42Markets Group

Website Privacy Policy

The 42Markets Group Website Privacy Policy (“the Policy”) applies to 42Markets Group Holdings Ltd, which includes Andile Holdings Ltd, Mesh B.V., FXFlow (Pty) Ltd and their respective subsidiaries (collectively known as “42Markets” or "42Markets Group"), including any of its affiliates not mentioned herein.

42Markets is committed to protecting the privacy and security of your Personal Information and we will only use your Personal Information in accordance with this Policy, 42Markets Group website privacy policy (to the extent applicable) and the applicable laws.

42Markets respects your right to privacy and where applicable, all sections of this Policy apply in addition to any other agreement that you enter into with us, including but not limited to, employment contracts, non-disclosure agreements, master services agreements, work orders, schedules, supplier agreements, and partnership agreements and such like.

For the purposes of this Policy, “Personal Information” will be understood in accordance with the definition of “personal data” in Article 4(1) of the General Data Protection Regulation (EU) 2016/679 to the extent applicable, in accordance with the definition of “personal information” provided in Section 1 of the South African Protection of Personal Information Act 4 of 2013 and in accordance with the definition of “personal data” provided in Section 2 of the Republic of Mauritius Data Protection Act 2017 to the extent applicable. We also subscribe to the principles for electronically collecting Personal Information outlined in POPIA, and the further legislation referred to therein. We endeavour to ensure the quality, accuracy, safety, security and confidentiality of Personal Information in our possession and we recognise the importance of protecting your privacy in respect of your Personal Information which is processed by us.

Definitions:
Article 4(1) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”)

personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Section 1 of the Protection of Personal Information Act 4 of 2013 (“POPIA”)

personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

  2. information relating to the education or the medical, financial, criminal or employment history of the person;

  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

  4. the biometric information of the person;

  5. the personal opinions, views or preferences of the person;

  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

  7. the views or opinions of another individual about the person; and

  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

Section 2 of the Mauritius Data Protection Act 2017 (“DPA”)

personal data” means any information relating to a data subject;

data subject” means an identified or identifiable individual, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

Clause 1 Privacy Policy

1.1 In adopting this Policy, we wish to balance our legitimate business interests and your reasonable expectation of privacy. Accordingly, we will take all reasonable steps to prevent unauthorised access to, or unlawful disclosure of your Personal Information.

1.2 You hereby indemnify and hold 42Markets harmless from any loss, damages or injury that you may incur as a result of any unintentional disclosures of your Personal Information to unauthorised persons or resulting from the provision of incorrect or incomplete Personal Information to 42Markets and which losses, damages or injuries were outside of the control of 42Markets (i.e. could not have been reasonably prevented or anticipated by it) and/or were not caused by its gross negligence or wilful default.

1.3 By agreeing to this Policy, you provide us with your consent to collect, receive, record, organise, collate, store, update, change, retrieve, read, process, use, distribute and share your Personal Information in the ways set out in this Policy (subject to the legitimate purpose of such actions being at all times present in terms of the legislation referred to herein), to the extent that such consent may be required to permit us to do so. The Policy covers both information that could identify you and information that could not identify you.

1.4 42Markets reserves the right to modify this Policy from time to time, in particular, to reflect changes in relevant laws and regulatory requirements. In the event that we modify this Policy, any new version shall be effective 14 days immediately after it is published on our website, internal platform or any other public platform. In the event of material changes to this Policy, we will notify you by email or other reasonable means. You are expected to ensure that you have the latest version of this Policy.

Clause 2 The Personal Information we collect

2.1 We may in the course and scope of our business collect, amongst others, the following Personal Information:

2.1.1 information relating to the race, gender, sex, marital status, national, ethnic or social origin, colour, age, physical or mental health, disability, culture, language and birth of the person;

2.1.2 information relating to the education or the medical, financial, criminal or employment history of the person;

2.1.3 any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

2.1.4 the biometric information of the person;

2.1.5 billing information, such as relevant payment information, credit records, company registration information and VAT registration numbers; and

2.1.6 legally required information, which includes any additional information that the law requires from us to verify your identity.

Clause 3 How we collect Personal Information:

3.1 We collect Personal Information directly from you when you use any of our services or engage with us directly in person or via our online platforms, if you are an employee of 42Markets Group or one of its subsidiary Companies, or if we request the Personal Information from you.

3.2 In limited instances, we collect Personal Information from third parties. We will only collect Personal Information this way where such information is publicly available, for legitimate business purposes, or as otherwise permitted or required in terms of the applicable legislation.

3.3 We will attempt to limit the types of Personal Information we process to only that to which you consent, save for as otherwise lawfully permitted. Where necessary, we will seek to obtain your specific consent in future instances should we deem it required by law and where your consent herein might not be lawfully sufficient.

3.4 We will not process, collect, use or disclose your special personal information (as defined in POPIA) or other sensitive information (which pertains to but is not limited to information concerning racial or ethnic origins or religious beliefs, or sexual orientation where relevant) except with your specific consent or in the circumstances permitted by POPIA or otherwise in terms of the applicable law.

Clause 4 Use of your Personal Information

4.1 We may process and/or use your Personal Information for purposes of pursuing our legitimate interests relating to our services and/or business activities and as otherwise lawfully permitted in terms of POPIA and the other applicable laws. Some of the purposes for which we use and/or process your Personal Information include but are not limited to:

4.1.1 The provision and performance of our services to you;

4.1.2 Onboarding you as a Client, Partner, Supplier or Employee and verifying your identity (as required by law);

4.1.3 Informing you of changes made to our website;

4.1.4 Responding to any queries or requests you may have;

4.1.5 Referring you to other service providers with your consent;

4.1.6 Improving our website and services by analysing certain information collected, including cookies and other related information;

4.1.7 Sending you information;

4.1.8 Complying with our contractual, regulatory or other obligations;

4.1.9 For security, administrative and legal purposes; and

4.1.10 The creation and development of market data profiles.

Clause 5 Quality and access to your Personal Information

5.1 We shall take reasonably practicable steps to ensure that your Personal Information is complete, not misleading, updated where necessary and accurate.

5.2 Please contact 42Markets via the contact details listed in clause 15.2, should you wish to correct or update any Personal Information pertaining to you.

5.3 You have the right to request us to provide you with your Personal Information that we hold about you. Should you wish to access this information, please contact 42Markets via the contact details listed in clause 15.2.

Clause 6 Disclosure of Personal Information

6.1 We may disclose your Personal Information to the following persons for the purposes of rendering our services to you or for any other legitimate business purpose relating to our business activities, and for those reasons recorded in clauses 3.3, 3.4 and 4 above:

6.1.1 Clients,

6.1.2 Affiliated Partners,

6.1.3 Suppliers/Service providers,

6.1.4 Contractors, and

6.1.5 Advisors.

6.2 If our services are provided in conjunction with, or by involvement of third parties, such third parties may require access to your Personal Information in order to fulfil your request.

6.3 Where necessary to protect our legitimate interests and where the law requires us to do so, we may also share your Personal Information with third party service providers, agents, contractors, employees, law enforcement agencies or business affiliates and other third parties. We will only share your Personal Information in these instances where it is necessary for us to do so to protect our legitimate interests, where the law requires us to do so and/or to the extent that your Personal Information is needed for such third parties to perform their services or fulfil the requisite obligations.

Clause 7 Retention of Personal Information

7.1 Your Personal Information will not be stored for longer than is necessary for the purposes described in this Policy or as required by any applicable legislation. We shall destroy or delete records of Personal Information, or deidentify such Personal Information as soon as reasonably practicable after we are no longer lawfully authorised to retain the applicable records.

7.2 This Policy also applies to your Personal Information that we retain.

Clause 8 Trans-border transfer of your Personal Information

8.1 42Markets may transfer your Personal Information cross border, outside of the Republics of the United Kingdom, of Netherlands, of South Africa and of Mauritius for legitimate business purposes and as expressly provided for in POPIA and in the other legislation to the extent applicable. We shall ensure that the cross-border transfer of all such Personal Information will comply with the applicable laws.

Clause 9 Links from the website and other digital platforms

9.1 The services available through 42Markets Group website or other digital platforms utilised by 42Markets, may contain links to other third-party websites and/or platforms, including (without limitation) social media platforms, communication platforms, payment gateways, appointment scheduling, human resources platforms, financial calculators, capital market treasury and trading systems, and/or live chat platforms ("Third-Party Websites"). If you select a link to any Third-Party Website, you may be subject to such Third-Party Website's terms and conditions and/or other policies, which are not under our control, nor are we responsible therefore.

9.2 Hyperlinks to Third-Party Websites are provided "as is", and we do not necessarily agree with, edit or sponsor the content on Third Party Websites.

9.3 We do not monitor or review the content of any Third-Party Websites. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and we should not be regarded as the publisher of such opinions or material. Please be aware that we are not responsible for the privacy practices, or content, of other websites, either.

9.4 Users should evaluate the security and trustworthiness of any Third-Party Websites before disclosing any Personal Information to them. We do not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of Personal Information. We are not responsible nor will we be held liable for any Third-Party Websites that contains a virus or malware.

Clause 10 Security

10.1 Although absolute security cannot be guaranteed on digital platforms used by 42Markets, we have implemented up-to-date, appropriate reasonable technical and organisational security measures in an effort to ensure the integrity and confidentiality of your Personal Information obtained by us in an effort to prevent the loss of, damage to, or the unauthorised destruction of your Personal Information and in an effort to prevent the unlawful access to, or processing of your Personal Information.

10.2 While we cannot warrant the security of any of your Personal Information obtained by us we will take reasonable measures to continue to identify all reasonably foreseeable internal and external risks to your Personal Information in our possession or under our control, shall establish and maintain appropriate safeguards against the risks identified, shall regularly verify that our safeguards are effectively implemented and shall ensure that our safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards. We shall have due regard to generally accepted information security practices and procedures which may apply to us generally, or be required in terms of specific industry or professional rules and regulations.

10.3 We store your Personal Information directly, or alternatively, store your Personal Information on, and transfer your Personal Information to, a central database. If the location of the central database is outside of the borders of South Africa, the United Kingdom, the Netherlands, or Mauritius as the case may be, and is located in a country that does not have substantially similar laws in comparison to POPIA, the GDPR and/or the DPA (whichever is applicable) which provide for the protection of Personal Information, we will take the necessary steps to ensure that your Personal Information is adequately protected in that jurisdiction by means of ensuring that standard data protection clauses are enforced as envisaged by POPIA, the GDPR and/or the DPA to the extent applicable.

10.4 The Personal Information we obtain pertaining to you shall only be accessed by our employees, representatives, contractors and other third parties on a need-to-know basis and for legitimate purposes, and subject to reasonable confidentiality obligations binding such persons.

10.5 We will not sell, share, or rent your Personal Information to any third party or use your e-mail address for unsolicited mail unless expressly consented to by you. Any emails sent by us will only be in connection with the provision of our services and/or the marketing thereof.

Clause 11 Action in case of a data breach

11.1 In case of a Personal Information breach 42Markets will inform the relevant Regulatory Body and the individuals or companies involved within a reasonable amount of time of becoming aware of the breach.

11.2 42Markets Group Information Security Management System Incident Response Procedure provides for the necessary steps to be followed by 42Markets in response to a data breach.

11.3 If you reasonably suspect that a data breach has occurred in respect of your Personal Information and/or would like to report any concerns about our privacy practices, kindly notify us via the contact details set out in clause 15.2 below.

Clause 12 Your Rights

12.1 You have the right:

12.1.1 To be notified that the Personal information is being collected;

12.1.2 To be notified in the event that the Personal Information has been accessed or acquired by an unauthorised person;

12.1.3 To request us to confirm whether or not we hold any Personal Information pertaining to you, as well as to request us to provide the record or a description of the Personal Information held by us to you.This request must be made by by emailing us at the address referred to in clause 15.2 below;

12.1.4 To request us to correct or delete the Personal Information that we hold on your behalf, in instances where such Personal Information is incorrect, incomplete, irrelevant, excessive, inaccurate, out of date, misleading or which has been obtained unlawfully;

12.1.5 To request us to destroy or delete your Personal Information ("right to be forgotten") if such information is no longer needed for the original processing purpose, alternatively if you withdraw your consent and there is no other reason or justification to retain such Personal Information, further alternatively, if you have objected to such Personal Information being processed and there is no justified reason for the processing of such Personal Information;

12.1.6 Not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of the Personal Information intended to provide a profile of such person;

12.1.7 If we breach any of the terms of this Policy, to submit a complaint to the the duly appointed data protection authority in the applicable territory and who has jurisdiction over the matter;

12.1.8 To withdraw your consent to the processing of the Personal Information at any time, to the extent that you previously provided such consent;

12.1.9 To object, on reasonable grounds relating to your particular situation, to the processing of your Personal Information unless the applicable legislation allows or requires such processing;

12.1.10 To object to the processing of your Personal Information for direct marketing purposes and to object to the processing of your Personal Information processed for purposes of direct marketing by means of unsolicited electronic communications; and

12.1.11 To institute civil proceedings regarding the alleged interference with the protection of the Personal Information.

Clause 13 The right to object

13.1 You have the right to object, on reasonable grounds relating to your particular situation, to 42Markets Group using your Personal Information. If you object, 42Markets will not use or process your Personal Information, except in the instances where the applicable legislation provides for such processing by us.

13.2 If you have any objections to the use of your Personal Information, please contact us via the details set out in clause 15.2 below.

Clause 14 GDPR AND THE DPA

14.1 To the extent that the provisions of the GDPR and/or the DPA apply to the processing of your Personal Information by us, as detailed in this Policy, we shall endeavour to ensure that any additional applicable requirements of the GDPR and/or the DPA which extend beyond the requirements of POPIA, are duly met by us.

Clause 15 Lodging of Complaints

15.1 We only process your Personal Information in compliance with this Policy and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your Personal Information or are unsatisfied with how we have handled your Personal Information, you have the right to lodge a complaint with the supervisory authority detailed in clause 15.3 below.

15.2 We request that you inform us of your complaint first at info@andile.net or +2711 042 7182.

15.3 You may lodge a complaint to the relevant regulatory authority listed below:

15.3.1 If you are in the European Union or the United Kingdom, the following details may be used for purposes of contacting the relevant regulatory authority:

GDPR The European Commission Online complaint procedure: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints/how-make-complaint-eu-level/submit-complaint_en

Address: European Commission, Secretary-General

B-1049 Brussels, BELGIUM

Fax: 3222964335

The independent Data Protection Authority (“DPA“) per member state Website listing all DPA’s per member state: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Data Protection Act, 2018 (UK) The Information Commissioner’s Office Website: https://ico.org.uk/global/contact-us/

Tel: 0303 123 1113

15.3.2 If you are in South Africa the following contact details may be used for purposes of contacting the relevant regulatory authority:

Website: https://www.justice.gov.za/inforeg/index.html

Address: JD House, 27 Siemens Street, Braamfontein, Johannesburg.

Email: inforeg@justice.gov.za.

15.3.3 If you are in the Republic of Mauritius and your Personal Information has been processed by us within Mauritius and subject to the provisions of the DPA the following contact details may be used for purposes of contacting the relevant regulatory authority:

Website: https://dataprotection.govmu.org

Address: Level 5, SICOM Tower, Ebene Cyber City, Ebene, Republic of Mauritius.

Contact number: 4600 251.

Fax number: 489 7341

Email: dpo@govmu.org