Global Reach Partners (‘GRP’) and Global Reach Markets (‘GRM’) are both part of Global Reach group of companies (‘GRG’, ‘We’ or ‘Us’). For the purpose of the General Data Protection Regulation 2016 (“GDPR”), GRP and GRM are joint-controllers.
Please read the following carefully to understand how we handle your information.
The GDPR sets out a number of different reasons for which a company may collect and process your information. For the most part, we require your personal data to enable us to deliver our services to you, and we rely on the following lawful bases to do so:
1. Contractual obligations
Most of the information we collect from you is necessary to fulfil our contract with you and serve you as a customer. For example, we require your banking details in order to settle payments on orders you place.
2. Legal Obligations
In certain cases, we are required by law to collect and process your information. For example, we require personal information to carry out Anti-Money Laundering (AML) checks, and we pass on the details of people involved in fraud or other criminal activity affecting GRG to relevant authorities.
In specific situations, we will collect and process your information with your consent.
For example, when you tick a box to receive marketing material from us, or ask us to contact you about our products and services.
We will always make it clear to you what you are consenting to and what information is necessary for which services. If you have given consent to the use of your personal information, you are entitled to withdraw this consent at any time. Please be aware, however, that in some circumstances, the withdrawal of your consent may result in us being unable to provide some services to you.
4. Legitimate interests
Sometimes, we use your personal information to pursue our legitimate business or commercial interests in a way you might reasonably expect as part of running our business and operating our website. We will not rely on our own legitimate interests without first considering your own rights, freedoms or interests.
For example, we may use your personal information to create a smoother customer service experience, because we have a legitimate interest in improving our products, services, and relationships with our clients and partners.
Whenever we process your data for these purposes, we will ensure that we always keep your personal data rights in high regard and take account of these rights. You also have the right to object to this processing. If you wish to do so, please let us know by contacting DPO@globalreachgroup.com.
Please bear in mind that if you object, this may affect our ability to provide you with some of our services.
The information we collect and process may broadly include:
|Type of personal information||Description|
|Contact||Your name and contact details (address, email, phone number).|
|Transactional||Details about your accounts, and payments made to and from these accounts.|
|Communication records||Details recorded during our written and verbal communications with you (emails, records of phone calls).|
|Publicly available information||Information that you have made openly available about you in the public domain (such as information on your LinkedIn or company's website).|
|Documentary data||Additional personal information held on copies of documents you provide us, such as identification, and proof of residential address documents. For more examples, see our full list of approved documents.|
|Consents||Any consents or preferences you indicate, such as marketing or communication preferences.|
|Usage data||Information about how you use our products and services.|
|National identifier||For example your National Insurance Number or Tax Identification Number (TIN).|
|Special category data||
Occasionally, we may inadvertently collect particularly sensitive data that the law treats differently. This may include data pertaining to:
Please note: We will never store this data without your explicit consent. We store this data with the utmost care, and for the purpose of providing our services to you.
Information gathered when you visit our website. This might include; the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browsing plug-in types and versions, operating system and platform, Uniform Resource Locators (URL), and how you navigate our website.
Information from other sources
Where we have obtained your consent, have a legitimate interest, or legal obligation, we may receive or share your information from other companies within the Global Reach group of companies if you use any of the other websites we operate (https://www.fcexchange.com/uk/home/) or other services we provide.
We may also receive or share your data from other third parties, such as:
We may combine the information about you which we receive from other sources with the information you give to us and the information we collect about you, for the same purposes set out above.
Information you provide about other people
If you provide us with information about another person, you confirm that you have informed them of our identity and the purposes for which their information will be processed.
You may provide another individual’s bank account details (if you are asking us to make a payment to them), or contact details, such as; email address, mobile phone number or postal address. These are used to notify an individual that they will be receiving a payment from us on your behalf. A message may be sent to the other person using the contact details provided by you and this message will make reference to your name and explain to the recipient that you were the source of his/her contact details. We will never use the contact details you provide of another individual for marketing purposes.
We will use the information you provide us to:
We will use the information we collect about you to:
We may disclose your personal information to third parties under the following circumstances:
We may be required to transfer your information to other countries outside the European Economic Area (“EEA”), for example, when reporting to foreign authorities. In these cases, we will ensure our actions comply with the data security standards set out in the GDPR. We will also take all reasonable steps to ensure that this information is stored securely and is not passed on or sold to a third party for marketing purposes.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features, in line with the standards set out in the GDPR, to try to prevent unauthorised access.
We only retain your data for the period necessary to fulfil the purpose for which it was originally processed, or in order to fulfil a legal obligation. For example, as a financial institution, we are legally required to retain client records for anti-money laundering purposes.
You have a range of rights over your information and we will endeavour to respect any requests to exercise them.
You may request access to the information we hold about you by making a Subject Access Request (SAR). Once we have confirmed your identity, we will comply with a SAR free of charge within 30 days, unless we deem the request unfounded or excessive. In this event, we will explain why we have decided not to action your request.
You may request that we correct the information we hold on you when it is incorrect, out of date, or incomplete.
You may request that we destroy, delete or discontinue using your personal information when it is no longer necessary for the purpose we originally collected it.
You may request that we stop processing your information when you contest its accuracy or the lawfulness of the processing.
Whenever you have given us your consent to use your information, you have the right to change your mind at any time and withdraw your consent.
In cases where we are processing your information on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We will do so unless we believe we have a legitimate overriding reason to continue processing your information.
You have the right to stop our use of your information for direct marketing activities through all channels, or selected channels. You always have the opportunity to opt-out and we will always comply with your request.
To do so, click the ‘unsubscribe’ link in any email communication we send to you to notify us that you would like us to stop any further emails.
You can request to exercise these rights at any time by contacting us at DPO@globalreachgroup.com
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
You will not have to pay a fee to access your personal information (or to exercise any other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If we do refuse your request, we will explain to you the reasons for our refusal.