Privacy Notice
1. Who we are.
Monex Europe S.A. (‘we’, ‘our’ or ‘us’) may process certain personal data about you, depending on the scope of your specific relationship with us. This processing of personal data is regulated under the General Data Protection Regulation (2016/679) (the ‘GDPR’) of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the e-Commerce Directive (2000/31/EC) and the e-Privacy Directive (2002/58/EC), which all apply across the European Union, as well as any national implementations, including but not limited to the Luxembourg law of 1st August 2018 on the organisation of the National Commission for Data Protection and implementation of Regulation (EU) 2016/679, the Luxembourg law of 14 August 2000 on electronic commerce and the Luxembourg law of 30 May 2005 on data protection and electronic communications, all three as amended from time to time (together referred to as the ‘Data Protection Laws’). We are responsible as ‘controller’ of your personal data for the purposes of those laws.
2. What does this Privacy Notice cover?
This Privacy Notice applies to the following three circumstances:
1. personal data processed when you visit and use our website;
2. any natural person that has been contacted through our direct marketing strategy, either via phone or email; and
3. personal data processed to service our potential and existing clients.
3. Data protection principles
We will comply with the principles set out in the GDPR, which states that the personal data we hold about you must be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you;
- relevant to the purposes we have told you about and limited only to what is necessary in relation to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about, subject to any limitation periods imposed by law;and
- kept securely.
Personal data means any information about an individual from which that person can be identified or be rendered identifiable. It does not include data where your identity has been removed, such as anonymous data.
4. What personal data do we collect?
4.1 Personal data gathered from you
4.1.1 Website
When you visit our website, and navigate your way around, we acquire minimum personal data at this stage. The personal data we collect includes the following:
- information about your computer or device, including browser type and settings;
- log data – the webpage you were visiting before you came to our site, pages you visit on our site, time spent on those pages, information you search for on our site, IP address, access times/dates, and other statistics;
- history of interaction with our webpages, including traffic data relating to your internet connection; and/or
- other personal data that does not directly identify you, such as actions taken on our website.
Providing your data is optional, but it may be necessary for certain services we provide, and other processing activities e.g. to access content, or to qualify your suitability as a new customer. In such cases, if you do not provide your personal data, we may not be able to provide you with the requested services.
4.1.2 Marketing
We collect personal data that you provide directly to us only if you respond to our marketing campaigns. This personal data is collected throughout communication with us, such as:
- call logs; and
- e-mail exchanges with our staff.
We collect this personal data from you when you communicate with our staff through any medium.
4.1.3 Client
We collect the following personal data that you provide to us at onboarding:
- name;
- email address;
- telephone number;
- address;
- nationality;
- date of birth;
- identification documents (and their attached personal data); and
- signature.
We collect this personal data from you when:
- registering for an account; and
- subscribing for our morning report.
We collect the following personal data that you provide to us throughout the business relationship:
- account activity, including payment instructions;
- communications with our staff; and
- usage of online portals.
We collect this personal data from you when:
- communicate to our staff through any medium; and
- access our online systems, portal or Monex Pay.
4.2 Personal data from other sources
4.2.1 Website
We do not collect or process personal data from other sources and any personal data we collect, in the context of the website, is provided by you whether directly or indirectly.
4.2.2 Marketing
If we have contacted you during a marketing campaign, we may have collected personal data on you which could include:
- name (including a designatory letters you have attached);
- date of birth;
- country of residence;
- corporate email address (which will likely contain your name);
- corporate telephone number (which you may use for personal reasons);and
- occupation.
We collect this personal data from third parties who, in turn, may gather the data from publicly accessible sources, including but not limited to:
- LinkedIn;
- Companies House; and
- news sources.
You can object to our processing of your data at any stage, please see the section ’13. What rights do you have?’.
4.2.3 Client
We may receive personal data about you from other sources, where applicable. This information includes:
- credit information;
- credit references;
- business partners, introducers, service providers; and
- legal and compliance checks.
We will add this information to the personal data we hold about you for the following purposes:
- to check customer creditworthiness (this is only required for certain products and services, for more information see section 12 below);
- to check for possible fraudulent activity;
- comply with our legal obligations; and
- to improve and personalise our service.
Please note that we will ask for your explicit consent before any credit search is performed, and this search is only required for certain products and services.
4.3 Cookies and similar technologies
Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open. You can access our Cookies Policy on our website https://www.monexeurope.eu/en/mesa/cookie-policy/.
5. How do we use personal data?
5.1 Website
We use your personal data mainly to: interact with you; to provide you with support services; to make it easy to navigate our website; to improve our website and our products; and to offer you content and services that might interest you.
We use your personal data as follows, where the processing is necessary to establish or administer our agreement with you:
- communicate with you regarding support services and provide you with critical service updates;
- allow you to register for our services;
- provide you with technical and customer support, and enable the provisioning of services; and
- determine the entity you are connecting from.
We may also use your personal data where processing is necessary for us to comply with our legal obligations, including responding to legal process or lawful requests. Lastly, we may use your personal data, where required by applicable law.
5.2 Marketing
We collect personal data about you in order to directly market services that we legitimately believe will be of interest to you. This data is used exclusively to communicate with you and discuss how we can help you.
If you contact us to discuss any topic or issue, we may monitor and record communications such as emails and telephone calls for the following purposes:
- quality assurance;
- training;
- fraud prevention;
- gathering statistical data for management information; and
- compliancewith relevant laws.
5.3 Client
We collect personal data about our users for the following purposes:
- onboarding;
- identify you and manage any accounts you hold with us;
- sending contract notes;
- complying with regulation;
- process your trades;and
- statistical analysis and behavioural analysis.
We may monitor and record communications such as emails and telephone calls for the following purposes:
- quality assurance;
- training;
- fraud prevention;
- gathering statistical data for management information; and
- compliancewith relevant laws.
6. Who your personal data may be shared with.
- We may share your personal information with other group companies, affiliates and other third parties to help us process your personal information for the purposes set out in this Privacy Notice. This may include:members of the Monex Group depending on your requested products and services;
- contractors, sub-contractors, business partners, introducers, suppliers and/or service providers that help us perform our business functions;
- credit reference agents in accordance with our credit checking policy below;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- legal representatives and consultants in situations where expert advice and legal opinions are required; and/or
- processors that maintain our IT systems.
We outsource some of our IT activities to the following service providers:
- ClaireLogic
- DataArt Solutions
- Microsoft Exchange
- Microsoft Azure
7. Your personal data is never sold and any personal data that is shared is done so in line with the Data Protection Laws. Reasons we can collect and use personal data
We collect and use personal data to provide you with a service or product that you have requested, or where necessary, to comply with a legal obligation. We may also collect and use personal data pursuant to the Monex Group’s legitimate interest as long as these interests are not overridden by your data protections rights. Additionally, we may collect and use certain personal data where you have given consent. Where we ask for consent, you are free to withhold or revoke your consent by opting out.
The “legitimate interests” referred to above are:
1. the processing for marketing purposes;
2. the provision of the proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of our business;
3. compliance with foreign laws and regulations and/or any order of a foreign court, government, supervisory, regulatory or tax authority; and
4. exercising our business in accordance with reasonable market standards.
In addition to the legal basis of ‘legitimate interest’ under the GDPR, we obtain your ‘consent’ in order to market to you, in accordance with the requirements under the Luxembourg law of 14 August 2000 on electronic commerce and the Luxembourg law of 30 May 2005 on data protection and electronic communications, both as amended.
8. How long your personal data will be kept
We will keep your personal data in line with our Data Retention Policy. This allows the Monex Group entities to perform the activities listed in this Privacy Notice. We will maintain your personal data for as long as necessary for the purposes for which they have been collected, which generally corresponds to the lifecycle of the contract. We may need to keep your data for a longer period where we need to retain personal data to comply with legal or regulatory requirements, such as to help us respond to complaints or preventing fraud and financial crime. If we are not required to retain the personal data, we will destroy, delete or anonymise it at the point it is no longer required.
9. Keeping your personal data secure
We store your personal data in a secure environment. We have appropriate security measures in place to prevent personal data from being lost, accessed or used in an unauthorised way, including encryption and other forms of security. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Whilst we will use all reasonable efforts to secure your personal data, in using the website you acknowledge the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of personal data that is transferred from you.
10. Transfers of your personal data outside of the European Economic Area (EEA)
Your personal data may be transferred to and stored in locations outside of the European Economic Area. When we do this, we will ensure the recipient entity has an appropriate level of protection and that the transfer is lawful through controls, such as Standard Contractual Clauses. We may need to transfer your data in this way to carry out our contractual obligations to you, to fulfil a legal obligation and/or for our legitimate interests. In such instances, we will only share the personal data with those who have the right to see the personal data.
11. Marketing
We would like to send you information about products, services and our business, which may be of interest to you. Such information could be sent by post, email, or telephone.
How we market to client and potential clients differs and is explained below.
11.1 Client
We will ask whether you would like us to send you marketing messages on the first occasion that you provide any relevant contact information (i.e. on signing up to trade with us). If you do opt in to receive such marketing from us, you can opt out at any time (see ‘13. What rights do you have?’ below for further information). If you have any queries about how to opt out, or if you are receiving messages you do not want to, you can contact us using the details provided below.
11.2 Potential client
You may be sent marketing information, in this instance the personal data has been collected and processed in line with the previously described processes in sections 4.1.2, 4.2.2 and 5.2.
12. Credit Checking
We may do a credit check on you so that we can make credit decisions about you and prevent financial crime. Any such search will be recorded on the files of the credit reference agency.
We may also disclose personal data about how you conduct your account to credit reference agencies and your personal data may be linked to records relating to other people living at the same address with whom you are financially linked.
Other credit businesses may use your personal data to:
- make credit decisions about you and the people with whom you are financially associated
- trace debtors; and
- prevent and detect financial crime.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
13. What rights do you have?
We would like to make sure you are fully aware of all your data protection rights.
The right to not have your personal data be subjected to decision-making based solely on automated individual decision-making processing, including profiling – We do not solely rely on automated individual decision-making, including profiling in the processing of your personal data for the provision of our services. In the event we choose to perform any processing or profiling, solely by way of automated individual decision-making tools (which would produce a legal or similarly material effect on you), you have the right to not have your personal data be subjected to decision making based solely on such automated processing, including profiling, subject to valid exceptions, expressly set out within applicable data protection law.
The right to not have your personal data processed for a purpose other than the purpose for which it was collected – In the event we intend to further process your personal data for a purpose other than the one for which the personal data was collected, prior to that further processing, we shall provide you with information on that other purpose and with any relevant further information, subject to valid exceptions, expressly set out within applicable data protection law.
The right to access – You have the right to request us for copies of your personal data and how we process the data.
The right to rectification – You have the right to request that we correct any personal data you believe is inaccurate. You also have the right to request we complete personal data you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions. If you enforce this right at the same time as you object to the processing we will have to maintain basic identification data to ensure we do not contact you again.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, this means if you do not want to be contacted for the purposes set out in this notice, including but not limited to marketing purposes, then we will stop processing your data.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you.
From time to time we may have other methods to unsubscribe (opt-out) from any direct marketing including, for example, unsubscribe buttons or weblinks. If such are offered, please note that there may be some period after selecting to unsubscribe in which marketing may still be received while your request is being processed.
You also acknowledge the existence of your right to lodge a complaint with the Commission Nationale pour la Protection des Données (the ‘CNPD’) at the following address: 15, Boulevard du Jazz, L-4370 Belvaux, Grand-Duchy of Luxembourg; or with any competent data protection supervisory authority of their EU Member State of residence.
14. Changes to the Privacy Notice
This Privacy Notice was published on 01 January 2021. The last update was on 02 December 2024.
We may update or amend this Privacy Notice from time to time. You should check this Privacy Notice frequently to ensure you are aware of the most recent version that will apply each time you access this website. We will also notify users of any substantial changes by:
- E-mail if you have opted to receive emails; and/or
- a notice on the website header.
15. Contacting Us
If you have any questions about this Privacy Notice or the personal data we hold about you, please contact us by:
Email – gdpr@monexeurope.com
Post – Monex Europe S.A., 35 Avenue Monterey, Ground floor, L-2163, Luxembourg
16. Complaints
If you have any complaints about this Privacy Notice or the personal data we hold about you, please contact us by reaching out to the above contact information.
If you are unsatisfied by our response you can contact the Commission Nationale pour la Protection des Données (National Commission for Data Protection) by contacting:
Contact number: +352 26 10 60 -1
Website: https://cnpd.public.lu/