Last Update: 20 July 2020
GDPR PRIVACY NOTICE
Your privacy is very important to THETA Trading Systems Limited (“THETA”, “we”, “our” or “us”). We are committed to ensuring that when you use our services or engage with us, you know what Personal Data we collect about you and how we use your Personal Data. This data privacy notice (“Privacy Notice”) is a statement that describes how we will use your Personal Data. Please take the time to read and understand our Privacy Notice.
It is important that you read this Privacy Notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. This Privacy Notice supplements the other notices and is not intended to override them.
1. WHO WE ARE
THETA Trading Systems Limited, whose registered address is at Henwood House, Henwood, Ashford TN24 8DH, United Kingdom, is an accounting and trading software provider (“THETA”, "we" or “our” or “us”). “You” or “your” means an individual who is the subject of Personal Data we process as a data controller.
For the purpose of this Privacy Notice, “Data Protection Legislation” means the General Data Protection Regulation 2016/679 (the “GDPR”) applicable in the European Union, including UK data protection legislation which adopts the GDPR in the UK. THETA is the controller and responsible for your personal data.
This Privacy Notice (together with our Website Terms and Conditions [click here] and any other documents referred to in it) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. This Privacy Notice also sets out how you can instruct us if you prefer to limit the use of that Personal Data, as well as the procedures that we have in place to safeguard your privacy.
By supplying information to us through use of the THETA website (“Website”) or via registrations made in hard copy or electronically to receive information or products and services from us, you consent to the terms of our current Privacy Notice. If you do not agree with any term in this notice, please do not supply your information to us.
3. INFORMATION WE MAY COLLECT (OR RECEIVE) ABOUT YOU
Theta may collect your Personal Data when:
- You contact us, whether through our Website or otherwise (for example, by e-mail, post, or phone,) as we may keep a record of that correspondence.
- You fill in and submit information on the Website.
- You use and interact with our Website including your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, mobile carrier, and your ISP. We may collect details of your visits to our Website (including, but not limited to, traffic data, location data, weblogs and other communication data).
- You use your customer account to log in or you use our platform technology and other features, and functionality, including our solutions and applications.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username;
- Contact Data includes billing address, delivery address, email address and telephone numbers;
- Financial Data includes bank account and payment card details;
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;
- Profile Data includes your username and password, purchases or orders made by you;
- Usage Data includes information about how you use our website, products and services; and
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We will only collect information from third parties where:
- you have consented to its collection;
- collection of the information is necessary to enable provision of our products and services;
- collection is reasonably necessary to enable us to carry out our business; or
- in other circumstances where we are legally permitted to do so.
4. HOW WE USE PERSONAL DATA
We may process your personal data for one or more lawful bases of processing (“Lawful Basis”) depending on the specific purpose for which we are using your data (see below).
For example, in accordance with this Privacy Notice THETA may use your Personal Data in order to:
- provide the services you request from us (Lawful Basis: to comply with our legal obligations and performance of our contract with you);
- verify your identity or conduct appropriate checks for credit worthiness or fraud (Lawful Basis: to comply with our legal obligations and necessary for our legitimate interests);
- understand your needs in order to provide you with the products and services you require (Lawful Basis: performance of our contract with you)
- administer, and manage our services, including billing and debt collection (Lawful Basis: to comply with our legal obligations and necessary for our legitimate interests);
- distribute information, newsletters, publications and other communication via various mediums to keep you informed (Lawful Basis: your consent, performance of our contract with you and necessary for our legitimate interests);
- research and develop new product offerings and services (Lawful Basis: performance of our contract with you and necessary for our legitimate interests);
- manage and conduct our business including assessing insurance requirements or conducting audits, quality assurance programs and training personnel (Lawful Basis: performance of our contract with you and necessary for our legitimate interests);
- effectively communicate with third parties (Lawful Basis: your consent, performance of our contract with you and necessary for our legitimate interests); and
- as required or authorised by law (Lawful Basis: to comply with our legal obligations).
5. WHEN MAY WE DISCLOSE THE PERSONAL DATA?
Your information may, for the purposes set out in this Privacy Notice, be disclosed for processing:
- our employees;
- our third-party consultants, (sub-)contractors, suppliers or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us (e.g. for instance, we may share your data with email marketing companies who help us to email or mail our newsletter to you and other people who help us provide our Website, and related services to you. This includes information technology experts who design and host our Website and our Apps, and general service companies);
- auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes;
- analytics and search engine providers that assist us in the improvement and optimisation of our Website;
- our successors in title, our prospective sellers or buyers of our business or to our Affiliates when we have a merger or re-organisation;
- government bodies and law enforcement agencies and in response to other legal and regulatory requests;
- any third-party where such disclosure is required in order to enforce or apply our Website Terms or other relevant agreements;
- protect the rights, property, integrity or security of our company, our customers, or others (including, without limitation, you). This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and
- where your details are provided to any other party in accordance with the express purpose, we will require them to be kept safe and secure and used only for the intended purpose.
6. INTERNATIONAL TRANSFERS
The information we collect from you may also be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. For instance, we may implement one of the following safeguards. We may:
- only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and/or
- transfer data to providers based in the US if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
7. WHAT HAPPENS IF YOU DON’T PROVIDE THE REQUESTED PERSONAL DATA?
Where possible and practical, you will have the option to deal with Theta on an anonymous basis or by using a pseudonym. However, in some circumstances, if we are unable to collect Personal Data from or about you, or if the Personal Data provided is incomplete or inaccurate, Theta may not be able to do business with you, including providing the products or services you are seeking or provide support or assist you with your queries.
8. SECURITY OF PERSONAL DATA
The Internet is not a secure medium. However, we have put in place a range of security procedures, as set out in this Privacy Notice. Where you have been allocated an account, this area is protected by your user name and password, which you should never divulge to anyone else.
Please be aware that communications over the Internet, such as emails/webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered. This is the nature of the World Wide Web/Internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
We will use reasonable endeavours to implement appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
We will ensure that your information will not be disclosed to government institutions or authorities except if required by law (e.g. when requested by regulatory bodies or law enforcement organisations in accordance with applicable legislation).
Certain services may include social networking, chat room or forum features. When using these features please ensure that you do not submit any personal data that you do not want to be seen, collected or used by other users.
10. YOUR RIGHTS
We will take all reasonable steps to ensure that all information we collect, use or disclose is accurate, complete and up-to-date. Please contact us if your details change or if you believe the information we have about you is not accurate or complete.
In some instances, you may also have the rights to:
- Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new information you provide to Us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which do not override your rights and freedoms.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with You.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case.
What we may require from you.
We may need to request specific information from you to help us confirm your identity. We may also contact you to ask for further information in relation to your request.
Time limit to respond.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer that a month if your request is particularly complex, or you have made several requests. In this case, we will notify you and keep you updated.
No fee usually required.
All communication and all actions taken by THETA regarding your rights described above are provided free of charge. Theta reserves the right, in the case of clearly unfounded or unreasonable requests, to either take out a reasonable fee covering the administrative costs of providing the information or taking the requested action or refusing to fulfil the requested action.
11. HOW LONG DO WE KEEP PERSONAL DATA?
We will only retain your personal data for as long as you have consented to it or when is necessary to us to provide you with our services or fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, reporting or regulatory requirements. For instance, by law we have to keep basic information about our customers (including contact, identity, financial and transaction data) typically for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your personal data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
12. RESOLVING CONCERNS
If you believe that the privacy of your Personal Data has been compromised, you are entitled to complain and we will endeavour to satisfactorily resolve the issue.
- Full name of legal entity: THETA Trading Systems Limited
- Email address: email@example.com
- Postal address: Gridiron Building, 1 Pancras Square, London N1C 4AG, United Kingdom
Complaints can be made by contacting Theta by email at firstname.lastname@example.org or by contacting us in writing at Gridiron Building, 1 Pancras Square, London N1C 4AG, United Kingdom. We will respond to complaints as soon as possible.
You can also lodge a complaint regarding THETA’s information handling practices or a breach of the Privacy Notice with the Information Commissioner’s Office of the United Kingdom (https://ico.org.uk/). However, we would appreciate the opportunity to address your concerns before you communicate to the Information Commissioner, so please do contact us in the first instance.
We reserve the right to amend or edit this Privacy Notice from time to time at our discretion, such as to reflect changes in THETA’s business or practices. We may change the Privacy Notice at any time by posting the changed Privacy Notice on the Theta website, including posting a notice on the THETA web site homepage indicating a change has been made.