PRIVACY POLICY  

KQ Markets Europe Ltd is a limited company by shares incorporated and registered under the laws of the Republic of  Cyprus under registration number HE 427857. KQ Markets Europe Ltd is a tied agent of StoneX Europe Ltd  (www.forex.com/ie), a Cyprus Investment Firm (CIF) company registered to the Department of Registrar of Companies and  Official Receiver with a Registration Number HE409708, and authorized and regulated by the Cyprus Securities &  Exchange Commission (CySEC) under license number 400/21. For more information please visit  https://www.forex.com/ie/terms-and-policies/importantinformation/ 

The Company is committed to protect individuals’ personal data in line with the requirements of applicable law.  The Company’s commitment applies to all individuals whose personal data it may process.  

“Personal Data” means any information relating to an identified or identifiable natural person. The Company acts as  controller in relation to such personal data.  

This Privacy Policy or Notice describes what types of personal data we collect about you when you choose to use our  services, how we will use your personal data, when and with whom we share it and how we will keep it safe. It also  details your rights in respect of our processing of your personal information and how you may exercise them. Please  take the time to read and understand this policy.  

We may make changes to this Notice from time to time and it is important that you check this Notice for any updates.  Any personal information we hold will be governed by our most current privacy notice. If we make important changes to  this Notice, we will communicate them to you.  

Please note that this notice is addressed to customers and potential customers.

1.  Personal Data that we may collect:  

When you create an account with the Company, we may require you to provide your first and last name, e-mail  address, details about your financial status, your residential address, phone number, date of birth, a copy of your  national identity card or passport or driving licence, a copy of a recent utility bill/bank statement (or similar) as  evidence of your residential address, credit card or bank card details, Tax residence and Tax Identification Number,  profession and employment details, knowledge and experience in trading, risk tolerance and risk profile and other  information we may consider necessary to our functions and activities and in order to be in a position and be  permitted to provide our services to you.  

If the Company requests you to provide to it personal data and you fail to do so the Company may not be in a position  to provide a service and/or enter into an agreement with you, in which case it will inform you accordingly.  

The above mentioned data are collected by the Company when you are going to open a trading account with the CIF.  It is required by the AML Law (the Prevention and Suppression of Money laundering and Terrorist Financing Law No.  188(I)/2007, as amended from time to time) and CySEC’s AML Directive that the Company and the CIF collect the  necessary data for verifying your identity, constructing your economic profile, monitoring your account and verifying  the source of funds (when it is necessary). Additionally, we use this data to set up and administer your trading account, provide technical and customer support. 

We use cookies to store and collect information about your use of our Website. Cookies are small text files stored by  the browser on your equipment’s hard drive. They send information stored on themback to our webserver when you   access our Website. These cookies enable us to put in place personal settings and load your personal preferences   to improve your experience. You can find out more about our cookies on our “Cookies Policy” available on our   Website.  

If you are a corporate client, we are required to collect information related to the legal entity (e.g. corporate and  constitutional documents), additional personal information on the shareholders, directors and other officers that we deem  as necessary in order to be compliant with our legal and regulatory requirements.  

We shall record any communications, electronic, by telephone, in person or otherwise, that we have with you in  relation to the services we provide to you and our relationship with you. These recordings will be our sole property  and will constitute evidence of the communications between us. It should be noted that as a tied agent of the CIF we  are obliged by Law 87(I)/2017 to keep records of all telephone conversations and electronic communications that are  related to the provision of client order services that relate to the reception and transmission of client orders, for five  years, or for up to seven years if requested by CySEC.  

2. Legal Ground for personal Data processing:  

We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the  specific purpose for which we are using your data.  

The Lawful Basis are the following: 

• to perform our contractual obligations towards you 
• to be compliant with applicable legal and regulatory requirements
• to pursue our legitimate interests  

Where our use of your personal information does not fall under one of the above-mentioned Lawful Bases we will  require you to provide your consent. Such consent shall be freely given by you and you will have the right to withdraw your consent at any time by contacting us, using the contact details set out in this Privacy Notice or by unsubscribing  from email lists.  

3. How we use your personal data:  

Client information which the Company holds is to be treated by the Company as confidential and will not be used for  any purpose other than in connection with the provision, administration and improvement of the Services, anti-money laundering and due diligence checks, for research and statistical purposes and for marketing purposes. Information  already in the public domain, or already possessed by the Company without a duty of confidentiality will not be  regarded as confidential.  

The Company has the right to disclose Client information (including recordings and documents of a confidential  nature, card details) in the following circumstances:  

(a) where required by law or a court order by a competent Court.  

(b) where requested by CySEC or any other regulatory authority having control or jurisdiction over the Companyor the Client or their associates or in whose territory the Company has Clients.  

(c) to government bodies and law enforcement agencies where required by law and in response to other legal  and regulatory requests; 

(d) to relevant authorities to investigate or prevent fraud, money laundering or other illegal activity; 

(e) where necessary in order for the Company to defend or exercise its legal rights to any court or tribunal or  arbitrator or Ombudsman or governmental authority;  

(f) to such an extent as reasonably required so as to execute Orders and for purposes ancillary to the provision  of the Services;  

(g) to payment service providers and banks/credit institutions processing your transactions; 

(h) to auditors or contractors or other advisers auditing, assisting with or advising on any of our business  purposes; provided that in each case the relevant professional shall be informed about the confidential  nature of such information and commit to the confidentiality herein obligations as well;  

(i) only to the extent required and only the contact details to other service providers who create, maintain or  process databases (whether electronic or not), offer record keeping services, email transmission services,  messaging services or similar services which aim to assist the Company collect, storage, process and use  Client information or get in touch with the Client or improve the provision of the Services under this  Agreement.  

(j) only to the extent required, to other service providers for statistical purposes in order to improve the  Company’s marketing, in such a case the data will be provided in an aggregate form.  

(k) where necessary in order for the Company to defend or exercise its legal rights to any court or tribunal or  arbitrator or Ombudsman or governmental authority.  

(l) to anyone authorised by you. 

(m) to an Affiliate of the Company or any other company in the same group of the Company.  

(n) to any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions  or other relevant agreements.  

(o) to successors or assignees or transferees or buyers, with fifteen (15) Business Days prior Written Notice to  the Client; this will happen in the event that the Company decides to sell, transfer, assign or novate to a  third party any or all of its rights, benefits or obligations under the Agreement with you or the performance  of the entire Agreement subject to providing fifteen (15) Business Days Prior Written Notice to the Client.  This may be done without limitation in the event of merger or acquisition of the Company with a third party, reorganisation of the Company, winding up of the Company or sale or transfer of all or part of the business  or the assets of the Company to a third party.  

(p) Client Information is disclosed in relation to US taxpayers to the Inland Revenue in Cyprus, which will in turn report this information to the IRS of the US according to the Foreign Account Tax Compliance Act (FATCA)  of the USA and the relevant intergovernmental agreement between Cyprus and the US.  

4. The safety of your personal data  

The Company takes the appropriate measures to ensure a level of security appropriate to protect any personal  data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to  personal data transmitted, stored or otherwise processed. 

The Company implements appropriate technical and organisational measures such as data encryption, access  management procedure, two factor authentication, clean desk policy, business continuity and disaster recovery.  Additionally, the Company limits access to the Client’s personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process the Client’s personal data on the  Company’s instructions and they are subject to a duty of confidentiality.  

Your personal data may be stored electronically or in paper form.

5. How we treat your personal data for marketing activities and whether profiling is used for such activities 

We may process your personal data to tell you about products, services and offers that may be of interest to you  or your business.  

The personal data that we process for this purpose consists of information you provide to us and data we collect  and/or infer when you use our services. This information helps the Company to improve its services, customise  browsing experience and enables it to inform its clients of additional products, services or promotions relevant  to clients. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating  certain personal aspects in order to provide you with targeted marketing information on products.  

We can only use your personal data to promote our products and services to you if we have your explicit consent  to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.  

You have the right to object at any time to the processing of your personal data for marketing purposes, which  includes profiling, by contacting at any time the Company the following e-mail address:  

dataprotection.en@kqmarkets.com 

How long we store your personal data for  

We will only retain your personal data for as long as we reasonably require it for legal or business purposes subject to a maximum of 5 years. In determining data retention periods, we take into account local laws, contractual  obligations and the expectations and requirements of our customers. When we no longer need personal data,  we securely delete or destroy it.  

Where you have opted out of receiving marketing communications we will hold your details on our suppression  list so that we know you do not want to receive these communications.  

6. Transfers of personal data to third countries 

Copies of your agreement with us may be transferred to, and stored at banking institutions in a destination  outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who  works for one of our suppliers or Affiliate companies. We will take all steps reasonably necessary to ensure that  where we carry out such transfers this will be made subject to applicable laws and where required subject to the  appropriate safeguards. You may contact the Company in order to be informed of the appropriate or suitable  safeguards (as the case may be).  

When we transfer your data to other third parties outside the EEA such transfers will comply with the General  Data Protection Regulation (Regulation EU 2016/679, and hence we may in some cases rely on a Commission  Adequacy decision, or appropriate safeguards (e.g. applicable standard contractual clauses, binding corporate 

rules, the EU-US Privacy Shield or any other equivalent applicable arrangements) or other grounds provided by  the GDPR.  

You may contact the Company in order to be informed of the appropriate or suitable safeguards. 

7. Your rights as a data subject 

Right of access – you have the right to request from us to provide you with a copy of the personal data that we  hold about you.  

Right of rectification – you have a right to request from us to correct the personal data that we hold about you  that is inaccurate or incomplete.  

Right to be forgotten – you have a right to request from us in certain circumstances to erase your personal data  from our records. In case that these circumstances apply to your case and provided that no exception to this  obligation applies (e.g. where we are obliged to store your personal data in compliance with a legal obligation  under Cypriot or EU law), the Company acting as your controller will erase your personal data from its records.  

Right to restriction of processing – you have a right to request from us where certain conditions apply, to restrict  the processing of your personal data.  

Right of portability – you have the right to request from us where certain conditions apply, to have the data we  hold about you transferred to another organisation. Where these conditions apply, the Company will transfer  your personal data to another organisation.  

Right to object – you have the right to object on grounds relating to your particular situation, to certain types of  processing such as direct marketing or where we are relying on a legitimate interest (or those of a third party)  and there is something about your particular situation which makes you want to object to processing on this  ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we  have compelling legitimate grounds to process your information which override your rights and freedoms.  

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you  have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right  only applies to automated information which you initially provided consent for us to use or where we used the  information to perform a contract with you.  

Right to withdraw consent where we are relying on consent to process your personal data. However, this will not  affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your  consent, we may not be able to provide certain products or services to you. We will advise you if this is the case  at the time you withdraw your consent.  

In respect to the aforementioned rights, we will respond to requests for personal data and, where applicable, will correct, amend or delete your personal data. You can send the relevant request to the following e-mail address:  

dataprotection.en@kqmarkets.com  

We may charge you a reasonable fee when a request is manifestly unfounded, excessive or repetitive, or we  receive a request to provide further copies of the same data. In this case we will send you a fee request which  you will have to accept prior to us processing your request. Alternatively, we may refuse to comply with your  request in these circumstances. 

8. Restriction of responsibility 

The Company is not responsible for the privacy policies or the content of sites to which the Company’s  website links and has no control of the use or protection of information provided by the clients or collectedby those sites. 

The Company shall not be liable for information provided by the client to any linked websites which are  not operated by the Company. Please note that such information is recorded by a third party and will  be governed by the privacy policy of that third party.  

9. Contacting us about this Policy or making a complaint 

If you have any queries about the contents of this Policy, or wish to inform us of a change or correction  to your personal data, would like a copy of the data we collect on you or would like to raise a complaint  or comment, please contact us using the details set out below:  

E-mail: dataprotection.en@kqmarkets.com  

If you wish to exercise any of these rights, please contact us at dataprotection.en@kqmarkets.com.  Please note that you may be required to prove your identity for us to be able to service you. We respond  to all requests we receive in accordance with applicable data protection laws within a 1 month period.  In case that your request takes us longer than one month, we will notify you accordingly and keep you  updated. In this respect it should be noted that the information to be provided as a result of exercising  your right shall be provided free of charge. Nonetheless and where requests are manifestly unfounded  or excessive, in particular because of their repetitive character, the Company may either:  

(a) charge a reasonable fee taking into account the administrative costs of providing the  information or communication or taking the action requested; or  

(b) refuse to act on the request.  

If you are not satisfied with our response to your complaint and/or your request was not handled within  the timeframes specified, you have the right to lodge a complaint with our supervisory authority, the  Cyprus Data Protection Commissioner.  

Alternatively, you also have the right to lodge a complaint with the data protection authority of your  country of residence.  

You can find information a You can find information about how to contact the Cyprus Data Protection  Commissioner on the following website: http://www.dataprotection.gov.cy