Introduction
This Policy is in line with Article 24 GDPR (EU) 2016/679, taking into account the nature, scope, context and purposes of processing as well as the risks to the rights and freedoms of natural persons, HubrisSpace has implemented appropriate technical and organisational measures to ensure pursuance to the General Data Protection Regulation (GDPR). This policy stands the cornerstone to HubrisSpace compliance with GDPR and is reviewed and updated accordingly.
This Policy that provides data subjects with information on how HubrisSpace collects personal data, what they do with it and with whom it may be shared. This privacy notice has been drafted in compliance with the requirements of the General Protection Regulation, Regulation (EU) 2016/679, (the “GDPR”) and on the basis of the information Commissioner’s Code of Practice on “Privacy notices, transparency and control” and the Article 29 European Commission Guidelines on transparency under the GDPR.
We ask that you read this privacy notice carefully as we would like to inform you that your privacy on the internet is of crucial importance to us and it also contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are?
HubrisSpace (“us”, “our” or “we”) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and we are responsible as “controller” of that personal information for the purposes of those laws.
Data Controllers and Contracting Parties
Regardless of whether you reside inside or outside the “Designated Countries”, HubrisSpace will be the controller of your personal data provided to, or collected by or for, or processed in connection with our services and regulated activities.
Whether information has to be provided by you, and if so why
The provision of “Your Data” is required from you to enable us to provide our services. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
Information collected by us
In the course of your registration as a client, signing up for a demo or a live account with HubrisSpace or filling in any form on our Website, subscribing to our services, news or offers, marketing communications or posting material, the following information about you (“Your Data”) will be collected and stored for administrative, service related and/or legal purposes.
We will limit the collection of personal information to what is necessary to administer our business and carry out our regulated activities in an effort to provide you with superior service,
Information that you provide to us directly:
- Personal information, such as names, addresses, personal registration number, national identification number, passport number and email addresses etc (“Personal Information”), and
- Financial Information, trading experience and employment information for appropriateness assessment will also be collected.
However, the meaning of data “provided to” HubrisSpace is not limited to this. It is also personal data resulting from observation of your activities (i.e where using a device or service).
This may include:
- History of website usage or search activities, details of your visits to our Website including, communication data;
- Traffic and location data;
- Website traffic pattern information, including IP address, operating system and browsertype, forsystem administration and to report aggregate information to our advertisers. This kind of information is only used in masked or aggregated form, which meansthat the individual user will not be recognisable. These data do not identify any individual.
- Communications between you and HubrisSpace via Live Chat, email, or telephone call.
Your e-mail address may be used by HubrisSpace in relation to its products and services (including any marketing campaigns related to these products or services). If you do not wish to receive such marketing material and marketing communications, you can opt-out at any time by clicking on “unsubscribe” or by sending an email stating so to enquiries@HubrisSpace.com.
The type of data collected and purpose of collection
The type of data we collect along with the purpose for collection is listed below:
Personal data type | Purpose |
---|---|
Personal information such as gender, name, date of birth and address | To meet our anti money laundering (AML) and other regulatory AML and other regulatory obligations in relation to Know Your Client (KYC) and client due diligence. To verify youridentity using our verification processes. |
Contact information (email address and phone number) | In order to send you correspondence in relation to the services provided and to fulfil our regulatory and compliance obligations. |
Employment information, financial information | In order to comply with KYC obligations and in order to meet our regulatory obligations relating to assessing the appropriateness of our products and services. |
Ethnicity, citizenship and social security numbers or national identity and passport | In order to comply with KYC and regulatory trade reporting and other AML obligations. |
Proof of photo ID, address verification | In order to comply with KYC and regulatory trade reporting and other AML obligations. |
Unique device number (IP address) and device information including version of web browser you use | When you visit our website, navigate through the pages or fill in any forms, we may collect your unique device number or IP address in order to set up your profile. |
Financial sanctions and credit header information | In order to perform our electronic AML screening checks and to comply with other fraud detection policies. This may generate further information on your credit history, criminal convictions or political interests leading to us making decisions based on the results of these checks. |
How we use your personal information
We use information held about you in the following ways:
- To ensure that the content in our website is presented to you in the most effective manner and to improve the content of our website;
- To communicate with you and contact you and to provide you with products and services that you request from us or, where you have considered to be contacted, for products and services that we feel may be of interest to you;
- Managing and administering the products and services provided to you;
- Keeping you updated as a Client in relation to changes to our services and relevant matters;
- Provide, improve, test and monitor the effectiveness of our Services.
- Develop and test new products and features.
- Monitor metrics such as total number of visitors, traffic and demographic patterns.
- Diagnose or fix technology problems.
- To carry out our obligations arising from any contracts entered between you and us.
- We may also use your data, or permit selected third parties and our processors to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by email.
- To notify you about updates to the website.
- To send out newsletters or information about other opportunities that we believe will be of interest to you. We will only send this to you if you have indicated that you wish to receive such information and we will respect your wish not to do so if you communicate such wish to us. You can opt-out receiving marketing communications at any time if you do not wish to receive such marketing material by clicking on “unsubscribe” or by sending an email request to enquiries@HubrisSpace.com.
- To promote safety and security. We use the information we have to help verify accounts and activity, and to promote safety and security on our regulated services, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect your account using teams of IT specialists, automated systems, and advanced technology such as encryption.
Who we share your personal information with?
We will not rent or sell your information to third parties outside of HubrisSpace (or the group of companies of which HubrisSpace is part of) without your consent. We also impose strict restrictions on how our processors can use and disclose the data we provide. Here are the types of third parties we share information with:
- Service providers and other partners: We transfer information to service providers (processors), and
other partners who globally support our business, such as providing technical infrastructure services,
trading platforms analysing how our Services are used such as measuring the effectiveness of ads and
services, providing client service and support, client on-boarding, client identify verification, including
PEPs and sanctions, conducting marketing communications and design, services related to our website
management, services related to software and business development services.
We need to transfer personal data to recipients outside the European Union; these activities can include dealings with foreign public entities (only when necessary and under request), the outsourcing of services to external providers located outside the EU and/or processing the data outside the EU (i.e cloud computing, client identity verification and individuals from outside the EEA accessing to our webservices). - Measurement and Analytics Services: Partners who use our analytics services like Google Analytics (Non-Personally Identifiable Information Only). We do not share information that personally identifies you (personally identifiable information is information like name or email address that can by itself be used to contact you or identifies who you are) with advertising, measurement or analytics partners.
HubrisSpace does extensive due diligence before choosing processors assuring that they provide sufficient safeguards, in particular in terms of expert knowledge, data governance, data security, cyber resilience, reliability and resources to implement technical and organisational measures in such a manner that processing will meet the requirements of General Data Regulation and ensure the protection of the rights of the data subject.
The adherence of the processor to an SLA Contract is used as an element to demonstrate compliance with the obligations of the controller.
The carrying-out of processing by our processor it is governed by a contract other legal act under Union or Member State law, binding the processor to the controller.
This data sharing with our processor enables us to proceed with our regulated activities and duties to KYC in order to meet our regulatory obligationsrelating to assess the appropriateness of our products and services, provide support to clients, etc. Some of those third party recipients (processors) may be based outside the European Economic Area; if the third party recipient is located outside the EU/EEA in a country not ensuring an adequate level of data protection, the transfer will only be completed if a written agreement has been entered into between HubrisSpace and the third party. The written agreement shall be based on the Standard Contractual Clauses approved by the European Commission (and any updated versions). — for further information including on how we safeguard your personal data when these cases occur, see paragraph ‘Transfer of your information out of the EEA
We will share personal information with law enforcement or other authorities if required by applicable law.
Cookie Data
We use cookies and similar technologiesto provide and support our Services. When you use our website we will use cookies to distinguish you from other users of our website.
For more information about cookies and how we use them, please read our Cookies Policy.
How our global services operate
Transfer of your information out of the EEA
Information collected within the European Economic Area (“EEA”) will be transferred to countries outside of the EEA for the purposes described in this policy and relying on the lawful basis of contractual necessity and compliance with our legal obligations.
We and our processors when data is transferred outside the EEA utilise standard contract clauses approved by the European Commission and we adopt other means under European Union law and may obtain your consent to legitimise data transfers from the EEA to and other countries.
How do we respond to legal requests or prevent harm?
We access, preserve and share your information with regulators, law enforcement or others by request:
- We can respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognised standards.
- When we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorised use of the services or products, violations of our terms or policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), you or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive information from third-parties about the reliability of your account to prevent fraud, abuse and other harmful activity on and off our Products.
Information we receive about you (including financial transaction as data related to deposits and withdrawals) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or investigations of possible violations of our terms or policies, or otherwise to prevent harm. We also retain information from accounts disabled for terms violations for at least a year to prevent repeat abuse or other term violations.
Your rights
Under the General Data Protection Regulation you have a number of important rights if you are resident within the European Union. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information,
- The right to access personal data: via a Subject Access Request. Your request should be made in writing to enquiries@HubrisSpace.com
- We may ask you for proof of identity before providing you with the data. There is usually no charge for such requests, however in limited circumstances we may be able to charge an administrative fee (and we will inform you in response to your request if that is the case).
- The right to request that your personal data is corrected if it is found to be inaccurate: require us to correct any mistakes in your information which we hold.
- The right to request that your personal data is erased where it is no longer necessary. In some circumstances this right may not apply e.g. if there is some other compelling reason for us to keep or process your data (and we will inform you in response to your request if that is the case).
- Right to data portability: to receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party (another controller) in certain situations.
- The right to withdraw consent to processing at any time, where relevant i.e. where we are relying on your consent to process the data and not another legal reason for processing.
- The right to object at any time to processing of personal information concerning you for direct marketing.
- The right not to be subject to a decision which is based solely on automated processing, including profiling which produces legal effects concerning them or significantly affects them.
- The right to object in certain other situationsto our continued processing of your personal information.
- Otherwise restrict our processing of your personal information in certain circumstances.
If you would like to exercise any of those rights, please:
- email to us at enquiries@HubrisSpace.com
- let us have enough information to identify you (eg account number, username, registration details),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you would like to unsubscribe from any emailing or any marketing communications you can also click on the ‘unsubscribe’ button at the bottom of the email or by sending an email at enquiries@HubrisSpace.com stating so.
Legal basis for processing personal data
Reasons we can collect and use your personal information: Lawful basis for processing under EU data protection law, there must be a lawful basis for all processing of personal data (unless an exemption or derogation applies). We rely on:
- Contractual necessity Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract to conduct regulated activities, when processing is necessary for the entry into, or performance of contract with the data subject or in order to take steps at this or her request prior to the entry into a contract.
- Compliance with legal obligations Processing is necessary for compliance with our legal obligation. IC Markets Global has the necessity for compliance with a legal obligation.
- Legitimate interest Data will only be processed where it is necessary for the purposes of the legitimate interests pursued by HubrisSpace, and these interests or fundamental rights are not overridden by the interests, rights and freedoms of the data subject and that the processing would not cause unwarranted harm. For instance, it is a legitimate interest of HubrisSpace to process personal data on data subjects in order to expand the business, develop new business relations prevention of fraud, maintaining the security of our systems if/when necessary, enhancing, modifying or improving our services. The data subject must be given information on the specific legitimate interest if a processing is based on this provision.
Keeping your personal information secure
Your Data is stored and kept confidential according to the legislation on protection of personal data and processing thereof applicable in the jurisdiction in which HubrisSpace with which you have signed up is located.
We have appropriate security measures in place to prevent personal information from being accidentally lost, misused, modified, disclosed or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long your personal information will be kept
Data retention:
You can close your account any time, but for audit trail purposes, HubrisSpace shall hold personal data for a period of at least five years after closing the account in order for us to comply with our record keeping obligations under the Money Laundering Regulations 2020.
At the end of that period, we will delete all personal data relating to you, unless a legal requirement requires them to keep the data for a prolonged period of time, or Data Subject has expressly consented to their data being held for an extended period of time.
What happens in the event of a change of control?
If we sell or otherwise transfer part or the whole of HubrisSpace or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as name and email address and any other information collected through the Service may be among the itemssold or transferred. You will continue to own your User Content. The buyer or transferee will have to honour the commitments we have made in this Privacy Policy.
How to complain?
We hope that our Data Protection Officer, client support or compliance team can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. In the Seychelles the Data Protection Act (the 'Act') was enacted in 2003 (Act No. 9 of 2003) with the aim of protecting the fundamental privacy rights of individuals against the use of data concerning them without their informed consent. The Act will come into operation on such date asthe Minister notifies in the official Gazette.
How to contact us?
If you wish to contact us with any queries, concerns or complaints, you can email us at enquiries@HubrisSpace.com.
National requirements
HubrisSpace shall comply with both the GDPR and national data protection legislation.
If applicable national legislation requires a higher level of protection for personal data than such policies/guidelines, such stricter requirements are to be complied with. If HubrisSpace policies/guidelines are stricter than the local legislation, our policies/guidelines must be complied with.
Changes to this privacy notice
This privacy notice was published in May 2019 and last updated in November 2020.
We may change this privacy policy from time to time, when we will inform you via our Website or via email.
Do you need extra help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us(see 'How to contact us' above).