XM does not provide services to residents of the United States of America.
XM does not provide services to residents of the United States of America.
As part of our daily business operations we need to collect personal information from our clients and prospective clients in order to provide them with our products and services and ensure that we can meet their needs when providing these products and services as well as when providing them with the respective information.
What information we collect, the legal bases upon which we process such information as well as the purposes for which we collect it;
Use and disclosure of information collected;
Security of your personal information;
Your rights in relation to the processing of the personal information we hold about you (e.g., right to access and rectification);
Complaints in relation to privacy; and
How to contact us.
Please note that if you are an existing and/or former employee of the Company, a job applicant, a contractor to the Company or a third party service provider, your personal information will be used in connection with your employment contract, or your contractual relationship, whichever applies.
Trading Point of Financial Instruments Pty Ltd is licenced and regulated by the Australian Securities and Investments Commission (ASIC) under license number AFSL 443670, with its registered office at Level 13, 333 George Street, Sydney 2000, NSW, Australia.
The Company respects the privacy of any users who accesses its website(s), and it is therefore committed to taking all reasonable steps to safeguard any existing or prospective clients, applicants and website visitors. The Company keeps any clients’/potential clients’ personal information in accordance with the applicable data protection laws and regulations (i.e., Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (the “APPs”) and the General Data Protection Regulation (679/2016) (the “GDPR”).
We have the necessary and appropriate technical and organisational measures and procedures in place to ensure that your information remains secure at all times. We regularly train and raise awareness to all of our employees on the importance of maintaining, safeguarding and respecting your personal information and privacy. We regard breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal where necessary.
The personal information you provide us with when registering yourself as a user of the Company’s site(s) and/or of its services is classified as registered information, which is protected in several different ways. You can access your registered information after logging in to the Members Area by entering a username and a password that you select. It is your responsibility to make sure that your password is only known to you and not disclosed to anyone else. Registered information is securely stored in a safe location and only authorised personnel have access to it via a username and a password. All personal information is transferred to the Company over a secure 128-bit SSL connection and thus all necessary measures are taken to prevent unauthorised parties from viewing any such information. Personal information provided to the Company that does not classify as registered information is also kept in a safe place and accessible by authorised personnel only via a username and a password.
Transmission of information via the internet is not always completely secure but the Company endeavors to protect your personal data by taking serious precautions. Once we have received your information, we will apply procedures and security features to try to prevent unauthorised access.
The APPs define personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. The GDPR defines personal data as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The Company only collects personal information directly from individuals, which is reasonably necessary for the provision of our services, and only by lawful and fair means.
The Company will collect any personal information necessary, in a lawful and fair manner, for the purposes of complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 as well as with other applicable legislations/regulations. Please also note that, in order to open an account with us, you must first complete and submit an application form to us by completing the required information. By completing this application form, you are requested to disclose personal information in order to enable the Company to assess your application, comply with the relevant laws and regulations and to be able to provide its services to you. The information you provide may also be used by the Company to inform you regarding its services.
The information that we may collect from you includes the following:
full name, residential address and contact details (e.g., email address, telephone number, fax etc.);
date of birth, place of birth, gender, citizenship;
information about your income and wealth, including details about your and source of funds, assets and liabilities, bank account information, trading statements, FATCA and CRS information and financial statements;
trading account balances, trading activity, your inquiries and our responses;
information on whether you hold a prominent public function (PEPs);
profession and employment details;
authentication data (e.g., signature)
trading performance, knowledge and experience;
verification information, which includes information necessary to verify your identity such as a passport or driver’s license (examples also include background information we receive about you from public records or from other entities not affiliated with us); furthermore, we may collect other identifiable information such as identification numbers and/or Passport/Tax registration numbers;
any other information customarily used to identify you and about your trading experience which is relevant to us providing our services to you;
activity and movement on the website.
We obtain this information in a number of ways through your use of our services including through any of our websites, apps, the account opening applications, our demo sign up forms, webinar sign up forms, subscribing to news updates and from information provided in the course of ongoing customer service communications. We may also collect this information about you from third parties such as through publicly available sources. We also keep records of your trading behaviour, including records regarding the following:
products you trade with us and their performance;
historical data about the trades and investments you have made including the amount invested;
your preference for certain types of products and services.
We may ask for other personal information voluntarily from time to time (for example, through market research or surveys).
If you choose not to provide the information we need to fulfil your request for a specific product or service, we may not be able to provide you with the requested product or service.
We may record any communications, electronic, by telephone, in person or otherwise, that we have with you in relation to the services we provide to you and our business relationship with you. These recordings will be our sole property and will constitute evidence of the communications between us. Such telephone conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which will record your image.
Unsolicited Personal Information
Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will securely destroy the information (provided it is lawful and reasonable for us to do so).
Personal data is kept in personnel files or within the Company’s Human Resources systems. We have a separate employee non-disclosure agreement for employees, which will be provided to you upon being recruited. The following types of data may be held by the Company, as appropriate, on relevant individuals:
name, address, phone numbers, date of birth, email address, gender, marital status, etc.;
CVs and other information gathered during recruitment;
references from former employers;
National Insurance numbers;
Criminal conviction data;
job title, job descriptions and pay grades;
conduct issues such as letters of concern and disciplinary proceedings;
internal performance information;
medical or health history/information;
terms and conditions of employment;
We may further ask for other personal information as we may consider necessary for the purpose of recruitment.
If you are unsuccessful in obtaining employment, we will seek your consent to retaining your data in case other suitable job vacancies arise in the Company for which we think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.
We may process your personal data on the following bases and for the following purposes:
Performance of a contract
We process personal data in order to provide our services and products, as well as information regarding our products and services based on the contractual relationship with our clients (i.e., so as to perform our contractual obligations). In addition, processing of personal data takes place to be able to complete our client on-boarding/acceptance procedures.
In view of the above, we need to verify your identity in order to accept you as our client and we will need to use those details in order to effectively manage your trading account with us to ensure that you are getting the best possible service from us. This may include third parties carrying out credit or identity checks on our behalf. The use of your personal information is necessary for us to know who you are as we have a legal obligation to comply with certain Know Your Customer and Customer Due Diligence regulatory obligations.
Compliance with a legal obligation
There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements (e.g., the anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws). There are also various supervisory authorities whose laws and regulations apply to us (e.g. the Australian Securities and Investments Commission). Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, payment processing, compliance with court orders, tax law or other reporting obligations and anti-money laundering controls.
These obligations apply at various times, including client on boarding/acceptance, payments and systemic checks for risk management.
For the purposes of safeguarding legitimate interests
We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Despite that, it must not unfairly go against what is right and best for you. Examples of such processing activities include the following:
Initiating legal claims and preparing our defence in litigation procedures;
Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures;
Setting up CCTV systems (e.g., at our premises for security reasons);
Measures to manage business and for further developing products and services;
Sharing your personal data within the XM Group for the purpose of updating/verifying your personal data in accordance with the relevant anti-money laundering compliance framework;
You have provided your consent
Our storage and use of your personal data is based on your consent (other than for the reasons described or implied in this policy when your consent is not required). You may revoke consent at any time; however, any processing of personal data prior to the receipt of your revocation will not be affected.
To assess the appropriateness of our services/products for the Clients
To provide you with products and services, or information about our products and services, and to review your ongoing needs
Once you successfully open a trading account with us, or subscribe to an update or webinar, we will need to use your personal information to perform our services and comply with our obligations to you. It is also in our legitimate interests to ensure that we are providing the best products and services so we may periodically review your needs to ensure that you are getting the benefit of the best possible products and services from us.
To help us improve our products and services, including customer services, and develop and market new products and services
We may, from time to time, use personal information provided by you through your use of the services and/or through client surveys to help us improve our products and services. It is in our legitimate interests to use your personal information in this way to ensure the highest standards when providing you with our products and services and to continue to be a market leader in the financial services industry.
We track visitor activity and behaviour at our website every time you access the site and the resulting data allow us to provide more effective user support if you need any help or advice using our website. We note that this information cannot be used to identify you.
To form a profile about you
We may, from time to time, use personal information provided by you through your use of the services and/or through client surveys to help us improve our products and services. It is in our legitimate interests to use your personal information in this way to try to ensure the highest standards when providing you with our products and services and to continue to be a market leader in the financial services industry.
To investigate or settle enquiries or disputes
We may need to use personal information collected from you to investigate issues and/or settle disputes with you as it is in our legitimate interests to ensure that issues and/or disputes get investigated and resolved in a timely and efficient manner.
To comply with applicable laws, court orders, other judicial process, or the requirements of any applicable regulatory authorities
We may need to use your personal information to comply with any applicable laws and regulations, court orders or other judicial process, or the requirements of any applicable regulatory authority. We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.
To send you surveys
From time to time, we may send you surveys as part of our customer feedback process. It is in our legitimate interest to ask for such feedback to try to ensure that we provide our services and products at the highest standards. However, we may, from time to time, also ask you to participate in other surveys and if you agree to participate in other surveys, we rely on your consent to use the personal information we collect as part of such survey. All responses to any survey we send out whether for customer feedback or otherwise will be aggregated and depersonalised before survey results are shared with any third parties.
Our website pages and e-mails may contain web beacons or pixel tags or any other similar type of data analysis tools that allow us to track receipt of correspondence and to count the number of users that have visited our webpage or opened our correspondence. Why may aggregate your personal information (such as trading history) with the personal information of our other clients on an anonymous basis (that is, with your personal identifiers removed) so that more rigorous statistical analysis of general patterns may lead to us providing better products and services.
If your personal information is completely anonymised, we do not require a legal basis as the information will no longer constitute personal information. If your personal information is not in an anonymised form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.
We may process your personal information to send you marketing communications by email or phone or other agreed forms (including social media campaigns) to ensure that you are always kept up to date with our latest products and services. If we send you marketing communications we will either do so based on your consent or if it is in our legitimate interest. Particularly, the Company will only use personal information obtained for the provision of financial services, for the secondary purpose of direct marketing where:
the Company collected the personal information from the individual; and
the individual provided his/her consent for the use or disclosure of the information for the purpose of direct marketing; and
the Company provides a simple means through which an individual can request to not receive marketing communications (i.e., withdraw his/her consent; and
the individual has NOT requested such communications cease.
Often the law requires us to advise you of certain changes to products/services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will not disclose your information to any outside parties for the purpose of allowing them to directly market to you.
Internal business purposes and record keeping
We may need to process your personal information for internal business and research purposes as well as for record keeping purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the services and products we provide to you and our relationship with you. We will also keep records to ensure that you comply with your contractual obligations pursuant to the agreement governing our relationship with you.
Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the terms or the features of our products or services. We need to process your personal information to send you these legal notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us.
If we undergo a corporate re-structuring or part, or if all of our business is acquired by a third party, we may need to use your personal information in association with that re-structuring or acquisition. Such use may involve sharing your information as part of a due diligence enquiries or disclosures pursuant to legal agreements. It is our legitimate interest to use your information in this way, provided we comply with any legal/regulatory obligation we have towards you.
If you enter any of our premises we may record your image on our CCTV for security reasons. We may also take your details to keep a record of who has entered our premises on any given day. It is in our legitimate interest to do this to maintain a safe and secure working environment.
The Company shall not disclose any of its clients’ confidential information to a third party, except: (a) to the extent that it is required to do so pursuant to any applicable laws, rules and/or regulations; (b) if there is a duty to the public to disclose; (c) if our legitimate business interests require disclosure; or (d) at your request or with your consent or to Persons described in this policy. The Company will endeavor to make such disclosures on a ‘need-to-know’ basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third party regarding the confidential nature of any such information.
As part of using your personal data for the purposes set out above, the Company may disclose your personal information to the following:
any members of the XM Group, which means that any of our ultimate holding companies and their respective subsidiaries may receive such information;
our Associates, for business purposes, including certain third parties such as service providers and specialist advisers who have been contracted to provide us with administrative, financial, legal, insurance, research or other services;
business introducers with whom we have a mutual business relationship;
business parties, credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law;
payment service providers (PSPs) and/or banking institutions in relation to issues raised regarding deposits/withdrawals to/from trading account(s) held with the Company and/or for the purpose of commencing an investigation regarding such matters (e.g., third party deposits);
anyone authorised by you.
In the event that the Company discloses your personal information to business parties, such as card processing companies or banks, in order to perform the services requested by clients, such third parties may store your information in order to comply with their legal and other obligations.
Clients accept and consent that the Company may, from time to time, analyse the data collected while visiting our website(s) or by other means, such as questionnaires, for statistical purposes in order to improve the Company’s business activities.
We may transfer your personal information inside or outside Australia or the European Economic Area to other XM Group companies as well as service providers (i.e., Processors). To the extent we transfer your information outside Australia or the EEA, we will ensure that the transfer is lawful and that Processors in third countries are obligated to comply with the Australian Privacy and European data protection laws or other countries’ laws which are comparable and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46. If we make transfers to processors in the USA, we may in some cases rely on applicable standard contractual clauses, binding corporate rules or any other equivalent applicable safeguarding arrangements.
Tracking systems used on the Company’s website(s) may collect your personal data in order to optimise the services provided to clients/potential clients. The website collects information in the following ways:
By recognizing your device used to access and use the Company’s website(s), we can provide you with the most appropriate version of our website(s).
Logging certain behaviors on the site enables the company to track user action and therefore troubleshoot any issues that may occur.
Using your IP address helps us localize our website content, which we provide to you based on your country, and improve your user experience on our site(s).
Cookies are text files with a small amount of data sent from our website(s) to your browser and stored on your computer’s hard drive. Cookies help us improve the performance of our website(s) and our website visitors’ experience, track your referrer (if any) and improve our future advertising campaigns.
You must submit verification documents to us through the Company’s Members Area in order to activate your trading account. These documents are transmitted over a secure 128-bit SSL connection and stored in a safe location.
Internet cookies are small pieces of data sent from our website(s) to your browser and stored on your computer’s hard drive when using our website(s), and they may include a unique identification number. The purpose of collecting this information is to provide you with a more relevant and effective experience on our website(s), including the presentation of our web pages according to your needs or preferences.
Cookies are frequently used on many websites on the internet, and you can choose if and how a cookie will be accepted by changing your preferences and options in your browser. You may not be able to access some parts of our website(s) if you choose to disable the cookie acceptance in your browser, particularly in the Company’s Members Area and other secure parts of our website(s). We therefore recommend you to enable cookie acceptance in order to benefit from all our online services.
The Company uses session ID cookies and persistent cookies. A session ID cookie expires after a set amount of time or when the browser window is closed. A persistent cookie remains on your hard drive for an extended time period. You can remove persistent cookies by following directions provided in your web browser's ‘Help’ file.
Where our use of your personal information requires your consent, such consent will be provided in accordance with the express written terms which govern our business relationship (which are available on our website(s) as amended from time to time), or any other contract we may have entered into with you or as set out in our communication with you from time to time.
Safeguarding the privacy of your information is of utmost importance to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in a combination of secure computer storage facilities and paper-based files and other records and we take the necessary measures to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time. For example, we are subject to certain anti-money laundering laws which require us to retain the following, for a period of seven (7) years after our business relationship with you has ended:
a copy of the documents we used in order to comply with our customer due diligence obligations;
supporting evidence and records of transactions with you and your relationship with us
Also, the personal information we hold in the form of a recorded communication, by telephone, electronically, in person or otherwise, will be held in line with local regulatory requirements (i.e., 7 years after our business relationship with you has ended). Where you have opted out of receiving marketing communications we will hold your details on our suppression list so that we know you do not want to receive these communications.
We may keep your data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons.
The rights that might be available to you in relation to the personal information we hold about you are set out below. You may exercise these rights by sending us an email at email@example.com.
Information and Access
If you ask us, we will confirm whether we are processing your personal information and, if so, what information we process and, if requested, provide you with a copy of that personal information (along with certain other details) within thirty (30) days from the date of your request. If you require additional copies, we may need to charge a reasonable administration fee.
We may not be able to give you access to information in the following circumstances:
where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety;
which would unreasonably impact the privacy of another individual;
where such request is reasonably considered to be frivolous or vexatious;
which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
which would reveal our intentions and thereby prejudice our negotiations with you;
which would be unlawful;
which is prohibited by law or a court/tribunal order;
which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto;
where enforcement activities conducted by or on behalf of an enforcement body may be prejudiced; or
where access would reveal details regarding a commercially sensitive decision-making process.
Rectification and Maintenance of the Quality of your Personal Information
It is an important to us that your personal information is up to date. We will take all reasonable steps to make sure that your personal information remains accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal information to others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also inform you who we have shared your personal information with so that you can contact them directly.
You may inform us at any time that your personal details have changed by e-mailing us at firstname.lastname@example.org. The Company will change your personal information in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof, i.e. personal information that we are required to keep for regulatory or legal purposes.
You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it or you withdraw your consent (if applicable) provided that we have no legal obligation to retain that data. Such request will be subject to any retention limits we are required to comply with in accordance with applicable laws and regulations and subject to section 'Storage of Your Personal Information and Retention Period'. If we have disclosed your personal information to others, we will let them know about the erasure where possible. If you ask us, where possible and lawful to do so, we will also inform you who we have shared your personal information with so that you can contact them directly.
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. It will not stop us from storing your personal information. We will inform you before we decide not to agree with any restriction. If we have disclosed your personal information to others, we will inform about the restriction if possible. If you ask us, if possible and lawful to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
Under the General Data Protection Regulation (679/2016), you have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine-readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.
You can ask us to stop processing your personal information, and we will do so, if we are:
relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
processing your personal information for direct marketing; or
processing your personal information for research unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest (such as by a regulatory or enforcement agency).
Automated decision-making and profiling
If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even where a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our services or products with you, if we agree to such request (i.e. end our relationship with you).
If you do not want us to use your personal information, you must inform the Company by sending an email to email@example.com. If you decide to do so, we may not be able to continue to provide information, services and/or products requested by you and we will have no liability to you in this respect.
The Company may disclose your personally identifiable information as required by rules and regulations and when the Company believes that disclosure is necessary to protect our rights and/or to comply with any proceedings, court order, legal process served or pursuant to governmental, intergovernmental or other regulatory bodies. The Company shall not be liable for misuse or loss of personal information or otherwise on the Company’s website(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorised use of your personal information due to misuse or misplacement of your passwords, negligent or malicious intervention and/or otherwise by you or due to your acts or omissions or a person authorized by you (whether that authorization is permitted by the terms of our legal relationship with you or not).
If you have a concern about any aspect of our privacy practices, you can submit a complaint. This will be acted upon promptly. To make a complaint, please contact us via email at firstname.lastname@example.org. We will investigate your complaint and endeavour to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner by telephoning 1300 363 992 or visiting their website at www.oaic.gov.au.
Risk Warning: Your capital is at risk. Leveraged products may not be suitable for everyone. Please consider our Risk Disclosure.
If you do not give your consent to the above, you may alternatively contact us via the Members Area or at email@example.com.
Please enter your contact information. If you already have an XM account, please state your account ID so that our support team can provide you with the best service possible.