Privacy and Security Policy
Monaxa Ltd ("the Company", "We", "Us", "Our") is an entity incorporated under the Business Companies (Amendment and Consolidation) Act, Chapter 149 of the Revised Laws of Saint Vincent and the Grenadines, 2009, with the following registrations: Company Number 26883 BC 2022.
The company provides online platforms for clients to trade over-the-counter (OTC) derivatives, including margin foreign exchange ("Forex") contracts and contracts-for-difference ("CFDs"). The company's online platforms operate through the www.monaxa.com website ("Website") and the Monaxa mobile applications (the "Apps").
GENERAL DATA PROTECTION REGULATION
Protecting the privacy and safeguarding the personal and financial information of the Company's clients and website visitors is one of our highest priorities. The following General Data Protection (the "GDP") Policy explains how we collect, store and protect your information.
This privacy statement:
- - gives a breakdown of how the Company collects and processes your personal information and in forms you about the rights you have under the local data protection law,
- - it applies only to natural persons who are either current or potential clients of the CIF, or are authorised representatives/Introducing Brokers (IBs) or beneficial owners of legal entities or of natural persons which/who are current or potential clients of the Company,
- - it applies to natural persons who had such a business relationship with the Company in the past
- - contains information about how and why we share your personal data with other members of the Company and other third parties (for example, trusted service providers or suppliers).
Your data can be referred to as "personal information" or "personal data". We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as "processing" such personal data.
For the purposes of this policy, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.
WHAT PERSONAL DATA WE PROCESS AND WHERE WE COLLECT IT FROM
We collect and process different types of personal data which we receive from our clients (potential and current) via their representatives or via our alternative channels of communication such as our website or members area, in the context of our business relationship.
We may also collect and process personal data which we lawfully obtain not only from you but from other entities within the Company Group, or other third parties e.g. individuals, public authorities, companies that introduce you to us, companies that process card payments.
Additionally, we may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, commercial registers and media outlets) which we lawfully obtain and we are permitted to process.
1. If you are a prospective client the relevant personal data which we collect may include:
- - Name;
- - ID-Passport;
- - Address;
- - Date of Birth;
- - Education;
- - Experience;
- - Trading Volume;
- - Employment status;
- - Gender;
- - Estimate Net Worth;
- - Source of Funds;
- - If you hold/held a prominent public function (for PEPs);
- - Authentication data (e.g. signature).;
- - Death certificate;
- - Marriage certificate; and
- - Bank Details.
2. If you are a prospective Introducing broker/Affiliate the relevant personal data which we collect may include:
- - Name;
- - ID-Passport;
- - Address;
- - City/Town;
- - Postal Code;
- - State;
- - Country;
- - Gender; and
- - Bank Details.
If you are a prospective business then we can provide a corporate account to you , the relevant personal data which we collect may include:
Company details:
- - Name;
- - Address;
- - State;
- - Country;
- - Directors;
- - Shareholders (which hold 10% or more shares); and
- - Bank Details.
Primary contact details (Director)
- - Name;
- - Date of Birth;
- - Address;
- - State;
- - Country;
- - Gender;
- - Phone number;
- - Email;
- - Licenses that company obtained;
- - Regulatory bodies that company is member of; and
- - Background/Experience of the Company Director/Shareholder.
COOKIES
We use cookies (and other tools such as web page counters or other analytics tools) to gather information about your access to the website and other services we provide to you. Cookies are small pieces of information which use a unique identification tag and are stored on your device as a result of you using this website or other service, we provide to you. We uses this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.
We, or third-party advertisers, may also use this information to serve adverts on you. Where those adverts are targeted, this may involve using website information and information we (or our third-party advertisers) have obtained from third parties. This will not include information such as your name or contact details. Where our adverts are displayed to you using your information, your information is used as necessary for our legitimate interests in marketing to you.
We keep this website information about you until the relevant cookie expires or is removed by you. When cookies are used by us, they collect statistical and factual information about how you use our services. Most internet browsers are set up to accept cookies. If you do not wish to receive cookies, you may be able to change the settings of your browser to refuse all cookies or to have your computer notify you each time a cookie is sent to it, and thereby give yourself the choice whether to accept it or not. However, this may impair the quality of the services that we provide to you in relation to your account.
Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
CONTENT INFORMATION
This is information about you which you provide when you post content on our website, social media and any other platforms we maintain. This may include reviews, photographs, videos and other content.
We may display and publish this information on our platforms as part of our contract with you or as necessary for our legitimate interests in providing content to our users.
This information is kept for as long as you have an account with us and may be retained and displayed indefinitely after you close your account.
DO YOU HAVE AN OBLIGATION TO PROVIDE US WITH YOUR PERSONAL DATA
In order that we may be in a position to proceed with a business relationship with you, you must provide your personal data to us which is necessary for the commencement, execution of a business relationship and the performance of our contractual obligations. We are furthermore obligated to collect such personal data given the provisions of the money laundering law which require that we verify your identity before we enter into a contract or a business relationship with you (or the legal entity for which you are the authorized representative/agent or beneficial owner). You must, therefore, provide us at least with your identity card/passport, your full name, place of birth (city and country), and your residential address so that we may comply with our statutory obligation as mentioned above.
WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
For the performance of a contract
We process personal data in order to offer you financial services. Therefore, we require you to fill appropriateness form with additional data, which will enable us to provide you with best suited product. Such information, which we are obligated to collect, is necessary for us to be able to provide you with our services.
The purpose of processing personal data depends on the requirements for each product or service our Client Agreement provides more details with regards to this matter. For compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. the Money Laundering Law and various supervisory authorities whose laws and regulations we are subject to. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you, therefore, our objective is to process your data in fair, transparent and lawful manner. Examples of such processing activities include:
- - Means and processes we undertake to provide for the Company's IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures;
- - Setting up CCTV systems, e.g. at ATMs, for the prevention of crime or fraud;
- - Measures to manage business and for further developing products and services.
- - Sharing your personal data within the Company Group for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework; and
- - Company Group risk management.
YOU HAVE PROVIDED YOUR CONSENT
Provided that you have given us your specific consent for processing (other than for the reasons set out herein above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
WHO RECEIVES YOUR PERSONAL DATA
In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within the Company but also to other member companies. Various service providers and suppliers/contractors may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law.
It must be noted that we may disclose data about you for any of the reasons set out herein above, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent.
Under the circumstances referred to above, recipients of personal data may be, for example:
- - Supervisory and other regulatory and public authorities, inasmuch as a statutory obligation exists. Some examples are the FSA, ASIC, the income tax authorities, criminal prosecution authorities;
- - Credit and financial institutions such as correspondent banks;
- - For our anti-money laundering process;
- - External legal consultants;
- - Auditors and accountants;
- - Marketing companies and market research companies;
- - Companies which help us to provide you with our services;
- - Card payment processing companies;
- - Fraud prevention agencies;
- - File storage companies, archiving and/or records management companies, cloud storage companies;
- - Compliance consultant companies;
- - Companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support and facilitating payments; and
- - Purchasing and procurement and website and advertising agencies.
- - Introducing Brokers and Affiliates with whom we have mutual relationships.
HOW WE TREAT YOUR PERSONAL DATA FOR MARKETING ACTIVITIES AND WHETHER PROFILING IS USED FOR SUCH ACTIVITIES
We may process your personal data to inform you about products, services and offers that may be of interest to you or your business.
The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all that information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so. You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time the Company in writing at [email protected].
STORAGE OF INFORMATION
MONAXA'S headquarters is based in Saint Vincent and The Grenadines. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at another location outside the main headquarter location.
You acknowledge and agree that your personal information may be transferred within or outside St. Vincent & the Grenadines. You agree that we will be permitted, if so required, to furnish relevant information concerning your Trading Account(s) to any person who we believe to be seeking a reference or credit reference in good faith. The information we share may affect your ability to obtain credit. Please note that MONAXA only transfers personal information to organizations outside of St. Vincent & the Grenadines if MONAXA has assessed the organization as having appropriate controls and safeguards in place to protect your personal data.
Some countries or organizations outside of St. Vincent & The Grenadines, United Kingdom and the European Union which we may transfer your information to will have an "adequacy decision" in place, meaning St. Vincent & the Grenadines considers them to have an adequate data protection regime in place. Data may be transferred to, stored and processed in countries which do not offer "adequate protection" for the purposes of Directives of the SVGFSA for any purpose related to the operation of your Account. Such purposes include the processing of instructions and generation of confirmations, the operation of control systems; the operation of management information systems; the carrying out of such credit and identity checks as we may deem necessary or desirable; and allowing staff of any of our Affiliates who share responsibility for managing your relationship from other offices to view information about you. You agree that where it is necessary for the provision of these or other Services to you, we may transfer your information to persons who provide services to MONAXA, including where those persons may be outside of St. Vincent & The Grenadines. You consent to MONAXA processing and disclosing such information in accordance with MONAXA’S Privacy and Security Policy published on the MONAXA website(s), as may be updated from time to time.
If we transfer data to countries or organizations outside of St. Vincent & the Grenadines that does not have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
We will keep your personal data for as long as we have a business relationship with you (as an individual or in respect of our dealings with a legal entity you are authorized to represent or are beneficial owner). Once our business relationship with you has ended, we may keep your data for up to ten (10) years. We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.
For prospective client personal data [or authorized representatives/agents or beneficial owners of a legal entity prospective client] we shall keep your personal data for 6 months from the date of notification of the rejection of your application for our services and/or facilities or from the date of withdrawal of such application.
YOUR DATA PROTECTION RIGHTS
You have the following rights in terms of your personal data we hold about you:
- 1. Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy, you can complete our web form through the Company's website
- 2. Request correction [rectification] of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to erase your personal data (known as the 'right to be forgotten') where there is no good reason for us continuing to process it.
- 3. Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing. If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
- 4. Request the restriction of processing of your personal data. This enables you to ask us to restrict the
processing of your personal data, i.e. use it only for certain things, if:
- - it is not accurate;
- - it has been used unlawfully but you do not wish for us to delete it;
- - it is not relevant any more, but you want us to keep it for use in possible legal claims; and
- - you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.
- 5. Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name [known as the right to data portability].
- 6. Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact your account manager, visit any of our offices, or send a message to [email protected]
DATA SECURITY
We take security very seriously and adopt industry and information security best practices to protect your personal information and ensure it is not accessed by unauthorised persons. Measures include encryption of data during transmission, strong authentication mechanisms and secure access to machines and data.
We have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
PERSONAL DATA BREACHES
A personal data breach is a "breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed".
A breach is therefore a type of security incident and there are three different types of breach that may occur:
- - Confidentiality breach: an accidental or unauthorised disclosure of, or access to, personal data.
- - Availability breach: an accidental or unauthorised loss of access to, or destruction of, personal data.
- - Integrity breach: an accidental or unauthorised alteration of personal data.
- - A breach can affect confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.
A personal data breach would, for example, include:
- - personal data being disclosed to an unauthorised person, e.g. an email containing personal data being sent to the wrong person.
- - an unauthorised person accessing personal data, e.g. an employee's personnel file being inappropriately accessed by another member of staff due to a lack of appropriate internal restrictions.
- - a temporary or permanent loss of access to personal data, e.g. where a client's or customer's personal data is unavailable for a certain period of time due to a system shut down, power, hardware or software failure, infection by malware or viruses or denial of service attack, where personal data has been deleted either accidentally due to human error or by an unauthorised person or where the decryption key for securely encrypted data has been lost.
Notification to the Office of the Commissioner
- 1. Not all personal data breaches are necessary to be notified to the Office of the Commissioner.
- 2. Every suspicion of a data breach has to be notified to the Data Protector Officer of the Company.
- 3. The DPO will gather all the necessary information as soon as possible and assess the level of risk in order to decide if the case needs to be communicated with the Office of the Commissioner.
- 4. The breach will only need to be notified if it is likely to result in a risk to the rights and freedoms of data subjects, and this needs to be assessed internally by the Company on a case- by-case basis. A breach is likely to result in a risk to the rights and freedoms of data subjects if, for example, it could result in:
- - loss of control over their data
- - limitation of their rights
- - discrimination
- - identity theft
- - fraud
- - damage to reputation
- - financial loss
- - unauthorized reversal of pseudonymisation
- - loss of confidentiality
- - any other significant economic or social disadvantage.
- 5. Where a breach is reportable, the Company must notify the Office of the Commissioner without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach. If our report is submitted late, it must also set out the reasons for our delay. Our notification must at least include:
- - a description of the nature of the breach including, where possible, the categories and approximate number of affected data subjects and the categories and approximate number of affected records
- - the name and contact details of the Company's CEO
- - a description of the likely consequences of the breach
- - a description of the measures taken, or to be taken, by the Company to address the breach and mitigate its possible adverse effects.
We can provide this information in phases, without undue further delay, if it cannot all be provided at the same time.
Awareness of the breach occurs when we have a reasonable degree of certainty that a breach has occurred. In some cases, it will be relatively clear from the outset that there has been a breach. However, where it is unclear whether or not a breach has occurred, we will have a short period of time to carry out an initial investigation and assessment after becoming aware about a potential breach in order to establish with a reasonable degree of certainty whether or not a breach has in fact occurred. If, after this short initial investigation, we establish that there is a reasonable degree of likelihood that a breach has occurred, the 72 hours starts to run from the moment of that discovery.
RIGHT TO LODGE A COMPLAINT
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by contacting support.
CHANGES TO THIS PRIVACY STATEMENT
We may modify or amend this privacy statement from time to time.
We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.
COMPANY'S CONTACT DETAILS
Clients shall communicate with the Company via [email protected]