September 2022
Important information
In accordance with Article 24 GDPR (EU) 2016/679, taking into account the nature, scope, context and purposes of processing, as well as the risks to the rights and freedoms of natural persons, Tickmill Ltd has implemented appropriate technical and organisational measures to ensure compliance with the General Data Protection Regulation (GDPR) as amended from time to time. This Policy provides to data subjects, information on who we are, how and why we collect personal data, the types of data collected, how data is used, when and with whom it may be shared and how data is stored safely. It also provides information on data subjects’ rights in relation to their personal data being processed by us and on how to contact us and the supervisory authority in the event of a complaint. This policy has been drafted in compliance with the requirements of the GDPR.
Who we are
Tickmill Ltd (“Tickmill”, “us”, “our” or “we”), a company registered in Seychelles and whose registered office is at 3 F28-F29, Eden Plaza, Eden Island, Seychelles. We collect, use and are responsible for certain personal information about you. We comply with the General Data Protection Regulation which applies across the European Union and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
In the process and following your registration as a client for a demo or live account with us and/or filling any other form on our Website, subscribing to our services, news or offers, marketing communications or posting material or contacting us via our communication methods, the following information about you (“Your Data”) will be collected and stored for business, educational, service related, and/or legal purposes.
We will limit the collection of personal information to what is necessary to administer our business and carry out our regulated activities in an effort to provide you with superior service.
Information that you provide to us directly:
Personal information, such as names, addresses, personal registration number, national identification number, passport number and e-mail addresses etc (“Personal Information”), and
Financial information such as: trading experience and employment information for appropriateness assessment (not personal data per se as this data do not identify any individual).
However, the meaning of data is not limited to the above. It is also personal data resulting from observation of your activities (e.g. where using a device or service).
This may include:
History of website usage or search activities, details of your visits to our Website including, communication data;
Traffic and location data; or
Website traffic pattern information, including IP addresses, operating system and browser type, for system administration and to report aggregate information to our advertisers. This information is only used in masked or aggregated form, which means that the individual user is not identifiable.
Communications between you and Tickmill via Live Chat, email, or telephone call.
Your e-mail address may be used by Tickmill in relation to its products and services (including any marketing campaigns related to these products or services). If you do not wish to receive such marketing material and marketing communications, you can opt-out at any time by clicking on ‘unsubscribe’ or by sending an email to [email protected].
The type of data collected and purpose of collection
The type of data we collect along with the purpose for collection is listed below:
Personal data type: | Purpose: |
Personal information such as gender, name, date of birth and address | To meet our anti money laundering (AML) and other regulatory obligations in relation to Know Your Client (KYC) and client due diligence. To verify your identity using our verification processes. |
Contact information (email address and phone number) | In order to send you correspondence in relation to the services provided and to fulfil our regulatory and compliance obligations |
Employment information, financial information, relevant education and trading experience | In order to comply with KYC obligations and in order to meet our regulatory obligations relating to assessing the appropriateness of our products and services for each client |
Ethnicity, citizenship and social security numbers or national identity and passport numbers. Proof of photo ID, address verification | In order to comply with KYC and regulatory trade reporting and other AML obligations |
Unique device number (IP address) and device information including version of web browser you use | When you visit our website, navigate through the pages or fill in any forms, we may collect your unique device number or IP address in order to set up your profile |
Financial sanctions and credit header information | In order to perform our electronic AML screening checks and to comply with other fraud detection policies. This may generate further information on your credit history, criminal convictions or political interests leading to us making decisions based on the results of these checks |
How we use your personal information
We use information held about you in the following ways:
To communicate and contact you, and to provide you with products and services that you request from us or, where you have consented to be contacted, for products and services that we feel may be of interest to you
Managing and administering the products and services provided to you
Keeping you updated as a client in relation to changes to our services and relevant matters
Provide, improve, test, and monitor the effectiveness of our Services
Develop and test new products and features
Monitor metrics such as total number of visitors, traffic, and demographic patterns
Diagnose or fix technology problems
To carry out our obligations arising from any contracts entered between you and us
We may also use your data, or permit selected third parties and our processors to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by email
To notify you about updates to the website
We may also use your data, or permit selected third parties and our processors to use your data for business development services
To send out newsletters or information about other opportunities that we believe will be of interest to you; only if you have provided your consent. You can opt-out from receiving marketing communications at any time by clicking on our email ‘unsubscribe’ option or by sending an email request to [email protected].
To promote safety and security. We use the information we have to help verify accounts and activity, and to promote safety and security on our regulated services, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect your account using teams of IT specialists, automated systems, and advanced technology such as encryption
Call recording
All telephone calls inbound and outbound are recorded. The recordings are stored on secure systems and accessed if required for: business purposes, monitoring of employees, to investigate or resolve complaints or for any legal obligation that Tickmill is required to adhere to. We engage service providers who abide to applicable data protection legislation for the operation of our telephone systems.
We may be permitted or required to disclose a call recording (including personal data) without your explicit consent (under applicable legislation) if Tickmill has a legal obligation to do so. The legal basis for processing your personal data, retention periods and your rights in relation to your information can be found in this Policy.
Who we share your personal information with
We do not disclose personal information to third parties without your consent unless specified in this Policy.
We also impose strict restrictions on how our processors can use and disclose the data we provide. We disclose only what is necessary to third parties to perform their contractual obligations with us. Here are the types of third parties we share information with:
Service providers and other partners: We transfer information to service providers (processors), and other partners who globally support our business, such as providing technical infrastructure services, trading platforms analysing how our Services are used such as measuring the effectiveness of ads and services, providing client service and support, client on-boarding, client identity verification, including PEPs and sanctions, conducting marketing communications and design, services related to our website management, services related to software and business development services.
Measurement and Analytics Services: Partners who use our analytics services like Google Analytics (Non-Personally Identifiable Information Only). We do not share information that personally identifies you (personally identifiable information is information such as name or email address that can by itself be used to contact you or identifies who you are) with advertising, measurement or analytics partners.
Tickmill performs extensive due diligence before choosing processors. Our processors provide sufficient guarantees that they implement appropriate technical and organisational measures in such a manner that processing will meet GDPR requirements and ensure the protection of the data subjects’ rights.
We ensure that any contract signed between us and our processors is binding as per applicable legislation. The contracts will be setting out the subject-matter and duration of the processing, the nature and purposes of the processing, the type of personal data and categories of data subjects and the risk to the rights and freedoms of the data subjects. Contracts will also include the specific tasks and responsibilities of the processor in the context of the processing to be carried out.
After the completion of the processing, the processor(s) should, at the choice of the controller, return or delete the personal data, unless there is a requirement to store the personal data under Union or Member State law to which the processor is subject.
This data sharing with our processor(s) enables us to proceed, for instance, with our regulated activities and duties (i.e KYC) in order to meet our regulatory obligations. Some of those third party recipients (processors) may be based outside the Seychelles; if the third party recipient is located outside the Seychelles in a country not ensuring an adequate level of data protection, the transfer will only be completed if a written agreement has been entered into between Tickmill and the third party ensuring an adequate level of data protection.
We may be required or permitted, under applicable legislation, to disclose personal data without your explicit consent, for example, if we have a legal obligation to do so, i.e for court proceedings, investigation of complaints, criminal sanctions etc.
Cookie Data
We use cookies and similar technologies to provide and support our Services. We will use cookies to distinguish you from other users of our website.
For more information about cookies and how we use them, please read our Cookies Policy.
How we respond to legal requests or prevent harm
We access, store and share your information with regulators, law enforcement parties/agencies or others by request:
We may need to respond to legal, regulatory or judicial requests and/or court orders.
We may need to detect, prevent and address fraud, unauthorised use of our services or products, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or products), you or others, including part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive information from third-parties about the reliability of your account in order to prevent fraud, abuse and other harmful activity on and off our products.
Information we receive about you (including financial transactions, deposits and withdrawals) can be processed and stored for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigation of possible violations of our terms or policies, or otherwise to prevent harm.
Your rights
Under the GDPR you have a number of important rights. In summary, those include rights to:
Fair processing of information and transparency over how we use your use personal information
The right to access personal data
The right to request that your personal data is corrected or updated if found to be inaccurate or out of date
The right to request that your personal data is erased where it is no longer necessary. We might not be able to comply with your request for legal reasons (if any) which will be communicated to you
Right to data portability: to receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party (another controller) in certain situations.
The right to withdraw consent to processing at any time, where relevant
The right to object at any time to processing of personal information concerning you for direct marketing purposes
The right not to be subject to a decision which is based solely on automated processing, including profiling, which may have legal effects or significantly affect you
The right to object in certain circ*mstances our continued processing of your personal information
Restrict our processing of your personal information in certain circ*mstances.
If you would like to exercise any of those rights, please:
Email, call or write to us at [email protected] or contact our Data Protection Officer at [email protected]
Provide adequate identification information (i.e account number, user name, registration details),
Provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
Let us know the information to which your request relates, including any account or reference numbers (if available)
If you would like to unsubscribe from any emails or marketing communications, you can also click on the ‘unsubscribe’ button at the bottom of the email communication or by sending an email to [email protected].
Legal basis for processing personal data
Reasons we can collect and use your personal information
Lawful basis for processing
Under the GDPR, there must be a lawful basis for all processing of personal data (unless an exemption or derogation applies). We rely on:
Contractual performance: Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the entry into a contract to engage in regulated activities.
Compliance with legal obligations: Tickmill (as a controller) has to comply with legal obligations.
Legitimate interest: Data will only be processed where necessary for the purposes of the legitimate interests pursued by Tickmill, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects which require protection. For instance, it is a legitimate interest of Tickmill to process personal data of potential client(s) in order to expand the business and develop new business relations. Tickmill will provide information to data subjects on the relevant legitimate interest if processing is based on this provision.
In any other case, we will require your consent to process your personal information. Such consent must be given freely and can be withdrawn at any time. We might use your personal information for marketing communications. You can opt-out from such communications at any time by clicking on ‘unsubscribe’ or by sending an email to [email protected].
Keeping your personal information secure
We store your personal data in secure computer storage facilities. We have appropriate security measures in place to keep them confidential, prevent accidental loss, misuse, modification, disclosure or unauthorised access.
We limit access to personal information to those who have a genuine business need to know. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and the regulator of any suspected data security breach if we are legally required to do so.
Data retention Period
For audit trail purposes, Tickmill shall hold personal data for a period of at least seven years in order for us to comply with our record keeping obligations under the Anti-Money Laundering Laws.
At the end of that period, we will delete all personal data relating to you, unless a legal requirement requires us to keep the data for a prolonged period of time, or the Data Subject has expressly consented to their data being held for an extended period of time.
What happens in the event of a change of control
If there is a change of control/ownership at Tickmill (i.e, in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your personal information may be transferred accordingly. You will not lose access to your account(s) or the right to claim any of your rights under this Privacy Policy. The new controllers will be required to abide to the requirements of this Privacy Policy.
How to complain or resolve your queries
How to contact us:
We hope that our client support or our Data Protection Officer can resolve any query or concern you raise about your personal information.
If you are a resident of the EEA or UK, you also have the right to complain to your local data protection supervisory authority. You can find them here: https://ec.europa.eu/newsroom/article29/items/612080
If you wish to contact us with any queries, concerns or complaints, you can email us at [email protected] or write to: 3 F28-F29, Eden Plaza, Eden Island, Seychelles or call us at +248 4347072 or + 852 5808 2921 or contact our Data Protection Officer at [email protected].
National requirements
Tickmill complies with European data protection legislation. We shall obey to national legislation if a higher level of protection of personal information is required. We ensure that our policies/ procedures are in accordance to applicable legislation and are complied with at all times.
Changes to this Privacy Policy
This privacy notice was published in May 2018 and last updated in September 2022. We shall inform you via email or via our official website for any changes to this Privacy Policy.
Do you need extra help?
If you would like this notice in another format, please contact us (see ‘How to contact us’ above).
