JFD Group Ltd (hereinafter referred to as “we”, “us”, “our”, “JFD” or “the Company”) is committed to protect your privacy and handle your data in an open and transparent manner.
The present privacy statement:
Through this privacy statement, your data may be called either “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address and identification number.
If you have given us your specific consent for processing (other than for the reasons set out below) then the lawfulness of such processing is based on that consent. You also consent when the Company is transferring your personal information outside the European Economic Area where this is necessary for the Company to fulfil its contractual obligations to you. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
We are furthermore obligated to collect such personal data not only for the commencement and execution of a business relationship with you but also for the performance of our contractual, regulatory, statutory and legal obligations.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.
The Company must receive or collect your information to create your account with us and accept you as a client of the Company. Further we collect data to operate, provide, improve, understand, customise and support our services in relation to your account. We also have the right and the duty by virtue of its area of activity to check the accuracy of the client data contained in the databases by periodically asking you to update and/or correct or confirm the accuracy of the client data provided. We ask and collect from our clients, prior to using the JFD platform and/or services, the personal data information below:
a) Contact Data: When you sign up for a JFD Account, we require certain information such as your first name, last name, nationality, date of birth, place of birth, gender, citizenship; telephone number (landline and mobile), fax number, email address and postal address.
b) Family and Professional Data: include information on your marital status, education, occupation, information regarding your financial situation such as source of wealth and gross annual income.
c) Tax Data: we collect information such as country of residency, tax identification number and citizenship
d) Financial data: To use the services of JFD we require you to provide certain information (like information about your bank account, name of your bank, IBAN number, SWIFT/BIC number) in order to facilitate the processing of payments.
e) Any other data needed from the Company to perform its due diligence obligations and any other statutory, regulatory, legal obligations.
We may also collect and process personal data which we lawfully obtain not only from you but also from other entities within the JFD Group or other third parties, e.g. public authorities, companies that introduce you to us, companies that process card payments and publicly available sources which we lawfully obtain, and we are permitted to process.
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the local data protection law for one or more of the following reasons:
A. For the performance of a contract
We process personal data in order to offer financial services based on contracts with you but also to be able to complete our acceptance procedure so as to enter into a business relationship with prospective customers. The purpose of processing personal data depends on whether the customer is a natural or legal entity, depends on the classification/categorisation of the client (i.e. retail, professional) and to the requirements for each service.
B. For Identity Verification purposes
The Company needs to perform its due diligence measures and apply the principles of KYC (Know-Your-Client) before entering a client relationship in order to prevent actions, such as money laundering or terrorist financing, and also to perform other duties imposed by law. Therefore, we collect from our clients’ identity verification information (such as images of your government issued national ID card or International Passport, or driving licence or other governmental proof of identification, as permitted by applicable laws) or other authentication information. We are also requesting our clients to provide us with a recent Utility Bill in order to verify their address. Further to this, the Company can use third parties which carry out identity checks on its behalf.
C. For compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements. There are also various supervisory authorities whose laws and regulations we are subject to.
Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
These include amongst others transaction reporting requirements, assessment of the clients’ knowledge and experience, FATCA and CRS reporting.
D. For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
- Initiating court proceedings and preparing our defence in litigation procedures,
- Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures,
- Measures to manage business and for further developing products and services,
- Sharing your personal data within the JFD Group for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework,
- The transfer, assignment (whether outright or as security for obligations) and/or sale to one or more persons and/or charge and/or encumbrance over, any or all of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company.
E. For Marketing Purposes
The Company may use client data, such as location or trading history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. You always have the right to change your option if you no longer wish to receive such communications.
In the course of the performance of our contractual and statutory obligations, your personal data may be provided to various departments within the Company but also to other companies of the JFD Group. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent.
Under the circumstances referred to above, recipients of personal data may be:
- Supervisory and other regulatory and public authorities, notary offices, tax authorities, criminal prosecution authorities as much as a statutory obligation exists.;
- Credit and financial institutions such as banks, payment systems and processors, institutions participating in the trade execution and execution venues (for example regulated markets, multilateral trading facilities, trade repositories and other local or foreign brokers)
- External legal consultants authorised by the Company
- Financial and business advisors authorised by the Company
- Auditors and accountants authorised by the Company
- Marketing and advertising agencies
- Fraud prevention agencies
- File storage companies, archiving and/or records management companies, cloud storage companies
- External authorised processors for processing client data
- Debt collectors subject to bankruptcy or insolvency claims
- Potential or actual purchasers and/or transferees and/or assignees and/or charges of any of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company, and their professional advisers, service providers, suppliers and financiers.
- Any members of the JFD Group, which shall mean any of the ultimate holding companies and their respective subsidiaries;
We may process your personal data to inform you about products, services and offers that may be of interest to you. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so – by clicking on the tick box during the account opening form – or in certain cases, if we consider that it is in our legitimate interest to do so.
Further, you have the option to choose whether you wish to receive marketing related emails (company news, information about campaigns, the company’s newsletter, the company’s strategic report, etc.) to your provided email address by clicking the relevant tick box during the account opening form.
You have the right to object at any time to the processing of your personal data for marketing purposes or unsubscribe to the provision of marketing related emails by the Company, by contacting at any time our customer support department via the following ways:
a) By Email: email@example.com
b) By post or in person at the Company’s Headquarters at: Kyrillou Loukareos 70, Kakos Premier Tower, 4156 Limassol, Cyprus
The Company will keep your personal data for as long as a business relationship exists with you, either as an individual or in respect of our dealings with a legal entity you are authorised to represent or are beneficial owner. Once the business relationship with you has ended, we are required to keep your data for a maximum period of seven years to meet our regulatory and legal requirements.
If reasonably necessary or required to meet other legal, contractual or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep for an additional three years some of your information as required, even after the above-mentioned period.
When we no longer need personal data, we securely delete or destroy it.
You have the following rights in terms of your personal data we hold about you:
1. Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request rectification/correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may request additional information and documentation required to validate the need for the requested change of data.
3. Request erasure of your personal information. You can ask us to erase your personal data, exercising your right “to be forgotten”, where there is no good reason for us continuing to process it. This request to erase your personal data will result in the closure of your account and termination of the client relationship. However, the Company is required to maintain the client’s personal data to comply with its legal and regulatory requirements, as well as in accordance with internal compliance requirements in relation to the maintenance of records. We shall preserve data for at least five years following the termination of the client relationship, unless other terms for the preservation of data or documents are prescribed by law.
4. Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or processing is required for the establishment, exercise or defence of legal claims.
5. You also have the right to object to your personal data being processed for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing. If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
6. Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name (“right to data portability”).
In order to exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us through the ways mentioned in our website at: https://www.jfdbank.com/en/support/contact-us.html
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you for data assessments (including on payment transactions) which are carried out in the context of combating money laundering and fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you.
As a general rule, the client data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA and/or to other companies of the JFD Group as well as service providers who are engaged on our behalf and who are outside the European Economic Area (EEA). When you give us your personal data, you agree to us doing this. This exception applies to the transfer of client data when it is required by law, e.g. reporting obligation under tax law and other tax treaties. (FATCA and CRS)
Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
Upon request, the client may receive further details on client data transfers to countries outside the EU/EEA.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features in an attempt to prevent unauthorised access.
When you email the Company (via the “Contact Us” page), or using the Live Chat feature, a person may be requested to provide some additional personal data, like their name or email address. Such data will be used to respond to their query and verify their identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by sending an email to firstname.lastname@example.org. You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Instructions as to how to submit a complaint can be found in their website: www.dataprotection.gov.cy.
The Company reserves the right to modify or amend this Privacy Statement unilaterally at any time in accordance with this provision.
If any changes are made to this privacy statement, we shall notify you accordingly. The revision date shown on at the end of this page will also be amended. We do however encourage you to review this privacy statement occasionally so as to always be informed about how we are processing and protecting your personal information.
For any questions you may have or if you want more details about how we use your personal information, you can contact our Data Protection Officer, located at Kakos Premier Tower, Kyrillou Loukareos 70, 4156 Limassol, email: email@example.com.
Our website uses small files known as cookies to enhance its functionality and improve your experience.
The General Data Protection Regulation (EU) 2016/679 shall come into effect on May 25th 2018. Until then, the Processing of Personal Data (Protection of Individuals) Laws 2001 till 2012 remain in force.
Last update: 17/12/2018