Legal

Privacy Policy

This Privacy Policy explains how OTOFX collects, uses, discloses, transfers and protects your personal data when you visit our websites, open an account, or use our services, and the rights you have in relation to that data. We are committed to protecting your privacy and handling your data in a transparent and lawful manner.

Last updated: June 2026

1. Who we are (data controller)

The OTOFX entity that provides services to you is the controller of your personal data. Where required, we operate a data protection function that can be reached at [email protected]. References to “we”, “us” and “our” mean the relevant OTOFX entity.

2. The personal data we collect

Depending on your relationship with us, we may collect the following categories of personal data:

  • Identity and contact data: name, date of birth, nationality, address, email and phone number.
  • Verification data: government-issued ID, proof of address and other KYC/AML documentation.
  • Financial data: source of funds, trading activity, account balances and transaction history.
  • Suitability/appropriateness data: knowledge, experience and financial information you provide.
  • Technical and usage data: IP address, device and browser information, and how you use our sites and Platforms.
  • Communications data: records of your contact with us, including emails and support chats.

3. How we collect your data

We collect data directly from you when you complete forms, open an account or contact us; automatically through cookies and similar technologies when you use our websites and Platforms; and from third parties such as identity-verification providers, payment providers, sanctions and credit reference agencies, and publicly available sources.

4. How we use your data and our legal bases

We process your personal data on one or more of the following legal bases: performance of our contract with you; compliance with our legal obligations; our legitimate interests (such as preventing fraud, securing our systems and improving our services); and your consent (for example, for certain marketing).

  • To open and administer your account and provide our services.
  • To verify your identity and meet AML, sanctions and other legal obligations.
  • To assess appropriateness and manage risk.
  • To process deposits, withdrawals and transactions.
  • To provide support and respond to your enquiries.
  • To detect, prevent and investigate fraud, abuse and security incidents.
  • To send service messages and, where permitted, marketing communications.

5. Marketing and your choices

Where we send you marketing, we do so in accordance with applicable law and, where required, on the basis of your consent. You can opt out of marketing at any time using the unsubscribe link in our emails or by contacting us. Opting out of marketing does not affect service communications necessary to administer your account.

6. Sharing and disclosure

We do not sell your personal data. We may share it with: service providers and processors who act on our behalf (such as identity verification, payment, IT, hosting and analytics providers); liquidity and execution venues as needed to provide our services; relevant authorities, law-enforcement and tax bodies where required by law; and professional advisers, auditors and, in the context of a corporate transaction, prospective buyers, subject to appropriate safeguards.

7. International transfers

As a global group, we may transfer your personal data to countries outside your own. Where we do so, we put in place appropriate safeguards required by law, such as adequacy decisions or standard contractual clauses, to ensure your data remains protected.

8. Cookies

We use cookies and similar technologies on our websites. For details of the cookies we use and how to manage them, please see our separate Cookie Policy.

9. Data retention

We keep your personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting and reporting requirements. Applicable rules typically require us to retain account and transaction records for a number of years after the end of our relationship.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration, including encryption, access controls and monitoring. No method of transmission or storage is completely secure, and you are responsible for keeping your login credentials confidential.

11. Your rights

Subject to applicable law, you have rights in relation to your personal data, including:

  • The right to access a copy of the data we hold about you.
  • The right to rectification of inaccurate or incomplete data.
  • The right to erasure in certain circumstances.
  • The right to restrict or object to certain processing.
  • The right to data portability.
  • The right to withdraw consent where processing is based on consent.
  • The right to lodge a complaint with your data-protection authority.

12. Automated decision-making

We may use automated tools to help with fraud prevention, AML screening and risk management. Where any decision producing legal or similarly significant effects is based solely on automated processing, we provide the safeguards required by law, including the ability to request human review.

13. Children

Our services are not directed at, and we do not knowingly collect personal data from, individuals under the age of 18.

14. Changes and contact

We may update this Privacy Policy from time to time. The latest version will always be available on our website. If you have any questions, or wish to exercise your rights, please contact us at [email protected].

This document is provided for general information and may be updated. The version applicable to you is the one accepted during account opening or published by the contracting OTOFX entity.