Legal

Terms and conditions

Privacy policy

General

This policy ensures compliance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), and the European Union (EU) General Data Protection Regulation (GDPR), when handling personal information. Where the Privacy Act, APPs and the GDPR impose equivalent obligations with different terminology, 26 Degrees Global Markets Pty Ltd (26 Degrees) applies the terminology of the APPs, ensuring consistent compliance with both frameworks. In cases where the GDPR imposes obligations not addressed by the APPs or Privacy Act or where GDPR obligations are more stringent, 26 Degrees ensures compliance with the GDPR to uphold its data protection responsibilities.

Consent

By opening an account with 26 Degrees or by utilising the products, services and applications available through 26 Degrees, you have consented to the collection, use and disclosure of your Personal Information in accordance with this privacy policy (Privacy Policy or Policy).

1. Collection of Information

What information does 26 Degrees collect?

When an account is created with 26 Degrees and while providing services, 26 Degrees is required to collect and process certain sensitive and personal information related to the shareholders, directors, and other stakeholders of the legal entity to comply with legal obligations and effectively deliver its services. The information 26 Degrees collects includes, but is not limited to:

• • Personal Identification Information: First and last name, email address, phone number, date of birth, and a copy of your national identity card, passport, or driving licence.
  • Contact and Address Verification Information: Residential address and a copy of a recent utility bill, bank statement, or similar document as proof of address.
  • Financial and Tax Information: Details about your financial status, tax residence, and Tax Identification Number (TIN).
  • Other Relevant Information: Any additional information we deem necessary to fulfill our functions, comply with regulatory requirements, and provide services to you.

“Personal Information” refers to any information that can personally identify an individual, including but not limited to the above categories. We process such Personal Information for the purposes outlined in this Privacy Policy and as required by applicable laws.

The type of information collected from you is relevant and limited to the information that is necessary for the operation of the account or for 26 Degrees to provide general advice to you.

This information is collected from application forms completed by you, the use of 26 Degrees’ online facilities or through ongoing communications.

26 Degrees will not solicit any personal information about you except where you have knowingly provided that information to 26 Degrees or where 26 Degrees believes that you have authorized a third party to provide that information to 26 Degrees.

Third parties that 26 Degrees may need to collect information from include your’ financial advisers, product issuers, employers, accountants or solicitors.

26 Degrees will inform you of any legal requirements for 26 Degrees to ask for information about you and the consequences of not giving 26 Degrees the requested information.

2.    Use and Purposes of Collection of Information

26 Degrees processes your personal data under one or more lawful bases, depending on the specific purpose:

1. 1. To Perform Our Contractual Obligations:
      The processing of your personal data is necessary to execute agreements, provide services, and manage our relationship with you. This includes verifying your identity, understanding your financial background, and assessing your investment objectives.
   2. Compliance with Legal and Regulatory Requirements:
      We process your personal data to meet various legal obligations, such as those arising under the Anti-money Laundering Laws, the Common Reporting Standard, and other applicable frameworks.
   3. To Pursue Legitimate Interests:
      The processing of your personal data is necessary for the legitimate business interests of 26 Degrees, provided these interests do not infringe on your rights or freedoms. Examples include fraud prevention, preparing legal defenses, managing business operations, and developing or marketing our products and services.
   4. Based on your Consent:
      You have given consent to the processing of your personal data for one or more specific purposes.

What if you do not give 26 Degrees the information requested?

You are not obligated to give us the information that 26 Degrees requests unless any information or documentation is legally requested. However, if you do not give 26 Degrees the information that 26 Degrees asks for, or the information that you provide is not complete or accurate, this may:

• • prevent or delay the processing of your applications;
  • prevent 26 Degrees providing financial services to you;
  • prevent us from contacting you; or
  • impact the taxation treatment of your account.

3.    Disclosure

Who may 26 Degrees share your information with?

• • 26 Degrees may disclose your personal information to external parties. Where personal information is disclosed, there are strict controls in place to ensure information is held, used and disclosed in accordance with the APPs and GDPR. The circumstances where 26 Degrees may disclose your personal information include:
    • Where required by law or a court order by competent court.
    • Where requested by ASIC, CySEC or any other regulatory authority having control or jurisdiction over 26 Degrees or the clients or their associates or in whose territory 26 Degrees has clients.
    • To government bodies and law enforcement agencies where required by law and in response to other legal and regulatory requests.
    • To relevant authorities to investigate or prevent fraud, money laundering or other illegal activity.
    • Related corporate bodies, agents, employees and representatives and entities within the same group either in Australia or overseas.
    • To such an extent as reasonably required so as to execute orders and for purposes ancillary to the provision of financial services.
    • financial institutions and other similar organisations in connection with 26 Degrees’ corporate activities or that are nominated by you;
    • external service providers and professional advisers that provide services to 26 Degrees; and/or
    • any organisation which you request 26 Degrees to disclose to or any persons acting on your’ behalf, including any financial advisers, brokers, solicitors or accountants.
    • where necessary in order for 26 Degrees to defend or exercise its legal rights to any court or tribunal or arbitrator or Ombudsman or governmental authority.
    • to any third-party where such disclosure is required in order to enforce or apply our Terms and Conditions or other relevant agreements.
    • To anyone authorized by you.

Additional scenarios for disclosure
There are other situations permitted in the Privacy Act not listed above where 26 Degrees may also disclose (or in some cases, elect not to disclose) your personal information, with, or without your consent, where it is:

• • for a secondary purpose (that may be reasonably expected by you) to which the information was originally collected, namely:
    • if the information is sensitive information (i.e. information about your   philosophical beliefs, sexual orientation, criminal history etc) – directly related to the primary purpose; or
    • if the information is not sensitive information – related to the primary purpose;
  • a permitted general situation, which relevantly includes (among other things) circumstances where:
    • it may be unreasonable or impracticable to obtain your consent to the collection, use or disclosure and 26 Degrees reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety;
    • 26 Degrees reasonably believes that the collection, use or disclosure is reasonably necessary to assist any APP entity (i.e. an agency or organization), body or person to locate a person who has been reported as missing; or
    • the collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.

4.    Transfer of Personal Data to third countries

For Personal Information governed by the GDPR (i.e. personal information that originates from the EU), we may transfer your data outside the European Economic Area (EEA) for the purposes outlined above. This may include transfers to countries that do not provide the same level of data protection as the laws in your home country (e.g., within the EEA).

In cases where the transfer is to a country or territory that has not been recognized by the European Commission as offering an adequate level of data protection and where no appropriate safeguards are in place as required under GDPR, you explicitly consent to the transfer of your Personal Information to such countries or territories. By providing your consent, you acknowledge and accept the potential risks associated with such transfers, including the possibility that your data may not be protected to the same standard as under EU law.

Where possible, we will implement technical measures like encryption, pseudonymization, and secure data storage, along with organizational measures such as employee training, access controls, and incident response protocols to protect your data and ensure compliance with GDPR.

5.    What are your rights?

26 Degrees understands that you may choose not to disclose your personal information to 26 Degrees. If you choose not to provide the information, however, 26 Degrees may not be able to open a  trading account, or provide to you with the financial services you have requested.

Your rights are as follows in respect of the personal information 26 Degrees hold about you:

• • the right to be informed about processing of your personal data;
  • the right to have your personal data corrected if its inaccurate and to have incomplete personal data completed;
  • the right to object to or restrict processing of your personal data;
  • the right to have personal data erased;
  • the right to request access to a copy of your personal data and information about how 26 Degrees process it:
  • the right to move, copy or transfer your personal data (data portability);
  • where processing is based solely on your consent, the right to withdraw consent at any time;
  • Right to object and automated individual decision-making (e.g. automatically profiling through the automated use of your personal data to evaluate or predict personal aspects, such as preferences, behavior, or movements).You may exercise any of the rights mentioned above by submitting a written request to the Data Protection Officer (DPO) of 26 Degrees using the contact details provided under Section 7.Upon receiving such a request, 26 Degrees will take action and provide information on the steps taken in response without undue delay and, in any case, within one month. If the request is particularly complex or if multiple requests have been received, this period may be extended by up to two additional months. In such cases, 26 Degrees will notify you within the initial one-month period, explaining the reasons for the delay. Should the request be submitted electronically, 26 Degrees will provide the response electronically where possible, unless you specify otherwise.

How long does 26 Degrees retain client’s personal information?

26 Degrees is required by law to retain certain records of information for varying lengths of time and, in certain circumstances, permanently.

Where your information is not required to be retained under legal or regulatory obligations, 26 Degrees will take reasonable steps to securely destroy or de-identify your clients’ personal information when it is no longer required for the purpose for which it was collected.

In most cases, 26 Degrees will securely destroy or de-identify personal information after a period of seven years following the conclusion of our business relationship with you. However, certain records may need to be retained for a longer period to comply with legal or regulatory requirements, fulfil your service requests, or maintain adequate business records.

6.    Protection of the personal and sensitive information that 26 Degrees holds

How does 26 Degrees protect the security of your personal information?

26 Degrees has security systems, practices and procedures in place to safeguard your privacy.

26 Degrees may use cloud storage or third-party servers to store the personal information 26 Degrees holds about you.

These services are subject to regular audit and the people who handle personal information have the training, knowledge, skills and commitment to protect it from unauthorised access or misuse. Any services utilized that form part of 26 Degrees’ offering of financial services will be monitored and controlled in accordance with the 26 Degrees Outsourcing Policy.

Cookies

A “cookie” is a small text file that may be placed on a computer by a web server. 26 Degrees’ websites may use cookies which may enable 26 Degrees to identify you or your browsers while you are using 26 Degrees’ websites. These cookies may be permanently stored on a computer or are temporary session cookies. The cookies used for a variety of purposes, including security and personalisation of services.

Through these cookies, 26 Degrees collects statistical information about visitors to 26 Degrees’ websites, such as the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded. This information is used to evaluate and improve the performance of 26 Degrees’ websites.

There are two types of cookies on the 26 Degrees website:

• • • Behavioural and analytical cookies assist 26 Degrees provide our clients with better service. They can tailor site content to our clients’ personal preferences and past behaviour, or remember our clients’ saved settings; and
    • Marketing cookies enable our clients experience more relevant online content and see advertisements which are aligned with our clients’ interests, as indicated by activity on 26 Degrees’

26 Degrees uses marketing cookies to provide advertising that is more relevant to our clients. When browsing through other sites where these cookies are relevant, our clients will be served advertisements which are in line with our clients’ interests based on their activity when using the 26 Degrees websites.

All browsers allow our clients to be notified when our clients receive a cookie and our clients may elect to either accept the cookie or not. If our clients do wish to accept a cookie, this may impact the effectiveness of the website.

7.    Data Protection Officer (“DPO”)

26 Degrees has appointed a DPO who is responsible for matters relating to privacy and data protection. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Email address:  [email protected]

Postal Address: Sub Base Platypus, SE 203, 120 High St, North Sydney NSW 2060, Australia

Telephone number: +61 2 9083 1333

We will process and reply to your request within thirty (30) days.

8.        Complaints

If you have a complaint, you may email us at (please insert the same email address as the one used under DPO section). Please allow us to process and respond to your complaint within thirty (30) days. Furthermore, in case you are not happy with the quality of services we have provided you with in respect of Personal Data processing, you have the right to lodge a complaint with the relevant supervisory authority.