1. Introduction

Kaje Fin Services Ltd is a company incorporated in Marshall Islands under registration no. 83226 having its registered address at Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Marshall Islands MH96960 (hereinafter, the “Company”).

The Company is an investment firm operating as an international foreign exchange broker under the provision of the applicable law.

2. General

The Company commits not to disclose to a third party, any of its Clients’ confidential information unless required to do so by any authority of a competent jurisdiction; such disclosure shall occur on a ‘need-to-know’ basis, unless otherwise instructed by such an authority. Under such circumstances, the Company shall expressly inform the third party regarding the confidential nature of the information.

Any personal information is treated as confidential and may be shared only within the Company, by its employees and affiliates for business purposes, as permitted by the applicable law. The information may be disclosed to third parties, such as the Company Partners and Affiliates for business purposes only, such as, but not limited to, servicing Client accounts and informing Clients about new products and services. The Company Partners, Affiliates, and Business Introducers maintain the privacy of Client’s information to the same extent the Company does in accordance with the policy. Information may also be provided to nonaffiliated companies, providing professional, legal, and accounting services. Non-affiliated companies that assist the Company in providing services to the Client are required to maintain the confidentiality of such information and to use Client’s personal information only in the course of providing such services, for the purposes that the Company dictates and within the ambit of the applicable law.

The Company will not sell or give away Client’s name, mailing address, phone number, email address or any other information to anyone. The Company will use various security measures to protect Client’s information from unauthorised users.

The policy sets out the procedures and methods used by the Company to collect, use and manage personal information from its visitors, potential and active clients through the Company’s website. The policy forms part of the Client’s agreement, namely, the Client Agreement with the Company, thus the Client is also bound by the terms of this policy, as set out herein.

3. Personal Information

In order to receive more information, register for a demo account, open a trading account with the Company or for any other business relationship, the Client is requested to complete an application form, accessible via the Company’s website.

The Clients, by completing the application form and providing their personal information, enable the Company to evaluate the application.

The personal Data collected by the Company may include, but shall not limited to:

a. Clients’ personal information such as name, address, date of birth, social security y number and occupation;
b. Financial information such as income, assets, financial investment experience;
c. Documents provided by the Clients which enable the Company to verify Clients’ identity, such as passport copy, utility bill, bank statements or in certain situations Clients’ company’s relevant incorporation documents.

The Company is obliged to keep the Clients’ personal data on record for a period of five (5) years which are calculated after the execution of the transactions or the termination of the business relationship between the Company and the Client

4. General Requirements for Data Processing

a. Data processing means collection, recording, arrangement, storage, alteration, disclosing, consultation, extraction, use, transmission, cross-use transferring or granting access to third parties, interconnecting, closure, deletion or destruction of data, or several of the aforementioned operations, regardless of the manner in which they are performed or the means used;

b. The Company shall compile a list and documentation of means used in data processing and shall keep records of data processing. The list of means used in data processing shall include the name, type and number of the equipment and the name of the manufacturer of the equipment; the name and number of the licence of the software used and the name of the software manufacturer; the location of the documentation of the software used;

c. Persons engaged in the processing of data shall process data only for authorised purposes under the established conditions and according to the instructions and orders received, and they shall maintain the confidentiality of data which has become known to them in the course of performance of their duties and which are not intended for public use. Such confidentiality requirement continues after termination of the employment or service relationship with the Company;

d. Unauthorised processing of data (including recording, alteration, deletion, reading, copying, (transmission), unauthorised transportation of records and any other unauthorised use of data (not prescribed by official duties) shall be prohibited;

e. The Company shall implement adequate and sufficient measures to ensure that every data processing operation leaves a trace, which would afterwards enable identification of the person who performed the operation, the nature and time of the operation and any other relevant facts, including when, by whom and which data were recorded, altered or deleted, or when, by whom and which data in the data processing system were accessed, as well as information on any transmissions of data. A possibility for restoring the content of data before modifications shall be available when any modifications are made in data or documents;

f. Every user of database shall be issued personal means of authentication, enabling them to use the database. The access password for electronic databases shall be changed at least once a quarter. The use of any means of automatic entry of passwords shall be prohibited. A user of the data processing system shall not have access to data, which are not required for authorised data processing and the performance of duties of that particular user;

g. Adequate security measures, including encryption of data if necessary, shall be implemented upon transmission of data by means of data communication equipment or in the transport of records; h. The manager or an employee of the Company shall rely on justified expectation that data submitted by persons who submit data are correct. The manager or an employee of the Company shall, from time to time, verify the accuracy of data in the database(s) by requesting the data subject to check the data and, if necessary, make corrections or confirm the accuracy of data;

i. Any incomplete or incorrect data known to the manager or an employee of the Company shall be closed and any necessary measures shall be taken promptly to supplement and correct the data in question. Upon a request of a data subject, the manager or an employee of the Company shall correct any incorrect data on the data subject in the database if the data subject notifies the manager or employee of the Company of the inaccuracy of the data on the data subject and submits correct data; the incorrect data shall be stored with the correct data and with a note indicating in which period the incorrect data were used;

j. If the accuracy of data is in dispute, the data in questions shall be closed until confirmation of accuracy of the data or determination of correct data. Third persons who provided or received the data shall be promptly notified of any corrections made in data if it is technically feasible and does not lead to disproportionate expenses;

k. Automatic decisions of the data processing system, without participation of the data subject, shall be permitted only on the conditions and pursuant to procedures specified by the applicable law.

5. Rights of the Data subject

a. The data subject shall have the right to withdraw at any time the consent for the processing of personal data, in which case the Company shall cease processing the data to the corresponding extent;

b. Every person has the right to access data concerning themselves, which are collected in databases, unless this right is restricted by the applicable law. Decisions on granting or withholding authorisations for access to data and issuing copies of data shall be made by the executive manager of the Company;

c. Upon request of the data subject, the Company shall notify the data subject of the data, which is available on the data subject in the database, and the sources of such data, the purpose of data processing and any third parties or categories of third parties that have receive authorisation for data transmission, as well as any other facts of which the owner (processor) of the database is required to notify the data subject, unless the right of the data subject to receive information is restricted by the applicable law. The data shall be issued by using the method requested by the data subject, if possible, within five (5) business days from the receipt of the respective request;

d. In the cases specified by the applicable law, data shall be released to third parties with a statutory right to request and receive such data. In all other cases, data shall be released to third parties only if the data subject has granted a respective consent;

e. Authorised persons may review, on site in the Company, the documents on the establishment of databases and any other documents pertaining to the databases.

Data collected in databases

a. The Company may collect in databases any publicly available data or any data voluntarily submitted by data subjects. Only data necessary for the provision of service to the clients and/or for the performance of operations requested by the clients may be requested from the clients;

b. The Company shall collect and process the Clients’ data to the extent, which is necessary for the achievement of specified objectives (provision of services), and in a manner, which is designed for the specific purpose. Unnecessary data shall be deleted or destroyed at once. Use of data in any other manner than previously agreed is permitted only with a respective consent of the data subject or on the conditions specified by the applicable law;

c. The managers and employees of the Company shall register and preserve the data and documents associated with the provision of services, including:

i. documents, which specify the rights and obligations of the Company and the clients, or the conditions of provision of service by the Company to the clients;
ii. details of provided services and transactions and any communications between the clients and the Company to the extent, which ensures an overview of the actions of the Company in the provision of services.

d. The managers and employees of the Company shall register and preserve the data on the decisions pertaining to the business and management of the Company, and preserve the internal procedure rules of the Company;

e. A person appointed by the Management Board of the Company shall keep records of the documents of the Company and shall organise preservation and archival of such documentation the conditions and pursuant to procedures specified by law and internal procedure rules (including periods of preservation);

f. The Company shall preserve data for at least five years, unless other terms for the preservation of data or documents are prescribed by the applicable law and the internal regulations of the Company or the decisions of the managing bodies of the Company;

g. Client agreements and/or conditions of the provision of service by the Company to the Clients shall be preserved for at least as long as the contractual or other legal relationship connected to the provision of investment services or ancillary investment services to the Client continues, unless a longer term is specified by the applicable law.

7. Cookies

When using the Company’s Website, we may use cookies to collect information. A cookie is a small data file that is stored on the Clients’ computer, for the purpose of making it easier for them to navigate the Website by for example; remembering their IDs, passwords and viewing preferences, thus allowing them to visit memberonly areas of the Website without logging in again. The Clients can set their web browser to inform them when cookies are enabled, or to disable cookies. If the Clients do not wish to receive cookies, most web browsers will permit them to decline/disable cookies and in most cases will still allow them complete access to our Website.

8. Tracking Systems

Tracking systems used on the Company’s Website(s) may collect data detailing the pages you have accessed, how you discovered this site, the frequency of visits etc; this information is obtained in order to improve the content of the Company’s website and may also be used to contact the Clients, through any appropriate means and providing the Clients with any information the Company believes to be useful to them.

9. Security

The privacy and confidentiality of the Clients personal information is of fundamental importance to the Company. The Company takes all appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data and personal information. The Company restricts access to personal information to employees who need to know the specific information in order to operate, develop or improve Company’s services. These individuals are bound by confidentiality and will be subject to penalties if they fail to meet these obligations.

10. Legal Disclaimer

The Company reserves the right to disclose the Clients’ personally identifiable information as required by rules and regulations and when the Company believes that disclosure is necessary to protect their rights and/or to comply with a judicial proceeding, court order, or legal process served. The Company will not be liable for misuse or loss of personal information resulting from cookies on the Company’s Website(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorised use of Clients’ personal information due to misuse or misplacement of your passwords, negligent or malicious.

11. Amendment/Review

The Company will not be obliged to notify its Clients individually of changes, other than substantial material changes to the policy. Thus, the Clients should refer to the Company’s Website for the latest and most up to date version of the Policy, which will be applicable from the date of publication on the web.