Skip to main content
Fidorix
Register

Legal

Privacy Policy

Last updated:

Fidorix Ltd. ("Fidorix", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under applicable data-protection law, including the General Data Protection Regulation (GDPR).

1. Introduction

This policy applies to all personal data processed by Fidorix Ltd., a company registered under the laws of its jurisdiction of incorporation, acting as the Data Controller. By using our platform, website, or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please discontinue use of our services.

We process personal data only where we have a lawful basis to do so, and we implement appropriate technical and organisational measures to protect it.

2. Information We Collect

We collect personal data in the following categories:

  • Identity Data: Full name, date of birth, nationality, government-issued ID (passport or national ID — required for KYC/AML compliance).

  • Contact Data: Email address, phone number, and mailing address.

  • Financial Data: Bank account details, payment card information (tokenised), source of funds declarations.

  • Trading Activity: Trade history, open/closed positions, deposits, withdrawals, and profit/loss records.

  • Technical Data: IP address, browser type and version, device identifiers, operating system, time-zone, and referral URLs.

  • Usage Data: Pages visited, feature usage patterns, session duration, and click-stream data.

  • Cookie & Tracking Data: Data collected via cookies and similar technologies — see Section 5 for full details.

3. How We Use Your Information

We use your personal data for the following purposes:

  • Provide, maintain, and improve our trading platform and services.
  • Verify your identity and comply with KYC/AML regulatory obligations.
  • Process transactions and manage your trading account.
  • Send transactional communications (trade confirmations, account alerts, security notices).
  • Send marketing communications where you have given consent or where a legitimate interest applies.
  • Detect and prevent fraud, money laundering, and other illegal activities.
  • Analyse platform usage to improve user experience and product features.
  • Comply with applicable laws, regulations, and court orders.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate our platform, analyse traffic, and deliver personalised experiences. You can manage cookie preferences through our cookie consent banner or your browser settings. Withdrawing consent for non-essential cookies will not affect the core functionality of your trading account.

Cookie Name Type Purpose Duration
fid_session Essential Maintains your authenticated session Session
_ga, _gid Analytics Google Analytics — measures site performance 2 years / 24 h
fid_prefs Preference Stores UI preferences (language, theme) 1 year
fid_mkt Marketing Tracks campaign attribution for ad platforms 90 days

6. Data Sharing & Third Parties

We do not sell your personal data. We share data only with trusted third parties where necessary to operate our services, fulfil legal obligations, or with your explicit consent:

  • Payment Processors: To handle deposits and withdrawals securely. These providers are PCI-DSS compliant and process card data under their own privacy frameworks.
  • KYC/AML Providers: Regulated identity-verification and anti-money-laundering service providers, as required by financial regulations.
  • Google Analytics: Web analytics service operated by Google LLC. Data may be transferred to the US under Standard Contractual Clauses.
  • Cloud Hosting: Infrastructure and data-storage providers operating under data-processing agreements that meet GDPR adequacy standards.
  • Regulatory Authorities: Financial regulators, law enforcement, or courts when required by applicable law or a valid legal process.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy or as required by law:

  • Account & financial records: 7 years from account closure, as required by financial-services regulations.
  • KYC/identity documents: 5 years after the end of the business relationship, per AML regulations.
  • Marketing data: Until you opt out or withdraw consent, after which it is deleted within 30 days.
  • Technical / log data: Up to 24 months for security and fraud-prevention purposes.

After the applicable retention period expires, your data is securely deleted or anonymised.

8. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). Where we transfer personal data internationally, we ensure an equivalent level of protection through one of the following mechanisms:

  • An adequacy decision by the European Commission for the destination country.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Other lawful transfer mechanisms where SCCs are not applicable.

You may request a copy of the relevant safeguards by contacting our DPO at the address in Section 13.

9. Your Rights (GDPR)

If you are located in the EEA or the UK, you have the following rights regarding your personal data. To exercise any right, contact our DPO (see Section 13). We will respond within 30 days.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data where no legal obligation requires retention.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Restrict Processing

Ask us to pause processing while a dispute is resolved.

Right to Withdraw Consent

Withdraw consent at any time without affecting prior lawful processing.

You also have the right to lodge a complaint with your local data-protection supervisory authority if you believe we have processed your data unlawfully.

10. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18 without verifiable parental consent, we will take immediate steps to delete that data. If you believe a minor has provided us with personal data, please contact our DPO immediately.

11. Security Measures

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • End-to-end encryption (TLS 1.3) for all data in transit.
  • AES-256 encryption for sensitive data at rest.
  • Multi-factor authentication (MFA) for account access.
  • Regular penetration testing and third-party security audits.
  • Strict role-based access controls limiting staff access to data on a need-to-know basis.
  • Incident-response procedures with mandatory breach notification within 72 hours where required by law.

Despite these safeguards, no transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to addressing any vulnerabilities promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending a notification to your registered email address.

We encourage you to review this policy periodically. Continued use of our services after changes become effective constitutes your acceptance of the revised policy.

13. Contact Our DPO

For any questions, requests, or complaints relating to this Privacy Policy or your personal data, please contact our Data Protection Officer:

Data Protection Officer

Company
Fidorix Ltd.
Email
privacy@fidorix.com
Response
Within 30 days

If you are not satisfied with our response, you have the right to escalate your complaint to your local supervisory authority responsible for data protection.