MARKET SYSTEMS LIMITED

Controller: MARKET SYSTEMS LIMITED (“Market Systems”, “we”, “us”, “our”)
Company number: 07115124
Registered office / correspondence address: 49 Long Lane, Cambridge, United Kingdom
Email (privacy enquiries and rights requests): info@marketsystems.org (subject line: “Privacy Request”)

Version: 1.4
Effective from: 01 June 2024
Last reviewed: 01 April 2025

1. Overview

1.1 This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you:
(a) visit our website;
(b) create and use a Platform account (including Subscriptions for signals and analytics);
(c) contact support (including via support chat and file uploads); and/or
(d) apply for, open, or use trading services (where offered) under a separate Customer Agreement.

1.2 “Personal data” means any information relating to an identified or identifiable individual. This Policy is intended to meet transparency requirements under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

1.3 This Policy applies to you if you are a visitor to our website, a Platform user, a subscriber, a prospective client, or a trading client. If you provide personal data about another person, you confirm you are authorised to do so and to allow us to use it as described here.

1.4 If you do not agree with this Policy, you should not use our website or Platform and should not submit personal data to us.

2. Roles and scope of responsibility

2.1 Data controller. Market Systems is the data controller for the personal data described in this Policy.

2.2 Processors. We use service providers (data processors) to support our operations (e.g., hosting, security, analytics, communications, payment processing, customer support tooling). We require them to process personal data only on our instructions and to maintain appropriate security.

2.3 Separate trading relationship. If you apply for or use CFD trading services, additional data processing is required (including identity verification and financial crime controls). Those activities are also covered by this Policy (unless a product-specific notice states otherwise).

3. Personal data we collect

We collect personal data in the categories below. What we collect depends on how you use our services.

3.1 Data you provide to us

Account and profile data

• name (where provided), username/handle, email address, password (stored as a secure hash), account settings and preferences;
• subscription plan selection and entitlements;
• marketing preferences and communication settings.

Subscription and billing data

• billing name and billing address (where required);
• payment status, invoices, transaction references, and plan renewal history.

(We generally do not store full card numbers. Payment card data is typically handled by our payment processors.)

Support and communications

• support chat messages, emails, and correspondence;
• files you upload in support chat (e.g., screenshots, documents, logs);
• information you choose to provide in a support request (which may include personal data).

Trading onboarding and trading services (if applicable)

• identity and verification data (e.g., date of birth, nationality, government-issued ID details, proof of address);
• financial and suitability/appropriateness-related information (e.g., trading experience, financial circumstances, objectives), as required by applicable rules;
• account and transaction data relating to trading activity and platform usage in connection with trading services.

3.2 Data we collect automatically

Device and usage data

• IP address, device identifiers (where available), device type, operating system, browser type/version, language settings;
• pages visited, features used, timestamps, clicks/interactions, and error logs;
• approximate location derived from IP address.

Cookies and similar technologies

• cookie identifiers and related information as described in Section 10.

3.3 Data we receive from third parties

Depending on your use:

• Payment processors: payment confirmation, partial payment identifiers, chargeback/refund status;
• Identity verification and screening providers (for trading onboarding, where applicable): verification results and risk/screening indicators;
• Analytics and security providers: aggregated usage metrics, fraud signals, and performance diagnostics;
• Social login providers (if enabled): limited profile identifiers (e.g., email address) depending on what you authorise;
• Public and regulatory sources (where applicable): sanctions lists, PEP/adverse media screening indicators, and similar compliance datasets.

4. How we use personal data and our lawful bases

We process personal data only where we have a lawful basis under UK GDPR. The main purposes and bases are:

4.1 Provide and operate the Platform and Digital Services (Contract)

• create and administer your Platform account;
• deliver Subscriptions (signals, analytics, research, dashboards) and enable access to paid features;
• provide customer support and manage support tickets and chat;
• send service communications (e.g., confirmations, security notices, subscription renewal notices).

Lawful basis: performance of a contract with you; and/or steps at your request before entering into a contract.

4.2 Payments, accounting, and administration (Contract / Legal obligation / Legitimate interests)

• process Subscription payments and manage billing;
• maintain accounting records and audit trails;
• prevent non-payment and manage disputes.

Lawful basis: contract; legal obligations; legitimate interests (administration and business continuity).

4.3 Trading onboarding and trading services (Contract / Legal obligation)

Where you apply for and/or use trading services (if offered):

• identity verification and onboarding;
• appropriateness/eligibility assessments where required;
• execution support, account administration, and recordkeeping;
• compliance monitoring and reporting.

Lawful basis: contract; legal obligations (regulatory compliance).

4.4 Security, fraud prevention, and misuse detection (Legitimate interests / Legal obligation)

• protect accounts and prevent unauthorised access;
• detect and prevent fraud, abuse, and cyber incidents;
• monitor and investigate suspicious activity;
• enforce our Terms of Use and other agreements.

Lawful basis: legitimate interests (security and risk management); and legal obligations (where applicable).

4.5 Improve and develop our services (Legitimate interests)

• analyse how users engage with the Platform;
• diagnose issues, debug errors, and improve performance and reliability;
• test and develop new features.

Lawful basis: legitimate interests (service improvement). Where cookie/analytics consent is required, we rely on consent for those technologies.

4.6 Marketing (Legitimate interests / Consent)

• send product updates and marketing communications where permitted;
• tailor marketing based on your preferences and usage (where legally permitted and/or consented).

Lawful basis: legitimate interests (direct marketing) and/or consent (where required).

4.7 Legal and regulatory claims and disputes (Legal obligation / Legitimate interests)

• comply with legal process and regulator requests;
• establish, exercise, or defend legal claims;
• manage complaints and disputes.

Lawful basis: legal obligation; legitimate interests (legal protection).

5. Marketing communications and opt-out

5.1 You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us at info@marketsystems.org.

5.2 We may still send non-marketing communications that are necessary to provide the service (e.g., security notices, billing messages, changes to terms, or important operational notifications).

6. Support chat and file uploads

6.1 What you should not upload. You should not upload:
(a) malware or harmful code;
(b) personal data of third parties unless you are authorised and it is necessary for support;
(c) special category data (e.g., health data) unless strictly necessary and you have a lawful basis to share it.

6.2 How we handle support content. Support messages and files may be stored in our support systems, accessed by authorised staff/contractors, and used to resolve issues, improve support quality, and maintain audit trails.

6.3 Security scanning. We may automatically scan uploads for security threats and may block, quarantine, or delete content that presents risk or breaches our Terms.

7. Sharing and disclosure of personal data

We do not sell personal data. We may disclose personal data to:

7.1 Service providers (processors) supporting our operations, such as:

• cloud hosting, storage, and infrastructure providers;
• payment processors and billing platforms;
• customer support and communications tooling;
• analytics, performance monitoring, and security providers;
• identity verification and financial crime compliance providers (where applicable to trading onboarding);
• professional advisers (legal, accounting, audit).

7.2 Regulators and authorities where required or appropriate:

• the FCA and other competent authorities;
• courts, law enforcement, tax authorities, and dispute resolution bodies, where required by law or to protect legal rights.

7.3 Business transfers. If we undergo a merger, acquisition, reorganisation, or sale of assets, personal data may be disclosed to prospective or actual buyers and advisers, subject to confidentiality and lawful safeguards.

7.4 Affiliates. If we operate through group entities or affiliated companies, we may share personal data within the group for administrative, security, and service delivery purposes, subject to appropriate controls.

8. International data transfers

8.1 Your personal data may be processed in countries outside the UK (for example, where our service providers or their sub-processors operate).

8.2 Where we transfer personal data internationally, we implement lawful safeguards as required, which may include:

• the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses;
• transfers to countries recognised as providing adequate protection (where applicable); and
• additional technical and organisational measures where appropriate.

8.3 You may contact us to request further information about our international transfer safeguards.

9. Data retention

9.1 We retain personal data only as long as necessary for the purposes described in this Policy, including legal, regulatory, accounting, and security requirements.

9.2 Typical retention periods (may vary by context and legal requirements):

• Platform account data (non-trading): for the life of the account and a reasonable period after closure (commonly up to 24 months) for security, dispute handling, and operational continuity.
• Support chat and uploads: typically up to 24 months, unless longer retention is required due to an ongoing dispute, fraud investigation, or legal obligation.
• Billing and finance records: typically 6 years (or longer where required) for tax and accounting.
• Trading onboarding, verification, and trading records (where applicable): retained for periods required under applicable financial services recordkeeping and financial crime obligations, which may extend several years after the client relationship ends, and may be extended for investigations or litigation.
• Security logs: typically 6–18 months depending on risk and operational needs.

9.3 We may retain and use data in an anonymised or aggregated form (where it no longer identifies you) for analytics and service improvement.

10. Cookies and similar technologies

10.1 We use cookies and similar technologies for:

• strictly necessary functions (security, login sessions, fraud prevention);
• preferences (remembering settings);
• analytics/performance (understanding usage and improving reliability); and
• marketing/advertising (where used and permitted).

10.2 Where required by law, we will request your consent for non-essential cookies. You can control cookies through our cookie banner/settings (where available) and through your browser settings. Blocking certain cookies may affect functionality.

11. Automated decision-making and profiling

11.1 We may use automated tools to support:

• fraud and abuse detection;
• security risk scoring;
• operational monitoring (e.g., detecting unusual logins);
• compliance screening for trading onboarding (where applicable), including sanctions/PEP screening.

11.2 Where a decision producing legal or similarly significant effects is made solely by automated means, we will provide appropriate information and, where required, enable you to request human review, express your point of view, and contest the decision, in accordance with UK GDPR.

12. Security of personal data

12.1 We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Measures may include access controls, encryption in transit, secure credential handling, monitoring, staff training, and least-privilege access.

12.2 No system is completely secure. You are responsible for keeping your credentials confidential and for securing the devices you use to access the Platform.

13. Your rights (UK GDPR)

Subject to applicable conditions and exemptions, you may have the right to:

• Access your personal data;
• Rectify inaccurate or incomplete personal data;
• Erase personal data (where applicable);
• Restrict processing;
• Object to processing (including direct marketing and certain legitimate interest processing);
• Data portability (where processing is based on contract or consent and carried out by automated means);
• Withdraw consent at any time where we rely on consent (withdrawal does not affect prior lawful processing).

To exercise rights, contact us at info@marketsystems.org. We may need to verify your identity before responding.

14. Complaints

14.1 If you have concerns about our privacy practices, please contact us first at info@marketsystems.org and we will seek to resolve the issue.

14.2 You also have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner’s Office (ICO).

15. Children

Our website and Platform are not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will be posted on our website/Platform and will apply from the stated effective date. Where required, we will provide additional notice of material changes.