1.1 The information in this document details how we, at Oqtima Int. Ltd (the “Company”, operating under the name “Oqtima”) process, handle and protect the personal data we collect from you. The payment processing services for services purchased on this website are provided by Ipso Facto Ltd, which is an affiliate entity of OQTIMA INT. LTD, registered in Cyprus with registration number HE 445939. The registered office of Ipso Facto Ltd is at John Kennedy 8, Iris Building, 7th Floor, Flat/Office 740B, 3106, Limassol, Cyprus.

1.2 Personal information is any information or opinion about you that is capable, or reasonably capable of identifying you, whether the information or opinion is true or not and is recorded in material form or not.

1.3 Sensitive information includes such things as your racial or ethnic origin, political opinions or membership of political associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or criminal record, that is also personal information. Your health, genetic and biometric information and biometric templates are also sensitive information.

1.4 We will act to protect your personal and sensitive information in accordance with the Seychelles laws and regulations, General Data Protection Regulation (‘the GDPR’) in European Union and other applicable laws and regulations on data privacy. Those legislations share many common requirements. Where an obligation imposed by them are the same, but the terminology is different, we will comply with the terminology and wording used in the Seychelles Laws and regulations, and this will constitute our compliance with the equivalent obligations under the other legislations. If for example, the GDPR imposes an obligation on the Company that is not imposed by the Seychelles laws and regulations, or the GDPR obligation is more onerous than the equivalent obligation in the Seychelles laws and regulations, the Company will comply with the GDPR.

1.5 We collect personal and/or sensitive information to provide you with the products and services you request as well as information on other products and services offered by or through us. The law requires us to collect personal and/or sensitive information.

1.6 We observe the principles of legality, propriety, necessity, and sincerity when we are collecting and/or handling your personal information. We will not handle your personal information in any way that is misleading, swindling, coercive or other such ways.

1.7 Your personal and/or sensitive information may be used by us to administer and market our products and services, for prudential and risk management purposes and, unless you tell us otherwise, to provide you with related marketing information. We also use the information we hold to help detect and prevent illegal activity. We cooperate with police and other enforcement bodies as required or allowed by law.

1.8 We disclose relevant personal information to external organizations that help us provide services. These organizations are bound by confidentiality arrangements. They may include overseas organizations.

1.9 You can seek access to and/or make a copy of the personal information we hold about you. If the information we hold about you is inaccurate, incomplete, or outdated, please inform us so that we can correct it.

1.10 Aggregated data is general data about groups of people which doesn’t identify anyone personally (e.g., the number of people in a particular industry that engage in forex trading). We may share aggregated data with our business or industry partners. We may use the aggregated data to help us to:

(a) to understand how you use our products and services and improve your experience with us; and

(b) customize the way that we communicate with you about our products and services so that we can interact with you more effectively.

1.11 We keep this Policy under regular review and may update it from time to time to reflect changes in the law and/or our privacy practices. We encourage you to check the date of this Policy for any updates or changes when you visit our website or use our services. Any modified versions of this Policy may materially affect the way we use or disclose your personal information.

2.1 We collect personal information when it is reasonably necessary for one or more of our functions or activities in providing our services to you. These include:

(a) providing customers with the products and services they request and, unless they tell us otherwise, to provide information on products and services offered by us and external product and service providers for whom we act as agent (that may be of interest to you).(If you have provided us with your email or mobile phone details, we may provide information to you electronically with respect to those products and services);

(b) complying with our legal and regulatory obligations;

(c) monitoring and evaluating products and services;

(d) monitor compliance with our regulatory obligations;

(e) gathering and aggregating information for statistical, prudential, actuarial and research purpose;

(f) assisting customers with queries and any concerns you raise against us and/or to manage any legal action; and

(g) taking measures to detect and prevent fraud, unlawful activity, or misconduct.

3.1 The personal and sensitive information we collect generally consists of full name, residential address, date of birth, gender, marital status, occupation, account details, contact details (including telephone, and e-mail), IP address, financial information and current circumstances (including details of your nominated bank account, your employment details, employment history, your trading data or trading performance, and/or your taxation information), a copy of your photo ID such as your passport/driving license/national ID and additional information you provide to us, directly or indirectly, through your use of our site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information. We are also required to use and retain personal data after you have closed your account with us for legal, regulatory and compliance reasons.

3.2 We are required by law to identify you if you are opening a new account or adding a new signatory to an existing account. Anti-money laundering laws require us to request, collect sight and record details of certain documents to verify your identity (i.e. photographic and non-photographic documents) in order to meet the standards set under those laws.

3.3 Where it is necessary to do so, we also collect information on individuals such as:

(a) trustees;

(b) partners;

(c) company directors and officers;

(d) officers of co-operatives and associations;

(e) customer’s agents;

(f) beneficial owners of a client; and

(g) persons dealing with us on a “one-off” basis.

3.4 We may take steps to verify the information we collect; for example, a birth certificate provided as identification may be verified with records held by the Registry of Births, Deaths and Marriages to protect against impersonation.

4.1 We will, before obtaining your consent and collecting personal information, explicitly inform you truthfully, accurately, and fully of the following items using clear and easily understood language:

(a) The name and contact method of the personal information handler;

(b) The purpose of personal information processing and the processing methods, the categories of processed personal information, the legal basis for the processing and the storage period;

(c) The recipients or categories of recipients of the personal data, if any;

(d) Where applicable, the fact that personal data is to be transferred to a third country or international organization, we will ensure that we have adopted the appropriate safeguards; and

(e) Other information necessary to ensure fair and transparent processing.

5.1 We only collect personal information subject to your consent. The consent must be voluntarily given, and we ensure that we do not force, pressure, induce or manipulate you into providing consent, neither will we elicit consent by asking leading questions.

5.2 When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal information that is not necessary for the performance of that contract.

5.3 We will provide clear, reasonably understandable, and full information to you of the specific purpose of obtaining consent.

5.4 You shall have the right to withdraw your consent at any time by contacting us at [email protected]. We provide a convenient and easy way for you to withdraw consent. If you rescind consent, it does not affect the effectiveness of personal information handling activities undertaken on the basis of individual consent before consent was withdrawn.

5.5 If your consent is given in the context of a written declaration which also concerns other matters, we will present the request for consent in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

5.6 Where a change occurs in the purpose of personal information handling, the handling method, or the categories of handled personal information, the data subject’s consent shall be obtained again.

6.1 We only collect personal information about you directly from you unless it is unreasonable or impracticable to do so or you have instructed us to liaise with someone else.

6.2 Your personal data will be collected in a way that is adequate, relevant, and limited to what is necessary in relation to the purpose for which the personal information is processed.

6.3 We may, within a reasonable scope, handle personal information that has already been disclosed by yourself or otherwise lawfully disclosed, except where you clearly refuse.

7.1 We may not be able to provide you with the products or services you are seeking if you provide incomplete or inaccurate information.

8.1 In addition to the above conditions of collecting personal information, we will only collect sensitive information about you if we obtain prior consent to the collection of the information or if the collection is required or authorized by law, or it is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

9.1 If we receive personal information that is not solicited by us, we will only retain it, if we determine that it is reasonably necessary for one or more of our functions or activities and that you have consented to the information being collected or given the absence of your consent that it was impracticable or unreasonable for us to obtain it under the circumstances.

9.2 If these conditions are not met, we will destroy or de-identify the information.

9.3 If such unsolicited information is sensitive information, we will obtain your consent to retain it regardless of what the circumstances are.

10.1 We ensure that the personal information we collect and use or disclose is accurate, up to date, complete and relevant.

10.2 Please contact us if any of the details you have provided to us change or if you believe that the information we have about you is not accurate or up to date.

11.1 We are committed to ensure that we protect any personal information we hold from misuse, interference, loss, unauthorized access, modification, and disclosure. We will implement appropriate organizational and operational standards to ensure the continuous compliance with data protection. We can’t accept responsibility for any unauthorized access or loss of personal information that is beyond our control.

11.2 For this purpose we have a range of practices and policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.

11.3 Our security measures include, but are not limited to:

(a) educating our staff as to their obligations with regard to your personal information;

(b) requiring our staff to use passwords when accessing our systems;

(c) employing firewalls, intrusion detection systems, virtual private networks (VPNs), encryption, and virus scanning tools to protect against unauthorized persons and viruses from entering our systems;

(d) using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;

(e) providing secure storage for physical records; and

(f) employing physical and electronic means such as alarms, cameras and guards (as required) to protect against unauthorized access to buildings.

11.4 Where information we hold is identified as no longer needed for any purpose, we ensure it is effectively and securely destroyed, for example, by shredding or pulping in the case of paper records or by degaussing (demagnetism of the medium using alternating electric currents) and other means in the case of electronic records and equipment.

12.1 If we hold personal information about you that was collected for a particular purpose (“the primary purpose”), we will not use or disclose the information for another purpose (“the secondary purpose”) unless:

(a) We have obtained your consent to use or disclose the information; or

(b) you would reasonably expect us to use or disclose the information for the secondary purpose and the secondary purpose is: a) if the information is sensitive - directly related to the primary purpose; or b) if the information is not sensitive - related to the primary purpose;

(c) the use or disclosure of the information is required or authorized by or under a local law or a court/tribunal order or other applicable laws and regulations; or

(d) a permitted general situation exists in relation to the use or disclosure of the information by us; or

(e) a permitted health situation exists in relation to the use or disclosure of the information by us, in which case we will de-identify the information before disclosing it; or

(f) we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

12.2 Where we use or disclose personal information in accordance with section 13(1)(e) we will keep a copy of this disclosure (e.g.: the email or letter used to do so).

12.3 We will only retain your personal data for as long as we reasonably require it for legal, compliance with regulations or business purposes, or as otherwise required.

13.1 Depending on the product or service you have, the entities we exchange your information with include but are not limited to:

(a) brokers and agents who refer business to us;

(b) affiliated product and service providers and external product and service providers for whom we act as agent (so that they may provide you with the product or service you seek or in which you have expressed an interest);

(c) auditors we appoint to ensure the integrity of our operations;

(d) any person acting on your behalf, including your solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;

(e) your referee (to confirm details about you);

(f) if required or authorized to do so, regulatory bodies, law enforcement bodies, courts and government agencies;

(g) credit reporting agencies;

(h) insurers, including proposed insurers and insurance reference agencies (where we are considering whether to accept a proposal of insurance from you and, if so, on what terms);

(i) medical practitioners (to verify or clarify, if necessary, any health information you may provide);

(j) other financial institutions and organizations at their request if you seek credit from them (so that they may assess whether to offer you credit);

(k) investors, advisers, trustees and ratings agencies where credit facilities and receivables are pooled and sold (securitized);

(l) other organizations who in conjunction with us provide products and services (so that they may provide their products and services to you) including organizations involved in managing payments such as banks; and

(m) professional associations or organizations with whom we conduct an affinity relationship (to verify your membership of those associations or organizations).

13.2 Our use or disclosure of personal information may not be limited to the examples above.

14.1 We disclose personal information when we outsource certain functions, including bulk mailing, data storage, card and cheque book production, market research, direct marketing, statement production, debt recovery and information technology support. We also seek expert help from time to time to help us improve our systems, products, and services.

14.2 We use banking agents, for example, local businesses, to help provide you with face-to-face banking services. These agents collect personal information on our behalf.

14.3 In all circumstances where personal information may become known to our contractors, agents and outsourced service providers, there are confidentiality arrangements in place. Contractors, agents and outsourced service providers are not allowed to use or disclose personal information for any purposes other than our own.

14.4 While we take our obligations to protect customer information very seriously, we make every effort to deal only with parties who share and demonstrate the same attitude.

15.1 Where two or more handlers jointly determine the purposes and means of processing, they shall be joint handlers. When we jointly handling your personal information with others, we will in transparent manner determine our respective responsibilities for compliance with the obligations under the laws by ways of arrangement between us unless the respective responsibilities are determined by the relevant laws.

16.1 We may be required by law to disclose customer information e.g. under Court Orders or Statutory Notices pursuant to taxation or social security laws or under laws relating to sanctions, anti-money laundering,counter terrorism financing or other applicable laws and regulations.

17.1 We will only use or disclose the personal information we hold about you for the purpose of direct marketing if we have received consent from you and you have not requested not to receive such information and you would reasonably expect us to use or disclose information for the purpose of direct marketing.

17.2 Direct marketing means that we should use your personal information to provide you with information on our products and services that may interest you.

17.3 If you wish to opt-out of receiving marketing information altogether, you can:

(a) write to us at [email protected]

18.1 We may need to process your personal data in jurisdictions other than the Seychelles. We will take all steps reasonably necessary to ensure that your personal data is kept protected in accordance with our legal obligations and standards. We will only disclose your personal information to a recipient who is not in the Seychelles and who is not an affiliate, agent, subsidiary or business associate of our entity after we ensure that:

(a) the overseas recipient does not breach the Seychelles privacy laws and regulations or other applicable laws and regulations; or

(b) you will be able to access to take action to enforce the protection of a law or binding scheme that has the effect of protecting the information in a way that is at least substantially similar to the way in which the Seychelles privacy laws or other applicable laws and regulations protect the information; or

(c) you have consented to the disclosure after we expressly informed you that there is no guarantee that the overseas recipient will not breach the Seychelles privacy laws and regulations or other applicable laws and regulations; or

(d) the disclosure of the information is required or authorized by or under a Seychelles law or other applicable laws and regulations or a court/tribunal order; or

(e) other permitted general situation under the Seychelles laws and regulations or other applicable laws and regulations in relation to the disclosure of the information.

(f) The sharing of the data is lawful;

(g) the processing only takes place in jurisdictions that have been found to uphold an adequate level of protection regarding personal data.

19.1 We will not adopt a government related identifier of an individual as our own identifier unless required or authorized to do so by or under a local law, regulation, or court/tribunal order.

20.1 Before using or disclosing a government related identifier of an individual, we will ensure that such use or disclosure is:

(a) reasonably necessary for us to verify your identity for the purposes of our activities or functions; or

(b) reasonably necessary for us to fulfil its obligations to a government agency or authority; or

(c) required or authorized by or under the Seychelles law, regulation, or a court/tribunal order; or

(d) within a permitted general situation under the Seychelles laws and regulations; or

(e) reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

21.1 You can request us to provide you with access to the personal information we hold about you.

21.2 Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled over the telephone.

21.3 If you would like to request access to more substantial amounts of personal information such as details of what is recorded in your account file, we will require you to complete and sign a “Request for Access to Personal Information” form.

21.4 Following receipt of your request, we will provide you with an estimate of the access charge and confirm that you want to proceed.

21.5 We will not charge you for making the request for access, however access charges may apply to cover our costs in locating, collating, and explaining the information you request.

21.6 We will respond to your request as soon as possible and in the manner requested by you. We will endeavor to comply with your request within 14 days of its receipt but, if that deadline cannot be met owing to exceptional circumstances, your request will be dealt with within 30 days. It will help us provide access if you can tell us what you are looking for.

21.7 Your identity will be confirmed before access is provided.

22.1 In particular circumstances, we are permitted by law to deny your request for access or limit the access we provide. We will let you know why your request is denied or limited if this is the case. For example, we may give an explanation of a commercially sensitive decision rather than direct access to evaluative information connected with it.

23.1 If we refuse to give access to your personal information or to give access in the manner requested by you, we will give you a written notice setting out the reasons for the refusal, the mechanisms available to complain and any other relevant matter.

23.2 Additionally, we will endeavor to give access in a way that meets both yours and our needs.

24.1 We will correct all personal information that we believe to be inaccurate, out of date, incomplete, irrelevant or misleading given the purpose for which that information is held or if you request us to correct the information.

24.2 If we correct your personal information that we previously disclosed to another entity you can request us to notify the other entity of the correction. Following such a request, we will give that notification unless it is impracticable or unlawful to do so.

25.1 If we refuse to correct the personal information as requested by you, we will give you a written notice setting out the reasons for the refusal, the mechanisms available to complain and any other relevant matter.

26.1 If we refuse to correct the personal information as requested by you, you can request us to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will then associate the statement in such a way that will make the statement apparent to users of the information.

27.1 You may request us to erase your personal information if you reside in the (European Economic Area (‘EEA’). We will erase, destroy, or delete your personal information without undue delay where one of the following grounds applies:

(a) the personal information is no longer necessary in relation to the purpose for which it was collected;

(b) you withdraw consent on which the using of personal information is based and where there is no other legal ground for the using (i.e., the provision of products or services); or

(c) the personal information has been unlawfully used.

27.2 Section 27.1 shall not apply to the extent that processing personal information is necessary:

(a) for compliance with a legal obligation which requires processing of personal information; or

(b) for archiving purposes in the historical research or statistical purposes in so far as the right referred in 27.1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(c) for the establishment, exercise, or defence of legal claims.

28.1 If you reside in the EEA, you may request us to restrict data processing: You may ask us to limit the processing of your personal information where you believe that the personal information we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.

28.2 You may also have the right to ask us to explain the rules of processing your personal information. We will handle your request without undue delay.

28.3 When a natural person is deceased, their next of kin may, for the sake of their own lawful and legitimate interests, exercise the rights that could otherwise be exercised by the deceased, except when the deceased has otherwise settled their arrangement before their death.

29.1 A cookie is a text file with small pieces of data that are used to identify your computer as you use a computer network. If your computer settings allow cookies, then the file is added, and the cookie helps analyze web traffic or lets the site owner know when you visit a particular site.

29.2 Please be aware that our website may contain links or references to third-party websites, and our Privacy Policy does not apply to those websites. We are not responsible for the content or information collection practices of those pages, and we take no responsibility for the privacy practices or security of other websites. We encourage you to view and understand their privacy practices before providing them with any information.

29.3 We may disclose the data we collect through cookies to our related companies.

29.4 For detailed information, please refer to our Cookies Policy.

30.1 We facilitate the exercise of your right of access. We ensure that we will provide information on action taken on a request from you without undue delay and in any event within one (1) month of receiving the request. The period may be extended by two (2) further months where necessary, taking into account of the complexity and number of requests together with the reasons for the delay.

31.1 We shall take immediate remedial measures when your personal information has been or we have reasonable grounds to suspect that has been leaked, distorted, or lost. We will also report to the supervising authorities when:

(a) There is unauthorized access to or unauthorized disclosure of personal information, or a loss of personal information that we hold;

(b) It is likely to result in serious harm to one or more individuals; and

(c) We haven’t been able to prevent the likely risk of serious harm with remedial action.

32.1 If you have any questions or would like further information about our privacy and information handling practices, please contact us by:

(a) Email: [email protected];

(b) Post: Postal Address: F20, 1st Floor, Eden Plaza, Eden Island, Seychelles

33.1 We offer a free internal complaint resolution scheme to all of our customers. Should you have a privacy complaint, please contact us to discuss your concerns.

33.2 To assist us in helping you, we ask you to follow a simple three-step process:

(a) Gather all supporting documents relating to the complaint.

(b) Contact us and we will review your situation and if possible, resolve your complaint immediately.

(c) If the matter is not resolved to your satisfaction, please contact our Complaint’s Officer via email at [email protected] or put your complaint in writing and send it to the Company’s address above.

33.3 We may need to verify your identity. The Company will acknowledge your complaint within seven (7) days and we will respond promptly to it. After a thorough investigation, we will take a decision on the matter and inform you accordingly.

34.1 We will only retain your personal information for as long as you have consented to it, or for as long as is necessary for us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements.