iS Risk Inc, iS Prime Limited*, iS Prime Hong Kong Limited and iS Prime Markets Limited (“iS Prime” or “us” or “we”)provide trading facilities in over-the counter spot foreign exchange, precious metals and index swaps (“Services”) to Professional Clients and Eligible Counterparties (“Clients” or “you” or “your”). iS Risk Inc is committed to protecting your privacy and maintaining the confidentiality and security of your personal information. Any personal information processed by iS Risk Inc is controlled by us as the data controller of your personal information. Where your details are provided to us as a result of us providing Services to you, then iS Risk Inc, acting as a data controller, may itself or through a third party acting on our instruction, process your personal information or that of your directors, officers, employees and/or beneficial owners.
In our use of personal information, we will be characterised as a “data controller” for the purposes of the Data Protection Laws, to the extent applicable. Our affiliates and delegates may act as “data processors” for the purposes of the Data Protection Laws.
Collection of Client personal information
iS Risk Inc collects personal information about Clients, such as Clients’ names, contact details and financial information, from the following sources:
- account and on-boarding forms, and other information provided by the Client in writing, in person, by telephone, electronically or by any other means. This information includes but is not limited to name, address, contact information, nationality, employment information, and financial and investment qualifications;
- transactions, including account balances and other interactions with iS Risk Inc (for example, discussions with our employees); and
- verification services and consumer reporting agencies, including (but not limited to) a Client’s creditworthiness or credit history.
Why we use Clients’ personal information
Your personal data may be processed by iS Risk Inc:
- to facilitate the opening of your account with us and the management and administration of your account on an on-going basis for contractual purposes;
- in order to carry out anti-money laundering (“AML”) checks and related actions which we consider appropriate to meet any legal obligations imposed on us relating to the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, in accordance with iS Risk Inc’s AML procedures;
- to comply with its legal obligations and, in particular, to report tax-related information to tax authorities;
- to monitor and record calls and electronic communications (i) for processing and verification of instructions, (ii) for investigation and fraud prevention purposes, (iii) for crime detection, prevention, investigation and prosecution, (iv) to enable iS Risk Inc to enforce or defend any legal and administrative proceedings, regulatory investigations or enforcement actions, or (v) where the processing is in the public interest;
- to monitor and record calls for quality, business analysis, training and related purposes in order to pursue the legitimate interests of iS Risk Inc to improve its service delivery;
- to retain AML and other records of individuals to assist with the subsequent screening of them by iS Risk Inc to comply with iS Risk Inc’s legal obligations;
- to pursue iS Risk Inc’s legitimate interests, where such interests are not overridden by your interests, fundamental rights or freedoms, including:
- managing the Services;
- managing our business needs;
- complying with applicable laws.
Disclosure of personal information
iS Risk Inc may share personal information about Clients or potential Clients with affiliates and non-affiliated third parties, as permitted by law (for example, we may share personal information with service providers, and other third party service providers engaged by iS Risk Inc in order to process the data for the above mentioned purposes). Such service providers are contractually restricted from using Client information in any manner other than as mentioned above.
iS Risk Inc may share personal information, without a Client or potential Client’s consent, with affiliated and non-affiliated parties in the following situations, among others:
- To respond to any legal and administrative proceedings, regulatory investigations or enforcement actions;
- In connection with a proposed or actual sale, merger, or transfer of all or a portion of its business;
- To protect or defend against fraud, unauthorized transactions (such as money laundering), lawsuits, claims or other liabilities;
- To service providers in connection with the administration and operations of the account, which may include brokers, attorneys, accountants, auditors, technology providers, administrators or other professionals;
- To assist iS Risk Inc in offering iS Risk Inc affiliated products and services to its Clients; and
- To process or complete transactions requested by a Client.
iS Risk Inc may disclose your personal information to competent authorities (including tax authorities), courts and regulatory bodies as required by law or requested or to affiliates for internal investigations and reporting.
International Transfer of Data
The disclosure of personal information to the third parties set out above may involve the transfer of data to the USA and other jurisdictions outside the EEA, UK and/or the Cayman Islands in accordance with the requirements of the Data Protection Laws, as applicable. Such countries may not have the same data protection laws as your jurisdiction. As your data controller, we will ensure that where your personal data is processed in such countries, there is an adequate level of protection and/or we use an appropriate transfer mechanism to ensure your information is subject to adequate safeguards in the recipient country. You may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.
Collecting personal information Legally
iS Risk Inc is able to legally collect and use your personal information because collecting and using your personal information is necessary for iS Prime to: (a) enable the account to function; and/or (b) carry out its legitimate interests in carrying out any requests or orders made by a Client and complying with applicable law.
Where iS Risk Inc requires your personal information to comply with AML or other legal requirements, failure to provide this information may mean that you will be unable to be accepted as a Client or continue as a Client.
Retention of personal information
iS Risk Inc will retain your personal information for as long as required for us to perform the Services or perform investigations in relation to the Services and in order to enable us to comply with our legal obligations and exercise our legal rights.
You have the right in certain circumstances to:
- obtain confirmation from iS Risk Inc that your personal information is being collected and used by iS Risk Inc and to access the personal information held by iS Risk Inc;
- have your personal information corrected if it is inaccurate or incomplete at any time;
- erasure, or the right to be forgotten, which means you can request deletion or removal of any personal information iS Risk Inc holds about you at any time, subject to iS Risk Inc’s legal obligations;
- block or suppress iS Risk Inc collecting and using your personal information, which means we can continue to store such personal information but cannot further collect or use it in any way;
- obtain and reuse any personal information iS Risk Inc holds about you for your own purposes across different services, which allows you to move, copy or transfer your personal information easily from iS Risk Inc to another place notified by you to us in a safe and secure way without hindrance to the usability of your personal information; and
- object to iS Risk Inc collecting or using your personal information where this is based on:
- a legitimate interest or the performance of a task in the public interest; or
- direct marketing.
To make any requests as listed above, please contact the iS Risk Inc at email@example.com
iS Risk Inc will confirm any requests relating to your rights above within one month of receipt of your request, or within two months of receipt of your request where the request is more complex.
Withdrawal of Your Consent
Where iS Risk Inc has obtained your consent to process your personal information, you can withdraw your consent by emailing iS Risk Inc at firstname.lastname@example.org
Protection of personal information
iS Risk Inc maintains appropriate technical and organizational measures to ensure a level of security appropriate to potential risks, including physical, electronic and procedural safeguards that comply with the Data Protection Laws to protect personal information, including:
- the pseudonymization and encryption of your personal information where appropriate;
- ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- ensuring iS Risk Inc can restore access to personal information in a timely manner if a physical or technical incident occurs; and
- regular testing, assessment and evaluation of the effectiveness of its technical and organizational measures to ensure your personal information is secure.
iS Risk Inc restricts access to the personal and account information of Clients to those employees who need to know that information in the course of their job responsibilities.
Making a Complaint
If you would like to make a complaint about the way iS Risk Inc has collected or used your personal information, please contact us at email@example.com.
You have the right to lodge a complaint with (i) the Information Commissioner’s Office (“ICO”) if you consider that the processing of personal data relating to you carried out by iS Risk Inc or its service providers infringes the DPA, (ii) a supervisory authority in the EU Member State of your habitual residence or place of work or in the place of the alleged infringement if you consider that the processing of personal data relating to you carried out by iS Risk Inc or its service providers infringes the GDPR or (iii) the Ombudsman’s office of the Cayman Islands if you consider that the processing of personal data relating to you carried out by iS Risk Inc or its service providers infringes the DPL.
If you are located in the EEA, our European representatives are:
Michalis Fieros (email: Michalis@ldlaw.com.cy) and George Taoushanis (email: Georget@ldlaw.com.cy)