Effective as of May 23, 2018 (the "Effective Date")
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, during the business relationship. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We ask that persons under the age of 18 (which we treat as children and minors) refrain from using our Service or submitting any personal information to us. Persons under the age of 18 years are not eligible to use our Service and if we discover that someone under the age of 18 has registered a Profile with us, we will close it.
Introduction the DPA regulates the processing of personal data. Its definition of personal data covers all information relating to identifiable living individuals which is held on computer, in another 'automatically-process able' format or in a manual filing system which is structured so as to facilitate access to information relating to particular individuals. (Information relating to companies and other “legal‟ persons is not caught). Its definition of processing covers any conceivable activity in relation to personal data, including collection, analysis, processing in the ordinary sense of the word, storage, disclosure, international transfer and deletion.
On a day to day basis we have to process personal data in various circumstances and in relation to various categories of individual. This Policy deals specifically with personal data collected in the context of the establishment and management of our customer relationships and the execution of transactions on the instructions of our customers (Customer and/or Transaction Management). It is important to remember that the DPA regulates processing of personal data relating to all individuals, not just relating to customers. Information relating to individual representatives of corporate customers, or to individuals (or individual representatives of corporate entity) elsewhere in a payment chain – for example, an ultimate payee or an individual representative of a payment institutions - is also protected by the DPA.
The UK Information Commissioner (the Commissioner) is responsible for enforcement of the DPA and has published a range of guidance on data protection issues, all of which is available on the Commissioner's
Failure to comply with this Policy may constitute a serious disciplinary offence & could result in dismissal.
the Company Nominated Officer (MLRO) is designated DP officer.
Employees with any questions about our Data Protection Policy or application circumstances you should consult the Data Protection Officer.
You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes (but is not limited to) information you provide when you register with us, transfer money using our office or websites and when you report a problem with us.
The information you give us may include:
The main reason we use this information is to provide you with details about our products and services, but we (or third-party data processors, agents and sub-contractors acting on our behalf) may also use the information:
We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have in place appropriate technical and organizational security measures to protect the personal data that we process for Customer and/or Transaction Management purposes against unauthorized or unlawful processing and accidental loss, destruction or damage.
We identify the security measures that are “appropriate‟ in the context of our business. They must deliver a level of security which is appropriate to the nature of the data and the risks associated with unauthorized or unlawful processing and accidental loss, destruction or damage. We will take reasonable steps to ensure the reliability of our employees who have access to the data.
If any aspect of our processing of personal data for Customer and/or Transaction Management purposes is outsourced to a third-party service provider now or in the future, including the outsourcing of any wider function which includes the processing of personal data, we must:
We will take reasonable steps to ensure that the personal data that we process is accurate and, where relevant. Deleting of personal data will only take place when we no longer have need of it, given the purposes for which they were processed. This does not, for example, prevent us from keeping records containing personal data which may be relevant if there is a future dispute with a customer or another person, but it does require us to delete those records when a dispute is no longer a real possibility unless we have another legitimate purpose for continuing to keep the personal data.
Whilst we do not use so-called “automated decision-taking” techniques for Customer and/or Transaction Management processes. Employees should not use such techniques except with the approval of the Data Protection Officer given on the basis of an assessment of the requirements of the DPA. The DPA's restrictions on the use of “automated decision-taking” cover systems which make decisions which significantly affect individuals solely on the basis of the automated processing of their personal data, without any human intervention
We maintain a registration with the Commissioner's office which covers our processing of personal data for Customer and/or Transaction Management (and other) purposes.
We will only retain your information for as long as is necessary for providing our service to you, usually no more than 5 years after the end of the business relationship.
Under the GDPR, individuals have:
You can always exercise your right at any time by contacting us at firstname.lastname@example.org
The GDPR mandates company to take technical and organizational measures to achieve a level of security appropriate to the imminent risk. This has become more urgent in wake of increasing cybersecurity threat to organisations. We advocate tokenisation, encryption of data, constant assurance of confidentiality, integrity, availability, and resilience of processing system and services to comply with GDPR.
The GDPR introduces mandatory security breach notification and requires administrative and technical safeguards for personal data to reduce identified risks and to prevent data breaches. The data subject is required to be notified without undue delay if the breach portends high risk to his rights and freedoms. Notification can be dispensed with if the data breach is unlikely to result in any risk to the data subject.
We will inform the supervisory authority of data breach incident within 72 (Seventy-two) hours of discovery. In addition, the company has an incidence response plan and trained its employee on how to respond.
We also, follow following Steps for processing EU personal data to comply with GDPR:
MT Global Ltd is authorised and regulated by the Financial Conduct Authority under Registration Number 565567.
Registered as a Limited Company in England and Wales Company No: 05623359.