CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing money.
CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing money.

Privacy Policy

September 2024

  • 1. Introduction
    ‍Virtual Markets Ltd, (hereafter the “Company” or Virtual Markets)’ really values our clients’ personal data and privacy. That is the reason we created this privacy policy; to be transparent about the type of personal data we collect, how it is used, who it is shared with and what rights our clients have in connection with their data. 

    This privacy policy applies to the personal data that Virtual Markets processes and controls in connection with the platform and applications, webservices, products and services that are referenced in this policy (collectively, the "Services"). We process personal data in accordance with this Privacy Policy.  

    Before we move forward, we would like to clarify a few points:
    - No services to minors. Our services are not intended for children, and we do not knowingly collect data relating to children.
    - Keep yourself informed and up to date. If we provide you with another privacy policy relating to specific processing, you should read it alongside this one.
    - Pay attention to the definitions. This policy cannot be of much use if you cannot comprehend it and that’s why we will be explaining some useful legal terms at the end of this policy.
  • 2. Definitions

    -Personal Data. Personal data, or personal information, means any information about an individual which could identify that person such as name and surname, address and card identification number and it does not include data where the identity has been removed (anonymous data). Virtual Markets provides its services to both retail clients (natural persons) and  corporate clients. In contrast to natural persons’ data , company data cannot be treated as personal data. However, information about individuals acting as sole traders, employees, partners and company directors where they are individually identifiable, and the information relating to them as an individual may constitute personal data.

    -Data Subject. An identified or identifiable living individual to whom personal data relates.

    -Data Controller. Controllers are the main decision-makers of personal data processing. They have overall control for the purposes and means of processing personal data.

    -Lawful Basis. For every processing activity we conduct, there must be a legitimate and appropriate basis to do so. The following are considered legitimate bases under applicable data protection legislation:
    ● Consent
    ● Legitimate Interest
    ● Contract
    ● Legal Obligation
    ● Vital Interests
    ● Public Interest

    -Consent. An unambiguous, informed and freely given indication by an individual agreeing to their personal data being processed.

    -Legitimate Interest. If the processing is in the legitimate interests of Virtual Markets and the data subject’s interests / expectations do not override our legitimate interests, this lawful basis can be relied on. An assessment must be performed to identify whether this is an appropriate lawful basis.

    -Contract. Data can be processed if the data is necessary to perform a contract with the data subject.

    -Legal Obligation. If processing personal data is required to comply with a common law or statutory obligation under St. Lucia or EU law, then this is considered a lawful basis.

    -Vital Interests. If the data processing is in the Vital Interests of the data subject, then this is a lawful basis. If it’s possible to protect the person’s vital interests in an alternative and less intrusive way, then this basis doesn’t apply.

    -Public Interest. If processing personal data is required ‘in the exercise of official duty’ or to perform a specific task in the public interest that is set out in law, then this is a lawful basis.

    -Pseudonymization. Pseudonymization is the processing of personal data in a way that it can no longer be attributed to a specific data subject without the use of additional information. This is provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person

    - Anonymization. Data can be considered 'anonymized' when individuals are no longer identifiable. If data is ‘fully 'anonymized', it doesn’t qualify as personal data.
  • 3. What personal data do we process and how do we collect it?

    We may collect, use, store and transfer different types of personal data and for different purposes depending on the circumstances.
    In this section, we provide you with useful information about what personal data we process, depending on where we have received it from. For instance, we usually receive data through direct interactions with us such as live chat and email communication and when you use our Services through our website.

    -Identity Data. This includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

    -Contact Data. This includes billing address, delivery address, email address and telephone numbers.

    -Due Diligence Data. This may include copies and photos of identification document(s), nationality, national insurance number, social security number (or other government issued identification number), citizenship and residency status, tax information, source of income / funds (including assets), driving license, occupation and employment information, copies of proof of address such as utility bills and bank statements,  your image (selfie) extracted from liveness checks (if applicable) and other data we may need to successfully verify users. We collect personal data from third parties, who you may or may not have a direct relationship with. Some of the data we collect from you.

    -Financial Data. This may include open banking data, bank account and payment card details.

    -Client Interactions. This includes responses to surveys, promotions, customer support chats (including interactions made on the Virtual Markets app when applicable), also, via social media and email communication).

    -Data collected from automated technologies or interactions. As you interact with our Services, we may automatically collect certain Usage Data and Technical Data about your equipment, browsing actions and patterns. We may collect this personal data using cookies, web beacons, pixel tags, server logs and other similar technologies, which are sometimes provided by a third party.

    -Transaction Data. This includes details about payments to and from you and other details of products and services you have purchased from us, including the value and currency of your activity.

    -Social Activity. This includes your news feed activity, interests, community membership(s), platform interactions, messages and comments.

    -Device Data. This includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.-Location Data. We may collect geolocation data such as your IP address from your device, where you have set permissions that allow this.

    -Profile Data. This includes your username and password, pin, profile photo, bio, settings and preferences.

    -Usage Data. This includes information about how you use our Services, including your browsing habits, profit and usage statistics.

    -Data collected from third parties. May be shared with service providers and contractors who help us improve the Services we provide.

    -Third Party Technical Data. We may collect personal data such as inferred data, website usage data and demographic data from relevant third parties, including analytics providers and advertising networks.

    -Marketing and Communications Data. This includes your preferences in receiving promotional and marketing material from us and our third parties, or any other communication preferences you have expressed.

    -Partners and Vendors Data. We may collect personal data from third parties if we enter a partnership or when we’re seeking to verify your identity as part of our regulatory requirements. We may rely on third parties such as identity verification agencies, compliance support or data protection firms, credit referencing agencies, transaction monitoring solutions and other providers. This data may include:
    ● Contact data
    ● Publicly available information
    ● Data from technical and payment providers
    ● Data from data brokers or aggregators
    ● Data available from public sources such as your local Electoral Register or Company Registrar.
  • 4. Additional information

    Aggregated Data

    We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be based on personal data, but it’s not considered personal data by law as the data does not directly or indirectly reveal your identity.

    In case we combine or connect Aggregated Data with your personal data in a way that can directly or indirectly identify you, we process it as Personal Data and in accordance with this Privacy Policy.

    Special Categories of Personal Data

    Please be informed that due to the nature of our business it is unlikely that we will intentionally collect Special Categories of Personal Data (this includes details about your race or ethnicity, sexual orientation, political opinions, medical records etc.).We may, however, process data relating to:
    ● criminal convictions and past offenses as part of our standard due diligence and Anti-Money Laundering procedures.
    ● political affiliation(s) from searches in order to detect a Politically Exposed Person’s (PEP’s) status as all PEPs should be subject to enhanced due diligence due to the risk they can carry
    ● all information about your source of wealth if you are under enhanced due diligence, which again might be necessary for us in order to stay compliant with regulatory and AML regulations and guidelines that apply to Virtual Markets.

    In the event we start processing special category personal data (for example, should you voluntarily provide us with information regarding your health), we will protect it according to the Privacy and Data Protection Act and any other relevant laws and regulations that may apply such as GDPR laws, depending on your residency.
  • 5. Failure to provide personal data

    Under certain circumstances we are obliged to collect personal data in order to stay compliant with the relevant laws and regulations. Should you fail to provide this data when requested, we may not be able to perform the contract between you and Virtual Markets needed for the delivery of our Services. In this case, we may have to cease the delivery of a product or service to you, but rest assured that we will notify you in advance.

  • 6. Why do we process this personal data?

    This section describes our reasons for processing personal data and the lawful and legitimate purpose we rely on when it comes to processing.

    Before we move forward, we want to provide a quick explanation of the definition of ‘lawful’. There are a number of bases available and we must choose the most appropriate one before processing data. If we cannot identify an appropriate lawful basis, we will not process the data. In most instances, we’ll use your personal data in the following circumstances:
    I. Where we need to perform a business contract we are about to enter into or have entered into with you
    II. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
    III. Where we need to meet a legal and or regulatory obligation

    You have the right to withdraw your consent at any time, if this is the lawful basis we use to process personal data. We may process your personal data on more than one lawful ground, depending on the reason and the purposes we’re using your data for. Please Contact Us if you need further clarifications about the specific legal ground, we’re relying on to process your personal data.
  • 7. Change of purpose

    We will only use your personal data for the purposes we collected it, unless we reasonably consider that we need to use it for another purpose which is suitable to serve the initial purpose of data collection.

    If we need to use your personal data for an irrelevant purpose to our Services, we will notify you and explain the legal basis we rely on. Please note that we may process your personal data without your knowledge or consent but it will always be in compliance with the above rules, where this is required or permitted by law.
  • 8. Examples of lawful basis for collecting client data

    Please see below some key examples of instanced where we have to collect your personal data:
    I. To register with Virtual Markets and open a trading account with us
    II. Necessary for the performance of a contract
    III. To access Virtual Markets additional features
    IV. If you want to access additional features on Virtual Markets, such as trading, we process your data for a number of reasons, including to:- Verify your identity as part of our standard customer due diligence checks (in accordance with applicable legislation and regulation), including but not limited to: “know your customer”, anti-money laundering, fraud, sanctions and politically exposed person checks
    V. Necessary to fulfill our legitimate interests (for effectively running our business and staying compliant with regulations): to provide brokerage support services, hosting of data, testing, system maintenance, data analysis, keep our records up to date, provide network security, to prevent fraud, comply with AML regulations and in the context of a business reorganization or group restructuring exercise)
    VI. Necessary to improve our services or make them more tailored to your needs and goalsVII. To identify illegal or suspicious behaviors and activity conducted through our platform
    VIII. Necessary to comply with a legal obligation(s)
    IX. To facilitate Market Orders
    X. To communicate with you about your account or your participation in promotions
    XI. To provide Customer Support
    XII. To investigate and report, where appropriate, data breaches, incidents, requests and complaints
    XIII. To promote Virtual Markets and encourage prospective clients to join our Services.
    XIV. To obtain data regarding your preferences
    XV. To provide trading features on the Virtual Markets app (when applicable).

    If you do not have a Virtual Markets account but signed up to receive our marketing, we’ll process your personal data for the sole purpose of sending you marketing communications, which you can opt out of at any time.

    We process personal data to continuously and appropriately service your account; this includes the processing of Transaction Data, Usage Data and Profile Data. We must maintain accurate records, fairly monitor account activity and analyze engagement to deliver the best Service we can to our users.

    We must also effectively moderate the content, interactions and engagement on our platform to monitor for violations of our website Client Agreement and / or applicable legislation.
  • 9. Who do we share personal data with?

    -Internal Recipients
    We may share personal data with entities that may form a group of companies which Virtual Markets may be part of. We do this as our entities rely on each other to provide a variety of Services which are necessary for us to provide our services.

    -External Recipients
    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Third-party data processors cannot use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our written instructions.

    -Third Party Service Providers.
    These can include third party software and platform providers, vendors, compliance partners (including identity verifiers and performers of relevant checks), analytics services providers, advertising affiliates, card payment service providers, open banking providers, execution brokers and liquidity providers, digital assets partners and electronic money account providers.

    -Regulators and Authorities.
    These include regulatory, financial investigation units and legal bodies, authorities including tax authorities as well as other formal bodies who we must engage / report to.

    -Professional advisers.
    These can include lawyers, bankers, compliance officers outsourcing their services, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

    If we choose to sell, transfer or merge parts of our business or our assets, we’ll share your personal data with the new owners of our business, who may use your personal data in the same way set out in this privacy policy.
  • 10. Do we transfer your data outside St. Lucia?

    Your data is processed in St. Lucia and EEA. We may transfer your data outside St. Lucia and the European Economic Area (EEA).

    Whenever we transfer your personal data out of St. Lucia or the EEA, we make sure it’s given a similar degree of protection by guaranteeing at least one of the following safeguards is implemented:

    We’ll only transfer your personal data to countries that provide an adequate level of protection for personal data. We’ll make sure that appropriate contractual protections are always in place.
  • 11. How long do we retain personal data for?

    We’ll only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting or reporting requirements and not more than 7 (seven) years after the day on which the account is closed.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. In this case, we may use this information indefinitely without giving you further notice.
  • 12. What rights do you have over your personal data?

    In certain circumstances, you have the right to:
    i. Request access to your personal data. This is the right to access and receive a copy of your personal data and other supplementary information. This right is not absolute and it will depend on the discretion of the company.
    ii. Request correction of your personal data. This is where we’ll rectify inaccurate or incorrect data we process about you.
    iv. Request erasure of your personal data. This is the right to request the erasure of your personal data. This right is not absolute and may be subject to certain limitations, depending on our lawful basis for processing your personal data.
    v. Object to our processing of your personal data. This is only an absolute right when related to direct marketing. For all other data processing, you can object. We ‘ll then review and process your request subject to relevant limitations, such as the lawful basis for processing your personal data in the first instance.
    vi. Right to withdraw consent. Where you have provided your consent for us to process your personal data, you have the right to withdraw such consent.
    vii. Right to object. This can include the right to object to automated decision-making and profiling that produces legal or similar effects. This right is not relevant to Virtual Markets users as we do not presently participate in data processing that is solely automated and makes decisions which have a legal (or similar) effect.

    Should you wish to make such a request, you can do so by sending an email to support@virtualmarkets.com. You can also opt out of direct marketing by clicking unsubscribe at the bottom of any marketing email.

    Generally, you do not have to pay a fee to exercise any of these rights, and we'll confirm completion of your request within one calendar month.

    However, we may charge a reasonable fee or extend our timeline for responding in cases where a request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We’ll always notify you in the event this occurs.

    You have the right to make a complaint at any time to the relevant data protection authority;

    St. Lucia:
    Office of the Information and Data Protection Commissioner (OIDPC)
    P.O. Box 1509,Sir Stanislaus James Building
    The Waterfront, Castries
    St. Lucia
    Phone: +1 (758) 468 1597Fax: +1 (758) 452 1637
    Email: data.office@cipo.gov.lc

    We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us at support@virtualmarkets.com and our Data Protection Officer will handle your request accordingly.