Confidentiality policy
Definitions
“Company” means Tradeslide Global Ltd.
“FCPA 2022” means the Financial Consumer Protection Act 2022 as amended from time to time.
“FSA” means the Financial Services Authority in Seychelles.
“Non-public consumer data” means the data provided by the financial consumer to the Company, which shall not be made available to the public at large.
1. About Tradeslide Global Ltd
Tradeslide Global Ltd is a Company incorporated and registered under the laws of Seychelles with Company number 8433817-1. The Company is licensed and regulated as a securities dealer by the Financial Services Authority under license number SD171.
2. Applicable Regulatory Framework and Purpose of this policy
The formulation and adoption of this Policy is required under section 29(2) of the Financial Consumer Protection Act of 2022, according which the Company shall formulate and adopt adequate confidentiality policies and procedures. The FCPA 2022 came into force with the aim of strengthening consumer protection and confidence when accessing financial services and products in Seychelles.
The policy’s purpose is to formulate the required procedures which ensure protection of non-public consumer information. The policy provides the manner in which the Company, its employees, agents or other relevant parties acting on its behalf, holds, treats and uses information received from actual or potential clients who intend to or partake in the products or services offered by the Company.
The Company shall not disclose the data of its financial consumers and shall protect the confidentiality of its non-public consumer data. Consumer data shall only be utilized for the purposes specified and agreed with the financial consumer or as required under any applicable law.
3. Non-Public Data Collected and Processed
A list of non-public data collected and processed by the Company include but are not limited to:
- Personal information such as: Name, surname, residential address, e-mail address, phone number, date of birth, gender, citizenship, occupation and employment details.
- Information for the construction of client’s economic profile, including source of income and wealth, details about source of funds;
- nformation on whether a client holds a prominent public function (PEPs);
- Bank Account and/or Credit card details.
- Documents provided to the Company for verification of the client’s identity i.e. passport/identity car, Company incorporation details as applicable, utility bills and other identifiable documents for verification purposes.
4. Sensitive Data collected and/or processed
The Company considers the following personal data to be ‘sensitive’:
- personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
- trade-union membership;
- genetic data, biometric data processed solely to identify a human being;
- health-related data;
- data concerning a person’s sex life or sexual orientation.
The Company does not collect and/or process any sensitive data from clients or potential clients during the provision of the services.
5. The Purpose for which non-public consumer data is collected and used
The Non-public consumer data collected by the Company are used in all stages of its business relationship with consumers to be able to provide the services and products based on the client services agreement and business relationship with the clients. In other words, the Company needs to collect the data explained above for the performance of its contractual obligations towards clients. In addition, processing of personal data takes place to be able to complete our client on-boarding/acceptance procedures as explained below as well as to ensure the provision of high-quality services to its clients.
Furthermore, the Company is subject to several laws and regulations including anti-money laundering laws and financial services laws while it is under the supervision of competent authorities such as Financial Services Authority in Seychelles whose laws, regulations and circulars apply to the Company. For this purpose, the Company is required to comply and collect certain data during the client onboarding and ongoing monitoring of clients as well as transactions and/or request information from clients for risk mitigation/management reasons.
At the beginning of the Company’s – consumer relationship, non-public consumer data such as full name, address and telephone number are required by the Company to authenticate/verify the identity of a client. Identifying the true identity of a client is of crucial importance for the Company, as it enables the Company to identify, assess, mitigate, prevent and investigate possible fraudulent activity.
In the course of the Company’s – consumer relationship, non-public consumer data such as the risk aversion, income and profession of a client are required by the Company to assess the appropriateness of the products and services it provides to consumers. In addition, using the consumer’s data the company is able to manage the client’s account and/or inform the client about any products or services that may be of his/her interest. Apart from the aforesaid, the data can be used by the Company for statistical purposes with the aim of improving its products and services as well as to update clients on any issues that might arise regarding their business relationship with the Company.
Lastly, non-public consumer data are necessary at the stage at which a client decides to terminate its relationship with the Company. In this stage, non-public consumer data might be used for the purpose of resolving and/or assessing the history of a client’s complaint. It is noted that such data are kept by the Company for a period of 7 years from the date of the client’s last transaction with the Company.
6. Security practices and procedures to safeguard non-public consumer data
The Company implements the required procedures for safeguarding the security, integrity, and confidentiality of information, considering the nature of the information to be stored.
Agents or third parties that assist the Company to provide its services to clients shall maintain the confidentiality of non-public consumer data and use such information only in the course of providing their services, based on the Company’s directions.
The Company monitors the activities of agents and third parties acting on its behalf on the basis of the relevant agreements that are in place for each business relationship.
The security of non-public consumer data is of utmost importance for the Company. For this reason, the Company implements a number of procedures on the accessibility and protection of data.
Specifically, non-public consumer data is only accessible by employees who need the specific information in order to operate, develop or improve the Company’s services. Such individuals are bound by confidentiality and are subject to internal disciplinary procedures in case they fail to meet their obligations.
The accessibility of non-public consumer information by employees is based on the following principles:
- Differentiation of the access rights according to the level of each employee
- Protect systems by defining access privileges, control structures and resources
- Responsibility measures for the illegal rendering of the information to the employees of the Company and by individuals outside the Company.
- Encryption of sensitive information
For the purpose of restricting any unauthorized access and the protection of data from external threats, all personal computer units of the Company are equipped with up-to-date antivirus systems. The installed antivirus systems are updated daily in order to protect the Company’s internal network from any virus or other harmful/malicious software and files.
7. Collection of non-public consumer data
7.1 Processing of data
The processing of non-public consumer data is carried out through the information processing systems used by the Company. The data collected from consumers are only processed and analysed by the employees of the Company who have the required authority and rights to use such data. The Company treats unauthorized access to data by employees as a serious violation of the Company’s internal policies and procedures. To this end, any unauthorized access to non-public consumer data by employees is subject to disciplinary procedures, without prior notice.
The Client can request from the Company to restrict and/or terminate the processing of his/her Personal Data at any time and the Company shall duly consider such request based on the Applicable laws and regulations.
7.2 Intended recipients
The intended recipients of non-public consumer data shall be the employees of the Company who possess the required rights and authority to access such data. In addition, any agent’s or third parties acting on behalf of the Company should be considered as intended recipients of the data only in case such data is required in the course of providing their services, based on their agreement with the Company.
7.3 Financial Consumer Data Rights
The Client may exercise the following rights in relation to the non-public data the Company holds by sending an email at info@darwinex.com .
- Right to review.Every financial consumer has the right to review his/her non-public consumer data stored by the Company, upon request to the Company.
- Right to correct or amend.Every financial consumer has the right to correct or amend his/her non-public consumer data stored by the Company, upon request to the Company.
8. Storage of non-public consumer data
The Company undertakes all reasonable and appropriate organisational, physical and technical measures for the protection of non-public consumer data against unlawful access, destruction, misuse or accidental loss.
Non-public consumer data are being stored on the various databases of the Company located on the Company’s server and cloud. For the purpose of protecting the stored data the Company implements the procedures analysed in Section 5 of this manual.
For safeguarding the Company’s recorded data from possible loss, the Company implements consistent, reliable and documented back up procedures. The back up procedure is automatic and take place once per day in two different storage spaces as follows:
- Automatic Save(Systems performs automatic save of critical data of the server). The backup data will be saved on the second hard disc within the server as well as on a hard disc of a separate hard disc. This method is used for quick recovery of the data in case of loss of the server only.
- On cloud on a daily basis. This method is primarily used for the creation of back up files for reference. The said items when physically saved, they will be kept in a fireproof safe not located in the same premises as the rest of the computer hardware.
The IT Function is responsible for the creation of the backup files and the change of the Back-up hard disks. The software which backs up the data issues a report, which needs to be checked by the Head of the IT Function. The hard disks, which are numerous in number and on several servers, are checked daily.
In case of information loss that cannot be retrieved from the Cloud back up data of the previous day, the representative officer shall retrieve any available information from the Company’s CRM system.
The Company keeps client’s non-public consumer data on record for a period of seven (7) years from the date of the last transaction of the client with the Company. In case there is an investigation against any customers the documents will be kept according to the instructions of the investigating authority.
The Company will be able to retrieve the relevant documents/data without undue delay and present them at any time to the local authorities if requested.
9. Disclosure of non-public consumer data
The Company may disclose non-public consumer data to a third party in the following circumstances:
- If the financial consumer has been informed about the disclosure and he/she has consented in writing to the disclosure.
- If the third party to which the data will be disclosed has been authorized by the financial consumer to obtain the data from the Company.
- If the Company is required to disclose the non-public consumer data under mandated Credit Reporting or under any other law or by a court order.
9.1 Voluntary Disclosure
Apart from the above circumstances, the Company might disclose the consumer’s non-public data to third parties, on the basis that the consumer has voluntarily consented to this Policy, as described in section 10 below.
10. Client Consent
At the stage of establishing a business relationship with the consumer, the Company obtains the consumer voluntary consent to this policy. Such consent is obtained before the offering of any services to the consumer.
The Company may obtain the consumer’s consent electronically in the form of a general agreement through the acceptance of the client services agreement and/or consider clients who have received and agreed to this policy electronically as clients who have given their consent to the disclosure of their non-public consumer data.
11. Amendments to Policy
The Company reserves the right to make changes to this Confidentiality Policy from time to time for any reason and the client will be notified of such changes by posting an updated version of this Confidentiality Policy on the website. The client is responsible for regularly reviewing this Confidentiality Policy and the use of this website after any such changes are published, shall constitute an agreement to such changes.
12. How to contact us
The Consumer can extend any questions or requests he/she might have in relation to his/her data stored by the Company by sending an email at info@darwinex.com and/or through a call at +248 4379866.