Privacy Policy

Get started Speak to us
With investment, your capital is at risk.

Purpose and Scope

X GLOBAL Markets Ltd (hereinafter called the “Company”) is a Cyprus Investment Firm incorporated under the lawys of Cyprus, which has its principal place of business at 162, Fragklinou Rousvelt, 1st Floor, CY-3045 Limassol and registered with the Registrar of Companies in Nicosia under the number HE 291958.

The Company is authorised by the Cyprus and Securities and Exchange Commission (CySEC) under license number 171/12 to provide Investment and Ancillary services, and is obliged to strictly observe relevant laws, directives and applicable legislations. The company is compliant with the requirements of the Markets in Financial Instruments Directive (MiFID II), Investments Services Law 87(I) 2017, the laws for the Prevention of Money Laundering and Terrorist Financing, Market Abuse and Insider Dealing, the General Data Processing Regulation as well as other legislations applicable in the Republic of Cyprus.

The company has established this Privacy Policy in accordance with General Data Processing Regulation (GDPR) and laws, regulations and/or directives issued pursuant to this Law.
This policy applies to former, existing and potential clients as well as to any visitors of the Company’s website.

Client means any natural or legal person who has entered into a client relationship with the company and is actively using, or has used, the services of our company until the termination of the client relationship. A prospective client is a natural or legal person who intends to use our services and has made the initial registration for such use of services without concluding the client relationship.

This policy aims to provide our clients with information on what type of information we collect, how it is used and the circumstances where it could be shared with third parties.

The present privacy statement and/or policy:

Through this privacy statement, our clients data may be called either “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing our clients personal data or any such action as “processing” such personal data.

For the purposes of this statement, personal data shall mean any information relating to our clients which identifies or may identify them and which includes, for example, their name, address and identification number.

The present Privacy Statement aims to help our clients better understand the most recent changes to the Privacy Policy and Cookie Policy and how they may impact our clients. To fully understand the changes and terms that will govern our clients use of our “Services,” they will need to read the full Privacy Policy and Cookie Policy.

What kind of personal information do we collect and store?

As part of our business we collect personal data from customers and potential customers that include the following:

We also keep records of our clients trading behavior, including a record of:

We are required by Law No. 188(I)/2007 THE PREVENTION AND SUPPRESSION OF MONEY LAUNDERING AND TERRORIST FINANCING LAW OF 2007 as amended (AML Law) to identify our clients if they are opening a new account or adding a new signatory to an existing account. Anti-money laundering law and regulations require us to sight and record details of certain documents (i.e. photographic and non-photographic documents) to meet the standards, set under those laws. Identification documentation, as required under anti-money laundering legislation or other legislation relevant to the services we provide to our clients includes:

Individual Clients

  1. passport;
  2. driver’s license;
  3. national identity card (if applicable);
  4. utility bills;
  5. bank statement;
  6. electronic verification document; or
  7. Other information we consider necessary to our functions and activities.

Corporate Clients

  1. corporate documents (i.e. Certificates of incorporation, directors, shareholders etc.)
  2. regarding the directors and shareholders/ultimate beneficial owners we may request any information found under the Individual Clients list above.

We obtain this information in a number of ways through our clients use of our services (via the BackOffice Department), the account opening applications, our demo sign up applications, webinar sign up forms, website cookies and similar tracking technology built into our Websites and Apps, subscribing to news updates and from information provided in the course of our ongoing relationship.

We may also collect this information about our clients from third parties either through bought-in third party marketing lists, publicly available sources, social media platforms, introducing brokers and affiliates, bankers and credit card processors, subscription-based intelligence databases and other third-party associates.

We may ask for other personal information voluntarily from time to time (for example, through market research, surveys or special offers). If our clients choose not to provide the information we need to fulfil our clients request for a specific product or service, we may not be able to provide the client with the requested product or service.

We may record any communications, electronic, by telephone, in person or otherwise, that we have with our clients in relation to the services we provided and our relationship with them. These recordings will be our sole property and will constitute evidence of the communications between us. Such telephone conversations may be recorded without the use of a warning tone or any other further notice.

Who may we disclose personal information to?

As part of using our clients personal information for the purposes set out above, we may disclose such information to:

We endeavour to disclose to these third parties only the minimum personal data that is required to perform their contractual obligations to us. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.

Collection of personal data

The company shall collect information necessary to fulfil their legal and regulatory obligations for the provision of services and to improve our service to our clients.

We will gather information and documentation to personally identify, contact or locate our clients and may gather information from third parties and or other sources which will help us to offer our services effectively.

Our clients are responsible for the true and accurate information and to keep us informed of any changes to their  personal information or circumstance by emailing us at info@xglobalmarkets.com.

We are required to evaluate the appropriateness of the financial instruments and suitability based on three basic parameters;

  1. The sources of our clients income and wealth as well as their financial obligations
  2. Clients’ investment knowledge and experience including their objectives including their knowledge and experience of the financial markets along with our clients understanding of the risks involved.
  3. Clients’ experience in dealing in complex and non-complex financial instruments, especially their investment and risk attitude as they relate to such financial instruments.

The following is an example of personal data that is required from our clients:

Purpose of collecting and processing of personal data

Our client’s personal data is used for specific, explicit and legitimate purposes and only as required to provide quality service to our clients and to comply with applicable legislation as referred to above.

A. For the performance of a contract
The personal data collected from our clients is used to verify their identity, to construct their economic and investment profile in order to ensure that we provide our clients with products and services suitable to their requirements, knowledge and risk appetite, to manage their account with us, to process their transactions, to provide our clients with post-transaction information, to inform them of additional products and/or services relevant to their economic profile, to produce analysis and statistical data which will help us improve our products and services, and for website improvement purposes. These are necessary for the entry into or performance of our contract once signed. We will carry out regular checks to ensure that our systems are working as intended.

B. For Identity Verification purposes
The Company needs to perform its due diligence measures and apply the principles of KYC (Know-Your-Client) before entering a client relationship in order to prevent actions, such as money laundering or terrorist financing, and also to perform other duties imposed by law. Therefore, we collect from our clients’ identity verification information (such as images of their government issued national ID card or International Passport, or driving licence or other governmental proof of identification, as permitted by applicable laws) or other authentication information. We are also requesting our clients to provide us with a recent Utility Bill in order to verify their address. Further to this, the Company can use third parties which carry out identity checks on its behalf.

C. For compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements. There are also various supervisory authorities whose laws and regulations we are subject to.
Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
These include amongst others transaction reporting requirements, assessment of the clients’ knowledge and experience, FATCA and CRS reporting.

D. For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use our clients information. But even then, it must not unfairly go against what is right and best for our clients. Examples of such processing activities include:

E. For Marketing Purposes
The Company may use client data, such as location or trading history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. Our clients always have the right to change their option if they no longer wish to receive such communications.

F. Transaction Reporting
We are also obligated to regularly report to the respective authorities on the market share products and the services held by client groups, as well as other financial figures.

Who controls and processes our clients personal data

The company, and any undertakings being a member of our group, agents which we engage with for the purpose of collecting, storing and processing personal data and any third parties acting on our or their behalf, may collect, process and store personal data provided by our clients.
For the purpose of processing and the storage of personal data provided by our clients in any jurisdiction within the European Union or outside of the European Union, the company can confirm this will be done in accordance with applicable laws.

Authorized Processor

The company may also use authorized external processors for client data processing, based on concluded service agreements, which are governed by instructions from our company for the protection of client related data. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out what needs to be included in the contract which the company has adhered to, the below is not an exhaustive list of the obligations of all relevant parties;

Such providers will provide various services as agreed with us.

Third parties will not be promoting our services, products or provide information to clients or potential clients regarding the investment and/or ancillary services and financial instruments that we offer.

We have a regulatory obligation to supervise and effectively oversee the outsourced functions and its obligation to take appropriate measures when it determines that the service provider is not performing the said functions effectively and in accordance with the applicable legislation.

We may use or disclose personal information without our clients consent only in certain circumstances:

When we are required or permitted to disclose information without consent, we will not disclose more information than necessary to fulfil the disclosure purpose.

We inform all clients to maintain confidentially and not share with others its usernames and private passwords or as provided by us. The company bears no responsibility for any unlawful or unauthorized use of clients’ personal information due to the misuse or misplacement of clients’ access codes (i.e. passwords /credentials), negligent or malicious, however conducted.

How the Company treats our clients personal data for marketing activities and whether profiling is used for such activities

The Company may process our clients personal data to inform our clients about products, services and offers that may be of interest to them. The personal data that we process for this purpose consists of information our clients provide to us and data we collect and/or infer when they use our services, such as information on our clients transactions. We study all such information to form a view on what we think our clients may need or what may interest them. In some cases, profiling is used, i.e. we process our clients data automatically with the aim of evaluating certain personal aspects in order to provide them with targeted marketing information on products.
We can only use our clients personal data to promote our products and services to them if we have our clients explicit consent to do so – by clicking on the tick box during the account opening form – or in certain cases, if we consider that it is in our legitimate interest to do so.

Further, our clients have the option to choose whether they wish to receive marketing related emails (company news, information about campaigns, the company’s newsletter, the company’s strategic report, etc.) to our clients provided email address by clicking the relevant tick box during the account opening form.

Our clients have the right to object at any time to the processing of our clients personal data for marketing purposes or unsubscribe to the provision of marketing related emails by the Company, by contacting at any time our customer support department via the following ways:

  1. By Email: info@xglobalmarkets.com
  2. By post or in person at the Company’s Headquarters at: 162 Fragklinou Rousvelt, 1st Floor 3045, Limassol, Cyprus

Period of keeping our clients personal information

The Company will keep our clients personal data for as long as a business relationship exists with our clients, either as an individual or in respect of our dealings with a legal entity our clients are authorized to represent or are beneficial owner. Once the business relationship with our clients has ended, we are required to keep our clients data for a maximum period of five years to meet our regulatory and legal requirements.

If reasonably necessary or required to meet other legal, contractual or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep for an additional three years some of our clients information as required, even after the above-mentioned period.

When we no longer need personal data, we securely delete or destroy it.

Our clients rights

Rights to Access:

Our clients have the right to request copies of their personal data.
Information must be provided without delay and at the latest within one month of receipt. The company will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform the individual within one month of the receipt of the request and explain why the extension is necessary.

Can the company charge a fee for dealing with a subject access request:
We must provide a copy of the information free of charge. However, the company can charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive.

The fee if applied will be based on the administrative cost of providing the information.

If at any time we refuse to respond to a request, we will explain why to the individual, informing them of their right to complaint to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

When information is provided:

The company will verify the identity of the person making the request, using reasonable means.

Right for rectification

When should personal data be rectified?

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.

The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. Our clients can make a request for rectification verbally or in writing.

If we have disclosed the personal data in question to others, we must contact each recipient and inform them of the rectification – unless this proves impossible or involves disproportionate effort. If asked to, we must also inform the individuals about these recipients.

How long does the company have to comply with a request for rectification?

We must respond within one month.

This can be extended by two months where the request for rectification is complex.

Where the company is not taking action in response to a request for rectification, we must explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy.

Our clients right to erasure;

When does the right to erasure apply?

The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

There are some specific circumstances where the right to erasure does not apply and we can refuse to deal with a request

We have a legal obligation to obtain data on our clients meeting with their regulatory obligations, based on the legal obligations imposed on us, individuals may have no right to erasure, no right to data portability or right to object on the information gathered meeting with our legal obligation under their license to provide financial services.

When can the company refuse to comply with a request for erasure?

We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:

Does the company have to tell other organizations about the erasure of personal data?

If we have disclosed the personal data in question to others, we must contact each recipient and inform them of the erasure of the personal data – unless this proves impossible or involves disproportionate effort. If asked to, we must also inform the individuals about these recipients.

Our clients right to restrict processing

When does the right to restrict processing apply?

We will be required to restrict the processing of personal data in the following circumstances:

We may need to review procedures to ensure we are able to determine where we may be required to restrict the processing of personal data.

If the company has disclosed the personal data in question to others, we must contact each recipient and inform them of the restriction on the processing of the personal data – unless this proves impossible or involves disproportionate effort. If asked to, we must also inform the individuals about these recipients.

The company must inform individuals when we decide to lift a restriction on processing.

Our clients right to consent

Initial registration – In order to create a Demo account or a Live trading account with the company, a person must make an initial registration via the website’s registration form, or directly through their Trader’s Room and agree with the terms listed in the given Privacy Policy. The Client confirms acceptance of these terms by ticking the corresponding box on the registration form. If such consent is not given, the company cannot process a persons’ data, nor provide any services to the person in question.

Cancellation of the initial registration – When a person cancels the registration process and does not complete it, that person ‘s data will not be retrieved by the company and will, therefore, not be saved for further processing in the future.

Declining the option to be contacted via phone – A person always has the right to request not to be contacted via telephone by the company’s representative. This request will be saved within the company’s internal systems and acts as a separate restriction which we will, of course, respect. The request to not to be contacted via telephone does not affect a client from using our services. Additionally, this does not restrict said person to contact the company by their own initiative.

Our clients right to data portability:

Right to object:

Individuals have the right to object to:

We will stop processing the personal data unless:

Guide on data usage and subscription options

Further information on how we handle client data can be found here.

Automated decision-making

In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of our clients data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with them for data assessments (including on payment transactions) which are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for our clients business. These measures may also serve to protect our clients.

The Geographical Area of Processing

As a general rule, the client data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA.

The transfer and processing of client data outside the EU/EEA can take place provided there are appropriate safeguards in place and the actions are made based on a legal basis only.

Upon request, the client may receive further details on client data transfers to countries outside the EU/EEA.

Other related information

We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

Among other practices, our clients account is protected by a password for their privacy and security. Our clients must prevent unauthorised access to their account and Personal Information by selecting and protecting their password appropriately and limiting access to their computer or device and browser by signing off after they have finished accessing their account.

Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features in an attempt to prevent unauthorised access.

When our clients email the Company (via the “Contact Us” page), or using the Live Chat feature, a person may be requested to provide some additional personal data, like their name or email address. Such data will be used to respond to their query and verify their identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.

Raising a concern

Our clients have the right to be confident that we handle their personal information responsibly and in line with good practice.

If our clients have a concern about the way we are handling their information, for example if they feel we may not be;

We take all concerns seriously and will work with our clients to resolve any such concerns.

Any concerns and/or requests can be raised to the appointed Data Protection Officer whose contact details are below:

XGLOBAL Markets Ltd
162 Fragklinou Rousvelt, 1st Floor 3045, Limassol, Cyprus
Tel: +357 25 262002
Email: info@xglobalmarkets.com

If our clients are not satisfied with any responses provided by us, they have the right to raise such matters with the Cyprus Data Protection Commissioner;

Office of the Commissioner for Personal Data Protection
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy

The client has the right go to court or to escalate their complaint to the data protection regulator in their jurisdiction for the protection of rights, unless the applicable laws prescribe a different procedure for handling such claims.

Changes to this privacy statement

The Company reserves the right to modify or amend this Privacy Statement unilaterally at any time in accordance with this provision.

If any changes are made to this privacy statement, we shall notify our clients accordingly. The revision date shown on at the end of this page will also be amended. We do however encourage our clients to review this privacy statement occasionally so as to always be informed about how we are processing and protecting our clients personal information.

Cookies

Our website uses small files known as cookies to enhance its functionality and improve our clients experience.

To find out more about how we use cookies please see our cookie policy.

Note: The General Data Protection Regulation (EU) 2016/679 shall come into effect on May 25th 2018. Until then, the Processing of Personal Data (Protection of Individuals) Laws 2001 till 2012 remain in force.

Monitoring and Review

The Company will monitor on a regular basis the effectiveness of this Policy and, in particular, the execution quality of the procedures explained in the Policy and, where appropriate, it reserves the right to correct any deficiencies.

In addition, the Company will review the Policy at least annually. A review will also be carried out whenever a material change occurs that affects the ability of the Company to continue to the best possible result for the execution of its Client Orders on a consistent basis using the venues included in this Policy.

The Company will inform its Clients of any material change to this Policy by posting an updated version of this Policy on its Website(s).

Date of last revision: 2019-01-17

Discretionary investment management