Privacy policy

 

  1. Introduction:

OBTAINED LTD, (hereinafter referred to as “OBTAINED” or the “Company”), is a registered entity in Cyprus under registration number HE 453991. The registered address of the Company is Bellapais 18, 4527, Limassol, Cyprus. The official website of the Company is www.obtained.com (hereinafter referred to as the “Website”).

This policy serves as the fundamental basis for the Company’s adherence to Cyprus and European laws and Regulations, and it is regularly reviewed and revised to ensure compliance. It outlines how the Company collects personal data, its usage, and the parties with whom it may be shared, providing data subjects with comprehensive information.

This policy applies to existing and potential clients as well as to any visitors of the Company’s Website. The Company is committed to protecting the privacy of all personal data which it obtains from you, including information obtained during your visits to this Website.

  1. Processing of data:

This policy sets out how and what personal data of users the Company processes while using the Website and social networks whereby we maintain online presences (hereafter referred to as the “Social Networks”), including any personal data you may provide through this Website and Social Networks when you obtain our services. For the purposes of this policy: 

  • “personal data” or “data” means any information relating to an identified or identifiable natural person (“data subject”, “you”, “your” ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

  • “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 


It also provides information on how and what personal data we may collect from third parties. Additionally, it provides information on how you can exercise your rights with respect to the processing of your personal data. This policy applies to the processing activities performed by the Company with respect to the personal data of its clients and potential clients, website visitors and users, since in order to provide our products and services to you, we need to collect your personal information, as specified in this policy.

Our services are not aimed at individuals under the age of 18 years old. We do not knowingly collect information from persons under the age of 18. If you have not reached the age limit in question, do not use the services and do not provide us with your personal information.

Additionally, if you have concerns about how we use your personal data, or requests on how to exercise your legal rights, please use the contact details below:

Entity: Obtained Ltd 
Contact Person: Data Protection Officer 
Email addresssupport@obtained.com 
Postal address: Bellapais 18, 4527, Limassol, Cyprus

 

  1. What personal data we collect and how:

The table below includes the possible types of personal data we process and how we collect it:

Type of personal data

Details

Information you might need to provide to us

  • take part in online discussions or promotions

  • speak with a member of our Social Networks or customer support teams 

  • share information with us on Social Networks

  • contact us for other reasons


We may collect the following information:

  • your first name, last name, title, date of birth, address, nationality, citizenship, country of residence, national ID number or passport number;

  • your phone number, email address, residential address, and proof of address (such as a utility bill or bank statement);

  • investment education experience, risk appetite, capacity for loss, tax status;

  • employment status, occupation (work industry), net annual income, main source of income, net worth, source of funds, anticipated account turnover and other financial information;

  • details of the device you use (for example, your phone, computer or tablet);

  • your username and ID (these are random and are automatically assigned to you when you join, but your username may change subject to your request to do so), your password, preferences, feedback and survey responses and marketing and communication data, such as your preferences in receiving marketing from us and our third parties and your communication preferences;


your registration information;

  • details of your bank account, including the account number, sort code (if applicable) and IBAN;

  • details of your debit cards and credit cards (or other debit or credit cards you have registered with us) - only the four last digits of your card number, expiry date and name printed on the card;

  • copies of your identification documents (for example, your ID, passport or driving licence) and any other information you provide to prove you are eligible to use our services;

  • your country of residence, tax residency information, and tax identification number;

  • records of our discussions, written or oral, if you contact us or we contact you (including records of phone calls)

  • your image in photo or video form (where required as part of our Know-Your- Customer (KYC) checks, to verify your identity, or where you upload a photo to your account).

Information collected from your use of our products, services and website by using cookies (as per our Cookie Policy), and other similar technologies.

Whenever you use our website and/or any other trading platforms in relation to our services, we may collect any of the following information:

  • technical information, including the internet protocol (IP) address used to connect your computer to the internet, country (by IP), your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use;

  • information about your visit, including the links you’ve clicked on, through and from our website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page;

  • information on transactions and your use of our products (for example, your trading information), details of deposits, deposit methods, details of withdrawals, withdrawal methods, details of your trading activity through the Company, including the date, time, amount, currencies, exchange rate, details of device used to arrange the payment and the payment method used.

Information collected from your use of our Social Networks and/or other electronic mediums.

We may collect statistics on the use of our online presences, which are provided by the Social Networks in question.

These statistics are aggregated and may include, in particular, demographic information and data on interaction with our online presences and the posts and content distributed through them.

Your data is usually processed by the Social Networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on your computers. On the basis of these usage profiles, advertisements, for example, are then placed within the Social Networks but also on third-party websites.

Information about your location

We may track your location via your IP address.

Information from others

We may collect personal data from third parties or other parties, such as financial or credit institutions, official and/or other registers and databases, fraud prevention agencies and partners who help us to provide our services, as well as other Affiliates.

This includes information to help us check your identity, information about your spouse and family and/or associate (if applicable in the context of a potential Third Party Payment), information of your IP address information, when you are referred to us to register an account.

Technical data from analytics providers, such as Google.

In some cases, third parties, such as Affiliate partners you interact with, may share information about you with us, whereby they act as individual “controllers”. In such circumstances, we ensure that the relevant provisions of the applicable laws and regulations are respected and any information we receive about you has been provided with your prior consent. Even though we make sure that we enter into data sharing agreements in order to safeguard your data, we would also advise you to consult any relevant third party’s Privacy Policy, prior to registering for an account with us or providing any information to us, since we are not responsible for any information you disclose to such third parties before entering our Website.

Information from Social Networks

Occasionally, we may use publicly available information about you from selected Social Network or websites, to carry out enhanced due diligence checks. Publicly available information from Social Network websites may also be provided to us when we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions related obligations).

Information from publicly available sources

We collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes.

 

  1. Disclosure of your personal data:

The Company may share your personal data for the purposes of processing transactions and providing services related to your account, as well as to secure our business interests and legal obligations regarding suspected abuse of anti-money laundering rules with any affiliated entity of the Company. Such sharing of data within the Group includes, and is not limited to, the data and documents collected by the Company for identification purposes.

The Company may also share your personal data with service providers in the areas of IT,  translation of documents, marketing, auditors, background screening providers, financial institutions, funds, payment recipients, payment and settlement infrastructure providers, exchanges, regulators, public authorities (including tax authorities), our other group entities and service providers, professional advisers, insurers and potential purchasers of elements of our business.

Where it is required to disclose your personal data to third parties for the purposes of performing our legal obligations towards you, we ensure that the relevant provisions of any local laws and regulations are respected. Specifically, we assess these third parties in respect of their compliance with the data protection laws and regulations, and ensure that all required contractual agreements are concluded. Respectively, we ensure that they are committed to ensuring the security of your information and to treating it in accordance with relevant laws and regulations. Finally, we do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, where such third parties act as our ‘processors’.

The table below explains which suppliers we may normally share your personal data with:

 

Type of supplier

Why we share your personal data

Suppliers who provide us with IT and payment services

To help us provide our services to you

Platform providers

To help us provide trading services to you

EMI, Bank Institutions, Payment Institutions

To safekeep your assets and/or execute your deposits/withdrawals

Administrative systems (KYC onboarding service providers, translation, due diligence, finance, reporting, risk analysis)

To help us perform checks in order to decide whether to provide our services to you and to maintain our daily operations

Internal Auditors

To help us comply with our legal obligations

Analytics providers and search information providers

To help us improve our website or app

Customer-service providers, survey providers and developers

To help us to provide our services to you

Communications services providers

To help us send you emails, push notifications and text messages

Data storage

To store your data

 

We may also share your personal data with government authorities, law enforcement authorities, tax authorities upon their request and/or companies and fraud prevention agencies to check your identity, protect against fraud, adhere to relevant tax laws, anti-money laundering laws, any other laws and to confirm that you are eligible to use our products and services. If fraud is detected, you could be refused certain services by the Company.

We may also need to share your personal data with other third-party organisations or authorities, for legal reasons, such as:

  • if we have to do so under any law or regulation

  • if we sell our business

  • in connection with criminal or fraud investigations

  • to enforce our rights (and those of clients or others)

  • in connection with legal claims

  • under mandated Credit Reporting

  • by court order

  1. How we use your personal data:

The Company may process your personal data in various ways, as explained below in more detail:

  1. Providing our services

Whenever you sign up with the Company, apply for or use a product or service, we will use your personal data to:

  • verify your identity (as part of our KYC process);

  • meet our contractual and legal obligations relating to any products or services you use;

  • maintain your personal profile;

  • inform you of changes to the terms or the features of our products or services, such as those associated with providing you with customer support services. We record and monitor all of our communications between you and us, including phone calls, in order to maintain appropriate records, check your instructions, analyse, assess and improve our services, and for training and quality control purposes.

  1. Legal Obligations

Numerous laws to which we are subject to, as well as specific statutory requirements (such as anti- money laundering laws, financial services laws, corporation laws, privacy laws and taxation laws) dictate that we hold and process personal data. Such obligations and requirements impose on us necessary personal data storage and processing activities. It is mandatory, for example, to store personal data, for record-keeping purposes. In general, complying with applicable laws, court orders, other judicial process, or the requirements of any applicable regulatory authorities may require the processing of personal data by the Company.

  1. Protecting against fraud

We use your personal data to check your identity to protect against fraud, adhere to any financial crime related laws and to confirm that you are eligible to use our services. 

  1. Marketing and providing products and services that might interest you

We may use your personal data to do the following:

  • to personalise your in-app experience and marketing messages about our products and services so that they are more relevant and interesting to you (where allowed to by law). This may include analysing how you use our products, services and your transactions

  • Upon your consent, to provide you with information about our partners’ promotions or offers which we think you might be interested in

  • Upon your consent, to allow our partners and other organisations to provide you with information about their products or services

  • measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you

  • ask your opinion about our products or services

  1. To keep our services up and running

We use your personal data to manage our website, (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device.

We also may use your personal data to:

  • verify your identity if you contact our customer support or social media teams;

  • allow you to take part in interactive features of our services;

  • tell you about changes to our services; and/or

  • help keep our website safe and secure.

  1. Preparing anonymous statistical datasets

We may prepare anonymous statistical datasets about our clients’ patterns:

  • for forecasting purposes;

  • to understand how clients use Obtained products and services; and/or

  • to comply with governmental requirements and requests.


These datasets may be shared internally in the Obtained Group or externally with others, including non-Obtained Group companies. We produce these reports using information about you and other clients. The information used and shared in this way is never personal data and you will never be identifiable from it. Anonymous statistical data cannot be linked back to you as an individual.

For example, some countries have laws that require us to report spending statistics and how money enters or leaves each country. We may provide anonymised statistical information that explains the broad categories of merchants that the Company’s clients in that country spend their money with. However, we will not provide any client-level information. It will not be possible to identify any individual Obtained client.

  1. Improving our products and services

We may send you surveys as part of our customer feedback process. It is in our business interests to ask for such feedback to try to ensure that we provide our services and products at the highest standards. We may use the personal information provided by you through such client surveys to help us improve our products and services.

  1. Meeting our legal obligations, enforcing our rights and other legal uses

We may use your personal data:

  • to share it with other organisations (for example, government authorities, law enforcement authorities, tax authorities, fraud prevention agencies, or any other regulatory authority having control or jurisdiction over us or you or our associates or in whose territory we have clients or service providers, and as applicable);

  • occasionally advise you of certain changes to products or services or laws (as we are required to do so by laws and regulations);

  • to manage the risk and optimise the efficiency of our Group operations;

  • if this is necessary to meet our legal or regulatory obligations;

  • in connection with legal claims;

  • to help detect or prevent crime.

  1. Communication:

The Company may record, monitor and process any telephone conversations and/or electronic communications you have with us such as via phone, email, Social Networks or electronic message. All such communications may be recorded and/or monitored and/or processed by us, including but not limited to any telephone conversations and/or electronic communications that result or may result in transactions or client order services, even if those conversations or communications do not result in the conclusion of such transactions. All incoming and outgoing telephone conversations, as well as other electronic communications between you and the Company, may be recorded and stored for quality monitoring, training and regulatory purposes. 

 

  1. Storage and retention of your personal data:

The Company retains your personal information on secure servers and appropriate procedures and measures are in place to ensure that your personal data is safeguarded, as this is of utmost importance to us. We will hold your personal information while we have a business relationship with you, and as permitted by relevant laws and regulations. The retention of your personal data is limited for the purposes we collected it for, and in order for us to comply with any legal, regulatory, accounting, taxation or reporting requirement. 

Moreover, when we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time. For example, we are subject to certain anti-money laundering and taxation laws, which require us to retain the following data, for a period of seven (7) years after our business relationship with you has ended:

  • a copy of the documents we used in order to comply with our customer due diligence obligations;

  • supporting evidence and records of transactions with you and your relationship with us;

  • communication records between us.


Also, the personal information we might hold in the form of a recorded communication, by telephone, electronically, in person or otherwise, will be held in line with relevant regulatory requirements (i.e., 7 years after our business relationship with you has ended, or longer, in order to secure our business interests (such as handling a dispute with you).

We may keep your personal data for longer because of a potential or ongoing court claim, or for another legal reason.

 

  1. What are your rights:

You have certain rights which you can exercise freely and at your own discretion, as per below:

  • Request correction of the personal information that we hold about you: this enables you to have any incomplete or inaccurate information we hold about you corrected. Before we update your file, we may need to check the accuracy of the new personal data you have provided.


If you wish to exercise any of the above, you must send an email to the DPO of the Company at support@obtained.com and your request will be further handled. Please be informed of the following:

  • we reserve the right to request specific information to confirm your identity, speed up our response and ensure your right to access your personal data or any other right as a data subject;

  • we will always respond to your request within a reasonable time and keep you updated.

  1. Personal data breach:

We have put in place appropriate procedures in order to deal with any breach of personal data and will notify you and any applicable regulator of a breach, where we are legally required to do so.

  1. More information and contact information:

If you have any inquiries regarding our privacy or security measures, please feel free to contact us at support@obtained.com. 

  1. Updates:

The Company may modify this policy periodically and without prior notice. Any amendments will be communicated by posting an updated version of the policy on the Website. It is your responsibility to review this policy regularly, and if you continue to use the Website following the publication of any changes, it will signify your acceptance of those modifications.