Log in
Sign up
Trading
Trading platforms
Markets
Company
Partners
Professional

PRIVACY POLICY

1. Introduction

AddUp Markets Ltd (hereinafter the “Company”, “AddUp” and / or “we”) is regulated by the Financial Services Commission, Mauritius (“FSC”) under license number GB25204451 as an Investment Dealer (Full Service Dealer, Excluding Underwriting) for the provision of securities trading services for retail and institutional clients.

We understand the importance of maintaining the confidentiality and privacy of personal information that we hold about our clients and others. We are bound by the Mauritius Data Protection Act 2017 (DPA), and where applicable, with the best practices under international data protection frameworks such as the General Data Protection Regulation (GDPR).

This Privacy Policy (the “Policy” or “Privacy Policy”) explains how AddUp collects, processes and discloses personal information through its websites, mobile applications, and other online products and services that fall under this Policy (collectively, the “Services”) or when clients otherwise interact with us. By accessing or using our website and by registering for or using our Services, you acknowledge that you have read and understood this Privacy Policy and that your personal data will be processed in accordance with it. Where the processing of personal data is based on consent, such consent will be obtained expressly. In other cases, personal data will be processed on the basis of contractual necessity, legal obligation, or legitimate interests, as described in this Policy.

This Policy will be reviewed periodically to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. You should check this page from time to time to ensure that you are happy with any changes. Any information held will be governed by our most current Policy.

Should you have any question or concern regarding your personal data please contact us at: dpo@addup.net.

2. Collection and processing of personal information

2.1. We may collect and process the following data about you:

  • ● Identity data includes full name or its parts, username or similar identifier, marital status, title, date and place of birth, nationality, tax number, gender, information from your identity document(s), employment status and related information and your pictures/pictures of your identity (including biometric information such as a visual image of your face) or other document(s) we may request from time to time.
  • ● Contact data includes billing address, residential address, email address and telephone number.
  • ● Screening data includes close connections, political background and information pertaining to sanctions and adverse media.
  • ● Risk assessment data includes client risk score and client risk categorisation.
  • ● Economic and appropriateness data includes employment status, annual income, source of income, current value of wealth, investment plans, investment objectives, trading experience, level of education.
  • ● Financial data includes bank account and payment card details.
  • ● Transaction data includes details about payments to-and-from you in relation to our services.
  • ● Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.
  • ● Communication data includes communication between you and AddUp, including chats, call recordings and emails.
  • ● Profile data includes your username and password, your interests, preferences, feedback and survey responses.
  • ● Usage data includes information about how you access our Services and use our Services, including user sessions (screen) recordings in some cases.

2.2. We collect your personal information in a number of ways related to the use of our Services provided through our website which we will store and process, specifically:

  • ● when you submit your contact details on the website related to an enquiry requesting for information
  • ● when you sign up for an account on our website and use this account to access our Services;
  • ● when we obtain personal data about you from qualified third parties in the process of signing you up to our Services, for example for credit checks, document verification and background checks;
  • ● we may also access publicly available information from social media accounts to better understand our clients’ interests;
  • ● when you provide your details to us in hardcopy versions of these forms or in letters related to our Services
  • ● when you apply for or purchase any of our other products or services
  • ● when you fill out a survey, or vote in a poll on this website while logged in under your name; and
  • ● when you tell your details to our customer agents or when you interact with us through our communications channels.

When you use the Services we may also automatically collect technical data through the use of cookies and similar technologies. In addition, we may also collect IP addresses via a web analytics package.

2.3. AddUp will only ask you to supply personal information and only such information where we believe that it is necessary to provide Services you have applied (or are in the process of applying for), or if it relates to a legal or regulator requirement and only if it is in our clients’ interest to do so.

2.4. AddUp, as a data controller, may only use your personal data if there is a lawful basis for such use. The most common lawful bases used by AddUp are:

  • ● Consent: in some cases, we may process your personal data only if we obtain your prior consent;
  • ● Performance of a contract: we will require your personal data to be able to offer you the Services in accordance with the contract terms between you and us;
  • ● Compliance with a legal obligation: due to the nature of the Services we provide, the laws applicable to our activities require us to collect and store certain data about you; and
  • ● Legitimate interests: sometimes we rely on our legitimate interests to process your data, such as for fraud prevention, network and information security, and product development (e.g., to improve our Services). We only rely on this basis when a Legitimate Interest Assessment (LIA) shows that your interests or fundamental rights are not overridden.

2.5. If you fail or refuse to provide the personal data we need to deliver the Services to you and/or to meet our legal obligations (i.e. compliance with anti-money laundering rules and legislation); you will be unable to access the Services.

3. Use of personal information

3.1. We will use your personal information for one or more of the following purposes:

  • ● To ensure that the content in our website is presented to you in the most effective manner;
  • ● To provide you with products and services that you request from us or, where you have consented to be contacted, for products and services that we feel may be of interest to you;
  • ● Managing and administering the products and services provided to you;
  • ● Keeping you updated as a client in relation to changes to our services and relevant matters;
  • ● To carry out our obligations arising from any contracts entered into between you and us;
  • ● To comply with applicable legal and regulatory obligations, including anti-money laundering (AML) and countering the financing of terrorism (CFT) regulations, thereby ensuring our Accountability under the DPA 2017.

3.2. If at any time you wish to withdraw your consent to the use of your personal information for marketing purposes, then please contact us at dpo@addup.net. You may be required to submit a proof of your identity and sufficient evidence of the information that you want us to change.

4. Disclosure of your personal information

4.1. Depending on the products and services concerned and the relevant restrictions on sensitive

data, personal information may be disclosed to:

  • ● Affiliates, associates and / or potential successors in title to our business;
  • ● Third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us;
  • ● Any organisation or person acting on your behalf to whom you request us to provide information, including your financial advisor, broker, solicitor or accountant;
  • ● Third parties where it is necessary to process a transaction or provide services you have requested;
  • ● Trade Repository or similar;
  • ● Banks (where they request additional information following payments that you have made); credit providers, courts, tribunals and regulatory authorities in response to legal and regulatory requests or other government agencies, as agreed or authorised by law; auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate;

4.2. These disclosures of personal information will only take place in accordance with the law and for the purposes listed above. All third parties with whom we share your data are contractually obliged to maintain its confidentiality and security and to use it solely for the specified purpose.

4.3. AddUp will not sell or otherwise give access to your personal data to any third party for commercial interests or advertising except for the purpose of fulfilling our legal or contractual obligation or where we have your permission.

5. Cookies and similar technologies

5.1. We may use cookies for various purposes when you access or use the Services. Cookies are small amounts of information that are stored on your computer to enable our server to collect certain information from your web browser. Cookies in themselves do not identify the individual, just the computer used. Cookies and other similar technology make it easier for you to log on to and use the website during future visits. Some of the cookies we use include session cookies, persistent cookies, and third-party cookies, such as those used by analytics providers (e.g., Google Analytics) to help us understand how users interact with our website. Our cookies are used to keep track of your online session, they are maintained throughout multiple sessions on the site. Our cookies do not collect any personal identifying information or confidential information such as passwords or policy numbers. Most browsers are initially set to accept cookies, but you can alter this if you prefer. However, if you disable session cookies some parts of our website will not function as designed. For more information about our use of cookies, please refer to the Cookie Policy on our website.

6. Your rights

6.1. With regards to our collection and processing of your personal data you have the right to (subject to applicable exceptions):

  • ● Obtain confirmation from us as to whether we process your personal data.
  • ● Access your personal data processed by AddUp.
  • ● Correct your personal data.
  • ● Withdraw consent and remove your personal data we collected on the basis of your consent.
  • ● Obtain restriction of processing, for instance, where you contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data,
  • ● Have your personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
  • ● Erasure of your personal data under certain circumstances. AddUp is obligated to keep records of client’s details and trades for a minimum period of seven (7) years from the end of business relationship with you according to the relevant regulations.
  • ● Object to our processing of your personal data when the processing is related to the performance of our task carried in the public interest or the exercise of official authority vested in us. The other case is if we process your data for the purposes of the legitimate interests pursued by us or by a third party and you believe that such interests are overridden by your interests or fundamental rights and freedoms. If you make a request objecting to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing. ● Lodge a complaint with the supervisory authority. Please contact the Data Protection Commissioner of the Data Protection Office of Mauritius at dpo@govmu.org, or visit Data Protection Office (Mauritius) for instructions.

If you wish to make use of any of the above rights please contact us at dpo@addup.net stating your account number and question related to any of the above rights. We aim to respond to any valid request without undue delay and, in any event, within 28 days from receipt of the request, which may be extended by up to 2 months for complex requests, as permitted under the Mauritius Data Protection Act 2017.

7. Retention of your personal information

7.1. Generally, we will retain your personal data for as long as necessary to fulfil the specific purpose we collected it for, including the purpose of satisfying any legal, accounting, reporting requirements and our legitimate interests. For example, your personal data will be generally stored for the period required by the Securities Industry (Anti Money Laundering and Countering the Financing of Terrorism) Rules, namely not less than seven (7) years after the end of the business relationship with AddUp. In certain cases the authorities may require us to store the personal data longer if they deem it necessary (e.g. in case of an ongoing investigation. If the purpose for keeping personal data has lapsed, we will destroy or anonymise the data as soon as is reasonably practicable. For example, your personal data will be stored for the period required by the Securities Industry (Anti Money Laundering and Countering the Financing of Terrorism) Rules, namely not less than seven (7) years after the end of the business relationship with AddUp.

7.2. We review the necessity of retaining personal data annually to ensure continued compliance with our legal obligations and business requirements.

7.3. We may keep an anonymised form of your personal information, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.

8. Safeguard Measures

8.1. We take all reasonable and appropriate technical and organisational measures to protect all personal data collected by us from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction. Our security measures include, but are not limited to, data encryption in transit and at rest, access control protocols, secure data storage, regular penetration testing, and employee data protection training. We will not keep your personal information for any longer than is required. Although we endeavour to protect your personal data, because of the nature of the Internet, we cannot guarantee the security of any data that you transmit to the website. Furthermore, any inward transmission of data, such as email, is carried out at your own risk.

9. Children’s Privacy

###9.1. Our Services are not intended for individuals below the age of 16, as this is the age of data consent under the DPA 2017. We do not knowingly collect personal information from individuals below this age. If we become aware that we have inadvertently received personal data from an individual below the age of 16 without verifiable parental consent, we will delete such data immediately.

10. Automated decision-making

10.1. To offer you the Services and comply with our obligations under applicable laws, we will make a decision about you based solely on automated processing. Such cases include:

● When you submit your economic and appropriateness data in the relevant questionnaire, our system will automatically make a decision whether you can be allowed to trade. We may deny your access to the Services due to lack of experience and/or knowledge.

● Our anti-fraud systems may automatically detect patterns that may suggest fraudulent activities with respect to your account. We will warn you about such activities to prevent possible fraud.

● Our systems automatically determine the client’s risk profile based on a number of risk factors we consider in accordance with the laws and our internal procedures. The risk score allows AddUp to determine the appropriate customer due diligence procedures it must follow.

10.2. You have the right to request human intervention, to express your point of view and to contest decisions made solely based on automated processing, where such decisions produce legal or similarly significant effects concerning you.

11. International transfer of personal data

11.1. We may transfer your personal data to a third party in countries outside Mauritius for further processing in accordance with the purposes set out in this Privacy Policy. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.

12. Linked websites

12.1. We are not responsible for the privacy policies and practices of other websites even if you accessed a third-party website using links from our website. We recommend that you check the privacy policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.

13. Privacy Policy updates

13.1. We reserve the right to revise or modify this Privacy Policy. In addition, we may update this Privacy Policy to reflect changes to our data practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account), or by means of a notice on our website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

14. Contact information

14.1. If you have questions about this Privacy Policy or our privacy practices, or if you are seeking to exercise any of your rights you can contact us at dpo@addup.net.

14.2. You have the right to lodge a complaint at the Data Protection Commissioner of the Data Protection Office of Mauritius.

E-mail: dpo@govmu.org