Effective Date: 1 June 2017
Associated Foreign Exchange, Inc. and its affiliates and subsidiaries in the European Economic Area (EEA) and Switzerland are hereby collectively referred to as “AFEX” or the “Company.”
- Aggregated Information - data or information relating to multiple people which has been combined or aggregated. Aggregated Information includes information that we create or compile from various sources, including card transactions or certain data from Cookies and Similar Technologies.
- Business Partners - any third parties with whom we conduct business and have a contractual relationship.
- Cookies and Similar Technologies - a cookie is a small data file that a website transfers to your computer's hard drive. We may place cookies when you visit our website or another company’s website where our ads appear or when you make purchases, request or personalise information, or register for certain services. If you accept the cookies used on our website, websites that are “powered by” another company on our behalf, or websites where our ads appear, you may give us access to information about your interests. We may use that information to personalise your experience. Similar technologies such as web beacons, pixels, gifs, and tags also do the same thing. We use the term Cookies and Similar Technologies in this statement to refer to all technologies that collect information in this way.
- De-identified Information - data or information used in a way that does not identify you to a third party. We often derive De-Identified Information from Personal Information. It includes information that we may collect from various sources, such as card transactions or certain data from Cookies and Similar Technologies.
- European Economic Area (EEA) – The EEA includes the following member countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
- IP Address - a number assigned to a device when connecting to the Internet.
- Online Information - data or information collected on AFEX websites and apps as well as on websites and apps of third parties relating to topics about our business which includes Personal Information, Aggregated Information and De-Identified Information.
- Other Information – AFEX internal information, external data that financial companies use to process applications and complete transactions, and other online and offline information we collect from or about you.
- Personal Information - information that can identify a person, such as name, addresses, telephone number, and email address.
- Service Providers - any vendor, third party and/or company that performs business operations on our behalf, such as printing, mailing, and other communications services (email, direct mail, etc.), marketing, data processing, servicing, collections, or ad management.
- Targeted Advertising - Ads we, or our Service Providers, display on websites outside the AFEX Group of Companies based on the preferences or interests inferred from data collected from a particular computer or device regarding web viewing behaviours over time and across different websites or, more generally, on data internally available to us (for example, transaction data).
- Third-Party Ad-Servers - companies that provide the technology to place ads on websites (and apps) and track how ads perform. These companies may also place and access cookies on your device. The information they collect from our websites is in a form that does not identify you personally.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Associated Foreign Exchange, Inc. has certified its compliance with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA) member countries and Switzerland to the United States. AFEX is committed to subjecting all personal data received from EEA member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield Framework, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov/list.
AFEX is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. AFEX complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA member countries and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, AFEX is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Notice of Information: We Collect, How We Use It and How You Control It
At AFEX, we are committed to safeguarding your privacy. We want you to know how we may collect, use, share, secure, and keep information about you, and the choices that are available to you regarding use, access and correction of your personal information. When we provide AFEX products or services to you, we may also give you specific additional details about how we will use your personal information.
Since we may change this online privacy statement, we recommend that you check the current version available from time to time. If we make changes to this statement, we will update the “Effective Date” at the top of this page. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective.
Our websites are not intended for children under 18 years of age. We do not knowingly solicit data online from, or market online to, children under 18 years of age.
- Visit or use our websites;
- Participate in the online programmes we offer with our Business Partners;
- Receive or reply to electronic communications from us;
- View or click on our ads or other online content; and
- Interact with us through social media websites and other websites and apps.
In this policy, we also explain how we may combine Online Information with Other Information and how we then use the combined information.
AFEX may use the information provided by customers for one or more of the following purposes:
- To process, confirm and fulfill customer requests regarding AFEX products and services or transactions made using our online platform, AFEXDirect;
- To contact customers regarding their enquiries and requests;
- To identify customers for login;
- To comply with the rules relating to Know Your Customer (KYC) obligations under Anti –Money Laundering Laws;
- For AFEX marketing purposes and partner promotions, such as sending updates to customers on AFEX's latest offers and promotions;
- For identification, verification and background screening purposes;
- To conform to legal requirements or comply with legal processes;
- To protect and defend AFEX's rights, interests or property;
- To enforce the terms and conditions of the products or services offered by AFEX or such other purposes expressly specified in the data entry forms or other relevant sections of the web resources of AFEX.
What information do we collect online and how do we collect it?
The types of information we collect depends on which product or service you use. Sometimes you give information directly to us (or to our Service Providers). For example, you might give us your name, email, mailing address, phone number, national insurance number or social security number, driver licence number or date of birth when you:
- Fill out an online form or survey, including when apply online for our products;
- Register, log into or update the settings on your AFEX account using our online services;
- Register or enroll in our programmes; or
- Enter a competition or register for a marketing offer.
We may also collect from you the following personal information about your contacts:
- Name, email, mailing address, phone number, national insurance number or social security number, driver licence number or date of birth of a secondary contact on your account (an authorised trader);
- Name and financial account number of someone to whom you are remitting payment (beneficiary) or from whom you are receiving funds.
When you provide us with personal information about your contacts, you are responsible for informing your contact about it. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at firstname.lastname@example.org.
As is true of most websites, we gather certain information automatically. We (and our Service Providers or Third-Party Ad-Servers) collect information through Cookies and Similar Technologies. Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username. We (and our Service Providers or Third-Party Ad-Servers) use these cookies or similar technologies to analyse trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole.
AFEX (and our Service Providers or Third-Party Ad-Servers) may collect information using Cookies and Similar Technologies about:
- The device you use to browse our websites (for example, we may collect information about the operating system or the browser version and the type of device you open the electronic communication on);
- The IP Address and information related to that IP Address (such as domain information, your internet provider and general geographic location);
- Browsing history on our websites;
- How you search for our websites, from which website you came from, and which of our Business Partners’ websites you visit;
- Which ads or online content from us and our Business Partners you view, access, or click on; and
- Whether you open our electronic communications and which parts you click on (for example, how many times you open the communication).
We (and our Service Providers or Third-Party Ad-Servers) may also collect information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained. This helps us to confirm your identity when you open an account, determine credit worthiness, update, expand and analyse our records, identify new customers, and provide products and services that may be of interest to you. . Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:
- Background checks, so we can confirm your identity and determine eligibility when you open an account;
- Criminal records, so we can detect and prevent fraud or criminal activity;
- Reports from credit bureaus, so we can review your credit history to determine credit worthiness; and/or
- Purchased marketing data about our customers from third parties that is combined with information we already have about you, so we can create more tailored advertising and products.
How do we use the information we collect about you?
We may use Online Information we collect about you on its own or combine it with Other Information to:
- Deliver products and services, including to recognise you when you return to our websites;
- Complete transactions;
- Tell you about updates to your accounts, products, and services;
- Update you about new features and benefits;
- Answer questions and respond to your requests made through our websites and through third-party websites (including social media);
- Use the location of your mobile device for location-based services that you may request;
- Determine how to best provide services to you and manage your accounts, such as the best way and time to contact you;
- Improve our websites and make them easier to use;
- Advertise and market our products and services – and those of our Business Partners – including to present content that is tailored to your interests, including Targeted Advertising;
- Send or provide you with ads, promotions, and offers;
- Analyse whether our ads, promotions, and offers are effective;
- Help us determine whether you may be interested in new products or services;
- Conduct research and analysis, including to better understand our customers and our website users;
- Allow you to give feedback by rating and reviewing our products and services and those of our Business Partners;
- Produce data analytics, statistical research, and reports;
- Review and change our products and services;
- Manage fraud and security risk, including to detect and prevent fraud or criminal activity;
- Safeguard the security of your information;
- Assess credit risks relating to our business, including to evaluate and process your applications for our products and services and manage your existing accounts; and
- Use it in other ways as required or permitted by law or with your consent.
What is Personal Information?
Personal Information is any information relating to an identified or identifiable individual*.
Personal Data is any information relating to an identified or identifiable natural person.
*An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
Personal Information includes, but is not limited to: Individual names, Tax Identification numbers, credit or debit card numbers, driver licence numbers, health records when the disclosure of the information in question would reasonably be considered to be harmful or an invasion of privacy.
Non-public Personal Information is any data or information considered to be personal in nature and not subject to public availability, such as: salary, national insurance number or social security numbers, bank account numbers, account balances, financial products purchased, etc.
Note: Some Online Information is Personal Information.
How do we treat your Personal Information?
We do not share Personal Information with anyone except as described below. We may share Personal Information as required or as permitted by law, such as:
- With credit bureaus and similar institutions to report or ask about your financial circumstances, and to report or collect debts you owe;
- With regulatory authorities, courts, and governmental agencies to comply with legal orders, legal or regulatory requirements, and government requests;
- With our Service Providers, regulatory authorities, and governmental agencies to detect and prevent fraud or criminal activity, and to protect the rights of AFEX or others;
- Within the AFEX Group of Companies;
- With our Service Providers who perform services for us and help us operate our business (we require Service Providers to safeguard Personal Information and only use your Personal Information for the purposes we specify);
- With financial institutions with whom we jointly offer or develop products and services to independently market their own products or services to you only if you consent that they can do so); or
- For specific products or services, when you have given your consent.
How we handle Aggregated Information and De-Identified Information
Aggregated Information or De-Identified Information does not identify you individually; it helps us to analyse patterns among groups of people. We may share Aggregated Information or De-Identified Information in several ways, for example:
- For the same reasons as we might share Personal Information;
- With Business Partners to help develop and market programmes, products or services and present targeted content (including Targeted Advertising);
- With Business Partners to conduct analysis and research about customers and website users; or
- With Third-Party Ad-Servers to place ads (including ads of our Business Partners) on various websites, and to analyse the effectiveness of those ads.
How do we keep and safeguard your information?
Your information may be stored locally in a country within the EEA, Switzerland or in one of AFEX’s Data Centres located in the United States. AFEX continuously reviews and enhances AFEX's security policies and security measures to consistently maintain a high level of security. We use administrative technical and physical security measures to protect your Personal Information against loss, misuse, damage and unauthorised access, modifications or disclosures. These measures include computer safeguards and secured files and facilities, use of firewalls, encryption, and other specialised technology. If you have any questions about the security of your personal information, you can contact us at email@example.com.
We will keep your Personal Information only as long as we must to deliver our products and services, unless we are required by law or regulation or for litigation and regulatory investigations to keep it.
What are your rights and choices?
You will always have a right to access, update, change, correct or delete your Personal Information, or to ask whether we hold any of your Personal Information. If you want to do so, or if you have any questions about how we process your Personal Information, you may do so by logging into your account or contacting us at firstname.lastname@example.org. We aim to acknowledge your request as soon as possible and will address your query within two weeks from your request.
AFEX acknowledges that you have the right to access your personal information. AFEX has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to AFEX’s Client (the data controller). If requested to remove data, we will respond within a reasonable timeframe.
What are your choices about how we market to you?
You can choose how you would like to receive marketing communications, including direct marketing - whether we send them to you through postal mail, email and/or telephone. If you do not consent to receive marketing communications from us, we will honour your choice. Please, be aware however, that if you choose not to receive such communications, certain offers attached to the products or services you have chosen may be affected. We will still communicate with you in connection with servicing your account, fulfilling your requests, or administering any promotion or any program in which you have elected to participate.
Tell us your AFEX marketing preferences by updating your account information. You may do so by contacting your Account Executive or Account Manager. You can also tell us to stop sending you marketing emails by clicking the ‘unsubscribe’ link included at the bottom of AFEX's marketing emails. You may also send us an email to email@example.com to update your marketing preference.
When you use our site we may store Cookies on your computer in order to facilitate and customize your use of our site. A Cookie is a small data text file, which a website stores on your computer's hard drive (if your Web browser permits) that can later be retrieved to identify you to us. Our Cookies may store information about you, your computer, or your preferences so that you may more easily use our site. The Cookies make the site run more smoothly and help us to maintain a more secure site. You have the choice to opt out of this functionality and are always free to decline our Cookies if your browser permits, but our site may not work as effectively.
In order to service our customers, portions of our site may require you to submit information that is typically business related, but may be personal in certain circumstances. We will use the information you provide in the ways you would reasonably expect. You have a right to access this data and correct or remove it. The specific registration site or additional communication information provided to you will supply directions on how to correct or remove your data at your request. In all cases, you can always contact the Privacy Officer for assistance using the information below.
We take all reasonable procedures to protect personal and identifiable information from loss, misuse and unauthorised access, disclosure, alteration and destruction. We have taken and will continue to take appropriate measures to assure the security of sensitive personal data. Any personal data transmitted to or from our website is protected by a secure socket layer (SSL) key which encrypts the data transmitted over the Internet. Password protection protocols are used on all computers. Access to servers containing private information and data is strictly limited to only our authorized personnel who have been trained to protect against loss, misuse, unauthorised access, disclosure, alteration or destruction of personal data under our control. The servers that are used to store sensitive personal information are kept in a secure, state-of-the-art environment, with security measures.
Data Integrity and Purpose Limitation
Consistent with the Privacy Shield Principles, personal information is limited to the information that is relevant for the purposes of processing. As previously mentioned, the information collected is only utilized for the purpose described above in the section on “Notice of Information.” Personal information is not processed in a way that is incompatible with the purpose for which it has been collected. To the extent necessary and possible, reasonable steps are taken to ensure that data and information is reliable for its intended use, accurate, complete, and current.
AFEX retains information about customers for as long as necessary to fulfill the purpose for which such information was collected or as is otherwise required under any other law for the time being in force. However, this is subject to AFEX's rights and obligations under applicable laws to ensure retention of records which may contain sensitive personal data or information.
We will keep your Personal Information only as long as we must to deliver our products and services, unless we are required by law or regulation or for litigation and regulatory investigations to keep it.
Onward Transfer and Liability
AFEX does not sell, trade, share or rent your personal information to unaffiliated third parties. Affiliated third parties may receive your data in fulfillment of our service. We maintain specific contract agreements with these companies to ensure that they use the data only for intended purposes and protect the data as we would. If this practice were to change, we would specifically provide you with the opportunity to choose to “opt in” or “opt out” of the sharing of your data.
We may be required to release personal information to third parties in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Recourse and Enforcement
Associated Foreign Exchange Limited & AFEX Markets Plc
4th Floor, 40 Strand
London, WC2N 5RW
Telephone: +44 (0)870 735 8484
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.