To be transparent on how we handle client data, give clients control of their data and help us meet European GDPR regulation we have taken the following measures:
- Documented client data we store, how we store it, why we store it and how we use it.
- Provided a tool so clients can have control over their data and how we use it.
- Work on an opt-in subscription system
Data we collect
XGLOBAL Markets is a regulated investment firm so we are obligated to collect KYC documentation as well as communication, personal and financial information from clients. We have a duty to keep this information on record for 5 years following account inactivity; after which time we are permitted to delete it. This means we store photo identification and proof of address documentation as well as emails, telephone calls, contact details, address information, financial information and anything else provided during the account application or while the account is being operated.
How we collect data
We collect document or personal/financial information through electronic forms, paper forms, email, telephone or in-person.
How we store data
We store client data in secure Amazon and Microsoft datacentres located in the EU. We also store physical hard copies of certain information such as paper forms, certified documents or contracts at our HQ offices in Cyprus.
How we secure data
Client data (documents and data provided by electronic forms) is only ever uploaded or downloaded using secure SSL connections, which are enforced. This means there is no option for clients to upload or XGLOBAL employees to download in non-SSL secure way.
We encrypt our databases and drives wherever possible.
All our systems have scheduled backups so that in the event of hardware failure or corruption we will not lose client information. All our office terminals have their data backed up using an encrypted enterprise backup solution, Acronis Cloud.
Hard copies are kept securely in the offices of management, compliance or back office departments. These offices are not open plan.
How we use client data
Client data is used for the following purposes:
- KYC and account validation purposes
- Categorising clients as professional or retail
- Categorising clients into various risk profiles
- Contacting clients with respect to client requests
- Contacting clients to inform them of important account information
- Contacting clients to provide them technical analysis
- Contacting clients to provide them newsletters or special offers
How clients can control their data
Clients may contact us at any time and ask us to contact them by preferred methods. We will update our systems and will only contact them moving forward as they have requested. Clients may go further and ask us to delete their data (within the constraints of the financial regulation). If they do so we will remove them from the marketing database, however we are obliged to maintain their account records for 5 years following account inactivity. If 5 years has passed we will remove their data entirely from our systems. If not they will only be removed from the marketing database. In the event we need to contact them about important financial or legal matters within this time period we may do so, but only in these cases.
Clients can control their communication preferences using the following link:
Communication Control Tool
Clients can request we delete their data by sending an email to email@example.com.
Opt-in subscription system
Clients need to opt-in in order to receive our newsletters and marketing communication.