When Your personal information is provided to us by using our Website or when we collect it in any of the ways described in the following sections, You agree that we may collect, store and use it;(a) in order to perform our contractual obligations to You; (b) based on our legitimate interests for processing, direct marketing or for the detection or prevention of crime amongst other reasons or (c) based on Your consent, which You may withdraw at any time, as described in this Policy.
The https://vitalmarkets.com/ (the “Website”) is not intended for children and we do not knowingly collect data relating to children (below 18 years of age).
2. Who is the Controller?
Vital Markets is the controller responsible for Your personal data
3. How is the data about You Collected?
3.1. As a Customer, it is important to understand what Personal Data (“Personal Data”) entails. Personal Data means any information that identifies You as an individual or that relates to an identifiable person. Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymized data (in a manner that does not identify any users of the Website or Customers of our services), we are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times.
3.2. To the extent permissible under applicable law, the following data or information is collected once You:
3.2.1. register to use our websites, applications, or services. We collect from You, through interaction with You, or through Your interaction with us or our services different kinds of personal data;
3.2.2. use our applications;
3.2.3. take part in surveys, enter any competitions or prize draws, participate in any other interactive areas that appear on our website or within our application or service;
3.2.4. interact with us through our chatbots and social media channels.
3.3. The personal data which would be collected has been grouped together as follows:
3.3.1. Registration Data (“Registration Data”) provided by You when You register and/or open Your member account including first name, last name, username or similar identifier, date of birth, territory applicable social security or similar identification number where permitted or required by law, gender, country;
3.3.2. Contact Data (“Contact Data”) includes permanent address, email address and telephone numbers;
3.3.3. Identification and Verification Data (“Identification and Verification Data”) include Your name, surname, permanent address and proof, age, nationality, proof of e-wallet ownership and also territory;
3.3.4. Payments Data (“Payments Data”) includes payment account details, as well as information pertaining to a transaction such as currency, location, amount/value, client IP, user ID, and token.
3.3.5. Transaction and Usage Data (“Transaction and Usage Data”) generated through Your use of our Services, including payments to and from You (deposits, withdrawals, failed deposits, and reversed withdrawals) and other details of Services, date and time of the transactions, account balances, language, country, account balances.
3.3.6. Log-in Data (“Log in Data”) includes internet protocol (IP) address, Your logins (first login/last login, last failed login), duration of logins, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices You use to access our services.
3.3.7. Profile Data (“Profile Data”) encompasses a range of information that contributes to an understanding of individual user preferences and enables personalization strategies.
3.3.8. Marketing Communications Data (“Marketing Communications Data”) includes Your preferences in receiving marketing from us (opt-in/opt-out), as well as Your contact and registration data.
3.3.9. Other Communication Data (“Other Communication Data”) generated as part of communications with us (via recorded calls, chats, emails, or SMS) which may include various data such as network communication data, the content of the communication including Your intentions, interests, complaints, preferences and as well as internal communication.
3.3.10. Analytics data (“Analytics data) include various data generated with respect to Your use of our website and services such as amongst others Your user ID, language, location, browser data, campaigns utilized, channels used, device, scroll depth and certain information is collected using cookies and/or similar tracking technology.
3.4. We will also collect Your information where You only partially complete and/or abandon any information uploaded to our website. In situations where we are required by law or a contractual agreement to collect personal data from You, and You refuse to provide this information, we may be unable to fulfill our obligations under the Agreement (“Agreement”) or initiate an agreement with You. For instance, we may be unable to provide You with the services we offer.
3.5. Our Website, may include links to third-party websites. Clicking on those links or consenting to share the data with other platforms may allow third parties to collect or share Your data. We do not control these third-party websites and are not responsible for their privacy statements. When You leave our website, we encourage You to read the privacy notice of every website You visit.
3.6. We may enhance personal information we collect from You with information we obtain from external or different sources that are entitled to share with us that information such as for example for due diligence purposes. This obligation arises due to:
3.6.1. the purpose of Anti-Money Laundering (“AML”) and Countering Financing of Terrorism (“CFT”), where we gather information about the user’s background from public sources where such information is available and permitted by the law. Additionally, we may obtain information from third-party providers, who are mostly private companies that work with public sources. This information includes whether the user is a politically exposed person if any international or financial sanctions have been imposed, court judgments and insolvency. We use a process called Open-Source Intelligence (“OSINT”) analysis, which involves collecting publicly available information from sources like Google, and social media platforms such as Facebook, Twitter, Pinterest, Instagram, LinkedIn, and other sources. This is done to establish the source of funds and wealth during the AML risk monitoring and due diligence process;
3.6.2. comply with our legal obligations stemming from applicable laws.
4. Are Special Categories of Personal Data collected?
We do not collect any special categories of personal data about You. this includes details about Your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health, and genetic and biometric data). However, from our experience, we may not exclude that You, at Your own discretion, send us such data in communication with us.
5. Customer username and Personal Data
The Customers need to ensure that their usernames do not contain any personally identifiable information, as the usernames are shared with certain partners, and in the course of the sharing of the usernames, this is not, separately, considered personal data.
6. How and why do we use Personal Data
6.1. The usage of Your Personal Data is in accordance with the applicable laws. Your Personal Data will be typically employed in the subsequent circumstances:
6.1.1. to allow You to participate in services and to provide ancillary products to You;
6.1.2. to allow You access and use of the website;
6.1.3. for legal and regulatory reasons, to comply with our legal obligations;
6.1.4. for identification and verification purposes;
6.1.5. to prevent and detect illegal or fraudulent behavior;
6.1.6. for purposes that constitute a legitimate interest of Vital Markets regarding direct marketing of its services;
6.1.7. for analytics purposes.
6.2. In addition to the foregoing, we may use the information generated and stored during Your use of our services for our legitimate business interests to enable us to give You the best service and/or solutions and the best user experience.
6.3. These purposes include:
6.3.1. to deliver advertising, marketing, or information to You that may be useful to You based on Your use of services;
6.3.2. carry out research and development to improve our services, products and applications;
6.3.3. develop and provide new and existing functionality and services.
6.4. We have set out below a description of the possible ways we plan to use Your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process Your personal data for more than one lawful ground depending on the specific purpose for which we are using Your data:
6.4.1. Registration Data, Contact Data, and Log-in Data: These are used to be able to register You as a new user on Our system. Moreover, such data is used to identify and verify You when You access Your account to allow You to participate in services according to Our terms and conditions (“T&Cs”). The legal basis for such data use falls under the performance of the Agreement.
6.4.2. Transaction and Usage data: once provided such data specifically allow You to participate in the services being provided by Vital Markets. Furthermore, by the provision of this data, the Company can process and manage payment transactions. The legal basis for such data to be used also falls under the performance of the Agreement.
6.4.3. Registration Data, Contact Data, Profile Data, Other Communication Data, Transaction and Usage Data: allow us to manage Our relationship with You, to provide You with access to services and any ancillary products. The legal basis for such data to be used also falls under the performance of the Agreement and to be compliant with Our legal obligations.
6.4.4. Registration Data, Contact Data, Profile Data, Identification and Verification Data, Transaction and Usage Data: are gathered for the purpose of AML/CFT and due diligence purposes. The legal basis for such data to be gathered is so Vital Markets is compliant with the legal obligations.
6.4.5. Registration Data, Contact Data, Identification and Verification Data, Log in Data, Payments Data and Other Communication Data: is used to establish and investigate any suspicious behaviour in order to protect our business from any risk and fraud. The legal basis for such data to be gathered is because the Company has a legitimate interest in fraud detection and prevention.
6.4.6. Marketing Communication Data: such data is used in order to market our own goods and services including any offers. The legal basis for such data to be gathered is because the Company has a legitimate interest in promoting its own service, developing its business, and enhancing its relationship with the Customer. Moreover, consent needs to be given by the Customer for such data to be used.
6.4.7. Contact Data: revolves around social media marketing. The legitimate interests of the Company for the use of such data is the same as for Marketing Communication Data.
6.4.8. Transaction, Usage Data, and Analytics Data: such data is used for commercial business analyses for the creation of standards, periodicals as well as reports and web analytics. The legal basis for such data to be gathered is because the Company has a legitimate interest to develop and enhancing their products/services.
7.1. In compliance with relevant laws and regulations and through a legitimate interest or with Your consent, Vital Markets may periodically notify You about similar services. This includes but is not limited to, new services and promotions, and offers. This notification may be conveyed through electronic email or push notifications.
7.2. When relying on legitimate interest, Vital Markets will give You the opportunity to oppose direct marketing and to receive the Company’s newsletter when registering on our Site.
7.3. When relying on consent, the consent may be granted by You when registering on our Site.
8. Social Login
8.1. When users opt to access our platform via Google Identity Provider, they initiate an authentication sequence overseen by this external entity. Throughout this sequence, Google Identity Provider undertakes requisite verification protocols to establish and validate the user’s identity. Upon successful validation, a security token is generated, encapsulating vital user particulars like name and email address. Critically, this security token undergoes digital signing by the respective identity provider, ensuring the veracity and integrity of the enclosed data.
8.2. In the role of service provider, we play a role in the federated single sign-on process. Our validation of the signature affixed to the security token affirms its legitimacy. Subsequent to validation, the user’s identity information within the token is harnessed to create a secure and authenticated session within our platform. Consequently, ongoing access to our services subsequent to the initial authentication obviates the need for recurrent submission of login credentials.
8.3. The crafting of this federated single sign-on proficiency aims to enhance user convenience while maintaining the necessary security protocols. Seamless utilization of existing credentials from Google Identity Provider grants effortless access to our platform, thereby enhancing the overall user experience. It is crucial to emphasize that our dedication to adhering to industry-standard practices and protocols persists throughout this integration, ensuring protection of user security and privacy.
9. Retention of Your Personal Data
9.1. We will only retain Your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
9.2. The criteria we use to determine what is ‘necessary’ depends on the nature of the particular personal data in question. Our normal practice is to determine whether there is/are any law(s) permitting or even obliging us to keep certain personal data for a period of time (in which case we will keep the personal data for the maximum period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against us by You and/or third parties and if so, what the prescriptive periods for such actions are. In the latter case, we will keep any relevant personal data that we may need to defend ourselves against any claim(s), challenge(s), or other such action(s) by You and/or third parties.
9.3. Where Your personal data is no longer required by us, we will either securely delete or anonymize the personal data in question.
10. The recipients of Your Personal Data
10.1. As Vital Markets business partners, suppliers or service providers are responsible for certain parts of the overall functioning or operation of the website, services, and other products, personal data are processed also by them for the above-mentioned purposes on behalf of the Company.
10.2. We require all third parties to respect the security of Your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use Your personal data for their own purposes unless this is permitted or required by law and only allow them to process Your personal data for specified purposes and in accordance with our instructions, after thorough vetting of these partners and on the basis of data processing agreements as may be necessary.
10.3. Your information may be shared with:
10.3.1. third-party providers for the purpose of provision of services;
10.3.2. marketing suppliers to perform certain marketing activities on behalf of Vital Markets;
10.3.3. service providers that enable communication with You;
10.3.4. technical suppliers to support the functioning of the website and our technical systems;
10.3.5. technical administrators of the database to maintain the functioning of the database;
10.3.6. AML providers providing and/or processing certain data for the purposes of compliance with our AML obligations;
10.3.7. cloud services providers for the provision of cloud-based services such as storage or hosting certain software;
10.3.8. service providers for the purpose of data analytics and/or business intelligence;
10.3.9. professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
10.4. If You are suspected to have breached our Terms and Conditions or any applicable laws, or for the purpose of preventing, detecting, or suppressing fraud or other criminal activity, the Company has a right to:
10.4.1. forward Your personal data to the government authorities;
10.4.2. share any of Your Personal Data to the relevant authorities;
10.4.3. share Your Personal Data with relevant law enforcement and/or crime investigation bodies;
10.4.4. respond to any Court subpoena or order or similar official request for personal data.
11. Data Security
11.1. We have implemented security measures to safeguard Your personal data from accidental loss, unauthorized access, alteration, or disclosure. To comply with the law, we employ industry-standard encryption techniques to encrypt data during transit and at rest, always ensuring confidentiality and integrity.
11.2. In addition, we limit access to Your personal data to those employees, agents, contractors and other third parties who have a need to know business requirements. They will only process Your personal data on our instructions or subject to lawful grounds, as well as their duty of confidentiality.
12. Your rights under Data Protection Laws
12.1. You have the right to request confirmation from us regarding the processing of Your personal data and we will provide You with access to the following information at reasonable intervals:
12.1.1. what personal data we have about You;
12.1.2. the reasons why we are processing Your data;
12.1.3. the recipients to whom Your data may have been disclosed;
12.1.4. the duration for which we intend to keep Your data (if possible);
12.1.5. whether we transfer Your data and the safeguards we have to protect Your data;
12.1.6. Your rights with respect to Your personal data;
12.1.7. the process for making a complaint;
12.1.8. the source of Your personal data;
12.1.9. whether we have used any automated decision-making or profiling and any related information.
13. Your Data Protection Rights
13.1. If You are based within the EEA or within another jurisdiction with similar data protection laws, in certain circumstances You have the following rights.
13.2. Although all reasonable efforts will be made to keep Your Personal Data updated, You are kindly requested to inform us of any changes (“Right to Data Rectification”). This is known as Your right to rectification. With respect to Your residential address and phone number, You can notify us of the change by amending Your profile of any changes to Your personal data. If the change pertains to data that cannot be amended by changing Your profile, please contact us. To this end You have the right to ask us to rectify inaccurate personal data and to complete incomplete personal data concerning You. We may seek to verify the accuracy of the data before rectifying it.
13.3. You have the right to ask us to delete Your personal data (“Right to Data Erasure”) and we shall comply without undue delay but only where:
13.3.1. the personal data are no longer necessary for the purposes for which they were collected; or
13.3.2. You have withdrawn Your consent (in those instances where we process on the basis of consent) and we have no other legal ground to process Your personal data; or
13.3.3. You have successfully exercised Your right to object (as explained below); or
13.3.4. Your personal data have been processed unlawfully; or
13.3.5. there exists a legal obligation to erase the data to which we are subject; or
13.3.6. special circumstances exist in connection with certain children’s rights.
13.4. You have the right to ask us to restrict, to store (“Right to Data Restriction”) Your personal data but only where:
13.4.1. the accuracy of Your personal data is contested (see the right to data rectification above), for a period enabling us to verify the accuracy of the personal data; or
13.4.2. the processing is unlawful, and You oppose the erasure of Your personal data; or
13.4.3. we no longer need the personal data for the purposes for which they were collected but You need the personal data for the establishment, exercise, or defense of legal claims; or
13.4.4. You exercised Your right to object and verification of our legitimate grounds to override Your objection is pending.
Following our request for restriction, except for storing Your personal data, we may only process Your personal data:
a. where we have Your consent; or
b. for the establishment, exercise, or defense of legal claims; or
c. for the protection of the rights of another natural or legal person; or
d. for reasons of important public interest.
13.5. You can request us to give You Your personal data in a format that is easy to read by machines, or directly transfer it to another data controller if possible, without harming others’ rights and freedoms (“Right to Data Portability”). This right only applies if:
13.5.1. the processing is based on Your consent or on the performance of a contract with You; and
13.5.2. the processing is carried out by automated means.
13.6. In those cases where we process Your personal data for the performance of a task carried out in the public interest or when processing is necessary for the purposes of the legitimate interest pursued by us or by a third party You shall have the right to object to processing of Your personal data by us. When Your data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your personal data, which includes profiling to the extent that it is related to such direct marketing.
13.7. In situations where we handle Your personal data based on Your consent, we will never assume Your consent but rather obtain it from You in a clear and explicit way. You have the right to withdraw Your consent (“Right to Withdraw Consent”) at any time and the process of doing so should be the same as providing it. If You decide to withdraw Your consent, we will check if we have an alternative legal basis for processing Your personal data, such as a legal obligation. If we do, we may still process Your data without Your consent and will inform You accordingly.
13.8. You are entitled to file complaints (“Right to Lodge a Complaint”) with the relevant Data Protection Supervisory Authority. If You reside in an EU member state, You can file a complaint with the Data Protection Authority of that state. However, we request that You first attempt to resolve any issues with us before contacting the competent authority, even though You have the right to do so at any time, as mentioned above.
14. Other sites
When clicking on and following an external link via our website, application or service to another site or service, this Privacy Notice will no longer apply. We are not responsible for the information handling practices of third-party sites or services, and we encourage You to read the privacy notices appearing on those websites or services.
15. What are cookies?
15.2. Our cookies may be session cookies, which are temporary cookies that identify and track users within our websites, applications, or services, which are deleted when You close Your browser or leave Your session in the application or service. We also use persistent cookies, which enable our websites, applications, or services to remember who You are and Your preferences within our websites, applications, or services and which will stay on Your computer or device after You close Your browser or leave Your session in the application or service.
15.3. We use the following different types of cookies:
15.3.1. Essential Cookies – Used only to make our website work properly or strictly necessary for us to provide the services expected by our users.
15.3.2. Non-Essential cookies – These are cookies that are not required for our website to function or behave as the user would expect it to. These include cookies relating to (i) Marketing, which gathers information about the user’s browsing patterns and behavior to target them with advertisements that would be more likely to interest them; (ii) Analytics/Statistics, which help website owners gather information about users on their website, such as when they first visited the website and/or how often they access it and at what particular time. These also include cookies that log how the user came across the website, using which search engine or other link.
16. Functionality of the cookies
These cookies allow our websites, applications, and services to remember choices You make, such as Your username, language, or the region You are in, as well as provide enhanced, more personalized features. These cookies can also be used to remember changes You have made to Your text size, fonts, and other parts of web pages that You are able to customize. They may also be used to provide requested services. The information these cookies collect may be anonymized and are unable to track Your browsing activity on other websites.
17. Managing Cookies
If You do not want websites to place cookies on Your computer or mobile device at all, You can adapt Your browser settings so that You will be notified before any cookie is placed. You can likewise adapt the settings as such so that Your browser refuses all cookies, or only the third-party cookies.
We may change this Privacy Notice from time to time. However, we will not diminish Your rights under this Privacy Notice. We will always update this Privacy Notice on our website, so please review this when You visit our website. The “last updated” mention lets You know when we last updated this Privacy Notice.