Privacy Policy

PRIVACY POLICY – AUGUST 2019

Version 1.0

1. POLICY STATEMENT

Trust Capital TC Ltd (hereinafter the "Company", "we", "our", "us") intends to fully comply with all requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the "Regulation") and of the Law 125(I) of 2018 Providing for the protection of natural persons with regard to the processing of personal data and for the free movement of such data(hereinafter the "Law"), in so far as they affect its activities.

2. INTRODUCTION

Trust Capital TC Ltd needs to collect and use the personal data about its employees, visitors, potential active and terminated clients and other individuals who are accessing or using the Company’s website(s) and mobile applications and come into contact with the Company.

In collecting and using personal data, the Company is committed to protecting an individual’s right to privacy with regard to the processing of personal data, therefore this Privacy Policy Notice (hereinafter the “Privacy Notice”) is hereby adopted in compliance with the Regulation and with the Law to support this commitment.

The Privacy Notice ensures that Trust Capital TC Ltd:

  • Complies with the REGULATION (EU) 2016/679;
  • Complies with the Law 125(I) of 2018;
  • Protects the rights of individuals related to the Company;
  • Is transparent about how the Company collects, use, storage, access, discloses, transfers and destructs individual’s data;
  • Protects the Company from the risks of a data breach.

The Company respects and values your data privacy rights and makes sure that all personal data collected from you are processed in adherence to the general principles of data protection as set out in the Regulation EU 2016/679. In accordance these principles, the personal data shall be:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

The Policy applies to all personal data that the Company holds relating to identifiable individuals.

3 PROCESSING OF PERSONAL DATA

3.1 Collection

The lawfulness of collection and processing of personal data by the Company is based on:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • the necessity to comply with its legal obligations;
  • for the performance of a contract to which is a party or in order to take steps at the request of a prospect client prior to entering into a contract;
  • for the Company's legitimate interests.

3 PROCESSING OF PERSONAL DATA

3.1 Collection

The lawfulness of collection and processing of personal data by the Company is based on:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • the necessity to comply with its legal obligations;
  • for the performance of a contract to which is a party or in order to take steps at the request of a prospect client prior to entering into a contract;
  • for the Company's legitimate interests.

3.1.1 Collection of personal data of clients and other individuals

In order to receive more information, register for a demo account, open a trading account with the Company or for any other business relationship, you are requested to complete the Application Form. By completing the Application Form and providing your personal information, you enable the Company to evaluate the application and comply with the relevant laws and regulations governing the provision of financial services. The same information will be used by the Company to contact you regarding the offered services.

The Company collects sufficient evidences and information of potential clients and other individuals for their identity verification process, subject to its legal obligations.

These evidences and information include:

  • Personal information you provide to the Company on applications and other forms, such as your name, surname, address, telephone number, email address and fax number if exist,
  • Date of Birth,
  • Gender,
  • Certified and translated copy of passport or ID,
  • Original or certified and translated copy of bank statement or Utility Bill,
  • Tax information,
  • CV,
  • Bank Reference,
  • Information on profession or occupation,
  • Name of employer, if exist,
  • Information about his/her economic profile (size of wealth, source of wealth, income source),
  • IP address;
  • Details about Bank account, e-wallets and credit card;
  • Tax information
  • Any other information that the Company might request from time to time in order to comply fully with its regulatory obligations.
  • The Company may collect additional personal data for its clients under its legal obligation, update the personal data that processes and collect other additional personal data under any new legal requirement the Company is subject, as well as, personal data information not obtained from the data subject.

In case a potential client has not become a client of the Company, the Company shall destroy his/her Personal data the soonest.

3.2 Use

The Company applies security measures for the protection of the personal data in use. The Security measures include technical and organisational procedures. please ensure that the Company implements appropriate technical and organisational measures in order to be able to demonstrate that processing is performed in accordance with GDPR Regulation EU 2016/679.

The Company restrict access to personal information to employees who need to know the specific information in order to operate, develop or improve our services. These individuals are bound by confidentiality and will be subject to penalties if they fail to meet these obligations.

The personal data that the client provides are highly protected and can be accessed by the client using his/her selected password. This personal data is safely stored in the Company's servers that only authorized personnel have access to it through access rights.

The Company encrypts all personal data to prevent unauthorized parties from viewing or access such information.

3.2.1 Use of personal data of clients and other individuals

Personal data collected shall be used by the Company for the client's identity verification process subject to its legal obligations and to decide for the establishment or not and the continuation of a business relationship with the client.

The personal data collected by other individuals is in use by the Company for a specific purpose, such for example the use of personal data for providing more information following a request for a business relationship.

The Company may use your personal information for one or more of the following purposes:

  • to confirm/verify your identity;
  • to assess your appropriateness/suitability to the products and services we provide;
  • to process your transactions;
  • to manage the account the client holds with the Company;
  • to provide you with transaction and post transaction related services;
  • to inform you of products and/or services that may be of interest to you;
  • to keep you updated on the issues that are relevant to your business relationship with us;
  • to analyse statistical data to enable us to provide you with better products and/or services;
  • to enhance the security controls of the Company's networks and systems;
  • to identify, assess, mitigate, prevent and investigate fraudulent activity of any kind that is forbidden by the relevant legislation;

  • to defend possible legal claims;
  • sharing your personal data within the Company's Group (if applicable) for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework;
  • risk management.

3.3 Storage of personal data

The Company applies relevant measures to protect the personal data that processes against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access as well as against any other unlawful processing. the measures that the Company shall implements for the storage of the personal data in use are relevant to the above yellow highlighted sentence under point 3.2. Please ensure that these measures are in place.

The Company keeps personal data physically/on Paper and electronically.

3.4 Disclosure

Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose and to authorised recipients of such data. Authorised recipients may include third parties with whom the Company has a contractual agreement for the provision of a service and shall refer as partners of the Company.

The Company's partners maintain the privacy of your information to the same extent the Company does in accordance with the Privacy Notice, Regulation and Law. Non-affiliated companies that assist the Company in providing services to you are required to maintain the confidentiality of such information and to use your personal information only in the course of providing such services for the purposes that the Company dictates and within the ambit of the Regulation and Law.

Authorised recipients of Personal Data may be for example:

  • technological experts that appointed by the Company to support the smooth operation of Company's systems;
  • platform providers;
  • payment service providers/credit institutions for facilitating the incoming and outgoing payments of the Clients;
  • governmental authorities and regulatory bodies;

  • fraud prevention agencies, third party authentication service providers, verification/screening service providers;
  • data reporting service providers in order the Company to be able to meet its regulatory obligations;
  • external consultants and outsourced functions' providers
  • Data Protection Officer in case the Company decides to be outsourced.

3.5 Transfer

Where the Company will transfer personal data to a third country or international organization, the Company will ensure that:

a) there is a decision by the Commission that the third country, the territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection; or

b) appropriate safeguards in accordance with the Regulation are in place and on condition that enforceable data subject rights and effective legal remedies for data subjects are available; or

c) when there is an absence of a decision by the Commission as described above and appropriate safeguards are not in place, the transfer shall take place in accordance the relevant provisions of the Regulation

Where the Company cannot ensure that the transfer is based on any of the provisions under point a) and b) above and none of the specific conditions referred under point c) above is applicable, the Company may transfer personal data to a third country or to an international organisation only if the transfer complies with the provisions of relevant article of the Regulation.

3.6 Impact Assessment

The Company shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects and systems involving the processing of personal data prior to a type of processing that in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of data subjects. please refer to article 35 of the Regulation EU 2016/679 and ensure that the Company keeps a process internally when it is required

3.7 Destruction

After the storage period, as defined below under the paragraph "4. For how long the Company keeps your personal data", is ended, the Company will destroy hard copies of personal data and personal data that are kept electronically. Please ensure that the measures referred under the yellow highlighted sentence of point 3.2 shall include also the process of destruction of personal data.

4 FOR HOW LONG THE COMPANY KEEPS YOUR PERSONAL DATA

The Company will keep personal data for no longer that is necessary for the purposes for which the personal data is processed. The Company will keep personal data of clients during the time of business relationship.

In accordance with Company's legal obligations, at the time the business relationship of the Company with the Client terminates, the Company will keep client's personal data for a period of at least five (5) years, which is calculated after the termination of the business relationship. The Company may keep personal data for longer than 5 years in cases where the personal data cannot be deleted for legal, regulatory or technical reasons.

5 SUBJECT TO CONSENT

In case the process of personal data requires your consent, such consent will be provided in accordance with the express written terms which govern the Company's business relationship (which are available on the Company's website(s), as amended from time to time) with you, or any other contract the Company may have entered into with you or as set out in Company's communication with you from time to time. Please ensure for the green highlighted

6 PROCESSING FOR OTHER REASON

The Company will ask to receive data subject's consent in any case will process data subject's personal data for a purpose other than that for which personal data have been collected.

7 DATA SUBJECTS RIGHTS

All individuals who are the data subject of personal data held by the Company are entitled to the below rights as these are defined in the Regulation and in the Law, unless these rights are subject to a restriction under the same Regulation and Law:

  • Right of access. You have the right to request a copy of your personal data which the Company holds about you. The Company will provide a copy of your personal data that is undergoing
  • processing. For any further copies requested by you, the Company may charge a reasonable fee based on administrative costs. please delete gray highlighted sentence if the Company shall not apply such rule (i.e. no fees will be applied) You can send an email to dpo@trustcapitaltc.com asking for a copy of your personal data that is undergoing processing.

  • Right to rectification. You have the right to request from the Company to rectify any inaccurate personal data concerning you.
  • Right to erasure. You have the right, under certain circumstances as these are defined in the Regulation, to obtain from the Company the erasure of your personal data.
  • Right to restriction of processing. Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction on further processing, in accordance with the Regulation.
  • Right to data portability. Where the processing is based on consent or on a contract and the processing is carried out by automated means, you have the right to receive the personal data and have the right to transmit those data to another controller.
  • Right to object. Where applicable under the Regulation, you have the right to object to the processing of your personal data.
  • Right not to be subject to a decision based solely on automated processing, including profiling. In cases the Company will use automated processing (e.g. through automatic profiling / appropriateness test), for a decision concerning you or significantly affects you, you can request not to be subject to such a decision unless the Company can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and the Company. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our services or products with you, if we agree to such request (i.e., end our relationship with you).

  • Right to withdraw your consent. Where the processing is based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, send an email to dpo@trustcapitaltc.com asking to withdraw your consent.
  • Right to lodge a complaint with a competent authority. In such case, the company asks the data subject in the first instance to contact the Company at the email dpo@trustcapitaltc.com.

The Client can exercise any of the above rights by contacting the Company through email at dpo@trustcapitaltc.com or by post at postal address: 23 Olympion Street | Libra Tower | Office: 202 3035 Limassol | Cyprus.

The requested information will be provided free of charge. The company reserves the right to charge a reasonable fee taking into account the administrative costs of providing the information orcommunication or taking the action requested; or refuse to act on the request, if in case your request is manifestly unfounded or excessive. please delete gray highlighted sentence if the Company shall not apply such rule (i.e. no fees will be applied)

8 RECORDING OF TELEPHONE CONVERSATIONS AND OF ELECTRONIC COMMUNICATION

The Company records, monitors and processes any telephone conversations and/or electronic communications between the Company and you such as through phone, fax, email, social media, electronic messages, either initiated from the Company’s side or your side. All such communications are recorded and/or monitored and/or processed by the Company, including any telephone conversations and/or electronic communications that result or may result in transactions or your order services even if those conversations or communications do not result in the conclusion of such transactions. The content of relevant in person conversations and/or communications with you may be recorded by minutes or notes. Any such records shall be provided to you upon request at the same language as the one used to provide investment services to the data subject.

9 COOKIES

For more information about the Cookies the Company uses please read our Cookies Policy.

10 BREACH AND SECURITY INCIDENTS

Breach of security leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Company is responsible for ensuring immediate action in the event of a security incident or personal data breach. The Company has in place procedures to deal with any suspected personal data breach and will notify you and the relevant competent regulator (http://www.dataprotection.gov.cy) of a breach where the Company is legally required to do so. If you require further information on how the Company deals with a Data Breach, please contact us at dpo@trustcapitaltc.com. please ensure that the Company has in place internally the procedures to follow in case of a data breach

The Company has in place procedures to deal with any suspected personal data breach and will notify you and the relevant competent regulator (http://www.dataprotection.gov.cy) of a breach where the Company is legally required to do so. If you require further information on how the Company deals with a Data Breach, please contact us at dpo@trustcapitaltc.com. please ensure that the Company has in place internally the procedures to follow in case of a data breach

11 INQUIRIES AND COMPLAINTS

For any inquire relevant to the processing of personal data, the data subject may contact the Company at:

Address: 23 Olympion Street | Libra Tower | Office: 202 | 3035 Limassol | Cyprus
Web: www.trustcapitaltc.com
Tel: +357 25378899
Fax: +357 25388577
Email: dpo@trustcapitaltc.com

In case of a complaint, the company asks the data subject in the first instance to contact Trust Capital TC Ltd at the email dpo@trustcapitaltc.com.

For any type of inquiry or complaint, the Company may request the provision of additional information necessary to confirm the identity of the data subject who makes the request or complaint.

12 VALIDITY

This Privacy Notice is effective this 30th day of Augsut, 2019, until revoked or amended by the Company.

The Company reserves the right to change or amend the Privacy Notice without further notice to you, provided that the changes do not significantly reduce your rights under the Privacy Notice. If the Company makes material changes to the Privacy Notice, the Company will notify you by email or by means of a notice on our home page or by changing the version of the document including the date of the update which will be visible to the first page of this document. The latest and prevailing version of the Privacy Notice will at all times be available at www.trustcapitaltc.com. Any revised Privacy Notice will be effective immediately upon posting on our Web Site.

13 LEGAL DISCLAIMER

The Company reserves the right to disclose your personal data as required by the Regulation and the Law and when the Company believes that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served. The Company will not be liable for misuse or loss of personal data resulting from cookies on the Company’s site(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorized use of your personal data due to misuse or misplacement of your passwords, negligent or malicious.