Privacy and Cookies Policy
Gstaad Brokers Limited, “the Company”,” we” or “us” is responsible for the protection of the privacy and the safeguarding of clients’ personal financial information and data. By opening a trading account with the Company, the client hereby gives its consent to such collection, processing, storage and use of personal information by the Company as explained below and in accordance to applicable data protection legislation (including but not limited to the Data Protection Rights of Seychelles or General Protection Regulation (EU) 2016/679, as applicable) (the “Data Protection Law”).
- For the purpose of data collection and processing, the Company is the data processor and controller.
- For Clients who are residents in a member state of the European Union, the General Protection Regulation (EU) 2016/679 (“GDPR”) shall apply.
- For Clients who are not resident in a member state of the European Union the Data Protection Rights of the Constitution of the Republic of Seychelles shall apply.
“You” or the “Data Subject” means the user who is using the Company’s services and who may choose to provide his/her Personal Data to the Company and/or whose Personal Data may be subject to Processing (as hereinafter defined)
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The collection of personal information
The Company collects the necessary information required to open a client’s trading account, perform transactions and safeguard the clients’ assets and privacy and to provide clients with the services they require. In this respect, the Company may ask clients in certain circumstances, to gather information from banks and/or credit agencies, and/or clearing agencies and/or other sources which will help the Company to construct the clients’ profile based on their requirements and preferences in order to provide its services effectively. The Company may collect customer’s credit card data where is necessary to offer the services the customer opted for. In accordance with the recommendations of Payment Card Industry Security Standards Council, customer card details – are protected using Transport Layer encryption – TLS 1.2 and application layer with algorithm AES and key length 256 bit.
The information the Company collects includes information required to communicate with and identify its clients. The Company may also collect certain demographic information, including, birth date, education, occupation, etc. The Company also assesses trading related information.
The Company also collects Non-Personal Information, meaning the information which does not allow us to identify the end-user.
The other type of information that we collect is the Personal Information and this allows us to identify the end-user:
- Identifying documents: documents that we request from you for the proof of identity and your residency. Such information is collected in order to perform transactions through the services provided by the Company.
- Registration information: to provide you with our services, at the registration stage, we ask you to provide us with your name, e-mail, telephone number.
- Voluntary information: when using our services such as customer support or any other means of communication with us we collect the information that you voluntarily provide about yourself.
- Device data: this is the information that we collect from your device and that includes your IP address, unique identifiers and other information that relates to your activity while using the services of the Company.
We collect your personal information in most cases directly from you. We may also collect information from third parties such as our partners, service providers and publicly available websites (i.e. social media platforms), to comply with our legal and regulatory obligations, offer Services we think may be of interest, to help us maintain data accuracy and provide and enhance the Services.
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our relationship with you as per the requirements of the Financial Services Authority of Seychelles (the “FSA”) and/or the compliance obligations of the Company. These recordings will be Company’s sole property and will constitute evidence of the communications between the Company and you. Such telephone conversations may only be recorded with the use of a warning tone or with any other further notice with which the Company will notify you about the legal reason it has for such processing and will further ask for your consent.
Use of personal information
The Company uses clients’ personal information only as required to provide quality service and security to its clients. This information helps the Company to improve its services, customize browsing experience and enables it to inform its clients of additional products, services or promotions relevant to clients provided that the clients’ have consented to the usage of this data for such purposes.
It shall be noted that the Company may anonymize or de-identify the collected information which, on its own, cannot personally identify you. In addition, the combination of Personal and non-Personal information is considered as Personal information and will be treated so while remaining combined.
The Company may disclose your Personal Data if it is under a duty to disclose or share your personal data and transaction data in order to comply with any legal obligation, or in order to enforce or apply the Terms and Conditions and other agreements or to protect the rights, property, or safety of the Company, the Company’s clients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
In the event that that the Company sell or buy any business or assets, it may disclose your personal data and transaction data to the prospective seller or buyer of such business or assets. If substantially all of the assets of the Company are acquired by a third party, personal data and transaction data held by it about its customers will be one of the transferred assets.
We will use all reasonable endeavors to ensure that any companies to whom we disclose your confidential information have robust mechanisms in place to protect your Personal Data.
The Company respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services.
The principal rights for client’s covered under the GDPR are as follows:
- the right for information;
- the right to access;
- the right to rectification;
- the right to erasure (right to be forgotten);
- the right to restrict processing;
- the right to object to processing;
- the right to data portability; and
- the right to withdraw consent.
You shall have the right to exercise any of those rights, as long as such requests do not conflict with the laws of the Republic of Seychelles.
If you want to exercise any of those rights, you should contact our Data Protection Officer (DPO) through the contact information via email to [email protected]
You should put your request in written with your own words and send it to the DPO by e-mail. We will acknowledge your request within seventy-two (72) hours or the first business day (whichever is closer) and handle it promptly. We are going to process and reply to your request within a month, with a possibility to extend this period for particularly complex requests in accordance with Applicable Law. We will retain your Personal Data for as long as your account is active, as needed to provide you services, or to comply with our legal obligations, resolve disputes and enforce our agreements.
The clients’ personal data will be kept to the Company’s records during the business relationship with the Client and after the termination of the business relationship, for 7 (seven) years as per the requirements of FSA in order to be able to provide to you the best of our services but also to comply with our legal obligations.
Protection of personal information
Any personal information provided by the client to the Company will be treated as confidential and shared only within the Company and its affiliates and will not be disclosed to any third party except under any regulatory or legal proceedings. In case such disclosure is required to be made by law or any regulatory authority, it will be made on a ‘need-to-know’ basis, unless otherwise instructed by the regulatory authority. Under such circumstances, the Company shall expressly inform the third party regarding the confidential nature of the information.
Affiliates and Partners
The Company may share information with partners, affiliates and associates in order to offer additional similar products and services that meet clients’ needs and which are delivered in a manner that is useful and relevant only where clients have authorized the Company to do so.
Non-affiliated third parties
The Company does not sell, license, lease or otherwise disclose clients’ personal information to third parties, except as described in this Privacy and Data Protection Policy.
The Company reserves the right to disclose personal information to third parties where such disclosure is required by the Law and/or a regulatory or any other government authority. The Company may also disclose information as necessary to credit reporting or collection agencies as reasonably required in order to provide the services to its clients.
In addition, the Company may engage third parties to help carry out certain internal functions such as account processing, fulfillment, client service, client satisfaction surveys or other data collection activities relevant to its business. Use of the shared information is strictly limited to the performance of the above and is not permitted for any other purpose. All third parties with which the Company shares personal information are required to protect such personal information in accordance with provisions of the GDPR and any other applicable law, and in a manner similar to the way the Company protects the same. The Company will not share personal information with third parties which it considers will not provide its clients the required level of protection.
As part of using the client’s personal information for the purposes set out above, non-affiliated third parties are:
- service providers and specialist advisers who have been contracted to provide us with services such as administrative, IT, analytics and online marketing optimization, financial, regulatory, compliance, research and/or other services,
- payment service providers and banks processing your transactions; and/or
- auditors or contractors or other auditing advisors assisting with or advising on any of our business purposes.
From time to time the Company may contact clients whether by phone or email for the purpose of offering them further information about the Company, financial markets news and about the Company’s services.
The Company uses all possible means to respect and protect its clients’ privacy.
At any time, a European resident client may contact the Company and request:
- Right to access, request copy, correct or delete any Personal Information that the Company collected, and which was subject to processing but also the ways with which this data was obtained, the reason for processing, what data categories were processed and the basis of the automated processing system.
- Right to restrict processing: You have the right to request the restriction or suppression of your personal data. The Company for the purpose of complying with the applicable Laws and Regulations, as described above, may store the personal data for a certain time period but will not use it.
- Right to object: You have the right to object to the processing of your personal data. The Company may be able to continue processing to comply with Laws and Regulations.
- Right to withdraw consent: Where we have obtained your consent to process your personal data you may withdraw this consent at any time. In this case, the Company will be forced to terminate its relationship with you within 10 days.
- Right of erasure: You have the right to request erasure of your personal data. It shall be noted that the Company may refuse to satisfy your request as under any other legal obligations that the Company is subject to, we may be required to keep the information that you provide to us.
- Right for data portability allows you to obtain and reuse your personal data for your own purposes across different services. The Company shall provide such information to you free of charge however, in case of abuse of such right we may charge you a reasonable fee in proportion with your request.
In case you disagree with the way we handle your Personal Data and/or you want to exercise any of your rights above, please contact the Company’s Data Protection Officer at [email protected] and we shall reply to you within 14 calendar days.
The Company may, based exclusively on each client’s consent, seek to contact clients, whether by phone or by email, for the purpose of informing them of unique promotional offerings provided by the Company for the client.
Any person wishing to withdraw their consent and stop any further contact with the Company at any time whatsoever is entitled to do so through the means to decline receiving such promotional offers from use, available within such promotional material. In case you unsubscribe and/or withdraw your consent the Company will remove your contact details from its marketing distribution list.
Restriction of responsibility
Use of “COOKIES”
- “persistent cookies”- only read by the Company’s website, are stored on the Client’s devise for a fixed time period and are not deleted when the browser is closed. The Company uses these cookies to know who the client is for his/her next visits allowing the Company to know the Client’s preferences the next time will log-in.
- “session cookies”- these are only stored while the browsing session lasts enabling the normal use of the system and are deleted when the browser is closed.
Please note that you may remove the cookies following your browser settings however, disabling of cookies may limit your online experience as well as the functionality of some of the features for the services we provide may be low.