This Policy is the property of Skilling Ltd. Reproduction in whole or in part in any way including the reproduction in summary form, the reissue in a different manner and any changes in the original Policy (V.02) or any translated version is strictly forbidden and is only allowed with the prior written consent of Skilling Ltd. This Policy was last updated on 01 November 2021.
1.1. This policy is the property of Skilling. The reproduction in whole or in part in any way including the reproduction in summary form, the reissue in a different manner and any changes in the original manual or any translated version is strictly forbidden and is only allowed with the prior written consent of Skilling.
1.2. SkillingLimited(hereafter the"Company”, "we,''"our"), is responsible as ‘controller’ for the protection of privacy and the safeguarding of clients’ personal and financial information pursuant the General Data Protection Regulation (“GDPR”). By opening a trading account with us, the client (hereinafter referred to as the “ Client”, you``, '' your'') hereby gives its consent to such collection, processing, storage, and use of personal information by the Company as explained below.
1.3. This Policy may be changed from time to time and it is important that you check this Policy for any updates. If the changes effected are considered to be important, we will communicate them to you.
1.4. Pleasenotethatthisnoticeisaddressedtocustomersandpotentialcustomers.Employees, contractors to Skilling or a third-party service provider of Skilling, any personal information we collect will be used in connection with your employment contract, your contractual relationship or in accordance with our separate policies which are available by contacting us.
2. SKILLING GROUP OF COMPANIES
2.1. This privacy notice applies to the processing activities of the following data controller entities within the Skilling group of companies, which are:
2.1.1. Skilling Limited (including Skilling UK Branch), a company registered in Cyprus and whose registered office is Athalassas 62 Avenue, Strovolos, 2012 Nicosa, CY and who is registered and regulated by the Cyprus Data Protection Commissioner,
2.1.2. Skilling UK Limited, a company registered in Cyprus and whose registered office is 9 Leinster Square, London, England, W2 4PL and who is registered and regulated by the Information Commissioner,
2.1.3. Skilling (Seychelles) Limited, a company registered in Seychelles and whose registered office is Suite 4G, Global village, Jivan’s Complex, Mont Fleuri, Mahe, Seychelles and who is registered and regulated by the Seychelles Data Protection Commissioner,
2.1.4. Skilling group of companies including Skillpro Malta Ltd (Malta), and Propero Technologies SL (Spain) performs significant processing on behalf of the other entities of the Skilling group. Therefore if you are a customer of the non- European entity(s) of the group we process your personal data in accordance with this notice and you are entitled to the same protection and rights mentioned in this notice.
3. YOUR RIGHT TO PRIVACY
You are advised that these rights do not apply in all circumstances. You are entitled to: In summary, these rights include:
3.1. Right to Information
You have the right to request disclosure of the personal information we hold about you.
3.2. Right of Access
You may request access to your personal data that we collect, process and store, including how and why we process your personal data, and how long we intend to store your personal data as shown in this Policy.
3.3. Right to Rectification
You may request that we rectify any inaccurate or update or complete incomplete personal information that changes from time to time. We will then correct our records, and notify any third parties to whom such personal information may have been transmitted.
3.4. Right to Erasure
You may request that we erase your personal information, and we will comply provided your personal data is no longer necessary in relation to the purposes for which we collected or otherwise processed.
3.5. Right to Object(Restriction) of Processing
You may request that we withdraw processing your personal information. The right to object/ restrict of Processing may be requested by you in the below circumstances:
i) where our use of the data is unlawful, but you do not want us to erase it;
ii) where you want us to establish the data’s accuracy;
iii) where you need us to hold the data although we may no longer require it as you need it to establish, exercise, or defend legal claims; or
iv) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
3.6. Right to Data Portability
You have the right to move or transfer your personal information in a structured format, using a secure method, and within a month of receiving the request. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information (i.e. not to hard copies) which you initially provided consent for us to use or where we used the information to perform a contract with you.
3.7. Right to Withdraw your Consent(Opt-Out)
You have the right to opt-out of marketing and/or trading communications by clicking on the "unsubscribe" link in the marketing emails you receive from us. Alternatively, you can manage your preferences, by logging into your account and selecting the type and the means of communications you want to receive or stop receiving (email, SMS). It shall be noted that you may change these preferences at any time. You further agree that the following may apply:
i) Once you exercise your right to unsubscribe/opt-out, we will refrain from reaching out to you regarding any email alerts, promotions, weekly content, announcements, updates, festive greetings, and/or invitations to events;
ii) Any amendments in our Business terms and conditions and/or Client agreement and/or any announcements that may have an impact on your account with us and/or any other substantial notification will still be communicated to you even if you unsubscribe.
3.8. Right to Avoid Automated Decision-Making
We run automated decisions at account opening, to assess whether the offered products or services are appropriate for you based on the information you provide to us, and to understand the risk involved when trading our products.
3.9. Please complete the personal data request by email using the registered email address you disclosed to us, to the following email address: by emailing firstname.lastname@example.org.
3.10. If you wish to exercise any of the above rights, please send an email to email@example.com. Please note that you may be required to provide us with your identification information in order to be able to manage your request within a reasonable time.
3.11. We may charge you a reasonable fee when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. In this case we will send you a fee request which you will have to accept prior to us processing your request. Alternatively, we may refuse to comply with your request in these circumstances.
4. TYPES OF PERSONAL INFORMATION WE COLLECT
4.1. Wecollectthenecessaryinformationrequiredtoopenaclient’stradingaccount, and to provide clients with the services they require. We may collect certain personal information including but not limited to:
Categories of personal data
Marital status, ID, identification data, images...
Last names, names and addresses, passport or ID cards images, job title, mobile number, email address, birth date, criminal records, IP address, etc
Economic and financial information (income, financial situation, tax situation, etc.)
Bank account details, personal tax identification numbers, source of funds/ wealth, e-wallets account details/ credit card details, CRS/ FATCA declaration (self-certifications form), transaction history (withdrawal/ deposits), trading history (Account ID, Net deposits (first time), most traded symbols), etc
Social Security Number (or NIR)
Social security numbers or personal numbers or National Insurance Number (NINO) or CONCAT (Concatenation – for MiFID II purposes, this is a sequence of personal unique information used to identify the natural person. It is an 18-digit alphanumeric code made up of the individual’s date of birth and their name, taking up to the first five characters of their first name only, followed by the first five characters of their family name)
5. HOW WE COLLECT YOUR PERSONAL INFORMATION
5.1. Direct Interactions. You provide us with personal information through completion of the registration process, upload identity documents, carry out transactions, communicate through instant live-chat, telephone or email.
5.2. Use of automated technologies or interactions. When using our services, your device automatically transmits to us its technical characteristics. Locale is implemented for smooth processing of your personal information to produce the best possible service while using our platforms.
5.3. Use of our web services. We retain data from IP address, cookies files, browser data or operating system used, the date and time of access to the site, and the requested pages addresses allows us to provide you with the optimal operation on our web application, mobile app and/or desktop versions of our application and monitor your behaviour for the purpose of improving the efficiency and usability of our services.
6. HOW WE USE YOUR PERSONAL INFORMATION
6.1. *Your personal information maybe used as well as disclosed by as us as follows:
6.1.1.Payments, trading, communication, electronic verification apps and platforms providers which are provided to us by third parties: Trustly Group, Sofort GmbH, Neteller, Skrill, Swish, AppsFlyers, BankID, Trulioo and other providers with whom we have contractual agreements;
6.1.2. consultants and other service providers who have been contracted to provide us with services such as administrative, online marketing, analytics, and financial, regulatory, compliance, insurance or other services;
6.1.3. introducing brokers and affiliates with whom we have a mutual relationship;
6.1.4.competent authorities, and third-party providers (auditors or contractors or other consultancy firms) where such disclosure is required in order to enforce or apply our Terms and Conditions of Service or other relevant agreements;
6.1.5. payment service providers, credit card processors and banks processing your transactions;
6.1.6. other companies within the Skilling group who provide financial, technical and other services;
6.1.7. Any person authorised by you through a limited power of attorney.
6.2. We endeavour to disclose to these third parties only the minimum personal data that is required to perform their contractual obligations to us. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.
6.3. Our websites or our apps may have links to external third-party websites. Please note, however, that third party websites are not covered by this privacy notice and those sites are not subject to our privacy standards and procedures. Please check with each third party as to their privacy practices and procedures.
6.4. We may process your information in accordance with the principles of lawfulness, fairness, transparency, and always adhering to the intended purpose of data processing, the principle of data minimization, accuracy, limited data storage, data integrity, confidentiality, and accountability.
6.5. We record and store personal information in hard copy files, electronic devices (computers, laptops, servers), and other records where we endeavor to protect it from damages, loss, internal or external fraud, unauthorized access, modification, or disclosure.
6.6. The Company may keep your personal data for longer than five (5) years for legal, regulatory, and/or any other obligatory reason. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
6.7. Pursuant to the investment services and anti-money laundering laws, we are required to retain copies and evidence of the actions taken by us in regard to your identity verification, transaction monitoring, trading history, recorded communications (i.e. chats, emails, calls), complaints handling as well as records that reflect our compliance with regulatory obligations and fulfillment of Client agreement with clients. Such evidence must be maintained for a period of a minimum of five years after termination of our business relationship, or more retention period upon regulator’s request (if applicable).
7. CONSENT AND ACKNOWLEDGEMENT OF DATA SUBJECT
7.1. We may process your personal data for one or more legal and lawful basis of processing (“Lawful Basis”) determined by each purpose for which we may require your personal data.
7.2.1. to perform our contractual obligations towards you
7.2.2. to be compliant with the legal and regulatory requirements
7.2.3. to pursue our legitimate interests
7.3. Where our use of your personal information does not fall under one of these three lawful basis we require your consent. Your free consent shall be required in this event, and you have the right to withdraw your consent at any time by contacting us using the contact details set out in this privacy notice or by withdrawing your consent.
☑ You agree we may use personal data provided by you through our website or otherwise and personal data provided during our business relationship to communicate with you for marketing promotional purposes as well as to provide you with market news and analytical reports through different channels like include calling you, sending emails, notifications through your online account portal and sms notifications including push notifications.
7.4. WehavetheobligationtocollectandstoreyourpersonalinformationinaccordancewiththeAnt-money laundry laws and regulation. This information is referred to as Know Your Client information which is performed through our customer due diligence process of identifying and verifying your personal identity, transactional, financial, and other data.
7.5. We intend to store your personal information in our records for five (5) years or longer if required by law and where it is required of us to do so in relation to the fulfillment of our services.
8. TRANSFER OF PERSONAL INFORMATION OUTSIDE THE EUROPEAN UNION
8.1. We may transfer the client’s personal information and/or data outside the EU/EEA subject to the below conditions, and ensuring appropriate and suitable safeguards based on (a) the Standard Contractual Clauses (“SCC”) as adopted by the European Commission; or (b) the EU has designated a country as providing an adequate level of data protection; (c) through approved model contracts or binding corporate rules; (d) implementing Binding Corporate Rules for Processors or (e) by complying with an approved certification mechanism, e.g. EU-US Privacy Shield (if applicable), as permissible under the limited additional provisions of the GDPR. Some of our third-party providers (processors) may be based outside the European Economic Area (EEA) or European Union (EU); if a firm is located outside EEA/EU in a jurisdiction without adequate level of data protection, the transfer can only be completed if a transfer agreement based the EU Standard Contractual Clauses (including clauses on safeguard data).
9. HOW WE MANAGE YOUR PERSONAL INFORMATION
9.1. Any organizations outside the Skilling Group who handle or collect or process personal information acknowledge the confidentiality of such information, undertake to respect any individual’s right to privacy and comply with all relevant data protection laws and this privacy notice.
We ensure that personal data protection management conform to the below conditions:
9.2. enrolment of employees to training programmes regarding personal information to respect the confidentiality of customer information;
9.3. regularly prompt passwords updates and two-factor authentication when accessing our systems;
9.4. apply data encryption technologies during data transmission across networks or electronic devices;
9.5. regulate backupdates, deploy firewalls, and virus scanning tools to protect against unauthorized access of our systems;
9.6. use of shredders to destroy hard copies which contain sensitive data;
9.7. InstalledCCTVs, and security alarms to protect against unauthorized access to our premises.
10. THIRD-PARTY CONTENT ON OUR WEBSITE AND SECURITY MEASURES
10.2. Pleasenotethatsuchinformationisrecordedbyathirdpartyandwillbegovernedbytheprivacypolicy of that third party, and those sites are not subject to our privacy standards and procedures.
10.3. In the event of any Data breach which poses risk to your personal information, we will notify you within 72 hours of first having become aware of such breach (without undue delay).
10.4. The cookie may be enabled to gather, use and manage data from mobile devices through softwares that uses advanced encryption mechanisms. Such information includes the brand, type and hardware token of the mobile device transferred to us during registration of the device in the application and it is used for explicit identification of the applicant or application and the mobile device.
10.5. The Company’s services are not available for persons who are not of a legal age (“Minors”). We disclaim any liability for any unauthorized use by minors of our online services, trading platform in any manner or another.
11. HOW TO RESOLVE A COMPLAINT
11.1. Yourpossibleprivacyconcernsareimportanttous.Wearecommittedtoresolvinganycomplaintandto attending to answering general questions about our services or personal information that we collect, store and how it is used. If you are not satisfied with our response to your complaint, you have the right to further submit a complaint with the Office of Commissioner for Personal Data Protection or our Supervisory Authority. You may further submit a complaint with your Personal Data Protection Authority in your country of residence.
11.2. We will promptly respond to your requests, but depending on the complexity or number of requests we revert back to you in less than a month of the receipt of your request and keep you updated.
11.3. You may exercise your right by submitting written complaints or general questions about your personal information by emailing to: firstname.lastname@example.org.