Privacy Policy
Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information
Last Updated: March 1, 2025. This Privacy Policy supersedes all previous versions.
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. How We Share Your Information
- 5. Cookies and Tracking Technologies
- 6. Data Security
- 7. Data Retention
- 8. International Data Transfers
- 9. Your Rights and Choices
- 10. Children's Privacy
- 11. Updates to This Privacy Policy
- 12. Contact Us
1. Introduction
Welcome to FMA Capital ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:
- Visit our website at [Website URL] (the "Website")
- Use our trading platforms and mobile applications (the "Platforms")
- Access our services, including trading accounts, PAMM/MAMM investments, copy trading, signal providers, and crypto staking (collectively, the "Services")
By accessing or using our Website, Platforms, or Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Website, Platforms, or Services.
We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws around the world.
2. Information We Collect
We collect several types of information from and about users of our Website, Platforms, and Services, including:
2.1 Personal Information
Personal information is information that identifies you as an individual or relates to an identifiable person. We collect the following categories of personal information:
- Identity Information: Full name, date of birth, nationality, government-issued identification (passport, national ID, driver's license), photographs, signature, and other similar identifiers
- Contact Information: Email address, telephone number, mailing address, and other contact details
- Financial Information: Bank account details, payment card information, wire transfer details, transaction history, trading data, and other financial information
- Professional Information: Occupation, employer, work experience, income, source of funds, trading experience, and investment objectives
- Account Information: Username, password, account preferences, and other account-related details
- KYC/AML Information: Information required to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, including information about politically exposed persons and sanctions screening
2.2 Non-Personal Information
Non-personal information is information that does not directly identify you. We collect the following categories of non-personal information:
- Device Information: IP address, browser type and version, operating system, device type, hardware settings, and other technology identifiers on the devices you use to access our Website or Platforms
- Usage Information: Information about how you use our Website, Platforms, and Services, including browsing patterns, clicked links, interactions, preferences, login times, and session duration
- Location Information: General geographic location based on your IP address or more precise location when permitted by law and enabled through your device
- Log Files: Server logs, error reports, security incidents, and crash analytics
- Aggregated Data: Statistical or demographic data that does not directly reveal your identity
2.3 Information Collection Methods
We collect information through various methods, including:
- Direct Interactions: Information you provide when creating an account, completing KYC processes, making deposits or withdrawals, executing trades, subscribing to marketing communications, or contacting our customer support
- Automated Technologies: Cookies, web beacons, tracking pixels, server logs, and other similar technologies (see Section 5 for more details)
- Third-Party Sources: Information from third-party service providers, identity verification services, credit agencies, financial institutions, public databases, and social media platforms (where permitted by law)
- Trading Platforms: Information collected through your use of our trading platforms, including trading activity, login history, and user preferences
Important Note: Some information we collect is required for us to provide our Services to you and to comply with legal and regulatory obligations. If you decline to provide required information, we may not be able to provide certain Services or features to you.
3. How We Use Your Information
We use the information we collect for various purposes, including:
3.1 Providing Our Services
- Creating and managing your account
- Processing transactions, deposits, and withdrawals
- Executing trades and investment instructions
- Facilitating PAMM/MAMM investments, copy trading, and crypto staking
- Providing customer support and responding to inquiries
- Sending transactional messages and service notifications
- Maintaining and improving our Website, Platforms, and Services
3.2 Legal and Regulatory Compliance
- Verifying your identity and performing KYC/AML checks
- Preventing fraud, money laundering, and other illegal activities
- Complying with legal obligations, regulatory requirements, and industry standards
- Responding to legal process, such as court orders, subpoenas, or government requests
- Enforcing our Terms and Conditions and other agreements
- Establishing, exercising, or defending legal claims
3.3 Marketing and Communications
- Sending newsletters, promotions, and marketing communications
- Providing information about new features, products, and services
- Conducting surveys and collecting feedback
- Personalizing your experience and delivering content relevant to your interests
3.4 Analytics and Improvement
- Analyzing usage patterns and trends
- Monitoring and improving the performance, functionality, and quality of our Website, Platforms, and Services
- Developing new products, services, and features
- Conducting research and statistical analysis
3.5 Security and Risk Management
- Protecting against unauthorized access, fraud, and other malicious activity
- Monitoring for suspicious or illegal activity
- Verifying transactions and detecting abnormal trading patterns
- Ensuring the security and integrity of our systems and data
3.6 Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), we process your personal information based on one or more of the following legal grounds:
- Performance of a Contract: Processing necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract
- Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms
- Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject
- Consent: Processing based on your consent, which you may withdraw at any time
Purpose | Categories of Data | Legal Basis (GDPR) |
---|---|---|
Account Creation and Management | Identity, Contact, Financial, Professional | Performance of Contract |
Transaction Processing | Identity, Contact, Financial | Performance of Contract |
KYC and AML Compliance | Identity, Contact, Financial, Professional, KYC/AML | Legal Obligation |
Security and Fraud Prevention | Identity, Device, Usage | Legitimate Interests |
Marketing Communications | Identity, Contact, Usage | Consent or Legitimate Interests |
Analytics and Service Improvement | Device, Usage, Location | Legitimate Interests |
6. Data Security
Protecting your information is a priority for us. We implement appropriate technical and organizational measures to safeguard your personal information against unauthorized access, disclosure, alteration, and destruction.
6.1 Security Measures
Our security measures include:
- Encryption: All sensitive data is encrypted in transit and at rest using industry-standard encryption protocols (SSL/TLS, AES-256).
- Access Controls: Strict access controls and authentication mechanisms to ensure that only authorized personnel can access personal information.
- Firewalls and Intrusion Detection: Advanced firewalls, intrusion detection, and prevention systems to protect our networks and systems.
- Regular Security Assessments: Vulnerability scans, penetration testing, and security audits conducted by internal teams and third-party security experts.
- Employee Training: Regular security awareness and data protection training for all employees who handle personal information.
- Incident Response: Comprehensive incident response plan to address any potential data breaches promptly.
6.2 Account Security
To enhance the security of your account, we offer the following features:
- Two-Factor Authentication (2FA): Adds an extra layer of security by requiring a verification code in addition to your password.
- Login Notifications: Alerts for suspicious login attempts or changes to your account.
- Session Management: Ability to view and terminate active sessions from different devices.
- IP Restrictions: Option to restrict logins to specific IP addresses or regions.
We strongly recommend enabling 2FA for your account and using a strong, unique password.
6.3 Limitations
While we implement appropriate security measures, no method of transmission over the Internet or electronic storage is 100% secure. Despite our efforts, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.
6.4 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and the relevant supervisory authorities as required by applicable laws and regulations. This notification will include information about the breach, its potential consequences, and the measures we are taking to address it.
7. Data Retention
7.1 Retention Periods
We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. The retention periods depend on the type of information and the purposes for which we use it.
Specific retention periods include:
- Account Information: As long as you maintain an active account with us, plus a period after account closure (typically 5 years) for legal and regulatory compliance.
- KYC/AML Information: Minimum of 5 years after the end of our business relationship, as required by anti-money laundering regulations.
- Transaction Records: Minimum of 5-7 years for tax and accounting purposes.
- Communication Records: Up to 5 years from the date of communication.
- Marketing Preferences: Until you unsubscribe or request deletion.
- Website Usage Data: Up to 2 years from collection.
7.2 Extended Retention
We may retain your information for longer periods in the following circumstances:
- To comply with legal, regulatory, or accounting requirements
- To resolve disputes or enforce our agreements
- To protect against fraudulent, malicious, or abusive activity
- When reasonably necessary for legitimate business purposes
7.3 Data Minimization
We regularly review our data retention practices to minimize the amount of personal information we hold. When personal information is no longer needed, we securely delete or anonymize it.
8. International Data Transfers
8.1 Global Operations
We operate globally and may transfer, store, and process your information in countries other than your country of residence, including the United States, United Kingdom, European Union, Singapore, and other locations where we or our service providers operate.
8.2 Transfer Safeguards
When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not received an adequacy decision, we implement appropriate safeguards to protect your information, such as:
- Standard Contractual Clauses (SCCs): EU-approved contractual clauses that require recipients to protect personal information in accordance with EU data protection standards.
- Binding Corporate Rules: Internal rules for transfers among our affiliates that have been approved by EU data protection authorities.
- Consent: In limited circumstances, with your explicit consent for the specific transfer.
- Necessity: When the transfer is necessary for the performance of a contract with you or for pre-contractual measures taken at your request.
8.3 Jurisdictional Compliance
We comply with local data protection laws in jurisdictions where we operate, including:
- General Data Protection Regulation (GDPR) in the European Economic Area
- UK GDPR in the United Kingdom
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California
- Personal Data Protection Act (PDPA) in Singapore
- Other applicable national or regional data protection laws
8.4 Data Transfer Impact
You should be aware that when your information is transferred to other countries, it may be accessible to government authorities in those countries in accordance with their laws. If you have questions about our international data transfers or the safeguards we implement, please contact us using the information provided in Section 12.
9. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information. We respect your rights and provide mechanisms for you to exercise them.
9.1 Rights for All Users
Regardless of your location, you have the following rights:
- Account Information: Update or correct certain personal information through your account settings.
- Marketing Communications: Opt out of marketing emails by clicking the "unsubscribe" link in our emails or changing your communication preferences in your account settings.
- Cookies: Manage cookie preferences as described in Section 5.5.
9.2 Rights for EEA, UK, and Similar Jurisdictions
If you are located in the European Economic Area, United Kingdom, or jurisdictions with similar data protection laws, you have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Rectification: Request correction of inaccurate or incomplete information.
- Erasure: Request deletion of your personal information in certain circumstances.
- Restriction: Request restriction of processing of your personal information in certain circumstances.
- Data Portability: Request transfer of your personal information to you or a third party in a structured, commonly used, machine-readable format.
- Objection: Object to processing of your personal information based on legitimate interests or for direct marketing.
- Withdrawal of Consent: Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
- Automated Decision-Making: Request human intervention for decisions based solely on automated processing that have legal or similar significant effects on you.
9.3 Rights Under the CCPA/CPRA (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information is collected, our business purpose for collecting the information, and the categories of third parties with whom we share the information.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out: Opt out of the "sale" or "sharing" of your personal information and limit the use of your sensitive personal information.
- Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights.
Please note that we do not "sell" personal information as defined under the CCPA.
9.4 Exercising Your Rights
To exercise your data privacy rights, please contact us using the methods described in Section 12. We may need to verify your identity before processing your request. For verification, we may request additional information from you, which will only be used for verification purposes.
9.5 Response Timeline
We will respond to your request within the timeframe required by applicable law (generally within 30 days for GDPR requests and 45 days for CCPA requests). If we need more time, we will inform you of the reason and extension period.
9.6 Limitations
There may be situations where we cannot fulfill your request, such as:
- When we cannot verify your identity
- When an exception applies under applicable law
- When fulfilling the request would violate the rights of others
- When we are legally required to retain the information
- When the information is necessary for ongoing transactions or contracts
If we decline your request, we will explain the reasons and inform you of any recourse available to you.
10. Children's Privacy
Our Website, Platforms, and Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe we may have collected information from your child, please contact us immediately using the information provided in Section 12. If we become aware that we have collected personal information from a child without parental consent, we will take steps to remove that information from our servers.
11. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:
- Post the updated Privacy Policy on our Website
- Update the "Last Updated" date at the top of this Privacy Policy
- Notify you through the Website, Platform, email, or other communication methods
Your continued use of our Website, Platforms, or Services after the effective date of the updated Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.
For significant changes that materially affect your rights or how we use your information, we will provide at least 30 days' notice before implementing the changes, unless the changes are required by law or necessary for security reasons.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:
Data Protection Officer:
FMA Capital
Level25/2, The Esplanade,
Perth, WA 6000, Australia
Email: privacy@fmacapital.io
Phone: +61 280937301
12.1 Complaints
If you have a complaint about how we handle your personal information, please contact us first. We will do our best to resolve your concern promptly.
If you are in the European Economic Area or United Kingdom and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. You can find contact details for your data protection authority at European Data Protection Board or UK Information Commissioner's Office.
California residents may also file a complaint with the California Attorney General's Office at www.oag.ca.gov/privacy.