Privacy policy
Last updated: February, 2024
1. Introduction
This Privacy Policy sets forth SOUTH Bank Brokers CO. L.L.C (the "Company") policy with respect to information including personally identifiable data (“Personal Data”) and other information that is collected from users of this website (Website) and services.
We process your personal data in accordance with applicable laws - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), as well as other international legal acts governing data protection and the right to privacy.
This Privacy Notice applies to the extent:
- you are either a current or potential customer of the Company (including if you have expressed your interest in the Company’s products and/or services), or
- you represent a client of the Company, or
- you are an authorized representative/agent/introducer/director/secretary/contact person or a shareholder/beneficial owner of a legal entity that is either a client or has or intends to conduct business with the Company or is representing and/or acting on behalf of a client, or
- you provided information and/or confirmation to the Company regarding the residential address of a client of the Company, or
- you have certified and/or notarized documents concerning a client of the Company, or
- you are an employee of the Company, or
- you have indicated an interest for an opening in the Company, or
- you have provided or are requested to provide references for a client (including potential clients) or a member of staff of the Company, or
- you are connected with a client or a member of staff or a business associate of the Company and your Personal Data is provided under a regulatory obligation e.g. to manage possible conflicts of interest and other regulatory obligations, or
- you have been in the past any of the above, or
- you now have or had any business relationship with the Company in the past including being a shareholder or bondholder, or
- your Personal Data have or may in the future be lawfully obtained by the Company in the normal course of its business.
The Personal Data processed by the Company varies depending on the relationship between you and the Company.
2. Definitions
Unless otherwise provided, for the purposes of this Privacy Notice:
“Company” means SOUTH Bank Brokers CO. L.L.C, a limited liability company with registration number 923356 and having its registered office at Office no-341a-064, AL GHURAIR CENTRE, Al Murqabat, Dubai, United Arab Emirates.
“DPO” means the Data Protection Officer of the Company;
“Personal data” means any information relating to an identified or identifiable natural person (“You, Data Subject”);
“Processing” refers to any operation or set of operations which are performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Data Controller and contact information
Your Personal Data will be held and processed by the Company.
For any inquiries regarding your Personal Data you can contact the Company’s DPO:
E-mail: privacy@proptrader1.com
4. Types of Personal Data Processed
The types of Personal Data processed by the Company depend on your relationship with the Company. The Company may collect and process any of the following types of Personal Data:
Data type | Description |
General identity data | Full name, personal identification code or user number, date of birth, legal capacity, citizenship, location. |
Identification data | Information that can directly identify you such as name, surname, date of birth, gender, place of birth, citizenship, and identification numbers or codes given or issued by a governmental service such as national social insurance number, tax identification code, ID number, Passport number, Driver's license number, government-issued photographic identification, selfie photo and other personal data of similar type, in some cases – prove of address. |
Contact data | Contact details such as telephone number, and email address.
|
Transactional data | Details about payments to and from your accounts with the Company and tax information. This includes data concerning your accounts and cards, like account number, IBAN, last 4 digits of your card number, and card issuance and expiry dates. |
Contractual data | Details about the products or services we provide you with. |
Locational data | Data we get about where you are. Such data may come from your mobile phone, the address where you connect a computer to the internet to access the Website and platform(s). |
Behavioral data | Details about how you use our products and services. |
Technical/Digital data | Details of the devices and technology you use, your digital activity and systems logs which are captured by the Company's information technology systems when you use them, ΙΡ addresses, and the credentials you use to connect to our digital platforms available, Trading data from trading platforms you use. |
Trading data | Details about your trading activity and its results. |
Communications data | What we learn about you from letters, emails, and conversations between us. |
Documentary data | Details about you that are stored on documents in different formats, or copies of them. This could include things like your specimen signature, passport, identity card, driver’s license. |
Biometric data | Biometric Data includes personal data derived from your Identification Data that represents (numerically, geometrically, or otherwise) a natural person’s physical, physiological, or behavioral features or characteristics. |
5. Collection of Personal Data
The Company collects Personal Data from the following sources:
- Directly from you
- When you apply for the Company’s products and services;
- When you contact the Company, whether in writing, by phone, or through other online means;
- When you use the Website and/or platform(s)
- ln surveys and tests;
- If you take part in the Company’s competitions or promotions;
- When it is necessary within the context of the business relationship with you.
- Indirectly, for example through:
- Your authorized representatives;
- Persons/Organizations introducing you to the Company;
- Customers or members of staff providing your contact details in order for the Company to receive references from you or as part of the reporting of a conflict of interest;
- The legal entity you represent or in which you act as agent/introducer/statutory director/secretary/contact person/shareholder/beneficial owner or any other role which is necessary for the execution of the Company’s business operations with that legal entity.
- From other publicly accessible sources such as:
- the Registrar of Companies and Official Receiver,
- international commercial registers and regulatory authorities
- the Press/Media, and
- third-party service providers that are responsible for verifying your credentials
- the Internet.
- Other resources such as:
- Other Group companies for the purposes of managing operations and/or risks at a group level as well as providing our services efficiently and effectively.
- Correspondent companies, other financial institutions, card associations, and companies that process payments for the purposes of executing your payments and deposits.
6. For how long your Personal Data is retained by the Company (general information)
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation regarding our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
By law we have to keep basic information about our customers (including Contact, General identity, Financial, and Transaction Data) for at least seven years after they stop being customers for tax purposes or to comply with law. In some jurisdictions, there may be a longer mandatory data retention period.
7. Legal Basis, Purpose of Processing and other specific information
(a) Legal Bases
The law allows the Company to process Personal Data, including sharing Personal Data outside the Company, to extent that there is a valid reason to do so. The Company will process Personal Data provided that one or more of the following legal bases are applicable:
To fulfill a contract you have with the Company or to take any steps, at your request, prior to entering into a contract with the Company - The Company processes your Personal Data in accordance with the contracts concluded with you and/or in the course of your application prior to the conclusion of a contract in order to complete your acceptance process as a potential customer for the specific product/service.
When it is the Company’s legal obligation to process your Personal Data – The Company processes your Personal Data to comply with legal and regulatory requirements governing its operations.
When it is in the legitimate interests of the Company or another person with whom the data are shared – The Company may process your Personal Data in case it has a legitimate interest to do so, provided this interest does not unfairly go against what is right and best for you. A legitimate interest is when the Company has a business and/or commercial reason to use your Personal Data. When the
Company bases the Processing of your Personal Data on legitimate interest you have the right to object at any time to such Processing, on grounds relating to your particular situation. The Company shall no longer process your Personal Data unless it demonstrates compelling legitimate grounds for the Processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Where Personal Data are processed for the purposes of direct marketing based on legitimate interest of Company, you have the right to object to such Processing, to the extent that it is related to such direct marketing, at any time and free of charge. Where you object to Processing for direct marketing purposes, the Personal Data shall no longer be processed for such purposes. To exercise your objection rights, please use link contained in every direct marketing email to unsubscribe from our emails.
When you consent to the use – The Company may base the Processing on your consent if such consent is freely obtained through your positive actions, it is specific, and has been given after you have been clearly informed about the details of the Processing and of your right to withdraw your consent at any time without thereby affecting the legality of the Personal Data processed prior to the withdrawal.
When it is in the public interest or in the exercise of official authority vested in the Company – The Company may process your Personal Data when it is necessary for the public interest under the official authority granted to the Company and provided that the Processing is performed lawfully and fairly, in a clear, precise and transparent manner.
Your Personal Data may be processed based on the purposes and legal bases listed in the table below.
Type of data | Purposes of Processing | Legal basis | How long we process your data | Categories of recipients of personal data |
All data mentioned in Clause 4 | Provision of services | GDPR Article 6(1)b (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract). Provision of these personal data is a requirement necessary to enter into a contract. If personal data is not provided to us, we cannot provide you with Services. | At least - for as long as user’s account is registered. | |
All data mentioned in Clause 4 | Manage risks
In our operations we are called to manage various risks and ensure that our clients, counterparties, stakeholders and the Company are properly safeguarded against those risks. For the purposes of managing those risks we may need to process your Personal Data e.g. monitoring your activities on our platforms and periodically reviewing for the purposes of security, fraud, and crime prevention, when validating financial models used by the Company, when monitoring liquidity and risks when overviewing the overall Company’s risk appetite, when investigating complaints, when enhancing IT security, when handling conflict of interest. | GDPR Article 6(1)f (legitimate interest) | While user’s account is registered. In case of malicious activities which compromises the security and functioning of the Website and systems/platforms – IP data are stored permanently. | |
Trading data; Transactional data | Preparation of Financial Statements / Manage costs and income
We may process your Personal Data during the preparation of our financial statements, during assessment, management, and reporting of costs and income, during setting up the models for the parameters of provisions. | GDPR Article 6(1)c (legal obligation of Controller GDPR Article 6(1)f (legitimate interest) | While user’s account is registered. For the period required by law. We may process your data longer for the purposes of statistics, in which case we anonymize your data so the data does not qualify as a personal data and we are unable to identify you. | The Company may process your Personal Data during audits and/or investigations carried out either by internal auditors and other control functions or by external auditors and/or regulators on the Company’s operations. |
All data mentioned in Clause 4 | Internal Operations The Company may process your Personal Data during administrative internal operations such as: •monitoring data quality and accuracy, •providing operational support to the client-front units, •management of customer relationships through specialized systems e.g. CRM-Customer Relationship Management system, •preparing & using internal reports and lists, which may include your Personal Data which are used by the relevant units of the Company for the purposes of executing their work, •during the handling of requests which require expert opinion such as legal opinion, or opinion from other control functions and experts such as data protection specialist, information security, tax, IT and other. •for collecting and recovering money that is owed to the Company. •Defending the Company’s rights and interests. | GDPR Article 6(1)b (processing is necessary for the performance of a contract to which the data subject is party); GDPR Article 6(1)c (legal obligation of Controller; GDPR Article 6(1)f (legitimate interest). | While user’s account is registered. To preserve evidence that may be needed for the establishment, exercise or defense of legal claims – 5 years after user or we deactivated the account. All data is kept encrypted. | The Company may share your personal data with the following third parties: •external legal advisors; •regulators or the police or regulatory agencies; •third party vendors including cloud service providers and IT support. Furthermore, the Company may obtain information from third-party sources for the following purposes:
•to establish the ownership structure and status of companies clients of the Company from the Registrar of Companies; •to screen for sanctions and other negative information on clients – world check and/or other relevant databases |
Contact data | Communication
The Company may process your Personal Data for the purposes of communicating with you indicatively for the following reasons:
•to provide general information on Company issues i.e. working hours etc. •when a complaint is submitted for the purposes of responding and/or handling that complaint. •to provide specific information for a specific product/service you hold •to provide you with account statements, charges analysis, transaction vouchers/ transactional activity, certificates etc. •for marketing purposes (i.e. direct marketing via mail, direct marketing via electronic means without human intervention) •to inform you of the results of campaigns/competitions/draws to which you participated. •to inform you of cases of fraud and or breaches. •The Company may also communicate with natural persons who are not clients of the Company: •whose Personal Data were obtained in conferences etc. in order to promote Company’s products and services. | GDPR Article 6(1)f (legitimate interest) | While user’s profile is registered on the Website and | Automated marketing newsletter platform provider |
Contact data; General identity data; in some cases - Location data | Competitions/ Promotions
•The Company may carry out promotional and rewarding competitions on social media. Your Personal Data may be processed by the Company for the purposes of the competitions in accordance with the terms disclosed from time to time in relation to the specific competition, provided that you decide to participate. •The Company may also process your Personal Data during competitions/campaigns if you are an existing client of the Company using its products/ services to reward you for your commitment and preference to the Company’s products. The campaigns may be executed via any of your contact details provided to the Company i.e., via sms, email, mail, call. •Additionally, the Company may process your Personal Data if you are participating in shooting and photographic material to be used in competitions/ promotional material. | GDPR Article 6(1)a (consent) or GDPR Article 6(1)f (legitimate interest) | While user’s account is registered. Photo/video – 5 years or for the period indicated in consent form. | Automated marketing notifications service provider. |
Location data; IP data | Automated decision-making based on geographical location and/or IP data. Taking into account that The Company does not provide services in certain countries, the Company needs to locate a user. The Company also holds a right to deny provision of services to users, which violated the General Terms and Conditions and have been denied services or otherwise withdrawn from the services. | GDPR Article 6(1)b (processing is necessary in order to take steps at the request of the data subject prior to entering into a contract); Provision of these personal data is a requirement necessary to be reviewed before entering into a contract. | While user’s account is registered. To preserve evidence that may be needed for the establishment, exercise or defence of legal claims – 5 years after user or we diactivated the account. All data is kept encrypted. | Data servers |
Special Categories of data – Biometric Data | Verification of age and identity | GDPR Article 6(1)a (consent); Provision of these personal data is a requirement necessary to be reviewed before entering into a contract. | 5 years after user or we deactivated the account. | Automated KYC verification platform |
8. Who receives your Personal Data
(a) Within the Company
Within the Company, access to your Personal Data is only given to those officers who require such access to perform the Company's contractual, legal obligations, and other internal activities.
(b) Outside the Company
Access to your Personal Data may also be given to third-party service providers and agents employed by the Company (Data Processors) to enable more efficient and effective execution of its business operations, provided that an appropriate legal basis exists. Except where they act as separate controllers, Data Processors appointed by the Company are required to follow the Company's instructions in relation to the Processing of Personal Data, provide written assurances that Personal Data will be processed in accordance with the GDPR and other privacy regulations and the information shared will be restricted to the minimum necessary for the specified and explicit purposes.
Processor Category | Purpose |
Marketing Service Providers | Marketing services /advertising agencies/ conference organizers |
Professional service providers | Consultation services in data protection, legal matters, security, audit, etc |
Technical Management | Website technical and support services |
Hosting | Secure data center, cloud and hosting services |
Online Services | Website chat, verification, trading platforms and other features for users |
Payment Service Providers | Telecom PSP, credit/debit card PSP, banking, and other financial services |
Verification | Identity and age verification services |
The Website might include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
9. Transfer of Personal Data to third countries or international organizations
Some of our service providers may be located in countries outside the European Union which the European Commission has recognized as a country or territory, or one or more specific sectors as providing adequate protection. Such transfer does not require any special permission.
However, some of our service providers may be located in countries that are not recognized as providing adequate level of personal data protection as the EU. When transferring data to such service providers, we guarantee that we will take measures to ensure the protection of the personal data and rights of the Users, using legal tools approved in the relevant data protection legislation.
- Your Personal Data may still be transferred to a third country under the following conditions/ derogations, where:
- you explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards;
- the transfer is necessary for the performance of a contract between you and the Company or the implementation of pre-contractual measures taken at your request;
- the transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Company and another natural or legal person;
- the transfer is necessary for the establishment, exercise, or defense of legal claims;
- the transfer is necessary to protect the vital interests of the Data Subject or of other persons, where the Data Subject is physically or legally incapable of giving consent.
10. Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when Website sets or access cookies. If you disable or refuse cookies, please note that some parts of this Website might become inaccessible or not function properly.
11. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12. Your Rights
Your data protection rights, granted by the GDPR, are described below. You may exercise them at any time using contact information provided in Section 3.
(a) Right to access Personal Data
You have the right to obtain from the Company confirmation as to whether or not your Personal Data is being processed and/or obtain access to your Personal Data held by the Company.
(b) Right to rectification of Personal Data
You have the right to question any Personal Data the Company holds about you that you think is wrong or incomplete. If you do, the Company will take reasonable steps to check its accuracy and correct it.
(c) Right to erasure (“right to be forgotten”)
You have the right to have the Company delete or remove your Personal Data in the following circumstances:
- The processing of Personal Data by the Company is no longer necessary for any of the reasons the Personal Data was collected and used.
- You have withdrawn your consent and there is no other reason for the Personal Data Processing.
- You have successfully objected to the processing of Personal Data by the Company.
- The Personal Data has been unlawfully processed.
- Deletion is required by law.
It is clarified that the Company reserves its right to deny the said erasure if the processing is necessary for the Company to comply with its legal obligation, for reasons of public interest, and/or for the exercise of its legal claims.
(d) Right to restriction of processing of your Personal Data
You also have the right to restrict the Company's use of your Personal Data in the following circumstances:
- pending verification by the Company of Personal Data the accuracy of which you have contested
- the Processing is unlawful, but you do not want your Personal Data to be erased
- the Company lno longer needed the Personal Data, but you do not want it to be erased because you need it for the establishment, exercise or defense of legal claims
- pending the Company's assessment where you have objected to processing intended to safeguard the Company's legitimate interests.
(e) Right to data portability
You have the right to receive your Personal Data from the Company in a structured, commonly used and machine-readable form. You can also ask the Company to transfer your Personal Data in this format to other organizations, where this is technically feasible. This right relates to the Personal Data which you have provided to the Company and which the Company processes electronically in reliance on your consent or for fulfilling the contract between you and the Company.
(f) Right to object
You have the right to object to the Company's use of your Personal Data and ask the Company to stop using your Personal Data in any of the following circumstances:
- You have the right to object, on grounds relating to your particular situation, at any time to Processing of your Personal Data which is intended by the Company to safeguard its legitimate interests or to serve the public interest. If you lodge an objection, the Company will no longer process your Personal Data unless the Company can demonstrate compelling legitimate grounds for the Processing which override your interests, rights and freedoms or unless the Processing is for the establishment, exercise or defense of legal claims.
- You have the right to object to the Processing of your Personal Data for direct marketing purposes, including profiling. If you lodge such an objection, your Personal Data will no longer be processed for such purposes.
- You have the right to object to the Processing of your Personal Data for scientific or historical research purposes or statistical purposes, on grounds relating to your particular situation, unless the Processing is necessary for the performance of a task carried out for reasons of public interest.
(g) Right to withdraw your consent
Where the Company relies on your consent for the Processing of your Personal Data, you can withdraw your consent at any time. If you withdraw your consent, the Company may not be able to provide certain products or services to you. If this is so, the Company will tell you before giving effect to your withdrawal notification.
Please note that the withdrawal of the consent does not affect the legality of the Personal Data processed prior to the withdrawal.
If the User has reason to believe that the Controller violates the rights of the User specified by law or these rules on data processing, the User has a right to submit a complaint to the supervisory authority.
We will make commercially reasonable efforts to provide the User with reasonable access to any of his/her personal data we maintain within 1 month as of receipt of User’s access request.
To ensure safety and privacy protection, we will take appropriate measures to verify User’s identity before disclosing information about the requested personal data.
13. Changes / Amendments to the Privacy Notice
We keep our privacy policy under regular review. The Company may revise or update this Privacy Notice from time to time. The new version of this Privacy Notice will be available on the Website. Historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
ln case of significant changes (such as in relation to the period and purposes of processing ofPersonal Data, the Company will bring these changes to your attention.