Effective: 25 May 2018
What is a Privacy Notice?
The use of “AFEX” in this Privacy Notice refers to the entity that either you or your organisation maintains an account with. This includes Associated Foreign Exchange Limited and its branches, Associated Foreign Exchange Ireland Limited, AFEX Markets Plc, and AFEX Offshore Limited.
AFEX is a data controller. This means that AFEX is responsible to decide how to use your information. This Privacy Notice refers to information relating to a natural person as “Personal Data.” The collection, use, and disclosure of your Personal Data is governed by this Privacy Notice. Specifically, this Privacy Notice will address:
- The types of Personal Data we collect about you
- How we use Personal Data
- How we store and protect your Personal Data
- Who we share Personal Data with
- Your rights in relation to Personal Data
If you have any questions about AFEX’s privacy practices, please contact us.
What Personal Data do we collect?
AFEX collects the following Personal Data:
- Authentication Data. This includes full legal name, home address, personal telephone numbers, documents that verify address and personal telephone numbers, personal email address, online contact details, date of birth, country of domicile, passport information, driving licence information, and signature authorisation.
- Professional Data. This includes name of employer, title, position held, duration of employment, work address, work phone number, and work email address.
- Customer Access Data. This includes user name and password to log into AFEXDirect or any other online system, which allows you to access our products and services, location data, and website access information.
- Financial Data. This includes assets, financial relationship information, financial account information, sources of wealth, salary and other income information, documentation to support sources of wealth and income information, and financial transaction information.
- Credit and Background Data. This includes credit and criminal checks and screening information, but only to the extent required or permitted by law.
Failure to provide certain Personal Data may affect our ability to provide or continue to provide the requested services to you or your organisation.
How do we collect Personal Data?
AFEX collects your Personal Data from different sources, including from:
- You directly
- Your employer
- Other AFEX legal entities
- Publicly available sources
- Internally maintained sources
- Other natural persons or legal entities
It is important to stress that if you provide Personal Data for another person, you must tell them how to access this Privacy Notice and ensure that they aware of AFEX’s use of their information for the purposes detailed in this Privacy Notice.
Why do we collect Personal Data?
AFEX collects, processes, and uses Personal Data in order to:
- Provide products and services. AFEX uses your Personal Data to execute or perform payment solutions or foreign exchange contracts.
- Adhere to legal and regulatory requirements. AFEX uses your Personal Data to comply with laws, regulations, and legal obligations applicable to AFEX. As a financial institution, AFEX must adhere to various anti-money laundering and counter-terrorist financing obligations. Such obligations include, “know your customer” requirements, the detection and prevention of fraud and theft, and the deterrence of the use of AFEX’s services for illegitimate or prohibited purposes. These obligations also require AFEX to retain your Personal Data for recordkeeping. AFEX may also use your Personal Data to monitor and report compliance issues, or respond to legal process.
- Business purposes. AFEX uses your Personal Data to improve its products and services, to maintain its websites and online platforms, to provide customer service, and to enhance your overall customer experience. Personal Data is also used to ensure the security of your account and the protection of your Personal Data.
Who do we share your Personal Data with?
AFEX may share Personal Data, to the extent necessary, with the following parties:
- Affiliated Entities. This includes, but is not limited to, Associated Foreign Exchange Holdings, Inc.; Associated Foreign Exchange, Inc.; PT AFEX Indonesia; AFEX Global Holdings Ltd.; Associated Foreign Exchange, ULC; Associated Foreign Exchange Australia Pty. Ltd.; Associated Foreign Exchange (Schweiz) AG; AFEX Hong Kong Ltd.; and Associated Foreign Exchange (Singapore) Pte. Ltd.
- Service Providers. This includes information technology providers or other service providers that act under AFEX’s instruction to process your Personal Data to carry out business services, information technology services, identity authentication services, security management services, anti-money laundering services, fraud prevention services, customer services, or marketing services. Service Providers are subject to contractual obligations that require the implementation of appropriate technical and organisational security measures to safeguard Personal Data. Further, Service Providers are bound by contract to only process Personal Data as instructed by AFEX.
- Banking Partners and Non-bank Financial Institutions. This includes any party used by AFEX to facilitate a payment transaction you requested.
- Government and Judicial Authorities. This includes all regulatory bodies, law enforcement bodies, courts, and government agencies that may either permit or require the disclosure of Personal Data by law or regulation.
- External Auditors. This includes independent parties used to audit AFEX’s operations. External Auditors are subject to contractual obligations that require the implementation of appropriate technical and organizational security measures to safeguard Personal Data and may only use Personal Data to the extent permitted by AFEX.
- Business Transfers and Combinations. AFEX may sell, buy, restructure or reorganize its businesses or assets. In the event of any actual or proposed sale, merger, reorganization, restructuring, dissolution or any similar event involving our business or assets, AFEX may share Personal Data with the relevant entity.
- Other Persons. This includes persons engaged by AFEX to collect any debt you have with us, persons and tribunals used by AFEX to assert or defend its rights or interests, or parties used to investigate fraudulent activities or suspected fraudulent activities.
The recipients of Personal Data identified above may be located in jurisdictions outside the European Union that may not provide the same level of data protection as your home nation. Such transfers may be necessary in order to provide you with our products and services. Where required, AFEX will establish appropriate data transfer agreements with these recipients. These data transfer agreements may include terms based on European Union Model Contractual Clauses with respect to Personal Data transferred outside the European Union, or otherwise provide appropriate safeguards regarding transfers of Personal Data to other countries. Additionally, AFEX may rely on the European Commission’s adequacy decisions about certain jurisdictions.
How long do we keep your Personal Data?
We will keep Personal Data no longer than necessary to fulfil our recordkeeping requirements established by law or regulation. Occasionally, AFEX may maintain Personal Data beyond recordkeeping periods established by law or regulation in response to a regulatory audit, investigation, or other legal matter.
How do we keep your Personal Data safe?
AFEX will safely store Personal Data in its information technology systems. All Personal Data is held and maintained by AFEX or on behalf of AFEX by its Service Providers. AFEX takes appropriate measures to promote the accuracy of Personal Data. All Personal Data is maintained in accordance with applicable security requirements. In an effort to prevent the loss, misuse, unauthorised access, disclosure, alteration, or destruction of Personal Data, AFEX takes appropriate legal, organisational, and technical measures. AFEX takes appropriate organisational and technical measures to ensure that Personal Data is only accessed by its employees that use such data to carry out their dedicated tasks.
What are your Personal Data rights?
You are entitled to appropriate control and oversight over what your Personal Data. This Privacy Notice provides an overview of your Personal Data rights.
- Right of Access. You can ask AFEX for a description of the Personal Data we hold about you and our purposes for holding it.
- Right to Rectification. You can ask AFEX to amend, revise, or otherwise correct your Personal Data if you determine that the Personal Data is inaccurate or incomplete.
- Right to Erasure. You can ask AFEX to permanently erase or destroy your Personal Data if you determine that its use is no longer necessary, if you believe we are using your Personal Data in an inappropriate manner, or if you withdraw your consent. You can also exercise the Right to Erasure after you object to AFEX’s use of your Personal Data.
- Right to Restriction of Processing. You can request that AFEX temporarily cease use of your Personal Data when you exercise your Right to Rectification, immediately after you exercise your Right to Object, when you believe use is unlawful, or when you wish for AFEX to maintain, but not use, your Personal Data beyond certain period of time.
- Right to Data Portability. You have the right to receive all your Personal Data maintained by AFEX. AFEX must provide your Personal Data in a structured, commonly used, and machine-readable format. You also have the right to request that AFEX, where technologically feasible, securely transmit your Personal Data to a third party. The Right to Data Portability only relates to Personal Data AFEX processes based on your consent or by contract.
- Right to Object. You have the right to object to AFEX’s processing of your Personal Data where such processing is based on our legitimate interests, on public interests, or where AFEX acts under an official authority. You may also object if we use your Personal Data for direct marketing.
In certain circumstances, AFEX may be required by law or regulation to use your Personal Data even after your request to delete or restrict our use of it. In these events, AFEX takes reasonable measures to use your Personal Data in a lawful, fair, and transparent manner. At any time, you have the right to initiate a complaint with a data protection supervisory authority within the European Union.
How can you revoke consent for AFEX to use your Personal Data?
To the extent that consent is required by applicable law and our collection, use, disclosure or other processing of Personal Data is not otherwise permitted by applicable law, by providing Personal Data to AFEX, you consent to the collection, use, disclosure, cross-border transfers to countries outside the European Union, and other processing of Personal Data as detailed in this Privacy Notice.
You may revoke consent at any time by providing notice to AFEX’s Data Protection Officer. The Data Protection Officer’s contact information is listed below.
How do you exercise your Personal Data rights?
AFEX has a dedicated Data Protection Officer to respond to requests, questions, or concerns about your Personal Data rights. You may contact our Data Protection Officer at:
Attn: AFEX Data Protection Officer
Telephone: +44 (0)207 004 3939
Can AFEX amend this Privacy Notice?
We will modify this Privacy Notice as a result of amendments to laws or regulations, or due to other reasons involving changes in our operations. Any amended Privacy Notice will be posted on AFEX’s website. If contractually obligated to do so, AFEX will provide notice within a reasonable time of any amendment. The page providing the Privacy Notice will indicate the date when it was last updated.
AFEX’s Global Operations
In order to provide you with our products and services, it is necessary for AFEX to operate globally. Associated Foreign Exchange, Inc., our United States affiliate company, complies with the EU-US and Swiss-US Privacy Shield principles. We will refer to these as “Privacy Shield.” The Privacy Shield governs the collection, use, sharing, and retention of personal information from the European Union and Switzerland. These are described in greater detail in our EU-US Privacy Shield certification and Swiss-US Privacy Shield certification.
In the event you have a Privacy Shield related question or complaint, please contact our Data Protection Officer. If you have a dispute with us about our adherence to Privacy Shield, we will seek to resolve it through our internal complaint resolution process. Alternatively, you may resolve the dispute through the independent dispute resolution body, TRUSTe, and, under certain conditions, through the Privacy Shield arbitration process.
Privacy Shield participants are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Under certain circumstances, participants may be liable for the transfer of personal information from the EU or Switzerland to third parties outside the EU and Switzerland.