Blue icon of a padlock in a circle
Privacy Policy

Who we are

StoneX Europe Limited (trading as FOREX.com) of Nikokreontos 2, 5th Floor, 1066 Nicosia, Cyprus (“we”, “us”, “our”) is subject to data protection legislation in Cyprus. StoneX Europe Limited is a wholly-owned subsidiary of StoneX Group Inc. We are committed to protecting your privacy and maintaining the security of any personal information that we receive from you.

If our privacy policy changes, we will place an updated version on our website.


The purpose of this policy

The purpose of this policy is to explain to you what personal information we collect and how we and our associated companies may use it. Companies are associated with us if they are our subsidiaries or we are both subsidiaries of the same corporate entity.
We are the controller of any personal information which you provide to us which means that we decide the purposes and means of the processing of that personal information.


How we obtain and store your information


We obtain your information through applications, emails, letters, telephone calls, SMS messages, cookies and conversations when registering for our services and during the course of our relationship (including information gained when you use our learning tools, demo accounts and trading simulators).


We may monitor or record phone calls with you and monitor (and maintain a record of) all emails and electronic communications sent by or to us.


We follow strict security procedures in the storage and disclosure of information that you have given us to prevent unauthorised access.


What types of personal information we process


We may process the following types of personal information:


• name;

• contact details including email details and phone numbers;

• age or date of birth;

• gender;

• occupation;

• income;

• trading knowledge and experience;

• user names and passwords;

• information relating to your account including your account history, activity and orders;

• IP address;

• MiFIR national identifier;

• CySEC approved reference number;

• Transaction reporting reference;

• Power of attorney / agent details;

• Phone device type;

• Operating system;

• Device ID;

• Cookie ID;

• Google 360 ID;

• GUID; and

• information about your use of our services, products and facilities (including information gained when you use our learning tools, demo accounts and trading simulators);

• Bank Account Number;

• Sort Code;

• Passport Number;

• Marital Status.


How we check your identity


To comply with money laundering regulations, we need to confirm the name and address of our customers and certain third parties. We may ask you to provide physical forms of identity verification when you open your account. Alternatively, we may use a credit reference agency to verify your identity. Our search is not seen or used by lenders to assess your ability to obtain credit.


Using your personal information


As well as checking your identity, the personal information we hold may be used for:


• considering any of your applications;

• carrying out risk assessments;

• complying with our legal and regulatory obligations;

• performing our obligations under any contract we have with you;

• administering our relationship with you including resolving queries or issues;

• establishing and managing your account;

• reviewing your ongoing needs;

• providing you with the information, products and services that you request from us;

• checking your instructions to us;

• investigating any complaint you may make;

• providing evidence in any dispute or anticipated dispute between you and us;

• recovering amounts payable;

• training our staff;

• enhancing our customer service and products;

• undertaking product development and analysis; and

• detecting or preventing fraud or other crimes.


Where you have consented to direct marketing, we may send you marketing material from time to time by post, email, telephone, SMS or other electronic messaging services.


We also use technology to make decisions automatically or to build profiles about you. This technology uses logic that assesses whether our products are suitable for a potential customer, which helps us to determine whether or not it is appropriate for a potential customer to open an account with us. This means that you may not be able to open an account with us if our technology determines that it would not be appropriate for you to do so based on your financial knowledge and trading experience. If you ever think our machines have got it wrong, you can ask for a human to look into it. (See below: "Your Rights - Automated Decision Making and Profiling")


When we may share your information


We may share your personal information with:


• the CySEC and any other regulatory or tax authority;

• such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police;

• our associated companies;

• third-party service providers and advisers who provide us with administrative, financial, research or other services in connection with the services we provide to you;

• our introducing brokers and other commercial partners;

• our professional advisers;

• our auditors for the purposes of carrying out financial and regulatory audits;

• our agents, including credit reference agencies, acting on our behalf, carrying out such credit and identity checks, including money laundering checks, compliance regulatory reporting and fraud prevention checks, as we may reasonably consider necessary or desirable, including requesting a reference from your bank or any credit reference agency. Any third party referred to in this clause may share any personal information concerning you with us and other organisations involved in credit reference, the prevention of fraud and/or crime and/or money laundering or for similar purposes or to recover debts involved;

• courts, tribunals, regulatory or tax authorities and government agencies to enable us to enforce our agreement with you or to comply with the requirements of a court, regulator, tax authority or government agency;

• the purchaser or potential purchaser of one or more of our businesses or product/service lines and their professional advisers; and

• our trade repository.


Please also note that disclosure to the trade repository or regulators may also result in certain anonymous transaction and pricing data becoming available to the public.


Generally, we require that organisations outside our associated companies with whom we share your personal information acknowledge the confidentiality of your data, undertake to respect your right to privacy and comply with the data protection principles and this policy.


Information, which we obtain indirectly


In some cases, we are also provided with your name and contact details by our introducing brokers.


We also gather information relating to you and your online behaviour:


• to help optimise our website, to give you a good user experience and to personalise your use and our communications to you;

• to help us monitor, support and improve the performance of our site (by analysing your use and experience of our site);

• to help us understand more about you and the products and services you use and are interested in; and

• to tailor the online advertising you receive.


Knowing more about you helps us to understand our customers better, and means we can give you recommendations about products and services you may be interested in, and provide you with

relevant advertising and customised communications that are of interest to you.


We combine information that you provide to us with information that is publicly available and/or that we receive from third parties such as advertisers and/or other reputable sources who have obtained your permission to do so, or have otherwise explained to you that this may happen.


Our website uses cookies to operate, personalise and enhance our site performance and to distinguish you from other users. Please see our cookie policy for further details.


The legal basis for our processing of personal information


The legal basis for our processing of personal information will depend on why we process your information.


Where you wish to enter into or have signed a contract to receive services from us, we will process your personal information to enable us to enter into and perform our contract with you. If you don’t provide the personal information requested then we may not be able to provide some or all of those services to you.


Where you use our website, we will process your personal information collected by using cookies in accordance with our cookie policy. Please click here to view our cookie policy.


We may also need to process your personal information to comply with our legal and regulatory obligations including in relation to:


• performing anti-money laundering, terrorism prevention and sanctions screening checks, complaints and investigations or litigation;

• obtaining information about your relevant investment knowledge and experience as required by the CySEC so that we can assess whether a service is appropriate for you;

• obtaining information about your other investment activities in order to ascertain your status for the purposes of regulations which apply to trading in over-the-counter derivatives; and

• submitting and disclosing reportable data to our trade repository.


We also have a legitimate interest to process your personal information for:


• performing the services or supplying the products or information you have agreed to receive from us;

• ongoing management of our relationship with you and to maintain contact with you;

• our internal business purposes which may include business and disaster recovery, document retention/storage, IT service continuity (e.g. back-ups and helpdesk assistance) to ensure the quality of the services we provide to you;

• corporate transactions;

• marketing analytics including marketing campaign optimisation and web analytics to enable us to develop and target the marketing of our products and services;

• keeping our records updated and studying how customers use our products/services;

• developing our products and services, growing our business and informing our marketing strategy;

• defining the types of customers for our products and services and keeping our website(s) and platform(s) updated and relevant; and

• portfolio analysis and experience studies to enable us to improve the products and services we offer to customers.


If you have consented to direct marketing, we will use relevant personal information to enable us to provide you with personal information about products, news and services that may be of interest to you.


Using companies to process your information outside the EEA


All countries in the European Economic Area (“EEA”) have similar standards of legal protection for your personal information. The personal information that we collect from you may be transferred, and stored, outside the EEA. It may also be processed by staff operating outside the EEA who work for us. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. Where we transfer personal information or share it with others outside the EEA, we will ensure that a similar degree of protection is afforded to it by use of model clauses approved by the European Commission, by transferring to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or by such other legally approved method.


How long will we keep it?


We shall hold information about you on electronic and/or paper files whilst you are a customer and for at least five years after you cease to be a customer and, where requested by the CySEC for a period of up to seven years.


How to get more help


If you want help with our Privacy Policy or have questions about it, please contact us.


If you are unhappy about any aspect of the way we collect, share or use your personal information, we would like you to tell us. You can contact us using the details above.


If you are not happy with our response, you have a right to complain to the Office of the Commissioner for Personal Data Protection. Postal address: PO Box 23378, 1682 Nicosia. Tel: +357 22818456 or on its website at http://www.dataprotection.gov.cy/.


Governing law


This privacy policy is governed by Cyprus law.


Your Privacy Rights


This section explains your rights in relation to your personal information in more detail. The various rights are not absolute and are subject to certain exceptions or qualifications.


Further personal information and advice about your rights can be obtained from the Office of the Commissioner for Personal Data Protection. Postal address: PO Box 23378, 1682 Nicosia. Tel: +357 22818456 or on its website at http://www.dataprotection.gov.cy/


You are entitled to receive personal information free of charge except in the following circumstances where we may charge a reasonable fee to cover our administrative costs of providing the personal information for:


• manifestly unfounded or excessive/repeated requests, or

• further copies of the same information.


Alternatively, we may be entitled to refuse to act on the request.


Please consider your request responsibly before submitting it. We’ll respond as soon as we can.


Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll let you know.


In order to exercise any of the rights described below please contact us.


Accessing your information


When can you request access?


You have the right to:


• confirmation that your personal information is being processed

• access to your information, and

• other certain information (most of which should be in our privacy policy anyway).


You can request copies of paper and electric records about you that we hold, share or use. To deal with your request, we can request proof of identity and enough personal information to enable us to locate the personal information you request.


When will access not be provided?


We can only provide you with your information, not personal information about another person. Also, where access would adversely affect another person’s rights, we’re not required to provide this. Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.


Please clearly set out in your access request the personal information that you’re requesting. If this is not clear, we may come back to you to ask for further personal information by way of clarification.


Correcting your information


You have the right to obtain from us without undue delay the rectification of inaccurate personal information concerning you. If you tell us that the personal information we hold on you is incorrect, we will review it and if we agree with you, we will correct our records. If we do not agree with you we will let you know. If you wish, you can tell us in writing that you believe our records still to be incorrect and we will include your statement when we give your personal information to anyone outside the StoneX group of companies. You can contact us using the details in the section above in the main body of the privacy notice headed ‘Obtaining further personal information from us’.


You may also have the right to have incomplete personal information completed, including by means of providing a supplementary statement. Whether or not this is appropriate in any particular case depending on the purposes for which your personal information is being processed.


We need to notify any third parties with whom we’ve shared your personal information that you’ve made a rectification request. We’ll take reasonable steps to do this, but if it is not possible or may involve disproportionate effort we may not be able to do this or ensure they rectify the personal information they hold.


How you can see and correct your information


Generally, we will let you see the personal information that we hold about you, or take steps to correct any inaccurate information, if you ask us in writing.


Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.


Erasing your information


When can you request erasure?


You have a right to have your personal information erased, and to prevent processing, where:


• the personal information is no longer necessary for the purpose it was originally collected/processed;

• you withdraw consent (where previously provided);

• you object to the processing and our legitimate interests in being able to keep processing your personal information don’t take priority;

• we’ve been processing your personal information in breach of data protection laws; or

• the personal information has to be erased in order to comply with a legal obligation.


When can we refuse erasure requests?


The right to erasure does not apply where we are required to retain it for legal or regulatory purposes or where your information is processed for certain specified reasons, including for the exercise or defence of legal claims.


More importantly, if we have to erase your data we may not be able to provide you with our services.


Do we have to tell other recipients of your personal information about your erasure request?


Where we have provided the personal information you want to be erased to third parties, we need to inform them about your erasure request, so they can erase the personal information in question. We’ll take reasonable steps to do this, but this may not always be possible or may involve disproportionate effort.


It may also be that the recipient is not required/able to erase your personal information because one of the exemptions above applies.


Restricting processing of your information


When is restriction available?


You have the right to restrict the processing of your personal information:


• where you disagree with the accuracy of the information, we need to restrict the processing until we’ve verified the accuracy of the information;

• when processing is unlawful and you oppose erasure and request restriction instead;

• if we no longer need the personal information but you need this to establish, exercise or defend a legal claim; or

• where you’ve objected to the processing in the circumstances detailed in paragraph (a) of “Objecting to processing”, and we’re considering whether those interests should take priority.


Do we have to tell other recipients of your personal information about the restriction?


Where we’ve disclosed your relevant personal information to third parties, we need to inform them about the restriction on the processing of your information, so that they don’t continue to process this.


We’ll take reasonable steps to do this, but this may not always be possible or may involve disproportionate effort.


We’ll also let you know if we decide to lift a restriction on processing.


Taking your personal information with you


When does the right to data portability apply?


The right to data portability only applies:


• to personal information you’ve provided to us (i.e. not any other information);

• where the processing is based on your consent or for the performance of a contract; and

• when processing is carried out by automated means.


When can we refuse requests for data portability?


We can refuse your data portability request if the processing does not satisfy the above criteria. Also, if the personal information concerns more than one individual, we may not be able to transfer this to you if doing so would prejudice that person’s rights.


Objecting to processing


You can object to processing in the following circumstances:


a. Legitimate interests:

You’ve the right to object, on grounds relating to your particular situation, at any time to processing of personal information concerning you which is based on legitimate interests.


If we can show compelling legitimate grounds for processing your personal information which override your interests, rights and freedoms, or we need your personal information to establish, exercise or defend legal claims, we can continue to process it. Otherwise, we must stop using the relevant information.


b. Direct marketing:

You can object at any time to your personal information being used for direct marketing purposes (including profiling related to such direct marketing).


If you sign up to receive newsletters or other e-mail messages from us, you can opt-out at any time free of charge by clicking the unsubscribe link at the bottom of the message. You may also choose to opt-out from receiving marketing materials from us through MyAccount or by contacting us.


Automated decision making and profiling


You’ve the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similarly significant effects.


As explained in the main part of our Privacy Policy, we use technology that does this. We only do so where:


• this is necessary for entering into, or performance of, a contract between us;

• this is authorised by applicable law; or

• we’ve obtained your explicit consent to do so for these purposes.


While we’re confident that the technology works, we understand that not everyone is comfortable with decisions being left entirely up to machines. That is why you can request human intervention - let us know your concerns and contest the decision if you think our technology has got it wrong.