Privacy Policy

INTRODUCTION

M4Markets is a trade name of Oryx Finance Ltd. Oryx Finance Ltd is licensed by the Dubai Financial Services Authority (hereinafter the “DFSA”) under license number CL6189 and holds a Category 3A License thus authorized to deal in investments as a matched principal and arrange deals in investments. The Company is registered in Dubai International Financial Centre (hereinafter "DIFC") under the Companies Law, with registration number 6189, and registered office located at Unit 615, Level 6, Index Tower, Dubai International Financial Centre. This privacy policy sets out the processes employed when dealing with the collection and handling of personal data.

As part of our day-to-day business we need to collect personal information from our customers and potential customers to ensure that we can meet their needs for a range of financial services and provide them with information about our services. This Privacy Policy applies to active and/or potential customers and/or customers who have terminated their business relationship with the Company and/or to visitors who are accessing or using the Company’s website(s) and/or mobile applications.

Your privacy is important to us. This privacy policy (hereinafter the “Privacy Policy”) outlines our policy on how we manage the personal information we hold about our customers, potential customers, shareholders, suppliers and others. It applies to the Company as the data controller.

It is our policy and obligation to respect the confidentiality of information and the privacy of individuals. The DIFC Data Protection Law, DIFC Law No. 5 of 2020 (hereinafter the "DP Law"), and the DIFC Data Protection Regulations (hereinafter together the "DP Law & Regulations"), came into force on 1 July 2020 and regulate the use of personal information in the DIFC.

This Privacy Policy outlines how we manage your personal information supplied to us by you or a third party in connection with our provision of services to you or which we collect from your use of our services and/or our app(s) or website(s). It also details your rights in respect of our processing of your personal information.

The DP Law & Regulations are located on the Dubai International Financial Centre’s website at: www.difc.ae. The DIFC Data Protection Commissioner (hereinafter the "Commissioner") is the person responsible for the administration and enforcement of the DP Law & Regulations and the Commissioner’s contact details are located on that website.

Any reference to “the Company” or "we" or "our" or "us" in this Privacy Policy is a reference to Oryx Finance Ltd as the context requires unless otherwise stated.

Similarly, any reference to “you” or “your” or “yours” or “yourself” in this Privacy Policy is a reference to any of our customers, potential customers, shareholders, suppliers and others, as the context requires unless otherwise stated.

OUR PRIVACY POLICY

We are committed to being open and transparent about how we use your personal information. Where our documents or interactions with you ask for personal information, we will generally state the purposes for its use and to whom it may be disclosed.

‌PURPOSE OF COLLECTING PERSONAL INFORMATION

Our business is to meet our customers’ needs for a range of financial services. To do this effectively, we need to collect certain personal information from our customers or potential customers, or from our suppliers that help us provide services on behalf of our business. Please also note that because of the nature of the services we provide and require, and our associated regulatory obligations we do not have the option of allowing you to deal with us on an anonymous basis.

Furthermore, during the account opening process for a demo or a trading account, you are requested to complete and submit an application form by providing your personal information. The provision of the information submitted by you will enable us to evaluate the application and your eligibility to our services pursuant to the applicable laws and regulations governing the provision of our services. The same information will be used by us to contact you regarding the offered services.

The main reasons we need to process your personal data are:

• in order to perform our contractual obligations to you; and/or

• in order to comply with our legal obligations, including in relation to client verification, anti-money laundering and other obligations we are subject to; and/or

• in accordance with our legitimate business interests and compliance with any applicable law; and/or

• in accordance with your consent, if we have requested consent for a specific purpose.

‌THE CATEGORIES OF PERSONAL INFORMATION WE MAY COLLECT

Because of the nature of the products and services provided, government regulations and taxation laws (if applicable), we ask for a range of personal information from you. The categories of personal information we may collect from our customers may include (but is not limited to):

• Identity Data: name, surname, address, date and place of birth, gender, country of residence and citizenships, identity documents such as passport, ID, driving license, information which may be publicly available or contained in background check database; and/or

• Contact Data: addresses and proof of residency documents, telephone numbers, e-mail addresses; and/or

• Tax and Financial Data: FATCA & CRS declarations, information in relation to previous trading experience, source of wealth and source of funds, annual salary and respective pay slips and/or employment contracts, expected trading volumes, types of transactions, tax residence information and numbers, copy of the credit card used to fund the account, all and any other financial information which is required to establish and maintain a client account and/or process client’s orders in accordance with the applicable laws and regulations; and/or

• Technical Data: customer internet protocol address, browser information; and/or

• Marketing and Communication Data: customer communication preferences and preference for receiving marketing materials from us.

  Because of the nature of the products and services provided, government regulations and taxation laws (if applicable), we ask for a range of personal information from you. The categories of personal information we may collect from our customers may include (but is not limited to):

In cases where the customer is legal entity, we maintain the right to request all the statutory/incorporation documents and all the relevant documents for all related individuals (directors, shareholders, beneficial owners).

We obtain most of the information directly from our customers through application or other forms, and from maintaining records of information provided in the course of ongoing customer service. We may also obtain information from other sources. For example, credit information or identity checks.

We may also obtain personal information about you through your use of our websites (including https://www.m4markets.ae/ ), apps or through the use of cookies on our websites and/ or apps, in particular by recording which pages you look at on our website(s).

We may ask for other information voluntarily from time to time (for example, through market research, surveys or special offers) to enable us to improve our service or consider the wider needs of our customers or potential customers.

We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to or require from you and our relationship with you. These recordings will be our sole property and will constitute evidence of the communications between us. Such telephone conversations may be recorded without the use of a warning tone or any other further notice.

Furthermore, if you visit any of our offices or premises, we may have CCTV, which will record your image.

If you choose not to provide the information we need as a business or to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service, or we may not be able to do business with you as a supplier.

We also keep records of your trading behaviour, including a record of:

• products you trade with us and their performance; and/or

• products we trade on your behalf and their performance; and/or

• historical data about the trades and investments you have made including the amount invested; and/or

• your preference for certain types of products and services.

We do not engage in automated decision-making when processing personal information.

‌HOW DO WE USE THIS INFORMATION AND WHO MAY WE DISCLOSE IT TO

While we may send you marketing material from time to time that we think will be useful to you, we are conscious of the need to respect your privacy. Unless you are informed otherwise, the personal information we hold is used for establishing and managing your account, reviewing your ongoing needs, enhancing customer service and products and giving you ongoing information or opportunities that we believe may be relevant to you, or more specifically, inter alia:

• to confirm/verify your identity; and/or

• to assess your appropriateness/suitability to the products and services we provide; and/or

• to process your transactions; and/or

• to manage the account, you hold with the Company; and/or

• to provide you with transaction and post transaction related services; and/or

• to inform you of products and/or services that may be of interest to you; and/or

• to inform you of amendments of the law affecting our services to you and products as and when required; and/or

• for internal business as well as record keeping purposes; and/or

• to keep you updated on the issues that are relevant to your business relationship with us; and/or to analyse statistical data to enable us to provide you with better products and/or services; and/or

• to enhance the security controls of our networks and systems; and/or

• to identify, assess, mitigate, prevent and investigate fraudulent activity of any kind that is forbidden by the relevant legislation.

We may also use your personal information for business planning purposes including product development and internal research.

Your personal information is treated as confidential and may be shared within the Company only to those employees and/or partners who need to know the specific information in order to operate, develop or improve our services. These individuals are bound by confidentiality and will be subject to penalties if they fail to meet these obligations.

Depending on the product or service concerned this means that personal information may be disclosed to:

• other service providers, professional advisors and specialist advisers who have been contracted to provide us with administrative, IT, financial, regulatory, compliance, insurance, research or other services; and/or

• credit reporting or reference agencies; and/or

• introducing brokers with whom we have a mutual relationship; and/or

• credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law or our agreement with you; and/or

• anyone authorised by you, as specified by you or our agreement with you; and/or

• fraud prevention agencies, third party authentication service providers, verification/screening service provider’s and/or any relevant authorities who investigate or prevent fraud, money laundering and/or other illegal activities; and/or

• to any court and/or tribunal and/or arbitrator and/or financial ombudsman and/or governmental authority in order for us to defend or exercise our legal rights.

• to identify, assess, mitigate, prevent and investigate fraudulent activity of any kind that is forbidden by the relevant legislation.

If there is no lawful basis, for the usage of your personal information as indicated above, your consent will be required.

Such disclosure shall occur on a ‘need-to know’ basis, unless otherwise instructed by a regulatory authority. Provided that such disclosure takes place, we shall expressly inform that third party regarding the confidential nature of the information.

Third party service providers such as credit-referencing agencies may keep a record of any searches performed on our behalf and may use the search details to assist other companies in performing their searches.

We may take reasonable steps to require that organisations who handle or obtain personal information as service providers to us acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with the DP Law & Regulations, their privacy regime as applicable, and this Privacy Policy.

We understand that you may choose not to disclose your personal information to us. However, please note that if you choose not to provide the information we need as a business or to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service or we may not be able to do business with you as a supplier.

‌UNSOLICITED INFORMATION

If you provide us with personal information that we have not requested then we will endeavour to only retain the information that we are otherwise entitled to hold because of the products and services we provide or require. However, if this additional information is surplus to our requirements but is provided to us in a manner where it is combined with information that we are either required or entitled to retain then you acknowledge that this unsolicited information may be held by us in the same manner as the balance of your personal information in accordance with this Privacy Policy.

‌DIRECT MARKETING OF OUR PRODUCTS AND SERVICES

As noted above, we may use your personal information to let you know about products and services or promotions or other opportunities in which you may be interested. If you no longer wish to receive such communications please send us an email at [email protected]

For marketing that you receive as a result of our use of cookies, please see the section dealing with cookies below. In particular, please note the information about how to manage your preferences both personally and with any social media websites.

‌OUR WEBSITE(S), COOKIES AND TECHNOLOGY DEVELOPMENTS

This section outlines some privacy issues specific to our website(s) and app(s). We may collect personal information you enter when using our website or our apps. This includes the use of cookies.

‌WHAT IS A COOKIE AND HOW DO WE USE COOKIES

We use cookies to give you access to certain pages of our website(s) or our app(s) without having to log in each time you visit. We may also use independent external service providers to track the traffic and usage on the website(s).

Cookies are small pieces of text stored on your computer to help us determine the type of browser and settings you are using, where you have been on the website(s) or the app(s), when you return, where you came from, and to ensure your information is secure. The purpose of this information is to provide you with a more relevant and effective experience on our website(s) or our app(s), including presenting web pages according to your needs or preferences.

‌MANAGING COOKIES AND MARKETING

Cookies are frequently used on many websites on the internet and you can choose if and how a cookie will be accepted by changing your preferences and options in your browser. You may not be able to access some parts of https://www.m4markets.ae/ or our app(s) if you choose to disable the cookie acceptance in your browser, particularly the secure parts of the website. We therefore recommend you enable cookie acceptance to benefit from all the services on the website. Please note that social media sites such as Twitter, Instagram and Facebook will require you to manage your cookie preferences directly with them.

‌TECHNOLOGY DEVELOPMENTS

We are constantly striving to improve functionality on our website(s). This may mean a change to the way in which personal information is collected or used. The impact of any technology changes which may affect your privacy, will be notified in this Privacy Policy as it may be updated from time to time and uploaded on our website(s).

LINKS TO THIRD PARTY WEBSITES

Our website(s) or app(s) may have links to external third party websites that may benefit the user. Please note, however, that third party websites are not covered by our Privacy Policy and these sites are not subject to our privacy standards and procedures.

Please check with each third party as to their privacy practices and procedures.

MANAGEMENT OF PERSONAL INFORMATION

We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle personal information to respect the confidentiality of customer information and the privacy of individuals.

We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. If a personal information breach occurs and the personal information we hold about you is subject to unauthorised access, loss, use or destruction, we will respond in accordance with the DP Law. We will notify you of any personal information breach in respect of your personal information which is likely to result in a high risk to your security or rights as soon as is practicable in the circumstances, or, where there is an immediate risk of damage to you, promptly.

METHOD OF STORAGE OF PERSONAL INFORMATION

Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, mail, over the internet or other electronic medium. We hold personal information in a combination of secure computer storage facilities and paper-based files and other records, and, irrespective of the format of the information, take steps to protect the personal information we hold from interference, misuse, loss, unauthorised access, modification or disclosure.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, or reporting requirements. When the grounds for retention no longer apply, we will securely and permanently delete, anonymise, pseudonymise, encrypt your personal information or put your personal information beyond further use when such grounds no longer apply, unless it is needed to establish or defend legal claims or we are required by law to retain it. More specifically, the Company may be obliged to retain your personal data for a longer period that the one mentioned in the law among others in the following cases:

• In cases where it is required by law or a court;

• In cases where it is requested by DFSA and/or any other regulatory authority;

• In cases where it is requested by fraud prevention agencies, third party authentication service providers, verification/screening service provider’s and/or any relevant authorities who investigate or prevent fraud, money laundering and/or other illegal activities;

• In cases where it is necessary in order for the Company to defend or exercise its legal rights to any court and/or tribunal and/or arbitrator and/or financial ombudsman and/or governmental authority.

We may need to maintain records for a significant period of time. For example, we are subject to certain anti-money laundering laws which require us to retain:

• a copy of the documents we used to comply with our customer due diligence obligations; and/or

• supporting evidence and records of transactions with you and your relationship with us, for a period of 6 (six) years after our business relationship with you has ended.

If we hold any personal information in the form of a recorded communication, by telephone, electronic, in person or otherwise, this information will be held in line with local regulatory requirements which will be either five years or ten years after our business relationship with you has ended.

Where you have opted out of receiving marketing communications we hold your details on our suppression list so that we know you do not want to receive these communications.

METHOD OF STORAGE AND SECURITY OF PERSONAL INFORMATION THAT IS HELD ELECTRONICALLY

As information is more commonly held in electronic form we take our obligations to protect electronically held personal information very seriously. This includes ensuring we meet regulatory requirements regarding the appropriate levels of information and software security, governance and associated procedures.

MEANS OF KEEPING PERSONAL INFORMATION ACCURATE AND UP TO DATE

We endeavour to ensure that the personal information we hold is accurate and up-to-date.

We realise that this information changes frequently with changes of address and other personal circumstances. We can generally update your personal information over the telephone, by email from your registered email address or online via the electronic trading service.

CONTRACTORS, AND SERVICE PROVIDERS

We collect and process personal information when engaging contractors, service providers, consultants and experts. This will be limited to the specific purposes for engaging such persons, including to undertake appropriate due diligence before any appointment, for administration purposes and during the course of the performance of the specific contract.

There may also be circumstances where we collect and process personal information concerning employees, contractors and service providers to obtain security clearances, manage conflicts of interest or conduct enquiries and investigations into suspected misconduct by such persons.

DATA ACCESS, RECTIFICATION AND ERASURE:

You are responsible for the accuracy, completeness, correctness and relevance of personal information you provide to us.

The DP Law allows you to seek access to the personal information we hold about you, and, in certain circumstances, to seek to rectify inaccurate or incomplete data, or, to require the erasure of your personal information.

Unless certain conditions or exemptions apply, and we will inform when they do, we have the obligation to respond to your request to access, rectify or erase your personal information within 1 (one) month of receiving your request provided we have received sufficient evidence from you that reasonably establishes your identity as the individual making the request.

Please keep in mind that:

• if your request is complex or you make numerous requests, we may need to increase the period for complying with your request; and/or

• in certain circumstances, it may not be feasible for us to rectify or erase personal information for technical reasons; and/or

• we may refuse to comply with a request we consider manifestly unfounded or excessive, in which event (as applicable), we will respond in accordance with the DP Law and notify you of our reasons.

In certain circumstances, there may be technical reasons why it is not feasible for us to rectify or erase personal information when you ask us to do so. For example, it may not be possible to erase data from our information technology systems, or certain records may be incapable of amendment once entered in the system, or it is not possible to remove a single record from our backups, or deleting a backup or manipulating the files therein will create problems for the integrity of our backup system as a whole, or deleting an individual’s data without deleting the whole file or record where the information is contained is not possible.

If for any reason, we are unable to act in response to a request for erasure or rectification, we will provide a written explanation to you and inform you of your rights to complain to the Commissioner and to seek a judicial remedy. Circumstances where we may be unable to rectify or erase your personal information include:

• for technical reasons;

• for the establishment, exercise or defence of legal claims;

• to comply with applicable laws or legal obligations to which we are subject; and an official or legal inquiry, investigation or procedure or prosecution.

YOUR RIGHTS

Under the DP Law & Regulations, you have the following rights:

• The right to be provided with specified information about the processing of your personal information ('The Right to be Informed'); and/or

• Access to your data – request a copy of your personal information that we process about you ('The Right of Access'); and/or

• Rectify your data – request us to amend or update your personal information where it is inaccurate or incomplete ('The Right of Rectification'); and/or

• Erase your data – in certain circumstances set out in the DP Law, you may request us to delete your personal information ('The Right of Erasure'); and/or

• Block your data – request us temporarily or permanently to restrict the processing of all or some of your personal data ('The Right to Restrict Processing'); and/or

• Withdraw your consent – withdraw your consent at any time to the use of your personal information for a particular purpose (where we have asked for your consent to use your information for that particular purpose) ('The Right to Withdraw Consent'); and/or

• Receive or transmit your data in a machine-readable and structured format (otherwise known as “data portability”) – request the receipt or transmission of your personal information to another organisation, in a structured and machine-readable format ('The Right of Data Portability'); and/or

• Object to the use of your data – at any time, object to us processing your personal information where it is based exclusively on our legitimate interests or for direct marketing purposes ('The Right to Object'); and/or

• Object to any automated decision-making, if applicable – request us not to subject you to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

Subject to any overriding legal obligations, requirements and/or exemptions, we will endeavour to respond to your request within thirty (30) days of receipt, unless we require further information from you.

We may be unable to provide certain information to you due to legal professional privilege or where we are subject to a statutory obligation that requires us to keep the information confidential or, otherwise by order of a court or adjudicatory body or tribunal of competent jurisdiction. In such a case we will provide a written explanation to you and inform you of your rights to complain to the Commissioner and to seek a judicial remedy.

CHANGES TO THIS POLICY

We reserve the right to change or amend the Privacy Policy without further notice to you, provided that the changes do not significantly reduce your rights under this Privacy Policy. If we make material changes to this policy, we will notify you by means of a notice on our home page or by changing the version of the document including the date of the update which will be visible to the first page of this document. The latest and prevailing version of this Privacy Policy will at all times be available at https://www.m4markets.ae/ . Any revised Privacy Policy will be effective immediately upon posting on our website.

IN CASE OF A COMPLAINT

If you consider that any action of ours breaches this Privacy Policy or the DP Law & Regulations or or otherwise doesn’t respect your privacy, you can make a complaint to us.

If we are unable to answer your queries to your satisfaction, you have the right to make a complaint at any time to the relevant authority that safeguards your interests.

DIFC Data Protection Commissioner Contact Details:

Dubai International Financial Centre Authority

Level 14, The Gate Building

+971 4 362 2222

[email protected]

If you choose to send us the complaint, please note that your complaint will be acted upon promptly.

To make a complaint to us, please send an email at [email protected].

HOW TO CONTACT US

If you want to:

• make a general enquiry about our Privacy Policy; or

• exercise any of your rights under this Privacy Policy

you may send an email at [email protected] or call us at 0097143449122

LEGAL DISCLAIMER

We reserve the right to disclose your personally identifiable information as required by rules and regulations and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served. We will not be liable for unlawful or unauthorized use of your personal information due to misuse or misplacement of your passwords, negligent or malicious.