Data Privacy Policy

 

Our Privacy Policy below describes in detail how CMS Prime handles the collection, management and protection of all confidential user information.

Introduction

We are focused on protecting your information and respecting your privacy. This Privacy Policy explains what types of personal data we gather about you when you choose to use our services, how we use your personal information, when and with whom we share it, and how we keep it safe. It also outlines your rights regarding how we handle your personal information and how you can exercise this. Please take the time to read and understand this policy.

From time to time, we can make changes to this notice and it is important that you check for any updates on this notice. Any personal information that we keep at that time will be subject to the latest privacy notice. As we make changes, we will communicate them to you as necessary.

Please note that this notice is for customers and potential customers. If you are a CMS Prime employee, a CMS Prime contractor or a third-party service provider, your personal information will be used in accordance with your employment contract, your contractual agreement or our separate policies.

Any reference to ‘us’, ‘our’, ‘we’ in this privacy notice is a reference to CMS Prime as the context requires unless otherwise stated.

Similarly, any reference in this privacy notice to ‘ you, ‘ ‘ your, ‘ ‘ your ‘ or ‘ yourself ‘ is a reference to any of our customers and potential customers as the context requires, unless stated otherwise.

By accessing our websites, including using any of the communication channels to contact us, we conclude that you have read and understood the terms of this notice and how we process any information you disclose to us, including personal data, before becoming a customer. Once you have opened an account with us, you accept that this document, including any changes, will determine how we collect, store, use, exchange and handle your personal data and rights in any other manner during and after our business relationship.

Who are we?

This privacy notice applies to the storage operations within Capital Market Solutions INC of the following data controller bodies. CMS Prime is a trademark of Capital Market Solutions Inc., a financial services company registered with Saint Vincent and the Grenadines, Belize and Vanuatu Financial Services Commission.

What kind of personal information do we collect and store?

We collect personal data from customers and potential customers as part of our business, including the following details: Fullname and Contact details. Your income and wealth information including descriptions of your assets and liabilities, account balances, trading records, tax and financial statements Career and job details, location data experience and trading experience, risk tolerance and risk profile

IP address, device specifications and other information related to your trading experience Information of your visits to our website or our apps including, but not limited to, traffic data, location data, weblogs and other communications details.

We use cookies to store and collect your website usage information. Cookies are small text files that are saved on the hard drive of your computer by the browser. Once you visit our website, they send back information stored on them to our web server. These cookies allow us to set personal settings and to load your personal preferences in order to improve your experience.

We also keep records of your trading behavior, including a record of:

Products that you trade with us Historical data on the purchases and investments that you have made, including the amount invested Your preference for certain types of products and services We are required by law to recognize you if you open a new account or add a new signatory to an existing account. Anti-money laundering laws allow us to access and record details of certain documents (i.e. photographic and non-photographic documents) in order to comply with the requirements laid down in those laws. Documentation of recognition as required by legislation on anti-money laundering or other legislation related to the services we provide to you includes:

(a) passport;

(b) driver’s licence;

(c) national identity card (if applicable);

(d) utility bills;

(e) trust deed (if applicable);

(f) a credit check on the individual; or

(g) other information we consider necessary for our functions and activities.

If you are a corporate client, we are required to collect additional information on the shareholders and directors, such as corporate address records, shareholders, directors, officers, and additional personal information. We are entitled to request any additional information that we consider necessary in order to comply with our legal and regulatory requirements.

We obtain this information in a number of ways through your use of our websites and services, account opening applications, our demo sign-up forms, webinar sign-up forms, website cookies and similar tracking technology embedded in our websites and apps, subscribing to news updates and information provided during our ongoing relationship.

We may also collect this information from third parties through buy-in third-party marketing lists, publicly available databases, social media platforms, introducing brokers and associates, bankers and credit card processors, subscription-based intelligence databases and other third-party partners.

From time to time, we may request other personal information (e.g. through market research, surveys, or special offers). We may not be able to provide you with the requested product or service if you choose not to provide the details, we need to fulfill your request for a particular product or service.

In relation to the services we provide to you and our relationship with you, we can record all correspondence, electronic, by telephone, in person or otherwise. Such recordings are going to be our sole property and will be proof of correspondence between us. These conversations may be registered without using a warning tone or any further notice.

Further, if you visit any of our offices or premises, we may have CCTV which will record your image.

Who may we disclose personal information to?

As part of using your personal information for the purposes outlined above, we may disclose your information to third-party app providers when using our third-party apps, communications systems and trading platforms;

Service providers and specialist consultants who have been contracted to provide us with services such as administrative, IT, analytics and online marketing optimization, financial, regulatory, compliance, insurance, analysis or other products;  introducing brokers and affiliates with whom we have a mutual relationship; payment service providers and banks facilitating your transactions;

Auditors or contractors or other consultants auditing, assisting or advising on any of our business purposes; courts, tribunals and relevant regulatory authorities as approved or licensed by law or our agreement with you government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests;

any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions of Service or other relevant agreements;

anyone authorized by you.

We aim to reveal only the minimum personal data needed to meet their contractual obligations to us to these third parties. Our third-party service providers are not allowed to share or use personal data for any reason other than to provide us with services.

Our websites or our applications may have links to external websites of third parties. Please note, however, that this privacy policy does not cover third-party websites and our privacy policies and procedures do not extend to those websites. Please check the privacy policies and procedures of each third party.

When and how do we obtain your consent?

We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data.

The Lawful basis are the following:

to perform our contractual obligations towards you

to be compliant with the legal and regulatory requirements

to pursue our legitimate interests

where our use of your personal information does not fall within one of these three legal bases, your consent is required. Such consent shall be freely given by you,and you are entitled to revoke your consent at any time by contacting us using the contact details set out in this privacy notice or unsubscribing from email lists.

Management of personal information.

We are committed to safeguarding and preserving personal data and will adopt and maintain effective technological and organizational measures to ensure an acceptable level of security to secure any personal data given to us from accidental or unlawful damage, loss, modification, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data.

We require organisations outside the CMS Prime who handle or obtain personal information acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with all relevant data protection laws and this privacy notice.

In brief, the data protection measures we have in place are the following:

We train our employees who handle personal information in order to protect the security of customer information and the privacy of individuals requiring our employees to use passwords and two-factor authentication while accessing our systems; we use Chinese walls and employees only have access to the personal data necessary for their tasks.

Throughout internet transactions, we use data encryption technology and user access codes distributed through networks using firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized people and viruses accessing our systems; use dedicated secure networks or encryption when transmitting electronic data for outsourcing purposes;

Practicing a clean desk policy in all premises used by us and protected physical records storage; and use physical and digital means such as access cards, cameras and guards to protect against unauthorized access.

How do we store personal information and for how long?

We hold personal data in a combination of secure computer storage facilities and paper-based documents and other records and take steps to protect the personal information that we hold from misuse, destruction, unauthorized access, alteration or release.

When we consider that personal information is no longer needed, we will remove any details that will identify you or we will securely destroy the records.

However, we may need to maintain records for a significant period of time. For example, we are subject to investment services and anti-money laundering laws which require us to retain copies and evidence of the actions taken by us in regard to your identity verification, sources of incomes and wealth, monitoring of your transactions, telephone, chat and email communications, orders and trades history, handling of your complaints and records that can demonstrate that we have acted in line with regulatory code of conduct throughout the business relationship. These records must be maintained for a period of five years after our business relationship with you has ended or even longer if we are asked by our Regulators.

Where you have decided not to accept promotional messages, we will keep your information on our suppression list so we know that you do not want to receive such communications.

The data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or Affiliate companies. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We may move the data we collect from you to a destination outside the European Economic Area (“EEA”) and store it there. It can also be handled by non-EEA staff working for us or one of our distributors or partners. We will take all reasonably necessary steps to ensure that your information is handled in compliance with this Privacy Policy in a safe manner.

If you would like a copy of such arrangements, please contact us using the contact details below.

Your rights

Please note that these rights do not apply in all circumstances. You are entitled to:

(a) request access to your personal data (commonly known as a “data subject access request”);

(b) Request correction of the personal data that we hold about you;

(c) Request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;

(d) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

(e) Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

if you want us to establish the data’s accuracy;

where our use of the data is unlawful, but you do not want us to erase it;

where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it;

(f) Request the transfer of your personal data to you or a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information (i.e. not to hard copies) which you initially provided consent for us to use or where we used the information to perform a contract with you; and

(g) withdraw consent at any time where we are relying on consent to process your personal data.

Please complete the personal data request by email using the registered email address you disclosed to us, to the following email address: support@cmsprime.com.

We try to respond within 1 (one) month to all requests. Occasionally, if your request is particularly complex, or you have made a number of requests, it may take us longer than 1 (one) month. In this case, we will notify you and keep you updated within 1 (one) month of receiving your request.

We may charge you a reasonable fee when a request is manifestly unfounded, excessive or repetitive, or we receive a request to provide further copies of the same data. In this case, we will send you a fee request which you will have to accept prior to us processing your request. Alternatively, we may refuse to comply with your request in these circumstances.

What if you have a query or a complaint?

If you want to exercise your rights, please contact us by email at support@cmsprime.com using the registered email address you disclosed to us.

We try to respond to all requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.