Legal document
Privacy Policy
v1.0 draft — final at launch · Pending lawyer review- Version
- v1.0 draft — final at launch
- Last updated
- Pending lawyer review
- Effective
- Live at launch
We collect the minimum data needed to run the brokerage. We don't sell it, we don't share it for advertising, and we delete it when you ask. We hold ourselves to GDPR-grade data-protection standards.
1. Definitions
This section defines the data-protection terms used in this policy so they align with UK GDPR and the Data Protection Act 2018.
{{LEGAL_DRAFT}} — Full defined-terms list pending counsel review. Will define: personal data, processing, data controller, data processor, data subject, special category data, and supervisory authority — consistent with UK GDPR and DPA 2018 terminology.
2. Scope & data controller
This section identifies TFC Global Markets as the data controller and explains what this policy applies to.
{{LEGAL_DRAFT}} — Data-controller details pending counsel review. Will identify the legal entity acting as controller, its registered address, ICO registration number, and the Data Protection Officer or privacy contact.
3. What personal data we collect
This section lists the categories of personal data we collect — identity, contact, financial, verification, and usage data — and where it comes from.
{{LEGAL_DRAFT}} — Data-categories detail pending counsel review. Will cover: identity and contact details, KYC documents, financial and transaction data, device and usage data, and communications, with the source of each category. Principle: we collect the minimum required to operate as a regulated broker.
4. How we use your personal data
This section explains the purposes we use personal data for, such as operating accounts, meeting regulatory obligations, and preventing fraud.
{{LEGAL_DRAFT}} — Purposes of processing pending counsel review. Will cover: account administration, trade execution and reporting, KYC/AML compliance, fraud prevention, customer support, and service communications. We do not sell personal data or share it for third-party advertising.
5. Lawful bases for processing (GDPR Article 6)
This section maps each processing purpose to its lawful basis under Article 6 of the UK GDPR.
{{LEGAL_DRAFT}} — Lawful-basis mapping pending counsel review. Will map each purpose to a lawful basis: contract (account services), legal obligation (AML/KYC, reporting), legitimate interests (fraud prevention, service improvement), and consent (optional marketing), with the legitimate-interests balancing test recorded.
6. How we share your personal data
This section describes the limited circumstances in which we share personal data with processors, partners, and authorities.
{{LEGAL_DRAFT}} — Data-sharing terms pending counsel review. Will cover: technology and payment processors, the liquidity/white-label partner, regulators and law enforcement where legally required, and the contractual safeguards imposed on each. We do not share data for advertising.
7. International data transfers
This section explains how we protect personal data when it is transferred outside the UK.
{{LEGAL_DRAFT}} — International-transfer terms pending counsel review. Will cover: the countries data may be transferred to, the transfer mechanisms used (adequacy decisions, International Data Transfer Agreement, or appropriate safeguards), and how the Client can obtain a copy of the safeguards.
8. Data retention
This section sets out how long we keep personal data and the criteria we use to decide retention periods.
{{LEGAL_DRAFT}} — Retention schedule pending counsel review. Will cover: retention periods by data category, the regulatory minimums (e.g. AML record-keeping), and deletion or anonymization once the period ends. Principle: we delete personal data when you ask, except where law requires us to keep it.
9. Your rights under GDPR and UK DPA 2018
This section explains the Client's data-protection rights and how to exercise them.
{{LEGAL_DRAFT}} — Data-subject rights detail pending counsel review. Will cover: access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making — with how to make a request, our response timeline (one month), and any limits where law requires retention.
11. Children's privacy
This section confirms that our Services are not directed at children and that we do not knowingly process their data.
{{LEGAL_DRAFT}} — Children's-privacy terms pending counsel review. Will confirm the minimum age to hold an account, that Services are not offered to minors, and the steps taken if data from a minor is identified.
12. Changes to this policy
This section explains how we notify the Client when this privacy policy changes.
{{LEGAL_DRAFT}} — Change-notification terms pending counsel review. Will cover: how changes are published, notice for material changes, effective dates, and version history.
13. How to contact us or file a complaint (ICO)
This section tells the Client how to contact our privacy team and how to complain to the Information Commissioner's Office.
{{LEGAL_DRAFT}} — Contact and complaint details pending counsel review. Will include: privacy contact (compliance@tfcglobalmarkets.com), the right to complain to the ICO, and the ICO's contact details (Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; ico.org.uk).
This document is in draft pending review by UK financial services counsel. Sections marked with an amber Draft badge contain placeholder text and are not final. Finalized versions go live before we open to traders. Questions: compliance@tfcglobalmarkets.com.