PERSONAL DATA PROCESSING POLICY
- This document defines the Tiger Trade AG, a company registered at 75 Baarerstrasse, Zug 6300, Switzerland, (“Data Controller”) policy with respect to processing of personal data which the Data Controller collects using the Internet and contains information on personal data protection requirements implemented (“Policy”).
- The Policy applies to personal data which the Data Controller may receive from the user (“you”) when you use the Data Controller's website athttps://tiger.trade («Site») and Tiger.Trade Trading Terminal for various purposes.
- By using the Site, you provide your personal data to the Data Controller and agree to the Data Controller’s processing of the same in accordance with the procedures set forth in this Policy. By accepting or continuing to use the Site, you agree to the terms and conditions of this Policy.
- Please feel free to contact the Data Controller any time with any questions regarding your personal data processing or to request that your personal data be modified (updated, supplemented, or revised), or to revoke your consent to the personal data processing within the scope and for the purposes referred to in the Policy.
In any such case, please send your request in any form by email at: email@example.com. Your request should be sent from your email address indicated upon registration or contain your identification data, such as: your full name and email.
- Below are the main terms used in this Policy (and such terms may be used in either singular or plural form, as the case may be).
- «automated personal data processing» means solely computerized personal data processing;
- «personal data blocking» means temporary suspension of personal data processing (unless such processing is required for personal data revision purposes);
- «PD Laws» mean Federal Law No. 152-FZ On Personal Data dated July 27, 2006, as amended, and any regulations adopted in pursuance of such law and any other applicable laws governing the protection of personal data
- «personal data confidentiality» means the obligation of any persons accessing personal data not to distribute the same without the personal data subject's consent, unless the PD Laws provide for other processing grounds;
- «Data Controller» means Tiger Trade AG with its office at: Baarerstrasse 75, 6300 Zug, Switzerland, which arranges for and conducts personal data processing and defines purposes of the personal data processing, the scope of personal data to be processed, and actions/operations to be carried out with personal data;
- «personal data processing» means any action/operation or a set of actions/operations with personal data carried out with or without the use of any automation tools; a list of actions carried out by the Data Controller with your personal data is given in clause 19 below;
- «personal data» means any information directly or indirectly related to an identified or identifiable individual (personal data subject), i.e. information that directly identifies you (such as your name or email address) and information that does not identify you directly, but may be used in one way or another for identification (e.g. your mobile device details); for the purposes of this Policy, personal data means personal data that you may transfer actively or that is collected with the use of various technologies as you browse the Site (please see clause 18 of this Policy for more details);
- «you» or «Site Visitor» mean any individual using the Site for any purposes;
- «you» or «Site and Tiger.Trade Trading Terminal User» mean any individual who registered on the Site or is using the Tiger.Trade Trading Terminal;
- «personal data sharing» means actions aimed at disclosing personal data to a specific person or specific group of persons;
- «personal data distribution» means actions aimed at disclosing personal data to the general public;
- «cross-border transfer of personal data» means transfer of personal data to a recipient in a country different to the country where the controller is located;
- «personal data destruction» means any action that makes it impossible to restore personal data content within the personal data information system and/or action that results in destruction of physical media containing personal data.
- The Data Controller shall provide unrestricted access to this Policy by posting its current version in the Confidentiality Policy section on the Site, and a hard copy of the same shall be kept in the Data Controller’s office and may be provided to you at your request or otherwise under the PD Laws.
- This Policy shall be revised or, if required, updated in the event that the Data Controller’s data processing procedures are modified, or the PD Laws are amended.
- The Data Controller will process your personal data in accordance with the procedures stipulated by the PD Laws on a fair and lawful basis.
- The Data Controller will process your personal data strictly for the purposes defined in this Policy and such processing will be limited to the attainment of such specific, pre-defined, and lawful purposes. The Data Controller undertakes not to allow any personal data processing that is inconsistent with the purposes for which such data is collected as listed in this Policy. The personal data that the Data Controller collects on the Site is not excessive relative to the declared purposes for which the same is processed.
- The Data Controller will store your personal data in a form that makes it possible to identify you as a personal data subject for no longer than the purposes of personal data processing require, unless the PD Laws require otherwise. Unless the PD Laws require otherwise, the Data Controller will destroy your personal data once the purposes of processing are achieved (e.g., you no longer use the trading platform and the Site) in accordance with the procedures stipulated by clause 35 of this Policy, or if processing of your personal data for such purposes is no longer necessary (e.g., the Data Controller resolves your query about operation of the trading platform).
- The Data Controller will process your personal data solely and exclusively subject to there being legal reasons under the PD Laws, and such legal reasons are as follows:
- compliance with applicable laws, including, without limitation, those that assign the Data Controller’s functions, powers, and duties;
- exercise of rights and legitimate interests of the Data Controller or third parties in compliance with the PD Laws (provided, however, that the Data Controller does not violate personal data subjects’ rights and freedoms).
- This Policy describes procedures used by the Data Controller to process personal data of the following categories of the personal data subjects:
Site Visitors’ Personal Data Processing
- Site Visitors; and
- Site and Tiger.Trade Trading Terminal Users;
- When you use the Site as a Site Visitor, the Data Controller collects data passively. The content, purposes, and scope of personal data collected in such event is further described in clause 4 of this Policy.
- Also, if you contact the Data Controller using the contact form on the Site or, in accordance with clause 4 of this Policy, the Data Controller will also process personal data you share, which may include your name, email address, telephone number, message subject and body, and other data shared by you. The Data Controller will use such data to process your query (e.g. to respond to your questions or requests, e.g. to send you requested documents or information). Site and Tiger.Trade Trading Terminal Users’ Personal Data Processing
- In addition to the data referred to in clauses 13 и 14, when registering on or otherwise using any features of the Site, the Site Users share the following personal data with the Data Controller: surname, first name, patronymic, telephone number, email address, year of birth, city of residence, and Site usage data.
- The Data Controller processes your personal data for one or more of the purposes summarised below:
- The Data Controller will use personal data shared by the Site and Tiger.Trade Trading Terminal Users for the following purposes: to identify a Site or Tiger.Trade Trading Terminal User; provide guidance on the operation of the trading platform; better understand the Site and Tiger.Trade Trading Terminal Users’ needs; provide information to the Site and Tiger.Trade Trading Terminal Users on best ways to use the trading platform; authorize Site and Tiger.Trade Trading Terminal Users to work with trading terminal; improve quality of advice given to the Site and Tiger.Trade Trading Terminal Users on any issues that may arise; keep the Site and Tiger.Trade Trading Terminal Users updated on the Data Controller’s news; provide access to customized resources of the Site to the Site Users; and provide efficient customer and technical support to the Site and Tiger.Trade Trading Terminal Users on any problems in connection with using the Site or Tiger.Trade Trading Terminal.
- To collect the Site browsing and user behavior data, such technologies as cookies (browser cookies and Flash cookies) and web beacons are used on the Site. The Data Controller and third-party vendors, acting under an agreement with the Data Controller, passively collect and use data variously, including:
- Via a browser: ertain data is collected by most browsers, e.g. your Media Access Control (MAC) address, computer type and operating system version, Internet browser type and version, and User location. The Data Controller may collect such information as, for example, your device type and identifier, if you access the Site from a mobile device. Such information is shared with the Data Controller when a Visitor or User accesses the Site.
- IP address: IP address is a numerical label your Internet provider assigns to your computer automatically. The IP address is identified and logged in the Data Controller’s server files each time a Site Visitor accesses the Site; web pages viewed and time spent on the Site are also logged. Collection of IP addresses is a common Internet practice with many websites collecting such data automatically. The Data Controller uses IP addresses for such purposes as, for example, to assess the Site traffic, for server diagnostics and Site administration.
- Device Information: The Data Controller may collect your mobile device data, e.g. the unique device identifier.
- This Policy applies to collection, recording, classification, capture, storage, revision (updating, modification), retrieval, use, transfer (sharing, accessing), cross-border transfer, blocking, deletion, and destruction of personal data collected by the Data Controller on the Site and in the Tiger.Trade Trading Terminal with the use of automation tools. The course of your personal data is you. We do not collect personal data about you from a third-party.
- The Data Controller processes your personal data automatically without making any decisions that have any legal implications or otherwise affect your rights and legitimate interests based solely on personal data automated processing.
- The Data Controller will ensure that databases used for collection, recording, classification, capture, storage, revision (updating, modification) and retrieval of personal data of the Russian Federation nationals are located in the Russian Federation.
- The Data Controller will keep your personal data collected on the Site confidential.
- The Data Controller may delegate the processing of your personal data to a third party, subject to the PD Laws.
- The Data Controller will transfer your personal data collected on the Site and in the Tiger.Trade Trading Terminal in the following events:
- you have authorized such transfer;
- such transfer is required to achieve any purposes of an international treaty or a law, or to fulfill and discharge any functions, powers, and duties of the Data Controller under applicable laws;
- such transfer is required to perform an agreement to which you are party;
- The Data Controller will provide personal data collected on the Site and in the Tiger.Trade Trading Terminal, provided that the Data Controller has entered into an agreement with the recipient of personal data under which such third party receiving personal data from the Data Controller undertakes to keep personal data confidential and to adhere to the personal data processing principles and rules defined by the PD Laws and agreement with the Data Controller.
- The Data Controller will provide personal data (including by cross-border transfer to countries that do or do not provide an adequate level of protection of personal data subjects’ rights) to the following third parties:
- affiliates of the Data Controller;
- third-party vendors of such services as website hosting and administration, data analytics, infrastructure maintenance, IT services, services delivered by email or regular mail, audit services, and other services, if such data is needed for such persons to be able to provide the same;
- in the event of restructuring, merger, sale, creation of a joint venture, or winding up of the Data Controller, transfer of its assets or shares in full or in part (including in connection with bankruptcy or court proceedings).
- The Data Controller will provide personal data collected on the Site and in the Tiger.Trade Trading Terminal within the scope which the Data Controller may in its discretion deem necessary or appropriate:
- pursuant to requirements of the laws applicable to the Data Controller;
- to protect the Data Controller’s and its affiliates’ business;
- in response to requests from the government authorities, including government authorities outside of Russia;
- to facilitate any court proceedings;
- to protect your rights and rights of the Data Controller, confidentiality, security or property and/or rights, confidentiality, security, or property of the Data Controller and its affiliates.
- Access to personal data collected on the Site and in the Tiger.Trade Trading Terminal will be granted to the Data Controller’s authorized personnel in connection with and solely and exclusively for the purposes of fulfilling their job duties, with a list of positions of such authorized personnel to be approved by the Data Controller’s CEO. Such authorized personnel are informed of the applicable law provisions, including personal data protection requirements stipulated by the PD Laws, and of the documents that define the Data Controller’s personal data processing policy, and have been trained/instructed accordingly.
- When processing personal data, the Data Controller will make sure that personal data is accurate (assuming such data is true without having to verify the same), sufficient, and, where necessary, and fit for purpose. The Data Controller will take appropriate measures to delete or update incomplete or inaccurate data, including in the events referred to in this Policy.
- The Data Controller will apply required managerial, technical, and administrative arrangements to protect personal data received on the Site in accordance with the PD Laws. At the same time, no systems for storage or transfer of data via the Internet may guarantee full security. If you have reasons to believe that data exchange with the Data Controller is not secure (for example, you believe that security of any of your data 7is compromised), please terminate the use of the Site and notify the Data Controller of the same immediately in accordance with clause 4 of this Policy.
- The Data Controller will store personal data collected on the Site and in the Tiger.Trade Trading Terminal for as long as necessary for the purposes of this Policy, unless longer storage is necessary or permitted by the laws applicable to the Data Controller.
- The Data Controller may terminate personal data processing once the purposes of such processing have been attained or where such processing is found to be illegitimate.
- If processing of personal data collected on the Site and in the Tiger.Trade Trading Terminal is found to be illegitimate (on receipt of your or your representative's query, on receipt of a request from an authorized agency, or following an internal audit) or if personal data is found to be inaccurate, the Data Controller will block or procure the blocking of such personal data that is processed illegitimately on receipt of such query or request for as long as such personal data processing is verified:
- If the inaccuracy of personal data is confirmed based on the information you, your authorized representative, or an authorized agency may provide in any form in writing, or based on any other documents pursuant to PD Laws, the Data Controller shall update such personal data or procure the same to be updated within seven (7) business days of receipt of such data and unblock the same.
- If the illegitimate personal data processing is confirmed, the Data Controller shall terminate such illegitimate processing within three (3) business days of confirmation of the illegitimate processing, or delete such personal data within ten (10) business days of confirmation of the illegitimate processing. The Data Controller shall notify you, or your representative, or the authorized agency, if the legitimacy of processing was verified at the request of such agency, of remedying any such violations.
- If you revoke your consent, the Data Controller shall terminate personal data processing immediately, except when continued processing of such personal data is required by the laws applicable to the Data Controller, and in any event the Data Controller shall notify you of the outcome of such revocation.
- f the purposes for which personal data collected on the Site and in the Tiger.Trade Trading Terminal have been attained, the Data Controller shall terminate personal data processing and destroy personal data within thirty (30) days of when the purposes of processing have been attained, unless your consent received by the Data Controller provides for a different deadline. If personal data collected on the Site may not be destroyed by such deadline, the Data Controller will block such personal data and ensure that the same destroyed within six (6) months, unless the laws applicable to the Data Controller, your consent for personal data processing, or an agreement to which you are a party, require otherwise.
- Subject to applicable PD Laws, the Data Controller provides you with the ability to view, update, access, edit, delete and/or correct your personal data. To update your personal data, log-in to your account. Our databases automatically update any personal data you edit in your profile or that you request we edit. You may also object to legitimate interest processing, withdraw any consent you provided and/or request the restriction or portability of your personal data, in accordance with and subject to applicable PD Laws and statutory exemptions. We aim to process these requests within one month but it may take up to three months. We may also ask for verification of your identity to process these requests.
- You may make a complaint about our personal data processing to any applicable supervisory authority in your country of residence.
- The Site and the Tiger.Trade Trading Terminal is not aimed at children (i.e. persons who are under 13 years of age or such higher age as required under applicable laws). By becoming a user, you represent and warrant that you are not a child and that you have the right, authority and capacity to enter into and abide by the terms and conditions of this Policy. We reserve the right to verify your information and can exercise our absolute discretion not to provide any Services to you if we are not satisfied that you are not a child. If we learn that a child under the age of 13 (or such legally required higher age) has submitted personally identifiable information online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where 8necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children under 13 (or such legally required higher age), please contact us at the address below. If a child has provided us with Personal Information, a parent or legal guardian of that child may contact us as described below. Upon confirmation, we will then make reasonable efforts to delete the child’s Personal Information from our database.
DATA CONTROLLER’S PERSONAL DATA PROCESSING PRINCIPLES, TERMS, AND CONDITIONS
LEGAL REASONS FOR DATA CONTROLLER’S PERSONAL DATA PROCESSING
PROCESSED PERSONAL DATA SCOPE AND PURPOSES
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity
|Performance of a contract with you|
|To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
|To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To enable you to partake in a prize draw, competition or complete a survey||(a) Identity
(e) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(d) Usage (e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity
(d) Usage (e) Profile
(f) Marketing and Communications
|Necessary for our legitimate interests (to develop our products/services and grow our business)|