Your privacy is very important to us. We are committed to protecting and respecting your personal data.
how we will use your personal data, when and with whom we share it and how we will keep it safe.
It also details your rights in respect of our processing of your personal information and how you may exercise them.
Please take the time to read and understand this policy.
We may make changes to this Notice from time to time and it is important that you check this Notice for any updates.
Any personal information we hold will be governed by the current privacy notice at the given time.
If we make changes we consider to be important, we will communicate them to you.
Please note that this notice is addressed to customers and potential customers.
If you are an Universal Global Fx employee, a contractor to Universal Global Fx or a third-party service provider,
your personal information will be used in connection with your employment contract,
your contractual relationship or in accordance with our separate policies which are available by contacting us.
Any reference to ‘us’, ‘our’, ‘we’ or ‘Universal Global Fx’ in this privacy notice is a reference to each
group company within the Universal Global Fx Group as the context requires unless otherwise stated.
Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this privacy notice is a reference
to any of our customers and potential customers as the context requires unless otherwise stated.
By accessing our websites, including using any of the communication channels to contact us, we consider
that you have read and understood the terms of this notice and how we process any information you disclose
to us including personal data prior to becoming a client. Once you open an account with us you agree that this notice,
including any amendments, will govern how we collect, store, use, share and in any other form process your personal
data and your rights during our business relationship and after its termination.
Who are we?
This privacy notice applies to the processing activities of the following data controller entities
within the Universal Global Fx group of companies, which are:
Universal Global Fx performs significant processing on behalf of the other entities of the Universal
Global Fx group. Therefore if you are a customer of the non- European entities of the group we process
your personal data in accordance with this notice and you are entitled to the same protection and rights
mentioned in this notice.
Who may we disclose personal information to?
As part of using your personal information for the purposes set out above, we may disclose your information to:
other companies within the Universal Global Fx group who provide financial and other services;
third party apps providers when you use our apps, communication systems and trading platforms
which are provided to us by third parties;
service providers and specialist advisers who have been contracted to provide us with services
such as administrative, IT, analytics and online marketing optimization, financial, regulatory,
compliance, insurance, research or other services;
introducing brokers and affiliates with whom we have a mutual relationship;
Payment service providers and banks processing your transactions;
auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes;
courts, tribunals and applicable regulatory authorities as agreed or authorised by law or our agreement with you
government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;
any third-party where such disclosure is required in order to enforce or apply our Terms and
Conditions of Service or other relevant agreements;
anyone authorised by you.
We endeavour to disclose to these third parties only the minimum personal data that is required
to perform their contractual obligations to us. Our third-party service providers are not permitted
to share or use personal data we make available to them for any other purpose than to provide services to us.
Our websites or our apps may have links to external third-party websites. Please note, however,
that third party websites are not covered by this privacy notice and those sites are not subject
to our privacy standards and procedures. Please check with each third party as to their privacy practices and procedures.
When and how do we obtain your consent?
We may process your personal data for one or more lawful bases of processing (“Lawful Basis”)
depending on the specific purpose for which we are using your data.
The Lawful basis are the following:
to perform our contractual obligations towards you
to be compliant with the legal and regulatory requirements
to pursue our legitimate interests
Where our use of your personal information does not fall under one of these three Lawful basis
we require your consent. Such consent shall be freely given by you and you have the right to withdraw
your consent at any time by contacting us using the contact details set out in this privacy notice or
by unsubscribing from email lists.
We may use personal data provided by you through our website or otherwise and personal data provided
during our business relationship to communicate with you for marketing promotional purposes as well
as to provide you with market news and analytical reports. The channels used for such communications
may include calling you, sending emails, notifications through your online account portal and sms
notifications including push notifications. You have the right to opt out by using your online account
portal or by sending an email to our DPO, at firstname.lastname@example.org using the registered email
address you disclosed to us, in case you do not have access to your online portal account, or one has
not been provided to you for any reason.
Management of personal information
We are committed to safeguarding and protecting personal data and will implement and maintain
appropriate technical and organisational measures to ensure a level of security appropriate to
protect any personal data provided to us from accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
We have appointed a Data Protection Officer to ensure that our management of personal information
is in accordance with this privacy notice and the applicable legislation.
We require organizations outside the Universal Global Fx Group who handle or obtain personal
information acknowledge the confidentiality of this information, undertake to respect any individual’s
right to privacy and comply with all relevant data protection laws and this privacy notice.
In brief, the data protection measures we have in place are the following:
we train our employees who handle personal information to respect the confidentiality of customer
information and the privacy of individuals
requiring our employees to use passwords and two-factor authentication when accessing our systems;
we apply Chinese walls and employees only have access to the personal data required for the purposes of the tasks they handle.
We apply data encrypting technologies during data transmission during internet transactions and client
access codes transmitted across networks
employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised
persons and viruses entering our systems;
using dedicated secure networks or encryption when we transmit electronic data for purposes of outsourcing;
practising a clean desk policy in all premises occupied by us and our related bodies corporate and providing
secure storage for physical records; and
employing physical and electronic means such as access cards, cameras and guards to protect against unauthorised access.
How do we store personal information and for how long?
We hold personal information in a combination of secure computer storage facilities and paper-based
files and other records and take steps to protect the personal information we hold from misuse, loss,
unauthorised access, modification or disclosure.
When we consider that personal information is no longer needed, we will remove any details that will
identify you or we will securely destroy the records.
However, we may need to maintain records for a significant period of time. For example, we are subject
to investment services and anti-money laundering laws which require us to retain copies and evidence
of the actions taken by us in regard to your identity verification, sources of incomes and wealth,
monitoring of your transactions, telephone, chat and email communications, orders and trades history,
handling of your complaints and records that can demonstrate that we have acted in line with regulatory
code of conduct throughout the business relationship. These records must be maintained for a period of five
years after our business relationship with you has ended or even longer if we are asked by our Regulators.
Personal data provided by you as a prospective client during account opening registration in case the
registration was never completed or your account opening application was rejected, will be maintained for
six months unless there is a regulatory reason requiring us to keep it for a longer period of time.
Where you have opted out of receiving marketing communications we will hold your details on our suppression
list so that we know you do not want to receive these communications.
The data that we collect from you may be transferred to, and stored at, a destination outside the European
Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for
one of our suppliers or Affiliate companies. We will take all steps reasonably necessary to ensure that your
When we transfer your data to other third parties outside the EEA, we may in some cases rely on applicable
standard contractual clauses, binding corporate rules, the EU-US Privacy Shield or any other equivalent
If you would like a copy of such arrangements, please contact us using the contact details below
Please note that these rights do not apply in all circumstances. You are entitled to:
(a) request access to your personal data (commonly known as a “data subject access request”);
(b) request correction of the personal data that we hold about you;
(c) request erasure of your personal data. Note, however, that we may not always be able to comply
with your request of erasure for specific legal reasons which will be notified to you, if applicable,
at the time of your request;
(d) object to processing of your personal data where we are relying on a legitimate interest
(or those of a third party) and there is something about your particular situation which makes
you want to object to processing on this ground as you feel it impacts on your fundamental
rights and freedoms. You also have the right to object where we are processing your personal
data for direct marketing purposes. In some cases, we may demonstrate that we have compelling
legitimate grounds to process your information which override your rights and freedoms;
(e) request restriction of processing of your personal data. This enables you to ask us to
suspend the processing of your personal data in the following scenarios:
if you want us to establish the data’s accuracy;
where our use of the data is unlawful, but you do not want us to erase it;
where you need us to hold the data even if we no longer require it as you need it to establish,
exercise or defend legal claims; or
you have objected to our use of your data but we need to verify whether we have overriding
legitimate grounds to use it;
(f) request the transfer of your personal data to you or to a third party. We will provide
to you, or a third party you have chosen, your personal data in a structured, commonly used,
machine-readable format. Note that this right only applies to automated information
(i.e. not to hard copies) which you initially provided consent for us to use or where we used
the information to perform a contract with you; and
(g) withdraw consent at any time where we are relying on consent to process your personal data.
Please complete the personal data request by email using the registered email address you
disclosed to us, to the following email address: email@example.com.
Erasure requests can also be submitted through your online portal.
We try to respond to all requests within 1 (one) month. Occasionally, it may take us longer
than 1 (one) month if your request is particularly complex or you have made a number of requests.
In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.
We may charge you a reasonable fee when a request is manifestly unfounded, excessive or
repetitive, or we receive a request to provide further copies of the same data. In this case we
will send you a fee request which you will have to accept prior to us processing your request.
Alternatively, we may refuse to comply with your request in these circumstances.
What if you have a query or a complaint?
If you want to exercise your rights, please contact us by email at firstname.lastname@example.org
using the registered email address you disclosed to us.
We try to respond to all requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authorities, the Information Commissioner’s Office (ICO) if you are a client of Universal Global Fx UK Limited or the Cyprus Data Protection Commissioner if you are a client of any of the remaining Universal Global Fx Group entities. Alternatively, you also have the right to lodge a complaint with the data protection authority of your country of residence.
You can find details about how to do this on the following websites: