PRIVACY POLICY

This Privacy Policy (the “Policy”) covers Credit Financier Invest (CFI) Ltd. (the “CFI” or the “Company”) and its Website: www.cfifinancial.com/cy (the “Site” or “Website”) regarding types of information that CFI may collect from the Site and the treatment of these personal information. As part of our daily business operations, we need to collect personal data from our clients and prospective clients in order to provide them with our investment services and/or products

This Policy applies to the processing activities performed by the Company to the personal data of its clients/potential clients and Website visitors and more specifically sets out the Company’s obligation regarding the collection, processing, transfer, storage and disposal of personal data relating to existing and prospective clients as well as to any visitors or users of the Company’s Website and other third parties (the “Data Subjects”) in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”). Therefore, this Policy does not apply to websites operated by any other organisations and/or any other third parties.

This Policy will also provide you with instructions on how to proceed if you do not wish to share personal information with CFI when visiting its Site.

For purposes of this Privacy Policy, personal information is information about you that is personally identifiable including but not limited to: name, age, personal identification information, address, e-mail address or phone number. If someone under the legal investing age provides the Company with personal information by obtaining access in violation to the Site access restrictions and its terms of use, CFI ask that his/her parent(s) or guardian(s) contact the Customer Service Department by e-mail, at: [email protected]. Under such circumstances, CFI will undertake all appropriate measures to securely dispose and/or delete such data without any undue delay and inform parent(s) or guardian(s) accordingly. Upon receiving this request, CFI will promptly remove such information from the Company’s records. The CFI Website is only intended for persons of legal trading age. CFI Website may contain links to external websites and through the existence of these publicly available links, the Company does not indorse or take any responsibility regarding their privacy practice or policies. Therefore, you are encouraged to consult the privacy policies of such third parties, so as to be informed about their practices regarding the processing of your personal data. This applies as well on any other information voluntarily provided by you. We are dedicated to protecting your confidentiality and privacy of your personal data and handling your personal data in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the Cyprus Law 125(I) of 2018 providing for the protection of natural persons with regard to the processing of personal data and for the free movement of such data and/or any other applicable legislation (hereinafter referred collectively as the “Data Protection Legislation”).

1- INFORMATION, COLLECTION AND USE OF PERSONAL DATA

CFI does not collect personal information when visiting its Website or through its other online services, unless these information are provided upon registration (completion of the Company’s Account Opening Form). However, it should be noted that the information collected by CFI when visiting its Website or through other online services is collected in an aggregated form, i.e. no personal identification of the concerned individual is possible.

Moreover, we may collect personal information about you from third parties when we seek to verify your identity (as this is described below), as part of our regulatory requirements. Such third parties may include, without limitation, identity verification agencies, credit referencing agencies and similar bodies (i.e. Thomson Reuters Database, Department of Registrar’s website, etc.).

Additionally, this information actively provided by individuals through inter alia, the completion of the Company’s registration form are required, to enable us to assess your application to become a client of CFI and to comply with the relevant rules and regulations. The information that we may collect from you includes the following:

It is further clarified that all relevant information and documentation that is collected when you are successfully become a client of CFI are stored in our CRM system (including without limitation, your personal details, contact details, financial information and trading history). This allows among others, the trace of the client’s trading history, the monitoring of orders/transactions and the better administration of the client’s account and provision of technical and customer support, where this is required.

The Company may also collect the Data Subjects’ information in regards to their use of the Company’s Website, such as pages visited, frequency, duration of visit and trading activities. With regards to each of the Data Subjects’ visits to the Website, the Company may automatically collect information including internet protocol (IP) address, login information, browser type and version, time zone etc.

Moreover, if you access our website via a mobile application, CFI may collect an Application Identifier, subject to your consent as indicated by you in the mobile application, which will be stored on your device until the deletion of the mobile application from the device. This is used for explicit identification of the Application and the mobile device. Additionally, and via the use of the mobile application, the Company may gain access and/or otherwise process log data, including without limitation of the following:

- Internet connection used;

- Chat microphone;

- Mobile brand and version;

- Cookies used on CFI search engine

In the event of a demo account registration, if you consent to the use of your personal data for marketing purposes that will be collected during the registration process (as indicated in the table above), your personal data will be stored in our CRM system and CFI may contact you at any time, either by email or telephone, so as to provide you with information regarding services or products that may be of interest to you.

You further acknowledge, that you have the right to withdraw consent at any time by sending as an email at [email protected]. Once you inform us of your decision, we shall stop contacting you for such a purpose (i.e. we shall not process your personal data for this purpose) and your personal data will be securely erased and/or otherwise deleted. However, it is acknowledged that if you decide to proceed with a registration to open a real account with CFI and you are successfully onboarded as a client, then CFI will use, process and store your personal data (as set out in this Privacy Policy) as indicated in this Policy

Further to the above, you acknowledge that you can contact CFI at any time, if you wish to proceed with a registration to open a real account and you want any assistance (for instance, assistance to proceed with the uploading of the requested documentation).

We ensure that your personal data is processed lawfully, fairly and in a transparent manner for the certain purposes and lawful bases, that are disclosed to you with this Privacy Policy

The information under the categories of Technical Data, Location Data and Online Activity Information is collected for statistical purpose and used to help diagnose problems with the server. This information are not used in any manner for revealing personal information except as described herein.

The information included in the rest of the categories of personal data of the table (except the demo account information) is collected by CFI, when you are going to open a trading account with us. Such information is required to provide our services and products, in order for us to be able to complete our onboarding procedures, to set up and administer your trading account and provide you with technical and customer support.

Therefore, CFI is required to verify your identity, in order to accept you as a client, and we will need such information in order to be in a position to effectively manage your trading account with us. It is required by the AML Law (the Prevention and Suppression of Money laundering and Terrorist Financing Law of 2007 -2022 as amended from time to time) and CySEC’s AML Directive, that the Company collects the necessary data for, inter alia, verifying your identity, constructing your economic profile, monitoring your account and verifying the source of funds (when applicable).

- Processing is necessary for the performance of a contract with you or in order to take steps at the request of you to entering into a contract;

- Processing is necessary for compliance with a legal obligation to which CFI is subject;

- You have provided us with your consent to the processing of your personal data for specific purpose;

- To pursue our legitimate interest.

If CFI requests you to provide to it with certain personal data and you fail to do so, CFI may not be in a position to provide a service and/or to enter into an agreement with you, in which case CFI will inform you accordingly

All personal information provided to CFI through the Site is purely voluntary in nature, by taking into consideration that such information is collected only when you visit our Website and/or proceed with the completion of our registration form to become a client of CFI. If you do not want your information to be collected, please do not submit such information to the Site. If you have already submitted personal information to the Company and wish to have them removed from the records, please contact CFI to the contact details that can be found below. However, you acknowledge that this right is not absolute. More information regarding the right to be forgotten, can be found below and also you can contact as directly at the contact details that can be found herein.

When contacting us for requesting us to delete such information (or in any other case where you have a request to exercise any of your rights, as these are set out herein), we may ask you for information such as: the name and the company’s name (if applicable), company’s/ home address, date of birth, telephone, business and mobile numbers, as well as any other identifying information which may be required by CFI occasionally. Please note that upon contacting CFI, you are not considered by the Company as anonymous anymore.

Information about your transactions as a client with CFI are collected, including information about your use of the Company’s Site, the dates and times you have accessed the Website, the version of the terms of use and Privacy Policy which you have accepted every time you log in and any other information freely provided, which CFI may choose to collect occasionally. This information are collected for the purpose of providing you with the requested services or products and be able to administer your trading account.

CFI may automatically receive and record information on its server logs from your browser, including your IP address, cookie information, and the page that has been requested.

CFI uses information for the following general purposes: fulfill clients’ requests, improve the Company’s products of services, for contest registrations and sweepstakes, for the submission of publications and/or advertisements, to provide information to third parties affiliated to CFI and to contact the clients. We undertake that such processing of your personal data will fall under one of the above-mentioned lawful bases. We will not provide your information to nonaffiliated third parties without your prior consent. More information regarding whom we may share your personal data with, can be found below.

We may also process your personal data to tell you about products, services and offers that may be of interest to you or your business. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services. This information helps us to improve our services, customise browsing experience and enables us to inform you of additional products, services or promotions relevant to clients. We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so

By entering personal information into the Site, you acknowledge that you are of legal investing age in the jurisdiction in which the access to the Site was made.

3-INFORMATION, SHARING AND DISCLOSURE

CFI is securing and encrypting the confidential information where appropriate. CFI does not rent, sell, or share personal information about its clients with other people or organizations except as provided herein, or under the following circumstances: We respond to orders, court orders, legal process, to establish or exercise the Company’s legal rights or to defend against legal claims; We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of CFI’ terms of use, or as otherwise required by the law.

The Data Subject’s information (not included in the public domain or already possessed by the Company without a duty of confidentiality) which the Company holds, is to be treated as confidential and will not be used for any purpose other than in connection with the provision, administration and improvement of the services to the Data Subjects, for managing the Data Subjects accounts, for reviewing their ongoing needs, for enhancing customer service and products, for giving the Data Subjects ongoing information or opportunities the Company believes may be relevant to the Data Subjects, for improving the business relationship, for anti-money laundering and due diligence checks and purposes, for research and statistical purposes and for marketing purposes.

CFI IS ENTITLED TO SHARE AND/OR OTHERWISE DISCLOSE YOUR PERSONAL DATA TO A THIRD PARTY:

i. to the extent that it is required to do so by under and/or pursuant to any applicable legislation, rules and/or regulations;

ii. where there is a duty to the public to disclose; or

iii. at your request or with your consent to the parties described below.

When the Company transfers your data to other third parties outside the EEA such transfers will comply with the General Data Protection Regulation (Regulation EU 2016/679), and hence the Company may in some cases rely on a Commission Adequacy decision, or appropriate safeguards or other grounds provided by the GDPR. You may contact the Company in order to be informed of the appropriate or suitable safeguards used.

THEREFORE, CFI MAY DISCLOSE YOUR PERSONAL DATA, IN THE FOLLOWING CIRCUMSTANCES:

(a) where required by law or a court order by a competent Court;

(b) When the Company is subject to a legal obligation;

(c) When the processing is necessary for the purposes of legitimate interest pursued by the Company or a third party, except when such interests are overridden by the interests of fundamental rights and freedoms of the Data Subject.

(d) where requested by CySEC or any other regulatory authority having control or jurisdiction over the Company or the client or their associates or in whose territory the Company has clients;

(e) to government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;

(f) to relevant authorities to investigate or prevent fraud, money laundering or other illegal activity;

(g) where necessary in order for the CFI to defend or exercise its legal rights to any court or tribunal or arbitrator or Ombudsman or governmental authority;

(h) to such an extent as reasonably required so as to execute orders and for purposes ancillary to the provision of the services and/or products you requested;

(i) to payment service providers and banks processing your transactions;

(j) to auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes; provided that in each case the relevant professional shall be informed about the confidential nature of such information and commit to the confidentiality herein obligations as well;

(k) to a Trade Repository or similar under the Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties (CCPs) and trade repositories (TRs) (EMIR);

(l) only to the extent required, to other service providers for statistical purposes in order to improve the Company’s marketing, in such a case the data will be provided in an aggregate form;

(m) where necessary in order for CFI to defend or exercise its legal rights to any court or tribunal or arbitrator or Ombudsman or governmental authority;

(n) to anyone authorised by you and when the Data Subject has given consent to the Company to process his/ her data;

(o) to an affiliate or introducing broker of CFI or any other company in the same group of the CFI;

(p) to any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions or other relevant agreements;

(q) your personal data is disclosed in relation to US taxpayers to the Inland Revenue in Cyprus, which will in turn report this information to the IRS of the US according to the Foreign Account Tax Compliance Act (FATCA) of the USA and the relevant intergovernmental agreement between Cyprus and the US;

Your trading statements are disclosed with the sister company CFI Global Management Ltd, which as you have acknowledged, is responsible for providing the Company with the daily statements, however the Company is further sending the daily statement to you as received form CFI Global Management Ltd and does not share personal client’s data with CFI Global Management Ltd.The Company shall not be liable for misuse or loss of personal information and/ or otherwise if the Company does not have access to or control over.

The Company will not be liable for unlawful or unauthorized use of the Data Subject’s personal information due to misuse and/or misplacement and/or malicious use of the Data Subject’s passwords, either by the Data Subject or any third party. The Data Subjects’ information which the Company holds is to be treated by the Company as confidential and will not be used for any purpose other than those stated under this Policy.

4- COOKIES

CFI may use web beacons to access CFI cookies inside and outside the Company’s network of websites and in connection with the Site’s Services. The Company may set and access CFI cookies on your computer. Cookies are pieces of information that may track visitors’ source, click source, search keywords, and many other information used to get to the Company’s Website and user circulations to related web pages. Some web-based services require those cookies. Please note that we do not sell or distribute those confidential agreements to any other third party. Any information that the website may store in cookies, is used exclusively for internal purpose only

More information on cookies and how we collect and use them can be found on our “Cookies Policy” available on our Website

5- CHANGES TO THIS PRIVACY POLICY

CFI may update this Policy occasionally in order to ensure that this is fully updated with the latest legal requirements and any changes to our personal management practices. Upon updating this Policy, we will ensure to notify you of such changes, where required. Moreover, a copy of the latest version of this Policy will always be available on our Website. The Company may provide its clients with notices, by: e-mail, regular mail or postings on the Site.

6- MONITORING

CFI monitor only live information for the client if he/she is chatting with the Company using the live chatting system, which will detect if the client already exists within the CRM system.le on our Website. The Company may provide its clients with notices, by: e-mail, regular mail or postings on the Site.

7- SECURITY

CFI takes all appropriate measures to ensure a level of security appropriate to protect any personal data provided to us or otherwise collected by CFI (where applicable) from third party sources, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Your personal data may be stored electronically or in paper form.

CFI implements appropriate technical and organisational measures such as data encryption, access management procedure, clean desk policy, business continuity and disaster recovery, IT systems risk assessment, physical and logical access segregation, process in case of personal data breach policy etc. Additionally, CFI limits access to the Client’s personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process the Client’s personal data on the Company’s instructions and they are subject to a duty of confidentiality

Online and money transactions are not done on the Website, but they are done on the gateway for the third party companies dealt with, for example:

a) Deposits are done on gateway with payment companies using the Client’s registered user name and password which he/she have created when opening the account.

b) Withdrawals are also following the same procedure as for the deposits with extra information provided by the client to meet the required and registered data with the Company’s database, whereas the Client’s deposit transaction, whether to his Card, bank transfer, Skrill, or any other e-payment method are done aside under third party gateways and not on the website itself.

8- DATA SUBJECT RECORDS

Under the applicable regulatory obligations, the Company is required to retain copies and evidence of the actions taken by us in regard to your identity verification, sources of incomes and wealth, monitoring of your transactions, telephone, chat and email communications, orders and trades history, handling of your complaints and records that can demonstrate that we have acted in line with regulatory code of conduct throughout the business relationship. These records must be maintained for a period of at least 5 (five) years and/or up to a maximum of 7 (seven) years after the termination of the business relationship.

Further to the above, when your personal data is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, it is acknowledged that such personal data may be retained for a period of time as per above, i.e. we are subject to certain anti-money laundering laws which require us to retain personal data for a period of five (5) years after our business relationship with you has ended or if requested by CySEC for a period of seven (7) years.

9. YOUR RIGHTS

RIGHT OF ACCESS – you have a right to request us to confirm whether we are processing your personal information and also to provide you with a copy of the personal data that we hold about you.

RIGHT OF RECTIFICATION – you have a right to request from us to correct the personal data that we hold about you that is inaccurate or incomplete. The Company will update your personal data in accordance with your instructions.

RIGHT OF PERSONAL DATA (Right to be forgotten) – you have a right to request from us in certain circumstances to erase your personal data from our records. In case that these circumstances apply to your case and provided that no exception to this obligation applies (e.g. where we are obliged to store your personal data in compliance with a legal obligation under Cypriot or EU law), the Company acting as your controller will erase your personal data from its records.

If the Data Subject requests the deletion of their personal data, this will result in the automatic closure of their account(s) and the Company will remove their personal data from active processing. However, as per the applicable laws and regulations the Company will be required to maintain the Data Subject’s personal data to comply with their legal and regulatory requirements as well as in accordance with their internal compliance requirements in relation to maintaining records.

RIGHT TO RESTRICTION OF PROCESSING - you have a right to request from us where certain conditions apply, to restrict the processing of your personal data. Such conditions, include without limitation, the case where the processing is unlawful, and you oppose the processing of the personal data and request the restriction of their use instead. However, such restriction will not stop us from storing your personal data.

RIGHT OF PORTABILITY – you have a right to receive your personal data which you provided us in a structured, commonly used and machine-readable format and to transmit this elsewhere or ask us to transfer them to another data controller, to the extent applicable.

RIGHT OF OBJECT/OPT-OUT – you have a right to object on grounds relating to your particular situation, to certain types of processing such as direct marketing or where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. However, it is acknowledged that under certain cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Moreover, and in cases where the processing of your personal data is based on your consent, you are entitled to withdraw such consent whenever. However, any withdrawal of consent shall not affect the lawfulness of processing based on consent, before it was withdrawn by you.

If you decide to do so, we may not be able to continue to provide information, services and/or products requested by you and we will have no liability to you in this respect.

AUTOMATED-DECISION MAKING/PROFILING – in cases that fall in the scope of automated decision-making and/ or profiling, you are entitled to challenge the results you have received by the automated system, express your point of view and request us to check manually the results based on the answers you initially provided via the automated system.

In general, it is acknowledged that the exercise of your above rights may be subject to certain restrictions, and therefore, there might be cases where we may be unable to fulfill your request. Moreover, once we receive a request to exercise any of your rights, we may request you to provide us with certain identification documents, in order to verify your identity. In addition, we shall respond to such request within 1 (one) month of receipt of the request, a period that may be extended by 2 (two) further months, where necessary, by taking into consideration the complexity and number of requests. However, under this exceptional event, we shall inform you of any such extension, within 1 (one) month of receipt of the request, together with the reasons for the delay.

10. OUR COMMITMENT TO YOU

Your privacy is paramount to us, as is the privacy of every other visitor and client (both existing and former. The entire team here at CFI is fully committed to safeguarding any information we collect, use and hold about you. We shall remind you with the General Data Protection Regulation (GDPR), which will apply from 25th May 2018, creates consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals in the EU.

While many of the principles build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards and substantial fines. For example, it requires a higher standard of consent for using some types of data (personal data, proof of identification, proof of residency, signatures, cardholders, etc.) and broadens individuals’ rights with respect to accessing and porting their data. It also establishes significant enforcement powers, allowing a company’s supervisory authority to seek fines of up to 4% of global annual revenue for certain violations. Credit Financier Invest (CFI) Ltd is committed to the above Law and has appointed a Data Protection Officer (DPO) who is responsible for overseeing any questions with respect to that matter. If you have any questions, including any request to exercise your legal rights, please contact the DPO using the email [email protected]

FURTHER TO SECTION 3 ABOVE, YOU FURTHER ACKNOWLEDGE THE FOLLOWING:

a) Agree that all personal information filled on the real account steps deemed to be accurate, real and legal.

other records may be disclosed to third parties associated with CFI. In that respect, CFI might disclose the client’s details to the execution venue in case of disputes related to trading issues.

c) Acknowledge that any third party entities to whom we may need to disclose and/or transfer your personal data may located in countries where data protection Laws may not provide an equivalent level of protection to the Laws of the Republic of Cyprus; under such circumstances, CFI shall comply with the principles of the Data Protection Legislation and hence may in some cases, rely on a EU Commission Adequacy Decision, or other appropriate safeguards (e.g. applicable standard contractual clauses, binding corporate rules) or other grounds provided by the relevant legislative framework

d) Agree that your personal information may be disclosed to third parties for marketing purposes and in order to best administer your client’s relationship with CFI.

e) Acknowledge and agree that such third parties may provide you with marketing material regarding investments and related services, including new products and services offered by them and newsletters, market updates and investment opportunities by email, sms, regular mail, fax or telephone.

f) Acknowledge that any agreement between the two parties shall be governed by and construed with the Laws of the Republic of Cyprus and the Cypriot Courts will have the exclusive jurisdiction in case of any dispute.

g) Agree that you have carefully read and understood the above mentioned provisions regarding GDPR and that you provide your consent so that for CFI to collect and process personal data which lawfully obtain from you and from other publicly available sources, all in accordance with the Company’s Privacy Policy.

In order that we may in a state of compliance with the General Data Protection Regulation (GDPR) and in order that we may be in a position to proceed with a business relationship with you, you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. CFI is committed to protecting your privacy and handling your data in an open and transparent manner, and as such we process your personal data in accordance with the GDPR and the local data protection law. Provided that you have given us your specific consent for processing, then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

11- GOVERNING LAW

Any use of our website will be governed by the Laws of the Republic of Cyprus, and by accessing https://cfifinancial.com/cyyou agree to be bound by all the Terms and conditions for the use of the website that are published in our Site

12- LIMITATION OF LIABILITY

We do not provide any warranty as to the accuracy, adequacy or completeness of the information and materials contained in our website. We also expressly reject any liability for any errors and/ or omissions regarding in this regard.

CFI doesn’t provide any warranty of any kind, implied expressed or statutory, including but not limited to the warranties of non-infringement of third party rights, title merchantability, fitness for a particular purpose and freedom from computer virus, in conjunction with the information and materials that appear on our website

Hyperlinks to other websites are followed at your risk and we cannot vouch for the content, accuracy, and opinions expressed by third-party websites. The website links that appear on third-party websites are not controlled, investigated, verified, monitored and/ or endorsed by us, so please navigate carefully when on third-party websites. Hence, you should consult the privacy policies applicable to the website(s) in question, so as to properly informed about the processing activities of such website(s).

Any damages, losses or expenses which arise in connection to our website or its use or inability to use by any person or in connection to the inability to execute an order, error, omission, interruption, fault, delay in operation or transmission, computer viruses, communication failure or line or system failure, even if CFI or its representatives have been informed about the possibility of such damages, losses or costs; and for errors or inaccuracies in the transmission process of data and/ or orders in trading Forex and/ or CFDs, or any instructions from the client/ visitor of our site, interference, fraudulent impersonation, breaking of secret access codes, erroneous recording or transmission of message or system failure due to force majeure or for whatever other reason which is not due to breach of the above either by CFI.

We shall not be held liable for any damage that may occur to the hardware or software of any visitor that may arise as a result of the use of our website and/ or land or in connection of our website with other websites/ hyperlinks or internet resources.

13- DO YOU HAVE ANY QUESTIONS?

If you’ve got any questions or concerns that haven’t been covered in this Privacy Policy, feel free to contact us.

In any event, you have the right to lodge a complaint with the supervisory authority in Cyprus, which is the Office of the Commissioner for Personal Data Protection. You can find more information about how to contact the Commissioner on the following website: http://www.dataprotection.gov.cy

The CFI Website is secured from several other injections, spams, and many other illegal “Trojans” viruses that may result in any failures by using special encryption and special captcha prevention.

August, 2023