‘Trading 212 Markets Ltd’, is a Cyprus Investment Firm incorporated under the laws of Cyprus, which has its principal place of business at 18 Santorinis, 4004, Limassol, Cyprus, and registered with the Registrar of Companies in Nicosia under number: HE 409763 (the “Company”). The Company is regulated as a Cyprus Investment Firm (‘CIF’) by the Cyprus Securities and Exchange Commission (‘CySEC’) under license number 398/21.
The Company is operating under Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on Markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (the “Markets in Financial Instruments Directive 2014/65/EU)” or “MiFID II”) and amending Directive 2002/92/EC and Directive 2011/61/EU, as last amended by Directive (EU) 2016/1034 of the European Parliament and of the Council, of 23 June 2016 and under Regulation (EU) No 600/2014 of the European Parliament and the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (the “MiFIR”) which was implemented in Cyprus by the Investment Services and Activities and Regulated Markets Law of 2017 (Law 87(Ι)/2017), which provide for the provision of Investment Services, the exercise of Investment Activities, the operation of Regulated Markets and other related matters (the “Investment Services and Activities and Regulated Markets Law”), as the same may be modified and amended from time to time.
The current legislation for the processing and protection of personal data in Cyprus is the Protection of Natural Persons With Regard to the Processing of Personal Data and for the Free Movement of Such Data Law of 2018 (the “Law”).
The Law is based on the implementing legislation for the General Data Protection Regulations (“GDPR”), Regulation (EU) 2016/679 of the European Parliament and the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. GDPR replaces and repeals directive 95/46/EC.
Because the GDPR is a regulation and not a directive, it means that it is directly applicable in all EU member states from May 2018. A directive only directs member states to implement ruling but does not enforce.
Trading 212 is committed to the protection of your personal data and we do not access or use it for any purpose other than providing, maintaining and improving our services and as otherwise required by law. In order to open and maintain client accounts, we obtain and hold personal information. This policy outlines how we manage such information to ensure we meet our obligations to respect our clients’ privacy and that all such information remains confidential. We are bound by the terms of the General Data Protection Regulation 2016/ 679 (GDPR) and any applicable data protection law.
Information for Trading 212
1) Trading 212 UK Ltd.
Phone: +44 203 769 98 97
Address: 107 Cheapside
London EC2V 6DN
Trading 212 UK Ltd. is a company registered in England and Wales (Register number 8590005). Trading 212 UK Ltd. is authorised and regulated by the Financial Conduct Authority (Register number 609146).
2) Trading 212 Ltd.
Phone: +359 800 46049
Address: 3 Lachezar Stanchev Str.
Litex Tower, floor 10
Sofia 1797, Bulgaria
Trading 212 Ltd. is registered in Bulgaria (company number 201659500). Trading 212 Ltd. is authorised and regulated by the Financial Supervision Commission (FSC) (Register number RG-03-0237).
3) Trading 212 Markets Ltd.
Phone: +357 25 343222
Address: 18 Santorinis,
4004, Limassol, Cyprus
Trading 212 Markets Ltd. is registered in Cyprus (company number HE 409763). Trading 212 Markets Ltd. is authorised and regulated by the Cyprus Securities and Exchange Commission (CySEC) (Register number 398/21).
What sort of information do we need?
When you access our Website at www.trading212.com, our Trading 212 platform, Trading 212’ product page in the Apple App Store or Google Play Store (together with the ‘‘Website’’), connect to, sign up to, participate in, create an account for, make individual operations within or otherwise use our services, we may collect personal data about you. We also process the personal data that we received from you as part of the contractual relationship that we have with you or for the purposes of legitimate interests pursued by Trading 212. We also process data that we have legitimately received from publicly available sources.
- In the course of opening an account for you, we need to collect personal information from you to enable us to establish your identity. To do this, we will request some personal data which includes your full name, country of residence, your address, date of birth, nationality, contact details, email address, phone number.
- In order to prevent fraud, we may collect information about your financial status (i.e. income and savings). To facilitate your funding and withdraw requests, we may process your IBAN details and other payment processing information as requested by the respective payment services providers.
- As a regulated investment firm, we are obliged by law to identify every client by his or her ID card, driving licence or passport and documents that can be used as a proof of address (e.g. utility bill, bank statement). Pursuant to applicable laws, use additional online electronic verification tools that might request, among other things further details, documents, photo and video evidence from yourself. It is also for your own security to have a proper identification upon opening an account with Trading 212.
- To assess the appropriateness of our services to your circumstances and experience and to assess whether you may qualify as a professional or retail (non-professional) client, we may ask for additional information such as, but not limited to, trading experience, employment details, knowledge and experience in financial services and products.
We will request this information from you through our application form, and also use our own records and information from other sources for compliance with legal and regulatory obligations.
The processing and the storage of your personal data is necessary to provide you the services described in the Trading 212 Client Agreement and Share Dealing Service Terms of Business and to comply with our regulatory obligations. If you choose not to provide some of the requested information to us, we may be forced not to enter into an agreement with you or to refuse the performance of an existing agreement and consequently terminate it as we will not be able to fulfil our contractual and regulatory duties.
We keep the information as up to date as possible, and will change any details, such as your address, promptly when you inform us that they have changed.
Personal data that may be processed by Trading 212 comprise as well any type of electronic communications such as letters, emails, chat messages, telephone conversations, tax identification number and any related tax information, any personal information resulting from the KYC/AML checks carried out by Trading 212 pursuant to the applicable legislation relating to the fight against money laundering and terrorist financing.
Your use of the Website and related mobile applications and online services involves the automated collection of certain types of information, some of which may be considered personal information. This information includes: IP address, browser type and operating system.
In addition, the Website uses a range of cookies to improve and personalise your experience. More information about these can be found in our Cookies Policy.
Why do we need this information and on what legal basis is the data processed?
Lawfulness of processing
We will process your personal data (including collect, use, store and transfer, if applicable):
- for the performance of the Trading 212 Client Agreement and/or the Share Dealing Service Terms of Business (together referred to as the ‘‘Agreement’’) concluded between you as a client and Trading 212 and for the provision of the services described in the Agreement or accessed through the Trading 212 platform (the ‘‘Services’’);
- to take steps at your request prior to entering into an Agreement or for opening a demo account for you;
- for compliance with legal and regulatory obligations to which Trading 212 is subject (including but not limited to the obligations arising under the MIFID 2 regulation, anti-мoney laundering and countering terrorist financing regulatory obligations, any applicable tax legislation etc.) Examples of such regulatory obligations include, among others: reporting obligations to the FCA, the FSC and CySEC; providing information to financial crime authorities of suspicious money-laundering transactions or in the context of financial criminal proceedings; providing information to tax authorities. Please note that in order to meet some of the above requirements we may use automated decision making and profiling, whereas you may request human intervention, however you will not be able to object to such processing.
- In case the processing of personal data is necessary for the purposes of the legitimate interests pursued by Trading 212 - for example, in case we are obliged to provide a reference about you to a public authority or agency in order to comply with a legal obligation, to send you surveys for analytical and statistical purposes, as well as to ensure that we provide you with the best trading services and information we can and to continue improving our products in your best interest.
- Within the scope of your consent – for example, for marketing and promotional purposes. If you have granted us consent to process your personal data for marketing purposes, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Any consent given may be revoked at any time by you with future effect.
Trading 212 will process your personal data for the purposes of:
- providing the Services requested by you and carried out in relation to the concluded Agreement, including, among others, verify your identity, open and manage your account. This may include third parties carrying out identity checks on our behalf. Further, processing of data includes processing your deposit and withdraw requests, managing client relationships by means of electronic, telephone or chat communication, entering into and executing transactions with financial instruments.
- opening a demo account with us or having chat or email communication;
- conducting a risk assessment as prescribed by applicable legal provisions by collecting and archiving required documentary evidence regarding your identity; conducting a risk management control, data analysis and global supervision of your ongoing needs and enhancing the services offered to you;
- improving and personalising our Services to enhance your trading experience by providing you with market information which we believe may be relevant to you and send you important account and Services related data by different communication channels, including surveys, in-app notifications, platform messages and emails we think would be of interest to you.
- preventing misuse and fraud, demonstrating business transactions and communications; managing transactions surveillance and monitoring and complying with reporting obligations; managing risks, disputes, complaints, litigation or in the context of prosecution;
- marketing communications with you about updates to our products and services and informing you about any promotions offered by us, as long as it is in our legitimate interest or you have consented to receive such communications and unless you choose to opt-out of them. You can choose to opt-out of receiving such communications at any time by contacting us using the contact details set out in this Policy. We can continue to offer you the Services without this additional service.
Who are the recipients of your personal data?
Your personal data is received and processed by those employees of Trading 212 that need it for the execution of contractual, legal and regulatory obligations. Further, we may disclose, to the extent we deem such disclosure or transmission is necessary for satisfying the purposes set out above, to the following recipients:
- Other companies within the Trading 212 Group. This data may be transferred in order to allow us to provide a full service to you, where other companies within Trading 212 Group perform components of the full service offering such as financial, IT maintenance or support services;
- Any lawyers, external auditors or advisors, professional consultants, credit reference agencies, notaries, bailiffs, as well as any courts, regulatory, governmental, administrative or other official bodies as agreed or may be required by law, where such disclosure is necessary (i) to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our services; and (iv) to protect our rights and interests;
- third-party service providers that provide IT services, advisory and consultancy services, research, identity verification checks, payment processing services, insurance or other services to Trading 212, which are only authorised to process your personal data strictly for the purposes of providing these services and in accordance with our instructions. If the Company discloses your personal information to business parties, such as card processing companies or banks, in order to perform the services requested by clients, such third parties may store your information in order to comply with their legal and other obligations. If applicable, we will enter with such third-party service providers into the relevant contractual agreements or the standard data protection clauses that would be required under the GDPR to ensure compliance with our instructions;
We will require any entity to whom we disclose your information or who may obtain it on our behalf to ensure its confidentiality, and to handle it in line with the legitimate purpose for which they are allowed to access it and in accordance with the GDPR. We will not share or sell your information with third parties for their own independent marketing or business purposes without your consent.
Transferring Information Internationally
How long will your data be stored?
We will process your personal data for the entire duration of the Agreement you have concluded with us and for a period of five years after the termination of the Agreement to comply with the applicable anti-money laundering legislation and legal safe-keeping obligations. Further, any personal data will not be retained for longer than the time necessary for satisfying the purposes of its processing, subject to the general statutory limitation periods and the mentioned retention period where the applicable laws require that the personal data is retained for a certain period after the termination of our business relationship with you.
What are your rights regarding your personal data processing?
You have the right to:
- access and obtain information about your personal data – you have the right to request what information (if any) we process for you and if so, provide you with information containing your personal data and a copy of that personal data undergoing processing. To request information, we will need to verify your identity. If you require additional copies, we may need to charge a reasonable administration fee for requests that we deem are manifestly unfounded. Upon receiving a request from you and/or upon the receipt of the applicable fee, we will acknowledge your request and respond to you within one month from filing your request.
- rectify any factual inaccuracies or incompleteness with respect to your personal data - If the personal data we hold about you is inaccurate or incomplete, you may ask us to correct it. Upon receiving such a request from you, we will acknowledge it and respond to you within one month as from filing your request. If we have shared your personal information with others, we will let them know about the rectification where possible.
- request deletion of your personal data - you can ask us to delete or remove your personal data in cases where we no longer need it. However, please note that such requests will be satisfied provided that we have no legal obligation to retain such data and will be subject to any retention periods we are required to comply with in accordance with applicable laws and regulations as specified in section ‘’How long will your data be stored’’ above.
- request restriction of processing - you can ask us to restrict the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal information, for a period enabling Trading 212 to verify the accuracy of your personal data or in case you deem the processing is unlawful. Such objection may not impede us from storing your personal information though.
- object to the processing of personal data by Trading 212 – you can require from us to terminate the processing of your personal data, and we will comply with such request in cases where your personal data is processed for the purposes of direct marketing or research (if applicable) or if we are relying on our own legitimate interests to process your data except if we can demonstrate compelling legal grounds for the processing.
- request portability of your personal data - you have the right, when applicable, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another entity (data controller) of your choice when this is technically possible.
- lodge a complaint with a supervisory authority - you have the right to lodge a complaint regarding our processing of your personal data with your supervisory authority.
Please contact us using the contact details provided below to make a request in respect of your rights. We will use commercially reasonable efforts to respond to your request within 30 days of receiving such a request. If we cannot honour your request within the 30-day period, we will let you know the reasons why and when we expect to be able to fulfil your request.
How do we manage and protect your personal data?
We put a lot of effort and apply the highest technical and organisational standards to ensure that your personal data is secured and kept confidential. Any personal data that you provide to us is stored on secure servers, and we use rigorous procedures to protect against loss, misuse, unauthorised access, alteration, disclosure, or destruction of your personal data. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations. Part of the measures that we apply to provide a high level of security in terms of personal data management include, among others:
- Pseudonymisation – we process your personal data in such a manner that it can no longer be attributed to a specific person without the use of additional information which additional information is kept separately and is subject to specific technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person;
- Encryption – we apply cryptographic methods which convert certain information or data into a code to make it unreadable for unauthorized users;
- Minimisation – the personal data we demand from you is adequate, relevant and only limited to what is necessary in relation to the purposes for which such data is processed;
- Strict internal control on access to your personal data – access to your personal data is allowed only to those of our employees who need such verification to properly exercise their professional duties;
- Penetration testing – we apply an authorised simulated attack on a certain computer system, performed to evaluate the security of such system; Regular scanning and penetration testing is used to identify potential security vulnerabilities and apply the relevant remedies to rectify them;
- Ensuring ongoing application of integrity, confidentiality and education of all our employees.
We maintain security and incident response plans in the event of a physical or technical incident to handle this in a timely manner and limit any negative effect of such incident. Although we work hard to protect your personal data, we cannot guarantee that our safeguards will prevent every unauthorised attempt to access, use or disclose personal data.
Please recognise that you play a vital role in protecting your own personal data. When registering with our services, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorised access to or use of your account. If you believe that any of your account login details have been or might have been exposed, you can change your password at any time through our Website, as well as immediately contact our customer service. Given the nature of communications and information processing technology, we cannot guarantee that information, during transmission through the Internet, will be absolutely safe from intrusion by others.
How will we store your personal data?
Your information will be held on our secure computer systems. We have in place systems and procedures to prevent unauthorised access, improper modification or disclosure, misuse or loss of information.
We need to hold your information for some time after you have provided it to us, even if we no longer have a contractual relationship with you. Once we consider that such information is no longer needed, we will destroy it.
How to contact us and how to complain?
If you have any questions with regard to your rights or the present policy or if you consider that we have failed to respect your confidentiality, you may contact us by:
Phone: +44 203 769 98 97
Address: Trading 212 UK Ltd.
London EC2V 6DN
Phone: +359 800 46049
Address: 3 Lachezar Stanchev Str.
Litex Tower, floor 10
Sofia 1756, Bulgaria
Phone: +357 25 343222
Address: 18 Santorinis,
4004, Limassol, Cyprus
We inform you that we use video surveillance in our offices and if you visit any of our office premises, you may be subject to video recording. We are also obliged by law to record all our telephone conversations with clients.
Trading 212 Data protection officer
You may also contact our Data Protection Officer about any request you have related to your personal data:
If you are a client of Trading 212 Markets Ltd.: Commissioner for Personal Data Protection (the “Commissioner”) at http://www.dataprotection.gov.cy
1 Issonos Street, 1082 Nicosia
Linking to Other Websites
If you access links on the Website to third party websites which are not owned by Trading 212, or if you access the Website through links from other websites, please be aware that these websites have their own privacy policies. We do not accept any responsibility or liability for these privacy policies. You should check and review these privacy policies before you submit any personal data to these websites.
We use a tool provided by TrueLayer Limited (www.truelayer.com) ("TrueLayer") that allows you to send information on your payment accounts to us and other service providers.
In order to use our services, you will be asked to agree to their Terms of Service (https://truelayer.com/enduser_tos/) and enter your payment account details with TrueLayer or, for Open Banking connections, you will be redirected to your bank by TrueLayer in order to authenticate yourself. The Terms of Service set out the terms on which you agree to TrueLayer accessing information on your payment accounts for the purposes of transmitting that information to us.
We use a tool provided by TrueLayer to initiate payments from your payment account.
In order to use our services, you will be asked to consent to the payment via TrueLayer and TrueLayer's terms of service (https://truelayer.com/enduser_tos/) will apply to the payment initiation. TrueLayer's Terms of Service set out the terms on which you agree to TrueLayer initiating payment from your payment account.
TrueLayer is authorised by the UK Financial Conduct Authority under the Payment Services Regulations 2017 to provide account information services and payment initiation services (Firm Reference Number: 793171 ).
Are children allowed to use our services?
The services offered by Trading 212 are not allowed to be used by any person under the age of 18. We do not knowingly collect personal information from children under the age of 18 without the consent of the child's parent or guardian. If you learn that anyone younger than 18 has unlawfully provided us with personal data, please contact us, and we will take steps to delete such information.
Personal Data Breaches
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. The Company is obliged to do this within 72 hours of becoming aware of the breach, where feasible following its framework for reporting and managing data security breaches affecting personal or sensitive data held by the Company.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, The Company is required to also inform those individuals/data subjects without undue delay.
The below procedures are there to provide a framework for reporting and managing data security breaches affecting personal or sensitive data held by the Company.
A personal data breach is defined as having the potential to affect the confidentiality, integrity or availability of personal data held by the Company in any format. Such breaches may happen for any number of reasons including:
- - The disclosure of confidential data to unauthorised persons;
- - Loss or theft of data and/or equipment on which data is stored;
- - Inappropriate controls allowing for unauthorised use of information;
- - Breaches in the Company’s IT systems and security;
- - Unauthorised access to computer systems e.g. hacking;
- - Viruses or other security attacks;
- - Breaches of physical security where data is kept;
- - Leaving IT equipment unattended allowing unauthorised access;
- - Emails containing personal data sent in error to the wrong recipient.
The Company may disclose your personally identifiable information as required by rules and regulations and when the Company believes that disclosure is necessary to protect our rights and/or to comply with any proceedings, court order, legal process served or pursuant to governmental, intergovernmental or other regulatory bodies.
The Company shall not be liable for misuse or loss of personal information or otherwise on the Company’s website(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorised use of your personal information due to misuse or misplacement of your passwords, negligent or malicious intervention and/or otherwise by you or due to your acts or omissions or a person authorized by you (whether that authorization is permitted by the terms of our legal relationship with you or not).