Capital Com Online Investments Ltd (hereinafter the “Company”, “we”, “Capital Com”, “Capital.com”) is an investment firm regulated by the Securities Commission of The Bahamas (“the SCB”) for the provision of investment and ancillary services under the license #SIA-F245 and registered in the Commonwealth of The Bahamas under the registration number 209236B. Our business address is Bahamas Financial Centre, 3rd Floor, Shirley and Charlotte Street, P.O. Box N-4865, Nassau, Bahamas.
This Privacy Policy (the “Policy” or “Privacy Policy”) explains how Capital Com collects, processes and discloses personal information through its websites, mobile applications, and other online products and services that fall under this Policy (collectively, the “Services”) or when clients otherwise interact with us.
The Services include providing: (i) the Capital.com trading platform for investing in stocks and for CFDs trading through which users can sign up for an account with Capital.com; (ii) the Capital.com educational app Investmate (iii) any other site, web platform, mobile application or other service facilitated by Capital.com.
Capital Com is responsible for the protection of the privacy and the safeguarding of the personal data of our clients including (i) Retail Clients and/or (ii) Professional Clients and/or (iii) Eligible Counterparties, acting as the counterparty of the Company having agreed to the Terms and Conditions of the Company, as well as website visitors (hereinafter “you”).
Your privacy is important to us. This Privacy Policy outlines how we collect, process, manage the personal data we collect from your use of our services, applications or our website capital.com, through your interaction with us on social media or your other dealings with us. When doing that, we act as data controller in accordance with the principles contained in The Data Protection (Privacy of Personal Information) Act 2003 and the General Data Protection Regulation (GDPR) (EU) 2016/679.
Should you have any question or concern regarding your personal data please contact us at: compliance.bahamas@capital.com.
2. What kind of personal data do we collect?
- Identity data includes full name or its parts, username or similar identifier, marital status, title, date and place of birth, nationality, tax number, gender, information from your identity document(s), employment status and related information and your pictures/pictures of your identity (including biometric information such as a visual image of your face) or other document(s) we may request from time to time.
- Contact data includes billing address, residential address, email address and telephone number.
- Screening data includes close connections, political background and information pertaining to sanctions and adverse media.
- Risk assessment data includes client risk score and client risk categorisation.
- Economic and appropriateness data includes employment status, annual income, source of income, current value of wealth, investment plans, investment objectives, trading experience, level of education.
- Financial data includes bank account and payment card details.
- Transaction data includes details about payments to-and-from you in relation to our services.
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.
- Communication data includes communication between you and Capital, including chats, call recordings and emails.
- Profile data includes your username and password, your interests, preferences, feedback and survey responses.
- Usage data includes information about how you access our Services and use our Services, including user sessions (screen) recordings in some cases.
3. Purposes for which we use personal data
Capital.com, as a data controller, may only use your personal data if there is a lawful basis for such use. The most common lawful bases used by Capital.com are:
- Consent: in some cases, we may process your personal data only if we obtain your prior consent;
- Performance of a contract: we will require your personal data to be able to offer you the Services in accordance with the contract terms between you and us;
- Compliance with a legal obligation: due to the nature of the Services we provide, the laws applicable to our activities require us to collect and store certain data about you; and
- Legitimate interests: sometimes we rely on our legitimate interests to process your data (e.g. to improve our Services) and we will do so except where such interests are overridden by your interests or fundamental rights and freedoms.
Below you will find a table describing how we may use your personal data and which of the legal bases are used by Capital to ensure lawful data processing.
| Purpose/Activity | Type of data | Lawful basis for processing |
|---|---|---|
| To create your account |
| Performance of a contract when we provide our Services to you |
| To verify your identity, carry out checks that we are required to conduct by applicable laws and regulations, including: “know your customer” (KYC), anti-money laundering, fraud, sanctions, politically exposed person (PEP) and liveness checks and perform client risk categorisation |
|
|
| To obtain and assess economic profile and appropriateness information and categorise the client |
|
|
| To provide our services and process transactions including, payments, fees and charges. |
|
|
| To monitor your transactions for the purposes of detection, storage and reporting of fraudulent activities |
|
|
| To provide customer support |
|
|
| To send you service notifications related to your use of the Services |
|
|
| To record and store communication with you |
|
|
| To send you updates and marketing communication as well as to deliver relevant content to you, including ads, suggestions, personalised offers and recommendations |
|
|
| To perform data analytics with respect to our Services for improvement purposes |
|
|
| To manage and protect our business and website including system maintenance |
|
|
| To help us improve our Services by completing a survey, feedback, or review |
|
|
If you fail or refuse to provide the personal data we need to deliver the Services to you and/or to meet our legal obligations (i.e. compliance with anti-money laundering rules and legislation); you will be unable to access the Services.
4. Cookies
We may use cookies for various purposes when you access or use the Services. Please review our Cookie Policy to find out more about our use of cookies.
5. Sources of personal data
Most of the personal data we process about you is received directly from you. For example, when you register to use the Services or communicate with us, we may receive your identity and contact data from you.
In other cases, we may receive personal data about you from various third parties and publicly accessible sources, including but not limited to social media, search engines, company registers, banks, payment service providers, KYC service providers, advertising networks, analytics providers and screening data vendors.
When you use the Services we may also automatically collect technical data through the use of cookies and similar technologies.
6. Automated decision-making with respect to your personal data
To offer you the Services and comply with our obligations under applicable laws, we will make a decision about you based solely on automated processing. Such cases include:
- When you submit your economic and appropriateness data in the relevant questionnaire, our system will automatically make a decision whether you can be allowed to trade. We may deny your access to the Services due to lack of experience and/or knowledge.
- Our anti-fraud systems may automatically detect patterns that may suggest fraudulent activities with respect to your account. We will warn you about such activities to prevent possible fraud.
- Our systems automatically determine the client’s risk profile based on a number of risk factors we consider in accordance with the laws and our internal procedures. The risk score allows Capital to determine the appropriate customer due diligence procedures it must follow.
7. How do we protect your personal data?
We take all reasonable and appropriate technical and organisational measures to protect all personal data collected by us from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.
8. How long do we keep your personal data?
Generally, we will retain your personal data for as long as necessary to fulfil the specific purpose we collected it for, including the purpose of satisfying any legal, accounting, reporting requirements and our legitimate interests. For example, your personal data will be generally stored for the period required by the Securities Industry (Anti Money Laundering and Countering the Financing of Terrorism) Rules (2015), namely not less than seven (7) years after the end of the business relationship with Capital Com.
In certain cases the authorities may require us to store the personal data longer if they deem it necessary (e.g. in case of an ongoing investigation). If you have not been actively making use of our financial services for more than seven (7) years, we will remove any details that will identify you or we will securely destroy the records, unless we substantiate why we need the data for a longer period of time.
9. Your rights
With regards to our collection and processing of your personal data you have the right to (subject to applicable exceptions):
- Obtain confirmation from us as to whether we process your personal data.
- Access your personal data processed by Capital Com.
- Correct your personal data.
- Withdraw consent and remove your personal data we collected on the basis of your consent.
- Obtain restriction of processing, for instance, where you contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data,
- Have your personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
- Erasure of your personal data under certain circumstances. Capital Com is obligated to keep records of client’s details and trades for a minimum period of seven (7) years from the end of business relationship with you according to the relevant regulations. See more information about our data retention obligations in section “How long do we keep your personal data” above.
- Object to our processing of your personal data when the processing is related to the performance of our task carried in the public interest or the exercise of official authority vested in us. The other case is if we process your data for the purposes of the legitimate interests pursued by us or by a third party and you believe that such interests are overridden by your interests or fundamental rights and freedoms. If you make a request objecting to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing.
If you wish to make use of any of the above rights please contact our compliance department stating your account number and question related to any of the above rights at: compliance.bahamas@capital.com.
Capital Com will endeavour to provide you with information on the actions it has taken on your request related to your rights, specified above, within one (1) month of receipt of the request. That period may be extended by two (2) further months if the request is complex, or if Capital Com is in the process of resolving a large number of requests. We will inform you if any such extension is required within one (1) month of receipt of the request, together with the reasons for the delay.
10. How do we share your personal data?
We do not share your personal information with third parties, except as described in this Privacy Policy.
Capital Com is part of the Capital Com Group of companies that all have a role in offering a complete service to our clients. For this reason, the Company may share information with its subsidiaries and affiliated companies in the event such information is reasonably required by the subsidiary to provide the Services to you.
| Category | Purpose |
|---|---|
| Identity verification service providers |
|
| Anti-fraud system providers |
|
| Payment service providers |
|
| Banks |
|
| Marketing |
|
| Business intelligence providers |
|
| Project management and customer support providers |
|
| Cloud service providers |
|
| Communication providers |
|
| Performance monitoring providers |
|
| Social network platforms |
|
| Professional Consultants |
|
When required by the applicable law(s), we may disclose your personal data to the relevant government agencies and regulatory authorities, including the SCB.
Some of our service providers require us to include information about their privacy practices in our Privacy Policy:
- ComplyAdvantage. We may use ComplyAdvantage for customer screening and monitoring. Please refer to ComplyAdvantage’s Privacy Policy to learn more about how ComplyAdvantage handles your personal data.
- GBG. We may use GBG to verify information you give to us during the onboarding process. We do so to prevent fraud and comply with our AML obligations. Please refer to GBG’s Privacy Policy to learn more about how GBG handles your personal data.
11. Privacy Policy updates
Capital Com may update this Privacy Policy from time-to-time. In the event we materially change this Policy including how we collect, process or use your personal information, active clients will be notified as in accordance with Capital Com’s Terms & Conditions. Potential clients are notified by means of the publication of the updated Privacy Policy on our website capital.com.
12. Contact information
If you have questions about this Privacy Policy or our privacy practices, or if you are seeking to exercise any of your rights you can contact us at compliance.bahamas@capital.com.
You have the right to lodge a complaint at the Data Protection Commissioner’s Office
E-mail: dataprotection@bahamas.gov.bs .
Privacy Policy_V1.2_20230316