Privacy Policy

Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information

Last Updated: March 1, 2025. This Privacy Policy supersedes all previous versions.

1. Introduction

Welcome to FMA Capital ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

  • Visit our website at [Website URL] (the "Website")
  • Use our trading platforms and mobile applications (the "Platforms")
  • Access our services, including trading accounts, PAMM/MAMM investments, copy trading, signal providers, and crypto staking (collectively, the "Services")

By accessing or using our Website, Platforms, or Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Website, Platforms, or Services.

We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws around the world.

2. Information We Collect

We collect several types of information from and about users of our Website, Platforms, and Services, including:

2.1 Personal Information

Personal information is information that identifies you as an individual or relates to an identifiable person. We collect the following categories of personal information:

  • Identity Information: Full name, date of birth, nationality, government-issued identification (passport, national ID, driver's license), photographs, signature, and other similar identifiers
  • Contact Information: Email address, telephone number, mailing address, and other contact details
  • Financial Information: Bank account details, payment card information, wire transfer details, transaction history, trading data, and other financial information
  • Professional Information: Occupation, employer, work experience, income, source of funds, trading experience, and investment objectives
  • Account Information: Username, password, account preferences, and other account-related details
  • KYC/AML Information: Information required to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, including information about politically exposed persons and sanctions screening

2.2 Non-Personal Information

Non-personal information is information that does not directly identify you. We collect the following categories of non-personal information:

  • Device Information: IP address, browser type and version, operating system, device type, hardware settings, and other technology identifiers on the devices you use to access our Website or Platforms
  • Usage Information: Information about how you use our Website, Platforms, and Services, including browsing patterns, clicked links, interactions, preferences, login times, and session duration
  • Location Information: General geographic location based on your IP address or more precise location when permitted by law and enabled through your device
  • Log Files: Server logs, error reports, security incidents, and crash analytics
  • Aggregated Data: Statistical or demographic data that does not directly reveal your identity

2.3 Information Collection Methods

We collect information through various methods, including:

  • Direct Interactions: Information you provide when creating an account, completing KYC processes, making deposits or withdrawals, executing trades, subscribing to marketing communications, or contacting our customer support
  • Automated Technologies: Cookies, web beacons, tracking pixels, server logs, and other similar technologies (see Section 5 for more details)
  • Third-Party Sources: Information from third-party service providers, identity verification services, credit agencies, financial institutions, public databases, and social media platforms (where permitted by law)
  • Trading Platforms: Information collected through your use of our trading platforms, including trading activity, login history, and user preferences

Important Note: Some information we collect is required for us to provide our Services to you and to comply with legal and regulatory obligations. If you decline to provide required information, we may not be able to provide certain Services or features to you.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing Our Services

  • Creating and managing your account
  • Processing transactions, deposits, and withdrawals
  • Executing trades and investment instructions
  • Facilitating PAMM/MAMM investments, copy trading, and crypto staking
  • Providing customer support and responding to inquiries
  • Sending transactional messages and service notifications
  • Maintaining and improving our Website, Platforms, and Services

3.2 Legal and Regulatory Compliance

  • Verifying your identity and performing KYC/AML checks
  • Preventing fraud, money laundering, and other illegal activities
  • Complying with legal obligations, regulatory requirements, and industry standards
  • Responding to legal process, such as court orders, subpoenas, or government requests
  • Enforcing our Terms and Conditions and other agreements
  • Establishing, exercising, or defending legal claims

3.3 Marketing and Communications

  • Sending newsletters, promotions, and marketing communications
  • Providing information about new features, products, and services
  • Conducting surveys and collecting feedback
  • Personalizing your experience and delivering content relevant to your interests

3.4 Analytics and Improvement

  • Analyzing usage patterns and trends
  • Monitoring and improving the performance, functionality, and quality of our Website, Platforms, and Services
  • Developing new products, services, and features
  • Conducting research and statistical analysis

3.5 Security and Risk Management

  • Protecting against unauthorized access, fraud, and other malicious activity
  • Monitoring for suspicious or illegal activity
  • Verifying transactions and detecting abnormal trading patterns
  • Ensuring the security and integrity of our systems and data

3.6 Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal information based on one or more of the following legal grounds:

  • Performance of a Contract: Processing necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract
  • Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms
  • Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject
  • Consent: Processing based on your consent, which you may withdraw at any time
Purpose Categories of Data Legal Basis (GDPR)
Account Creation and Management Identity, Contact, Financial, Professional Performance of Contract
Transaction Processing Identity, Contact, Financial Performance of Contract
KYC and AML Compliance Identity, Contact, Financial, Professional, KYC/AML Legal Obligation
Security and Fraud Prevention Identity, Device, Usage Legitimate Interests
Marketing Communications Identity, Contact, Usage Consent or Legitimate Interests
Analytics and Service Improvement Device, Usage, Location Legitimate Interests

4. How We Share Your Information

We may share your information with the following categories of recipients:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, such as:

  • Technology Providers: Cloud storage, hosting, data analysis, IT infrastructure, and software services
  • Financial Service Providers: Payment processors, banking partners, and other financial institutions
  • Identity Verification Providers: KYC and AML screening services
  • Customer Support Providers: Help desk, chat, and customer service systems
  • Marketing Partners: Email delivery, advertising, analytics, and campaign management services
  • Professional Advisors: Consultants, accountants, lawyers, and auditors

These service providers are authorized to use your information only as necessary to provide services to us and are contractually obligated to protect your information.

4.2 Affiliates and Business Partners

We may share information with our affiliates (companies that control, are controlled by, or are under common control with us) and business partners for the purposes described in this Privacy Policy, including to provide and improve our Services.

4.3 PAMM/MAMM Managers and Signal Providers

If you participate in PAMM/MAMM investments or copy trading, we may share certain information with the respective managers or signal providers, such as your investment amount, account balance, and trading preferences. However, we limit the personal information shared to what is necessary for providing these services.

4.4 Regulatory Authorities and Law Enforcement

We may disclose your information to regulatory authorities, law enforcement agencies, or other governmental bodies:

  • To comply with legal obligations, court orders, or valid legal processes
  • To report suspicious activities or prevent fraud and money laundering
  • To protect our rights, property, or safety, or the rights, property, or safety of others
  • To respond to national security or law enforcement requirements

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, we may transfer or assign your information as part of such transaction. We will notify you of any such change in ownership or control of your personal information.

4.6 With Your Consent

We may share your information with third parties when you have given us your consent to do so.

4.7 Aggregated or De-identified Data

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with third parties for research, marketing, analytics, and other purposes.

Important: We do not sell your personal information to third parties for commercial purposes as defined under applicable privacy laws such as the CCPA.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to the website owners.

5.2 Types of Cookies We Use

We use the following types of cookies and similar tracking technologies:

  • Essential Cookies: Necessary for the basic functionality of our Website and Platforms. These cookies enable core features such as security, account authentication, and remembering your preferences. You cannot opt out of these cookies as the Website and Platforms cannot function properly without them.
  • Analytical/Performance Cookies: Help us understand how visitors interact with our Website and Platforms by collecting and reporting information anonymously. We use this information to improve our Website, Platforms, and Services.
  • Functionality Cookies: Allow our Website and Platforms to remember choices you make and provide enhanced, personalized features. These cookies may be set by us or by third-party providers whose services we have added to our pages.
  • Targeting/Advertising Cookies: Used to deliver advertisements more relevant to you and your interests, limit the number of times you see an ad, and help measure the effectiveness of advertising campaigns.
  • Social Media Cookies: Set by social media services that we have added to the Website to enable you to share our content with your friends and networks.

5.3 Other Tracking Technologies

In addition to cookies, we use the following tracking technologies:

  • Web Beacons: Small electronic files (also called clear gifs, pixel tags, or single-pixel gifs) that permit us to count users who have visited specific pages or accessed certain emails.
  • Local Storage: Technologies like HTML5 local storage that provide similar functionality to cookies but can store larger amounts of data on your device.
  • Session Replay: Software that records your interactions with our Website or Platforms to help us understand how you use our services and identify issues.
  • Device Fingerprinting: Collection of information about your device's attributes to create a unique profile used for identification and security purposes.

5.4 Third-Party Cookies

Some cookies and tracking technologies are placed by third parties on our Website and Platforms. These third parties include:

  • Analytics Providers: Google Analytics, Mixpanel, Hotjar
  • Marketing Platforms: Google Ads, Facebook, LinkedIn
  • Customer Support: Zendesk, Intercom
  • Functionality Providers: Cloudflare, Akamai

These third parties may use cookies, web beacons, and other tracking technologies to collect information about your use of our Website, Platforms, and other websites. They may use this information to provide measurement services, target ads, or for security purposes.

5.5 Cookie Management

You can manage your cookie preferences through our cookie consent tool or by adjusting your browser settings. Most web browsers allow you to control cookies through their settings, including rejecting or deleting cookies.

To manage your cookie preferences for our Website, please use the button below:

For more information about cookies and how to manage them, please visit www.aboutcookies.org or www.allaboutcookies.org.

Please Note: Blocking some types of cookies may impact your experience on our Website and Platforms and limit the functionality we can provide.

6. Data Security

Protecting your information is a priority for us. We implement appropriate technical and organizational measures to safeguard your personal information against unauthorized access, disclosure, alteration, and destruction.

6.1 Security Measures

Our security measures include:

  • Encryption: All sensitive data is encrypted in transit and at rest using industry-standard encryption protocols (SSL/TLS, AES-256).
  • Access Controls: Strict access controls and authentication mechanisms to ensure that only authorized personnel can access personal information.
  • Firewalls and Intrusion Detection: Advanced firewalls, intrusion detection, and prevention systems to protect our networks and systems.
  • Regular Security Assessments: Vulnerability scans, penetration testing, and security audits conducted by internal teams and third-party security experts.
  • Employee Training: Regular security awareness and data protection training for all employees who handle personal information.
  • Incident Response: Comprehensive incident response plan to address any potential data breaches promptly.

6.2 Account Security

To enhance the security of your account, we offer the following features:

  • Two-Factor Authentication (2FA): Adds an extra layer of security by requiring a verification code in addition to your password.
  • Login Notifications: Alerts for suspicious login attempts or changes to your account.
  • Session Management: Ability to view and terminate active sessions from different devices.
  • IP Restrictions: Option to restrict logins to specific IP addresses or regions.

We strongly recommend enabling 2FA for your account and using a strong, unique password.

6.3 Limitations

While we implement appropriate security measures, no method of transmission over the Internet or electronic storage is 100% secure. Despite our efforts, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

6.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and the relevant supervisory authorities as required by applicable laws and regulations. This notification will include information about the breach, its potential consequences, and the measures we are taking to address it.

7. Data Retention

7.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. The retention periods depend on the type of information and the purposes for which we use it.

Specific retention periods include:

  • Account Information: As long as you maintain an active account with us, plus a period after account closure (typically 5 years) for legal and regulatory compliance.
  • KYC/AML Information: Minimum of 5 years after the end of our business relationship, as required by anti-money laundering regulations.
  • Transaction Records: Minimum of 5-7 years for tax and accounting purposes.
  • Communication Records: Up to 5 years from the date of communication.
  • Marketing Preferences: Until you unsubscribe or request deletion.
  • Website Usage Data: Up to 2 years from collection.

7.2 Extended Retention

We may retain your information for longer periods in the following circumstances:

  • To comply with legal, regulatory, or accounting requirements
  • To resolve disputes or enforce our agreements
  • To protect against fraudulent, malicious, or abusive activity
  • When reasonably necessary for legitimate business purposes

7.3 Data Minimization

We regularly review our data retention practices to minimize the amount of personal information we hold. When personal information is no longer needed, we securely delete or anonymize it.

8. International Data Transfers

8.1 Global Operations

We operate globally and may transfer, store, and process your information in countries other than your country of residence, including the United States, United Kingdom, European Union, Singapore, and other locations where we or our service providers operate.

8.2 Transfer Safeguards

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not received an adequacy decision, we implement appropriate safeguards to protect your information, such as:

  • Standard Contractual Clauses (SCCs): EU-approved contractual clauses that require recipients to protect personal information in accordance with EU data protection standards.
  • Binding Corporate Rules: Internal rules for transfers among our affiliates that have been approved by EU data protection authorities.
  • Consent: In limited circumstances, with your explicit consent for the specific transfer.
  • Necessity: When the transfer is necessary for the performance of a contract with you or for pre-contractual measures taken at your request.

8.3 Jurisdictional Compliance

We comply with local data protection laws in jurisdictions where we operate, including:

  • General Data Protection Regulation (GDPR) in the European Economic Area
  • UK GDPR in the United Kingdom
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California
  • Personal Data Protection Act (PDPA) in Singapore
  • Other applicable national or regional data protection laws

8.4 Data Transfer Impact

You should be aware that when your information is transferred to other countries, it may be accessible to government authorities in those countries in accordance with their laws. If you have questions about our international data transfers or the safeguards we implement, please contact us using the information provided in Section 12.

9. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. We respect your rights and provide mechanisms for you to exercise them.

9.1 Rights for All Users

Regardless of your location, you have the following rights:

  • Account Information: Update or correct certain personal information through your account settings.
  • Marketing Communications: Opt out of marketing emails by clicking the "unsubscribe" link in our emails or changing your communication preferences in your account settings.
  • Cookies: Manage cookie preferences as described in Section 5.5.

9.2 Rights for EEA, UK, and Similar Jurisdictions

If you are located in the European Economic Area, United Kingdom, or jurisdictions with similar data protection laws, you have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Rectification: Request correction of inaccurate or incomplete information.
  • Erasure: Request deletion of your personal information in certain circumstances.
  • Restriction: Request restriction of processing of your personal information in certain circumstances.
  • Data Portability: Request transfer of your personal information to you or a third party in a structured, commonly used, machine-readable format.
  • Objection: Object to processing of your personal information based on legitimate interests or for direct marketing.
  • Withdrawal of Consent: Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Automated Decision-Making: Request human intervention for decisions based solely on automated processing that have legal or similar significant effects on you.

9.3 Rights Under the CCPA/CPRA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information is collected, our business purpose for collecting the information, and the categories of third parties with whom we share the information.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out: Opt out of the "sale" or "sharing" of your personal information and limit the use of your sensitive personal information.
  • Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights.

Please note that we do not "sell" personal information as defined under the CCPA.

9.4 Exercising Your Rights

To exercise your data privacy rights, please contact us using the methods described in Section 12. We may need to verify your identity before processing your request. For verification, we may request additional information from you, which will only be used for verification purposes.

9.5 Response Timeline

We will respond to your request within the timeframe required by applicable law (generally within 30 days for GDPR requests and 45 days for CCPA requests). If we need more time, we will inform you of the reason and extension period.

9.6 Limitations

There may be situations where we cannot fulfill your request, such as:

  • When we cannot verify your identity
  • When an exception applies under applicable law
  • When fulfilling the request would violate the rights of others
  • When we are legally required to retain the information
  • When the information is necessary for ongoing transactions or contracts

If we decline your request, we will explain the reasons and inform you of any recourse available to you.

10. Children's Privacy

Our Website, Platforms, and Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe we may have collected information from your child, please contact us immediately using the information provided in Section 12. If we become aware that we have collected personal information from a child without parental consent, we will take steps to remove that information from our servers.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:

  • Post the updated Privacy Policy on our Website
  • Update the "Last Updated" date at the top of this Privacy Policy
  • Notify you through the Website, Platform, email, or other communication methods

Your continued use of our Website, Platforms, or Services after the effective date of the updated Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

For significant changes that materially affect your rights or how we use your information, we will provide at least 30 days' notice before implementing the changes, unless the changes are required by law or necessary for security reasons.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

Data Protection Officer:
FMA Capital
Level25/2, The Esplanade,
Perth, WA 6000, Australia

Email: privacy@fmacapital.io
Phone: +61 280937301

12.1 Complaints

If you have a complaint about how we handle your personal information, please contact us first. We will do our best to resolve your concern promptly.

If you are in the European Economic Area or United Kingdom and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. You can find contact details for your data protection authority at European Data Protection Board or UK Information Commissioner's Office.

California residents may also file a complaint with the California Attorney General's Office at www.oag.ca.gov/privacy.