This Policy applies to First Prudential Markets Pty Ltd ACN 112 600 281 (referred to as ‘FP Markets’, ‘we’, ‘our’, ‘us’) and extends to and covers all operations and functions of FP Markets’.
This Policy outlines FP Markets’ obligations to manage and protect personal information. FP Markets is bound by the Australian Privacy Principles (‘APPs’) and the Privacy Act 1988 (‘Privacy Act’), and where applicable, the EU General Data Protection Regulation (GDPR). This Policy also outlines FP Market’s practices, procedures and systems that ensure compliance with the Privacy Act and the APPs, and where applicable, the GDPR.
Where the GDPR applies to your personal information, we will be the responsible controller for any personal information you provide to us in connection with your relationship with us.
- ‘Credit information’ is personal information (other than sensitive information) that relates to an individual’s credit history or credit worthiness, and is further defined in the Privacy Act;
- ‘Disclosing’ information means providing information to persons outside FP Markets;
- ‘Individual’ means any persons whose personal information we collect, use or disclose;
- ‘Personal information’ means information or an opinion relating to an individual, which can be used to identify that individual;
- ‘Privacy Officer’ means the contact person within FP Markets for questions or complaints regarding FP Markets’ handling of personal information;
- ‘Sensitive information’ is personal information that includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information; and
- ‘Use’ of information means use of information within FP Markets.
2. What kind of personal information do we collect and hold?
We collect and hold the following kinds of personal information about individuals:
- contact details;
- date of birth;
- employment details;
- bank account details;
- trading history;
- identification information (such as passport, utility bills or drivers’ licences) required to be collected and verified in accordance with the Anti-Money Laundering and Counter Terrorism Financing Act 2006;
- credit information (if expressly authorised by the individual); and
- any other information that is relevant to the services that we provide.
3. How we collect personal information
FP Markets will not collect sensitive information unless the individual has consented or an exemption under the APPs applies. These exceptions include if the collection is required or authorised by law or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the personal information we request is not provided by an individual, we may not be able to provide the individual with the benefit of our services, or meet their needs appropriately.
FP Markets does not give individuals the option of dealing with them anonymously, or under a pseudonym, as FP Markets is required to identify all trading clients under the Anti-Money Laundering and Counter Terrorism Financing Act 2006. In addition, it is impracticable for FP Markets to deal with individuals who have no identified themselves or us a pseudonym.
Where your personal information is being collected under the GDPR, FP Markets will also take reasonable steps to make you aware of:
- whether we are required to collect your personal information under a contractual relationship or to comply with our legal or regulatory obligations, or if we are collecting your personal information based on your consent and your right to withdraw your consent at any time; your data subject rights under the GDPR (please see section “Access to Personal Information” below);
- your right to lodge a complaint with the relevant data protection supervisory authority; and
- if we intend to use automated decision making, including profiling to process your personal information, and a description of the automated decision making process and consequences.
4. Unsolicited personal information
FP Markets may receive unsolicited personal information about individuals. FP Markets’ employees are required to notify the Privacy Officer of all unsolicited personal information received by them. We destroy all unsolicited personal information, unless the personal information is relevant to FP Markets’ purposes for collecting personal information.
5. About whom do we collect personal information?
The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:
- potential clients;
- introducing brokers, affiliates and money managers;
- service providers or suppliers;
- prospective employees, employees and contractors; and
- other third parties with whom we come into contact.
If necessary, we will also collect information about individuals such as:
- partners of legal partnerships;
- company directors and officeholders;
- agents nominated by the individual; and
- other third parties dealing with us on a ‘one-off’ basis.
6. Why does FPM collect and hold personal information?
We may collect and hold the information about an individual for the following purposes:
- to consider and assess an individual’s application to open a trading account;
- assist FP Markets in establishing and managing the individual’s trading account;
- to notify individuals of margin calls;
- to provide an individual with information about our services, market trends or special offers;
- to protect our business and other clients from fraudulent or unlawful activity;
- to conduct our business and perform other management and administration tasks;
- to consider any concerns or complaints an individual may have;
- to manage any legal actions involving FP Markets;
- to comply with relevant laws, regulations and other legal obligations including the Corporations Act 2001 and the Anti-Money
- Laundering and Counter Terrorism Financing Act 2006; and
- to help us improve the products and services offered to our clients, and to enhance our overall business.
7. How might we use and disclose personal information?
FP Markets may use and disclose personal information for the primary purposes for which it is collected (set out in section 6 above), for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
FP Markets will use your personal information for any of the following purposes:
- planning, performing, managing and administering your (or a third party’s to whom you are related) contractual business relationship with us, e.g. providing support services or providing you with other services or things you may have requested;
- maintaining and protecting the security of our products, services and websites or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- ensuring compliance with our legal and regulatory obligations. This may include sales record keeping obligations for tax or other purposes and sending required notices or other disclosures, compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws or to prevent white-collar or money laundering crimes). In this context we may be required to conduct automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and to contact you to confirm your identity in case of a potential match, to record interaction with you which may be relevant for antitrust purposes and to report to or support investigations by competent supervisory, law enforcement or other public authorities;
- solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims.
- where you have expressly given us your consent or otherwise legally permitted, we may process your personal data also for the following purposes:
- communicating with you through the channels you have approved to keep you up to date on the latest announcements, special offers and other information about FP Market’s products, technologies and services (including marketing-related newsletters) as well as events and projects which we are pursuing.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or permitted by law.
We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about the individual except for the specific purpose for which we supply it. We prohibit that person from using the individual’s information for the purposes of direct marketing their products or services.
FP Markets will attempt to destroy or de-identify sensitive information wherever possible. We also undertake to take reasonable steps to destroy or de-identify all personal information about an individual when it is no longer needed.
8. To whom might we disclose this personal information?
We may disclose personal information to:
- a related entity of FP Markets;
- an agent, contractor or service provider we engage to carry out our functions and activities, such as our lawyers, accountants, debt collectors or marketing agencies;
- organisations involved in a transfer or sale of all or part of our assets or business;
- organisations involved in managing payments, including payment merchants and other financial institutions such as banks;
- regulatory bodies, government agencies, law enforcement bodies and courts;
- liquidity providers;
- trade repositories;
- the individual’s introducing broker, co-account holder or other authorised agent; and
- anyone else to whom the individual authorises us to disclose it or is required by law.
Where we are processing your personal information under the GDPR, we will process your personal information to the parties listed above, and the purposes for use listed above because:
- it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into such a contract;
- it is necessary for our or a third party’s legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. Our “legitimate interests” include our commercial interests in operating our business in a professional, sustainable manner, in accordance with all relevant legal and regulatory requirements (and bearing in mind our global presence);
- it is necessary to protect your or another person’s vital interests;
- it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients);
- for our compliance with our legal obligations; and
- where we have obtained your specific or, where necessary, explicit consent to do so. We will in each case inform you about the processing of your data and your related rights prior to obtaining your consent.
The legal bases for processing of your personal information are set forth in Article 6 of the GDPR.
As a general principle, you will provide us with your personal data entirely voluntarily; there are generally no detrimental effects on you if you choose not to consent or to provide personal data. However, there are circumstances in which FP Markets cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for FP Markets to provide you with what you request without the relevant personal data.
9. Sending information overseas
We will not send personal information to recipients outside of Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Act, the APPs and the Credit Reporting Privacy Code;
- the recipient is subject to an information privacy scheme similar to the Privacy Act; or
- the individual has consented to the disclosure.
10. Management of personal information
FP Markets recognises how important the security of personal information is to our clients. We will at all times seek to ensure that the personal information we collect and hold is protected from inference, misuse or loss, unauthorised access, modification or disclosure. FP Markets’ employees must respect the confidentiality of the personal information we collect. We hold all of your personal information in secure computer storage facilities and in paper-based files. In relation to our computer storage facilities, we apply the following guidelines:
- passwords are routinely checked;
- we change employees’ access capabilities when they are assigned to a new position;
- employees have restricted access to certain sections of the system;
- the system automatically logs and reviews all external unauthorised access attempts;
- the system automatically limits the amount of personal information appearing on any one screen;
- unauthorised employees are barred from updating and editing personal information;
- all personal computers which contain personal information are secured, physically and electronically;
- data is encrypted during transmission over external networks; and
- print reporting of data containing personal information is limited.
We will hold your personal information as long as required to provide you with the products or services, products or information you have requested and to execute and administer your business relationship with us. We are also required to keep certain information (e.g. relating to business or tax relevant transactions) for certain retention periods under applicable law. Your personal information will be promptly deleted when it is no longer required for these purposes.
11. Direct Marketing
We may use third party service providers to assist us to promote our products and services to individuals. FP Markets does not use personal information for the purposes of direct marketing unless:
- the personal information does not include sensitive information; and
- the individual would reasonably expect us to use or disclose the information for the purpose of direct marketing; and we provide a simple way of opting out of direct marketing; and
- the individual has not requested to opt out of receiving direct marketing from us.
If the individual would not reasonably expect us to use or disclose the information for the purpose of direct marketing, we may only use or disclose that information for direct marketing if the individual has consented to the use or disclosure of the information for direct marketing or it is impracticable to obtain that consent.
In relation to sensitive information, FP Markets may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. Individuals have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time.
Individuals may also request that FP Markets provides them with the source of their information. If such a request is made, FP Markets must notify the individual of the source of the information free of charge within a reasonable period of time.
If your personal information is being processed under the GDPR, where your permission is required for any marketing-related communication, we will only provide you with such information if you have opted in. You may opt out at any time if you do not want to receive any further marketing-related types of communication from us.
We will not use identifiers assigned by the Australian Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes, unless one of the exemptions in the Privacy Act applies. FP Markets endeavours to avoid data-matching.
13. How do we keep personal information accurate and up to date?
FP Markets is committed to ensuring that the personal information it collects, holds, uses and discloses is relevant, accurate, complete and up-to-date. We encourage individuals to contact us to update any personal information we hold about them. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless the individual agrees otherwise. We do not charge individuals for correcting the information.
14. Access to personal information
Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information that we hold about them by contacting the FP Markets’ Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal. An individual’s request for access to his or her personal information will be dealt with by allowing the individual to look at his or her personal information at the offices of FP Markets, or by providing copies of the information requested. We will require identity verification and specification of the information required. An administrative fee for search and photocopying costs may be charged for providing access.
Once a client visits our web site www.fpmarkets.com, campaign and advertising cookies will be placed on a client’s device so that we can track the client, measure advertising outcome along with recording client interest. Our marketing and advertising partners including Google, Marketo, Hotjar, Taboola and more enable us to record client interest on products, client tracking and conversions. Cookies used by us and our partners do not collect personal information such as name, email, address or phone number. Clients can disable cookies from their browser however we encourage them to keep cookies enabled for a better site experience and to receive targeted materials from us.
If you are located in the EU a resident of the European Union for the purpose of GDPR (General Data Protection Regulations, regulation 2016/679 of the European Parliament), then in addition to the above the following will apply to you.
If your personal information is being processed under the GDPR, where your permission is required for any marketing-related communication, we will only provide you with such information if you have consented to us sending you such communications. You can unsubscribe from receiving these communications at any time.
In addition to your rights above you may:
- update or rectify any of the personal data we hold about you
- withdraw your consent to FPM to use your personal information for marketing purposes, we will delete your personal information to the extent permitted by Australian & EU Law, certain information must be kept on file where we are legally required to do so, such as such as for AML/CTF regulations.
- request that FPM provides you with a copy of your personal data in a digital format.
You have the right to complain to the relevant supervisory authority in your country. For example, if you are in the UK, you may contact the Information Commissioner’s Office via their website (www.ico.org.uk).
Our contact for the purpose of GDPR is set out below:
To: Group Data Protection Officer
109 Griva Digeni Street, 2nd Floor, Aigeo Court, Limassol, 3101, Cyprus
15. Updates to this policy
This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment.
17. Privacy training
18. Non-compliance and disciplinary actions
19. Contractual arrangements with third parties
- regulating the collection, use and disclosure of personal and sensitive information;
- de-identifying personal and sensitive information wherever possible;
- ensuring that personal and sensitive information is kept securely, with access to it only by authorised employees or agents of the third parties; and
- ensuring that the personal and sensitive information is only disclosed to organisations which are approved by FP Markets.
20. Electronic Verification Terms and Conditions
FP Markets are required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to verify your identity before we can provide you with financial products and services. Electronic verification allows us to verify your identity by using electronic tools and external data sources.
Electronic verification process
In order to verify your identity electronically, we will ask you for your details (such as your name, address, date of birth) and details of your identification documents. This information will be passed on to external organisations in order to electronically match your information with information on their databases. These organisations will assess and advise us whether all or some of the information you provided matches their records. We have an arrangement with Equifax Pty Ltd who completes electronic verification on our behalf.
The external data sources used to verify your identity include:
- Credit information files held by Equifax Pty Ltd (this is only to confirm your identity and is not a credit check)
- Publicly available information such as the electoral roll and white pages
- Information held by the official record holder via third party systems
It is an offence under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to provide false and misleading information about your identity.
Parties we may share your personal information with
We may share your personal information with the following external organisations for the purposes of verifying your identity:
- Equifax Pty Ltd
- The official record holder via third party systems, such as Commonwealth and State government departments
These organisations may use your personal information and personal information of other individuals, such as names, addresses and dates of birth, for the purposes of preparing their assessments.
By agreeing to our terms and conditions you affirm that:
- The information you are providing is your personal information and you have authority to provide it to us, and
- We may use and disclose your personal information for the purposes of electronic verification as described above.
21. Complaints handling
FP Markets has an internal dispute resolution process in place to resolve any complaints or concerns you may have in relation to our handling of your personal information. Any complaints or concerns should be directed to the Privacy Officer. You can contact the:
by telephoning – 1300 376 233
- by writing to – Privacy Officer, First Prudential Markets Pty Ltd, Level 5, 10 Bridge Street, Sydney NSW 2000
- by emailing [email protected]
FP Markets will endeavour to resolve your complaint immediately. If this is not possible we will aim to resolve the problem within 21 days and provide you with our decision, and the reasons on which it is based, in writing.
If you are dissatisfied with the outcome, you have the right to lodge a complaint with the Office of the Australian Information Commissioner. You can contact the Office of the Australian Information Commissioner:
- by telephoning – 1300 363 992
- by writing to – Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
- by emailing – [email protected]
You have the right to complain to the relevant supervisory authority in your country. For example, if you are in the UK, you may contact the Information Commissioner’s Office via their website (www.ico.org.uk).
22. Data Breach Reporting
Subject to the Privacy Act 1988 FP Markets is required to comply with the Notifiable Data Breaches (NDB) scheme, and where the GDPR is applicable, the data breach notification provisions in the GDPR. NDB applies to TFN recipients of which FP Markets would be considered.
Should any staff member become aware of any possible data breach where confidential data such as TFN’s may have been
accessed without the known consent of FPM then this must be immediately reported to the Compliance Manager.
The Compliance Manager, in conjunction with Senior Management, will investigate the matter and if necessary obtain legal
advice. Should it be considered that serious harm could arise from the breach then appropriate will be made in accordance with the Act.