d) When the processing is necessary for the purposes of legitimate interest pursued by the
Company or a third party, except when such interests are overridden by the interests of
fundamental rights and freedoms of the Data Subject;
e) When the processing is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the Company;
f) When it is in the Data Subject’s vital interest or of another natural person.
As already stated under Section 2 above, the lawful basis applicable for the collection and/or
use and/or otherwise processing of your personal data are the following:
▪ Contract – the processing of your personal data is necessary for the performance of
the Client Agreement.
▪ Legal Obligation – the processing is necessary for the compliance of the Company with
its legal obligations (as these are derived among other from the Law 87(I)/2017
regarding the provision of investment services, the exercise of investment activities,
and the operation of regulated markets, the AML Law, and CySEC’s AML Directive).
3.2 The Company shall not be liable for misuse or loss of personal information and/or otherwise on
website(s) the Company does not have access to or control over.
3.3 The Company will not be liable for unlawful or unauthorized use of the Data Subject’s personal
information due to misuse and/or misplacement and/or malicious use of the Data Subject’s
passwords, either by the Data Subject or any third party.
3.4 The Company will use, store, process and handle the Data Subject’s Personal Information (in case
they are a natural person or a legal representative) in accordance with the GDPR. The Company
may be required to retain and use personal data to meet its’ internal and external audit
requirements, for data security purposes. Additionally, the Company has the right to disclose Client
information (including recordings and documents of a confidential nature, card details) in the
following circumstances and where this is strictly required for the performance of the services
offered to the client under the Client Agreement, or where it is the Company’s legal requirement,
or where the Company is either legally permitted to proceed to such disclosure in compliance with
the requirements of the GDPR:
a) To comply with the Company’s obligations under the GDPR, this Policy and the Company’s
Terms and Conditions, which may include laws and regulations outside the Data Subject’s
country of residence;
b) To respond to requests from courts, law enforcement agencies, regulatory agencies, and other
public and government authorities, which may include such authorities outside the Data
Subject’s country of residence;
c) To monitor compliance with and enforce the Company’s Platform terms and conditions;
d) To carry out anti-money laundering, sanctions or Know Your Customer checks as per CySEC’s
AML Directive and MiFID II laws and regulations; or
e) To protect the Company’s rights, privacy, safety, property, or those of other persons. The
Company may also be required to use and retain personal data after the Data Subject has
closed the Data Subject’s account for legal, regulatory and compliance reasons, such as the
prevention, detection or investigation of a crime; loss prevention; or fraud prevention.
f) to such an extent as reasonably required so as to execute Orders and for purposes ancillary to
the provision of the Services;
g) to payment service providers and banks processing your transactions;