Privacy Policy

1 Introduction

1.1. Vector Financial Services (Pty) Ltd (hereafter the “Company”, “we”, “us”, “our”, as appropriate) is a Financial Service Provider, with Registration number: 2022/709676/07, acting as juristic representative of an entity regulated by the Financial Sector Conduct Authority (FSCA) in South Africa with license number 52313.
1.2. The Company provides an online trading platform which allows retail investors to trade over-the-counter derivatives, more specifically Contracts for Difference (CFDs). A CFD is a leveraged contract entered into with the Company on a bilateral basis. It allows an investor to speculate on rising or falling prices in an underlying instrument such as a currency pair, precious metal, index, commodity, future, or share. A CFD is an agreement between a ‘buyer’ and a ‘seller’ to exchange the difference between the current price of an underlying asset (currencies, commodities, indices, shares etc.) and its price when the contract is closed.
1.3. The purpose of this Policy is to develop standard operating procedures to ensure adequate protection of the Client’s personal information that is provided by the Client during the business relationship with us.
1.4. The Client (hereafter “Client”, “you”, “your” “data subject”) means an individual or a legal person who registered with us.
1.5. This Policy applies to the Company’s employees and/or associated persons.
1.6. This Policy applies to existing clients, prospective clients, clients who have terminated their contractual relationship with the Company and website visitors, who are accessing or using the Company’s website(s) and Platform(s).

2 Overview

The Company, under regulatory obligation, collects, processes and store information on data subjects during the usual course of our business. We acknowledge that the confidentiality and security of your personal data is of utmost importance to you hence we have developed specific policies and practices designed to protect your personal data.
The Company is committed to protect the privacy of all Client’s personal information which it processes in accordance with the provisions International Principles of Information Protection, the Basic Provisions of the Constitution of South Africa 1996, the Protection of Personal Information Act 4 of 2013 (hereinafter “POPI’’) and this Policy.
This Policy describes the types of personal information that we collect about you when you choose to use our services, how we will use your personal information and how we will keep it safe. It establishes a general standard on the appropriate protection of personal information governed by us as data controller. It also provides principles regarding your right to privacy and to reasonable safeguards of your personal information.
By using the Company’s websites, you accept the terms and conditions of the Policy and explicitly consent to the collection, use and disclosure of your personal information in the manner described below.
This Policy will be reviewed and amended from time to time to take account of new regulatory obligations, technological changes or for any other reason deemed necessary. You are responsible for regularly checking our Legal Documents section for any updates.

3 Key Principles

The Company, our representatives, staff members are committed to the following principles:
• To comply with all applicable regulatory requirements regarding the collection and processing of personal information.
• To collect and process personal information only by lawful and fair means.
• To treat personal information with the highest standards set by regulation.
• To keep personal information accurate, complete, reliable, and up to date.
• To develop security safeguards against risks such as loss, unauthorized access, damage, destruction, amendment or delete of personal information.
• To comply with any restriction and/or requirement that applies to the transfer of personal information.
• To share personal information only if it is necessary and only for the purposes that are allowed by law, for example on the demand from the authority, regulator, bank, payment provider etc.
• The Company will not collect or process any data related to children or persons under the age of eighteen (18). The Company does not provide services to underage children therefore if the Company collects such data by mistake or unintentionally, we will immediately destroy/delete it at the earliest possible time.

4 Processing of personal information

4.1. The Company shall ensure that conditions set in POPI Act, are meet during the time personal information is processed.
4.2. Personal information can be processed only when its purpose for processing is adequate, relevant, and not excessive. We will use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and the law (in which case your knowledge or consent for use thereof is not required). If you wish to get an explanation as to how the compatibility of the reason and the original purpose is determined, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you accordingly and explain the legal basis which allows us to do so. Please note that we may process your personal data where this is required or permitted by law.
4.3. Personal information may be processed only if:
• The data subject consents to it.
• Processing is necessary to carry our obligations arising from Agreement signed with you.
• Processing protects a legitimate interest of the Client.
• Processing is necessary for compliance with relevant laws and regulations:
a) Subject to the type of services we provide to you, we are required to collect, process and retain your personal information in accordance with legal requirements as per Laws and Regulations in South Africa, such as FICA, FAIS or any other relevant laws, Directives or Circulars in order to confirm your identity, source of your funds, to assess your suitability and appropriateness to receive the products and services we provide.
b) The Company, to ensure compliance with the relevant Laws and Regulations, will use your personal data to monitor whether any suspicious activity has been detected. In case such activity is detected the Company will use all available data for the investigation purposes and as per investigation results appropriate legal steps will be taken.
c) To provide you with our services and comply with our regulatory obligations we process your Personal Information as needed to evaluate and manage risks to our business and to you. The types of Personal Information that we may process for these purposes might include information relevant to the services provided to you, for example, your trading history and patterns (which may require to identify and prevent abusive trading and other unlawful trading practices), your name, ID, passport, and residence details.
4.4. We may use your personal information for internal research and development purposes, to help diagnose system problems, to administer our websites, to improve and test the features and functions of our systems and procedures, to develop new content, products, and services. To carry out testing and analysis. This process is necessary for the purpose of our legitimate interests.
4.5. You have the right to withdraw your consent to process your data at any time provided that such withdrawal won’t affect the Company’s compliance and regulatory obligations.
4.6. You have right to object of the processing of your data if you believe that it is being processed not in prescribed manner and/or without reasonable grounds, however the company may refuse your objection if there is legislative ground and/or obligation for such processing. You also have the right to object in the case of direct or indirect marketing by means of unsolicited electronic communication.

5 How do we Collect Personal Information?

We collect information directly from you where you provide us with it and/or from third parties. Below you can see non-exhaustive list of examples about the channels used to obtain your personal information:
• When you contact us, whether through our website(s), Platform(s), via email, online, post or phone, we will keep a record of all information collected from you.
• When you register an account with us, you will be asked to fill out a questionnaire, and provide us with set of documents that are necessary for verification of your person.
• We can lawfully collect data and information from publicly available sources, such as third-party risk management software solutions, social media, press, internet to confirm validity of the information provided by you.
• When you use our Trading Platform(s) we record your trading activities.
• Automated technologies or interactions. As you interact with our electronic services, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
• From third party sources, including affiliates, business introducers, our business contacts, subscription- based intelligence/screening databases, etc.
• From webinars signing forms.
• In some situation we may obtain personal information via other means, for example as referral from another person. We will take reasonable steps to ensure that the individual is made aware of the matters set out in this Policy. We may also occasionally receive unsolicited personal information about individuals. In such an event if the information is unsolicited and not required for the provision of our services, we will securely destroy/delete the information (provided it is lawful and reasonable for us to do so).
It is your responsibility to ensure that the personal information you provided to us remain accurate and up to date through the duration of the Agreement signed with us.

6 What Type of Personal Information do we Collect?

We may collect some of the information as per the list below from natural or legal persons, which are defined as personal information in terms of POPI. However, our specific interaction with the Data Subject will detail what information we need exactly:
• Contact details such as your name, surname, email address, phone number, country of residence.
• Identification details such as your Identity Card, Passport or Driver’s License.
• Proof of Residence: it can be for example a recent (no older than 6 months) Utility Bill like water or gas, Bank Statement etc.
• Your age, gender, ethnicity, education, occupation, your trading experience, whether you have prominent public function (PEP).
• For legal persons certificates of incorporation, registered address, Directors, shareholders, Memorandum & Articles, Power of Attorney signed by board appointing representative with the right to operate trading account, Know your Client for directors, shareholders with qualified shareholding capital and authorized representative.
• Financial Information such as annual income, net worth, bank account details, copy of credit card, tax statements, source of funds/wealth etc.
• Your transactions and trading history, written communication with you, phone calls and any other communication.
• Your preferences for certain types of products and services.
• Information collected through cookies from your visits to our website or platform(s) use, such as your IP address, domain names, browser version, operating systems, geolocation etc.
• Information related to possible criminal records, convictions, offences.
• We may use your personal information, including but not limited to your name, e-mail, address, phone number, location, and Web Data, to deliver marketing and event communications to you across various platforms, such as social networks, email, telephone, text messaging, direct email, online, push notification or otherwise. We will do this either:
i. Until you withdraw your consent.
ii. During the duration of the Agreement with us and, unless specifically instructed otherwise by you, for a reasonable period after the relationship has ended to inform you about products, services, promotions, and special offers concerning products and/or services which are the same or similar to those you showed interest in the past.

7 To Whom we can Disclose Personal Information?

7.1. Your personal data will be treated as strictly confidential. We will not share your data with a third party unless required by applicable laws, rules and/or regulations, if disclosure is required for our legitimate interests or in cases where there is a need to use your personal data, and we may do so in accordance with legal basis.
7.2. Access to personal information is restricted to those employees, partners, contractors, advisers, introducing brokers, affiliates and service providers of the Company, credit reference agencies, fraud prevention agencies, depository, stock exchange, clearing or settlement system, account controller or other participant in the relevant system, tax authorities, companies we have a joint venture or agreement to co-operate with, market researchers and professional advisors, who need to access such information for the purposes described in this Policy.
7.3. Your personal information may be transferred or disclosed to any product supplier with whom you might conclude a contract directly, subject to appropriate agreements and arrangements to ensure data protection, to third parties, for the processing of that personal information based on our instructions and in compliance with relevant Laws and this Policy and any other appropriate confidentially and security measures.
7.4. Personal information may be also processed by third parties like our software providers, or other suppliers to ensure Data Subjects receive highest quality service and may be transferred across borders, for instance where we use cloud services to store data or if one of our service providers are situated overseas.
7.5. We may share information with other third parties if we choose to sell, transfer, or merge parts of our business, or our assets or we may seek to acquire other businesses or merge with them. We will only share information with other parties if they have sufficient systems and procedures that provide appropriate governance to ensure the safety of personal information.
7.6. We may share information with regulators, law enforcement agencies, information protection authorities, and other competent authorities as well as with other competent third parties, as may be required or if the Company believes that you performed any act or omission that we reasonably believe to be violating any applicable law, rules, or regulations.
7.7. We may share your personal information where required for the purpose of providing products or services and for administrative, billing, and other business or ancillary purposes.
7.8. Generally, we will only disclose your personal information when you direct us or authorize us to do so, when we are allowed or required by applicable law or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

8 How Long we will Retain Your Personal Information?

As per applicable Laws and Regulations, we are required to keep records containing personal information, trading information, documents you signed with us, communications, and any data we collected during duration of the Agreement between the Company and you, for the period of five (5) years after the termination of business relationship.

9 International Transfer of Personal Information

The Company may transfer your personal information to our external third parties which are based outside of your home country. The POPI Act allows personal information to be transferred only if the conditions on the appropriate safeguards with respect to the security and protection of personal information are in place.
We are committed to protecting personal information, especially in cases of international transfers therefore the Company will ensure that the transfer is lawful and/or necessary for the performance of the contract between you and the Company, and that there are appropriate security arrangements in place.
To transfer personal information to third parties in territories that do not have appropriate data protection laws and regulations, we enter in arrangements with the external third parties ensuring appropriate and suitable safeguards based on standard contractual terms adopted by the POPI Act.

10 Links to Other Websites

10.1. Our website(s) contain or may contain links to other websites or social media channels. However, once you have used these links to leave our website(s), you should note that we do not have any control over the websites and social media channels you entered. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website or social media channels in question.
10.2. The Company won’t be liable for the unlawful or unauthorized use of your personal data due to misuse and/or malicious use and/or negligence and/or misplacement of your passwords, caused either by you or any third party.

11 Your Rights Regarding Your Personal Information

Under the POPI Act, you have the right to:
• Be informed if your personal information is collected and if your personal information was accessed or acquired by an unauthorized party.
• You can request information about what kind of data about you was collected.
• You have the right and/or obligation to correct your personal information in case you realize that information you provided to us is presented incorrectly (for example typo error), or in case there was any change in your information.
• You have the right to request erasure of your personal data. This enables you to ask us to delete or remove your personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable laws. However as per FAIS requirements the Company is obliged to keep your data for the period of five (5) years from the time the Agreement between us was terminated, therefore maybe we won’t be able to delete your data, but we will stop processing it for any purposes unless we will be legally obliged to process it.
• You have right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object to where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedom.
• You have the right to submit a complaint as per paragraph 15 of this Policy.
• Where the Company sends you marketing materials you have the right to object. Should you wish to opt-out from receiving marketing services from the Company, at any time, send a written request to the Company. To opt out of email marketing received from the Company, you can use the unsubscribe link found in the marketing communication you receive from us.
• Please note that opting out from marketing services:
i. might affect your ability to explore new products and services and their customization to your needs and requirements, and
ii. will not prevent completely all forms of communications to you, since the Company is required by law to communicate and inform you of legal aspects related to the products and services provided to you by the Company.

12 Your Consent to Process Personal Information

By entering into Agreement with us you accept this Policy together with all Legal Documents available on our website, and you consent to collection and processing of your personal information.

13 Use of “Cookies”

13.1. Cookies are small text files, given ID tags that are stored on your computer for record-keeping purposes. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customization functions.
13.2. We use cookies on our website(s), to provide you with the best possible experience when you browse our website and to collect information that will allow us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies. We do not use cookies to collect personal information about you – the cookies that we use only collect anonymous information to optimize our services.

14 Protecting Your Data

There is no one hundred percent guarantee that communication with the internet use, for example emails, online chats, is secure.
We are legally bound to ensure your data is protected against accidental loss, disclosure, destruction and/or abuse. However, the Company won’t be liable for any unauthorized access or loss of personal information that occurred due to factors beyond our control.
We have implemented appropriate technical and organizational measures and processes to protect personal information entrusted to us. Such measures and safeguards may include encryption during information transmission and storage, strong authentication mechanisms and the segmentation of digital architecture to zones that are protected. We have implemented a strategy of ‘least possible access’ and periodically review existing access. While such systems and procedures significantly reduce the risk of security breaches and the inappropriate use of personal information, they do not provide absolute security. We will regularly review our security posture with reference to the latest standards to effectively eliminate the likelihood of any form of misuse.

15 Questions and Complaints

If you have any additional questions, any further concerns regarding the use of your personal data or any complaints regarding this Privacy Policy and the use of your personal information, you can reach out to us using the contact details provided on our website.
If your complaint or concern is not resolved, you can contact the office of the Information Regulator South Africa as per details provided below:
Website: https://inforegulator.org.za/
Email: [email protected]
The above email address is for persons to lodge a complaint in case they believe that their personal data has been violated. To submit a complaint, you will have to complete the prescribed POPIA form 5.
For general enquiries you can email Information Regulator at:
Email: [email protected]