This Policy applies to existing clients, prospective clients, and clients who have terminated their contractual relationship with the Company and website visitors (hereinafter jointly referred to as the “Clients” or “you”) who are accessing or using the Company’s website(s) and mobile applications (hereinafter referred to as the “Platforms”). The Company is committed to protecting the privacy of all Clients ‘Personal Data which it processes by the provisions of this Policy and the Company’s Terms of Business. For this Policy, references to “Personal Data” shall mean data that identifies or may identify Clients and which may include, for example, a Client’s name, address, identification number, telephone number, and date of birth.
The Company collects different types of Personal Data through the Company’s Platforms from Clients who visit such Platforms or access, use, or request products and services offered by the Company. The provision of certain Personal Data is required for establishing a contractual relationship with the Company. Clients not wishing to provide such Personal Data will not be able to open an account with the Company or be provided with other products and/or services of the Company. Clients have a responsibility to ensure that the Personal Data, they provide to the Company and recorded in their account remains accurate and up to date throughout their contractual relationship with the Company. In addition to the information provided by Clients, the Company also lawfully collects and processes Personal Data from publicly available sources (including, inter alia, the press, social media, and the internet) and third-party risk
management software solutions to meet its regulatory obligations and for confirming the validity of the provided information.
The Personal Data received from the Client, collected and processed by the Company are required for communication, identification, verification, and assessment of the business relationship established with the Client, contract performance, and legal compliance. The following Personal Data may be collected from Clients depending on the product and/or service the Company provides to them:
(a) Contact details such as the Client’s name, email address, and phone number.
(b) Identification details such as the Client’s identification or passport number.
(c) Biographical and demographic data such as gender, age, ethnicity, education, occupation, the Client’s financial trading experience, and whether he has a prominent public function status (PEP).
(d) information such as the Client’s income status, bank account number, and account details, tax information, and other financial information.
(e) Information relevant to the services that the Company provides to the Client such as the Client’s transactions and communication records with the Company.
(f) Details of visitors’ and Clients’ visits to the Company’s website and information collected through cookies and other tracking technologies including IP address and domain name, browser version, operating system, and geolocation.
(g) Information about criminal convictions and offenses to the extent required and/or permitted by applicable law.
(h) Information about the client’s mobile device Call log with the permission of the client.
(i) Your marketing preferences.
The Company understands the importance of protecting children’s privacy. The Company’s services are not intended for children under eighteen (18) years of age nor is the Company’s website designed for use by children. Therefore, the Company does not knowingly or specifically collect children’s data. If the Company collects such data mistakenly or unintentionally, the company shall delete the information at the earliest possible once it obtains knowledge thereof. If the Client becomes aware of such data collection, he/she shall notify the Company at [email protected] The Company understands the importance of protecting the elderly’s privacy. The Company’s services are not intended for the elderly above sixty-five (65) years of age nor are the Company’s website designed for use by the elderly. Therefore, the Company does not knowingly or specifically collect elderly’s data. If the Company collects such data mistakenly or unintentionally, the Company shall delete the information at the earliest possible once it obtains knowledge thereof. If the Client becomes aware of such data collection, he/she shall notify the Company at [email protected]
The Company collects and processes Personal Data that is required for the evaluation, establishment, and maintenance of the contractual relationship between the Company and the Client and to comply with the Policy and applicable laws and regulations governing the provision of financial services. In In some cases, the Company may also process the Client’s Personal Data to pursue its legitimate interests or those of third parties provided that the Client’s interests and fundamental rights are not overridden by those of the Company or the third party.
(a) Where the Company needs to perform the contract, it has entered with the Client or to take certain steps before entering into a contract with the Client Processing is necessary for the Company to provide the Client with its products and services, and more specifically in order:
• To verify the Client’s identity and carry out any required credit checks;
• To ensure that the Client meets the suitability requirements to use the Company’s products and services;
• To manage the account the Client holds with the Company;
• To process the Client’s transactions, and
• To send to the Client any information about transactions/post-transactions services. If the Client does not provide the requested Personal Data, the Company may be unable to offer the client its products and/or services
(b) Where the Company needs to comply with a legal obligation As an investment firm, the Company is required to comply with certain legal and regulatory obligations which may involve the processing of Personal Data. Such obligations and requirements impose on the Company’s necessary data processing activities for identifying verifications, compliance with court orders, tax law or other reporting obligations, and anti-money laundering controls.
(c) Where the Company has legitimate interests to use the Client’s Personal Data More specifically, the Company may process the Personal Data for the following purposes:
• To develop or enhance its products and services;
• To enhance the security of the Company’s network and information systems;
• To identify, prevent and investigate fraud and other unlawful activities, unauthorized transactions, and other liabilities and manage risk exposure;
• To maintain its accounts and records;
• To manage its business operations and comply with internal policies and procedures;
• To defend, investigate or prosecute legal claims;
• To receive professional advice (such as legal advice), and
• For the analysis of statistical data which helps the Company in providing its clients with better products and services in the future. It should be noted that the Company anonymizes and aggregate such data so that they do not directly or indirectly reveal the Clients’ identities. The Company may provide this statistical data to third parties(as described in more detail in Section 8) solely for statistical purposes and to improve the Company’s marketing campaign.
(d) Where the Client has given his consent
• The Company will ask for the Client’s consent when the Company wishes to provide marketing information to its Clients about its products or services that may be of interest to the Client.
• The Company will ask for Clients’ permission to access their mobile device call log for the sole purpose of completing the phone number verification process. The Client may withdraw such consent at any time. This right doesn’t affect the lawfulness of the processing that was based on that consent before its withdrawal.
Below we provide the details of the cookies used and the options for further reading and opt-out:
CM Index LTD persistent and session cookies are used to support our visitors’ and clients’ browsing experience:
Required: To enable the core functionality for the website and user accessibility. Functional To maintain the user’s authentication and personalization functions through our websites and client’s area. To serve users with the appropriate content and resources based on their preferences.
Analytical: To track users’ visits to our websites, identify their preferences and collect 5 online behavioral data for analysis and optimization.
Third-Party Cookies: Cookies by third-party providers are used on our websites to enable tools and services to our visitors and clients and support our internal analysis and marketing activities. The Company has no access to, or control over these cookies therefore will not be liable for misuse or loss of Personal Data resulting from cookies on the Company’s website(s) that the Company does not have access to or control over.
The Client or visitor of the Company’s website acknowledges that he can control and manage the above cookies through his web browser security and privacy settings. If you’d like to learn more about cookies as well as how to manage and delete them, visit: www.allaboutcookies.org.
The Company’s website contains or may contain links to other websites or social media platforms of interest. However, once you have used these links to leave the Company’s website, you should note that the Company does not have any control over those other websites. Therefore, the Company cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question. The Company will not be liable for the unlawful or unauthorized use of the Client’s Personal Data due to misuse and/or malicious use and/or negligence and/or misplacement of the Client’s passwords either by him/her or any third party.
Under the applicable laws and regulations, the Company is required to keep records containing Client Personal Data, trading information, account opening documents, communications, and anything else which relates to the Client after the execution of each transaction and/or for 6 (six) years of the termination of the business relationship.
In the course of the performance of the Company’s contractual and statutory obligations, the Client’s Personal Data may be disclosed to third parties. Most such third parties enter into contractual arrangements with the Company by which they observe data protection and confidentiality. Under the circumstances referred to above, recipients of Personal Data may be, for example:
(a) third-party payment service providers who help the Company provide its clients with the services of secure deposit and withdrawal to and from a client’s account;
(b) other service providers that the Company
has chosen to support it in the effective provision of its products and services by offering technological expertise, solutions, and support;
(c) governmental and regulatory bodies, including law enforcement authorities and FSB, in connection with inquiries, proceedings or investigations by such parties or to enable the Company to comply with its legal and regulatory requirements;
(d) credit reference and fraud prevention agencies, third-party authentication service providers, and other financial institutions for credit checking, fraud prevention, and anti-money laundering controls;
(e) third-party service providers for the provision of the required customer support services through live chat and the Company’s website visits and traffic monitoring through cookies; (f) external consultants including legal and tax consultants;
(g) data reporting service providers;
(h) market research companies and call centers; and
(i) affiliates of the Company;
By the recommendations of the Payment Card Industry Security Standards Council, customer card details are protected using Transport Layer
encryption — TLS 1.2 and application layer with algorithm AES and key length 256 bit. The Company does not collect, store, or process any personal credit or debit card information. All payment transactions are processed through payment service providers.
The Company may process Personal Data to tell its clients about products, services, and offers that may be of interest to the Client. The company may only process such Personal Data if it has obtained the Client’s explicit consent to do so. If the Client no longer wishes to receive any promotional communications, he may opt-out of receiving them by following the instructions
included in each communication or by updating his email subscription preferences within the Client account area.
Clients have the following rights about their Personal Data:
(a) Right of access: The Client has the right to be informed whether the Company is processing his/her Personal Data and if so, to provide the Client with a copy of that Personal Data.
(b) Right to rectification: The Client is entitled to request that the Company correct or complete his/her Personal Data if it is inaccurate or incomplete.
(c) Right to erasure: This enables the Client to ask the Company to erase or remove the Client’s Personal Data under certain circumstances, such as when the Client withdraws his consent.
(d) Right to restrict processing: This enables the Client to ask the Company to restrict the processing of the Client’s Personal Data if:
• it is not accurate;
• it has been used unlawfully but the Client doesn’t want it to be deleted;
• it is not relevant anymore, but the Client wants the Company to keep it for use in possible legal claims;
• the Client has already asked the Company to stop using his Personal Data but he is waiting for the Company to confirm if it has legitimate grounds to use such Personal Data
(e) Right to data portability: The Client has the right to obtain his/her Personal Data provided to the Company in a structured, commonly used, and machine-readable format
(f) Right to object: The Client may ask the Company at any time to stop processing his/her Personal Data, and the Company will do so
• If the Company is relying on a legitimate interest to process the Client’s Personal Data and the Company cannot demonstrate compelling legitimate grounds for the processing,
• If the Company is processing the Client’s Personal Data for direct marketing
(g) Rights of automated decision-making and profiling: The Client has the right to be free from decisions based solely on automated processing of his/her Personal Data, including profiling, that affect him/her, unless such profiling is necessary for entering into, or the performance of, a contract between Client and the Company or the Client provides explicit consent.
(h) Right to withdraw consent: If the Company relies on the Client’s consent to process his/her Personal Data, the Client has the right to withdraw that consent at any time. This will not affect the lawfulness of the processing that took place based on the Client’s prior consent.
(i) Right to complain about the data protection authority: If the Client has a concern about the Company’s privacy practices, including how the Company handled his/her Personal Data, the Client can report it to the relevant data protection authority. To exercise any of the above rights, the Client may contact the Company at [email protected]
When you make an application for account opening we will use systems to make an automated assessment of your knowledge and experience through the evaluation of an appropriateness test. Based on the results of such a test will then assign the appropriate leverage to your trading account. In such cases, you have the right to contact us to:
(a) give you information about the processing of your data (please also see Section 11 of this Policy about your rights); and/or
(b) request that one of our employees examines your application and obtain an explanation for the automated decision reached. You also have the right to challenge such a decision. Following such a request, we will reassess your application, taking into consideration both the reasons that a particular automated decision was reached as well as your point of view.
Personal Data which the Company holds is to be treated by the Company as confidential and will not be used for any purpose other than those specified in this Policy. Any Personal Data that the Client provides to the Company will be treated as confidential and shared only with the parties set out in Section 8 of this Policy. Such Personal Data will not be disclosed to any other third party except if such disclosure is required under any regulatory or legal proceedings. The Personal Data that the Client provides in connection with registering as a user of the
website(s) or for the Services is classified as Registration Information. The Company offers high protection for the Registration Information provided by the Client. The Client can access his Registration Information through a password selected by him which is encrypted and known only to the Client. The Client must be careful and protect his password from any third parties.
Registration Information is safely stored on secure servers that only authorized personnel has access to via password. The Company encrypts all Personal Data as it is transferred to the Company and thus makes all necessary efforts to prevent unauthorized parties from viewing any such information. Personal Data provided to the Company that is not Registration Information also resides on secure servers and is again accessible only to authorized personnel via password. This information is not accessible by the Client; therefore, no password is provided to view or modify this information
The Company reserves the right to review and amend this Policy from time to time for any reason and notify the Clients of any such amendments accordingly by posting an updated version of this Policy on the Company’s website(s). The Company will notify you about any material changes to this Policy by placing a notice on its website or by communicating with you directly. The Client is responsible for regularly reviewing the Policy and any amendments thereof.
For any general inquiries regarding this Policy please contact the Company by emailing the Customer Support Department at [email protected] For any requests regarding personal data rights, as set out in Section 11 of this Policy, or questions about how the Company processes Client’s Personal Data, please contact us at [email protected]