PRIVACY NOTICE

1. Introduction
ISEC Wealth Management Limited (hereinafter the “Company”), is committed to protect your privacy and handling your data through a transparent manner. The Company understands the importance of maintaining the confidentiality and privacy of your personal data. By entrusting us with your information, we would like to assure you of our commitment to keep such information private. We have taken measurable steps to protect the confidentiality, security, and integrity of your Information.

As per the relevant sections of the Law 2016/679, if you are a natural person, the Company is the personal data processor and controller of your personal data in relation to the processing activities, which your personal data undergo as stated further below. For the purposes of this statement:

i) Personal Data shall mean any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

ii) Controller shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

iii) Processor shall mean a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
2. Privacy Notice
This Privacy notice aims to provide you with an overview of how the Company collects and processes your personal data and informs you about your rights under the local data protection law and the EU General Data Protection Regulation (hereinafter the “GDPR”). This statement is directed to natural persons, who are either current or potential clients of the Company. Furthermore, this statement is directed to natural persons, who had a business relationship with the Company in the past. Further to the above, this statement is providing you with information on the Circumstances that the Company may share your personal information with any third party related to the Company, such as payment service providers.
3. Who we are
The Company is an authorised firm, established in Cyprus, with registration number ΗΕ 360500. The Company is registered and licensed by the Cyprus Securities and Exchange Commission (hereinafter the “CySEC”) with license number 356/18. If you have any questions or want more details about how the Company uses your personal information, you can contact our Data Protection team at dataprotection@is-wm.eu
4. Collection of Information
As part of the Company’s client account opening procedures and ongoing obligations, the Company needs to abide with the legislative framework currently in place with the Cyprus Securities and Exchange Commission (‘CySEC’). Specifically, the Company shall comply with its legal obligations under the AML Law (Law 13(I)/2018), as amended, and the AML Directive (Directive DI144-2007-08 of 2012) for the establishment of the Client’s economic profile and prevention of money-laundering. Additionally, to abide with the relevant record keeping obligations under the European Commission Delegated Regulation (EU) 2017/565 (‘Delegated Regulation’) and Law 87(I)/2017 for establishing the suitability and appropriateness of each Client based on the services offered by each CIF (Suitability & Appropriateness Tests) and recordings of telephone conversations, client transactions, FATCA and CRS.

The Company, based on the points above, is obliged to request, collect and maintain for at least five (5) years the following information:

i) Name and Surname
ii) Date of Birth
iii) Place of Birth
iv) Nationality
v) Copy of the Passport and/or of the Identity Card
vi) Utility bill (including the full address of the client)
vii) Tax Identification Number
viii) Tax Residence
ix) Telephone number
x) Email
xi) Employer’s name
xii) Profession
xiii) Industry of Employment
xiv) Gross Annual Income
xv) Net Worth
xvi) Anticipated Turnover
xvii) Bank Account Details

The Company may collect the above information directly from you (during the account opening procedure) and/or from other persons, including for example, credit reference agencies, fraud prevention agencies, banks, other financial institutions, third party authentication service providers (the Company is using World Check and RDC for authentication purposes and background purposes) and also from public registers. The Company may also collect the information about you based on your use of our website(s), such as pages visited, frequency, duration of visit and trading activities. The Company also keeps records of your portfolio, including a record of:

a) Products traded on your portfolio and their performance;
b) Historical data about the trades and investments including the amount invested;
c) Historical data about your payment activities and your withdrawal activities.
Further to the above, the Company may also request further information to improve its service to you (Existing or Potential Clients) or our activities (if you are our Provider for Trading Data) under our relevant Agreement, as the case may be, or comply with Applicable Regulations.

The Company records any communications, such as electronic, telephone, in person or otherwise, that we may have with you in relation to the services that were provided by the Company to you and the relationship with you. The said recordings will be the Company’s sole property and will constitute evidence of the communications between the Company and yourself.
5. To Whom the Company may disclose your information
As part of using your personal information for the purposes mentioned above, we may disclose your information to the following parties:

a) Service providers and specialist advisers, who have been contracted to provide us with IT, financial, regulatory, compliance, accounting and/or other services.
b) Tied Agents, with whom the Company has established relationships and who are exclusively working for the Company.
c) Regulatory Authorities.
d) Anyone authorised by you.
e) Relevant authorities to investigate or prevent fraud, money laundering or other illegal activity.
f) Trade Repository or similar.
g) The Company’s employees to exercise their duties in accordance with the Agreement between the Company and yourself. The Company requires from organisations outside the Company, who handle or obtain personal information, to acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with all the relevant data protection laws and this privacy notice.
6. Use of the Information
The Company will use, store, process and handle your personal data in accordance with the General Data Protection Regulation 2016/679 and the processing of Personal Data (Protection of the Individual) Law of 2001, as amended or replaced from time to time. Your personal data (not publicly available information and/or already possessed by the Company without abiding with the provisions of the general data protection regulation), will be collected and processed explicitly and specifically only for the purposes that have been collected for (‘purpose limitation’) while the Company must require only the necessary information in relation to the purposes, for which it has been collected. We may transfer your personal information outside the European Economic Area. If we such a transfer will be made, we will ensure that the transfer is lawful and that there are appropriate security arrangements in place to safeguard your personal data as provided by Applicable Regulations. In furtherance, the Company follows the European Commission instructions with respect to this matter and it shall ensure that the third country, that your data may be transferred to, is recognised by the EU Commission as adequate in respect of the protection of your personal data.
7. Your Consent
The use of your personal information requires your consent, such consent will be provided in accordance with the Client Agreement that it is provided to you during the account opening procedure and is also available on the Company’s website(s). The Company, shall rely on the provided consent as its legal basis for processing your personal data. You have the right at any time to withdraw that consent by contacting us via phone or via email at dataprotection@is-wm.com.
If you are a natural person and the use of your personal data requires your consent, the Company will request for your consent to be provided freely, specific, informed and an unambiguous indication of your desires, that by statement or by clear affirmative action, signifies agreement to the processing.

If at any case you feel compelled to consent or you will endure negative consequences if you do not, then your consent will not be valid. Additionally, your consent shall not be bundled-up as a non-negotiable part of terms and conditions, due to the fact that such action would indicate that you haven’t freely provided your consent.
8. Processing your personal data without your consent
In certain circumstances the company can process your data without your consent. The following are considered to be the most relevant cases:

i) Processing is necessary for compliance with legal obligations to which the controller is subject.
ii) Processing is necessary for the performance of a contract to which the person is a party, or in order to take measures of the person’s request prior entering into a contract.
iii) Processing is necessary in order to protect the vital interests of the data subject.
iv) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority or a third party to whom the data are communicated.
v) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party to whom the personal data are communicated to, on a condition that such interests, override the rights, interests and fundamental freedoms of the persons.
9. For how long we keep your personal data
The Company shall keep your personal data for as long as the company has business relationship with you (physical person). Once the business relationship has been ended, we may keep your data for up to five (5) years in accordance with the Laws governing the Company. The Company may keep your personal data for longer than five (5) years for legal, regulatory and/or any other obligatory reason.
Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
10. Management of your personal information and Safeguard Measures
The Company has taken all the appropriate organisational measures to ensure that your personal data are secured. Moreover, the Company has established an internal educational training for its employees so as to mitigate any risks that may affect your data. The employees that are processing your data are being trained to respect the confidentiality of customer information and the privacy of individuals. We consider breaches of your privacy as top priority and the Company will enhance its internal procedures to prevent any such event.

The Company has implemented procedures in respect of safeguarding your data. Access to your information is only given to the employees and/or Tied Agents that need to have access to it in order to enable the continuity of the agreement between you and the Company.

Furthermore, we hold personal information in a combination of secure computer storage, secure servers and from time to time if it is deemed necessary we will store them in paper-based files. The Company has taken all the necessary steps to protect the personal information that it holds from misuse, loss, unauthorized access, modification or disclosure.

While we will use all reasonable efforts to safeguard your information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data transferred from you, or to you via the internet.
11. Change of Information
You may inform the Company at any time that your information has changed or that you wish the Company to delete information we hold about you by emailing us at dataprotection@is-wm.com . We will change or delete your information in accordance to your instructions, except to the extent that we are required to hold your information for regulatory or legal purposes, to provide you with the Services you have requested or to maintain adequate business records.
12. Right of Access
As a natural person you have the right to obtain a copy of any personal information which we hold about you and to advise us of any perceived inaccuracy. Additionally, you may also request the reasoning of holding such information.
To make a request, please contact us, verifying your identity and specifying what information you require. You may contact us via e-mail at dataprotection@is-wm.com
13. Questions
If you have any questions regarding this Privacy Notice, wish to access or change your Information, have a complaint, or if you have any questions about the security on our Website, you may email us at dataprotection@is-wm.eu.
Furthermore, in case you are not happy with the quality of Services we have provided you with regards to the personal data processing, , as a natural person, you have the right to lodge a complaint with our supervisory authority, which is the Commissioner for Personal Data Protection in the Republic of Cyprus.
14. Update of this Notice
This Notice is subject to change without notice. For this reason, you are advised to look for updates from time to time.
Back