Privacy Policy
Transparency is core to our business. Understand how we collect, protect, and manage your data in accordance with Mauritius and International Law.
Contents
1. Introduction
Vertex1 Brokers Limited ("Vertex", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from), use our trading platforms (including mobile and web applications), or interact with our partner ecosystem.
This policy guides you through your privacy rights and how the law protects you. It is drafted in compliance with the Mauritius Data Protection Act 2017 (DPA 2017) and aligns with the principles of the General Data Protection Regulation (EU) 2016/679 (GDPR).
2. Important Information and Who We Are
2.1. Controller
Vertex1 Brokers Limited is the data controller and is responsible for your personal data. We are a private company limited by shares incorporated in the Republic of Mauritius and licensed as an Investment Dealer (Full Service Dealer, excluding Underwriting) by the Financial Services Commission (FSC).
2.2. Contact Details
If you have any questions about this privacy policy, please contact our Data Protection Officer (DPO):
Legal Entity
Vertex1 Brokers Limited
Reg No: C123456
Data Protection Officer
Mr. Simbarashe Mashingaidze
Head of Business Development & Risk
Nalletamby Road, Phoenix, 73538, Mauritius.
3. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
First name, maiden name, last name, username, marital status, title, date of birth, gender, passport number, national ID card number, tax ID.
Billing address, residential address, email address, and telephone numbers.
Bank account details, payment card details (tokenized), mobile money wallet numbers, crypto wallet addresses, source of funds evidence.
Details about deposits, withdrawals, trading history, profit/loss statements, and partner rebate accruals.
IP address, login data (cTID), browser type, time zone, device info, and OS used to access our platforms.
Facial recognition data collected during liveness checks (Special Category Data).
3.1. Failure to Provide Personal Data
Where we need to collect personal data by law (e.g., under the Financial Intelligence and Anti-Money Laundering Act 2002), or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract (e.g., provide you with a trading account). In this case, we may have to cancel your service.
4. How Is Your Personal Data Collected?
- Direct Interactions: You providing data by filling in forms (Account Application, IB Application) or corresponding with us by post, phone, email, or WhatsApp.
- Automated Technologies: As you interact with our website and cTrader platforms, we automatically collect Technical Data about your equipment and browsing actions via cookies and server logs.
- Third Parties:
- Identity Data from verification partners (Sumsub).
- Technical Data from analytics providers (Google Analytics, Cloudflare).
- Financial Data from payment providers (Paytiko, Deus X Pay, Corpay).
- Compliance Data from global sanctions lists (World-Check).
5. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Processing your trades, deposits, and account management.
Complying with AML/CFT laws, tax reporting, and FSC regulations.
Fraud prevention, network security, and business analysis.
6. Automated Decision Making & Profiling
We utilise automated decision-making processes to streamline our onboarding. You have the right to request human intervention regarding any decision based solely on automated processing.
- Risk Scoring: Our internal systems automatically assign a risk score (Low, Medium, High) based on your country, IP, and financials to determine Due Diligence levels.
- Identity Verification: We use Sumsub AI to compare your live biometric data with your ID photo. If rejected, you may appeal for manual review.
7. Disclosures of Your Personal Data
We may share your data with the following parties for the purposes set out in Section 5:
- Internal: Vertex Group companies acting as processors.
- Platform Providers: Spotware Systems (cTrader) for trading infrastructure.
- CRM Providers: Fynxt for client management and rebates.
- Verification: Sumsub (UK/EU) for KYC checks.
- Payments: Paytiko, Deus X Pay, Corpay for transaction processing.
- Professional Advisers: Lawyers, bankers, auditors (Anathiva), insurers.
- Regulators: FSC Mauritius, FIU, and tax authorities.
8. International Transfers
We are a global business. While our headquarters are in Mauritius, our technology infrastructure is distributed. Your data may be processed on servers in London (LD5) and New York (NY4). We ensure protection by using Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EEA/Mauritius.
9. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.
10. Data Retention
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for.
Regulatory Requirement: Under the Financial Intelligence and Anti-Money Laundering Act 2002, we are required to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for seven (7) years after they cease being customers.
11. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
Receive a copy of the personal data we hold about you.
Correct any incomplete or inaccurate data we hold about you.
Ask us to delete data where there is no good reason for us continuing to process it (subject to AML laws).
Object where we rely on a legitimate interest or for direct marketing.
Ask us to suspend processing (e.g., if you want us to establish its accuracy).
We will provide your data to you or a third party in a structured, machine-readable format.
15. Marketing Communications
You may receive Service Communications (mandatory updates about your account, margin calls) and Marketing Communications (optional offers). You can opt-out of marketing at any time via the "Unsubscribe" link or your Client Portal settings. We do not sell your data to third parties.
16. Processing of Biometric Data
To comply with KYC requirements, we process Biometric Data (Special Category) during the Liveness Check via our partner Sumsub.
- Purpose: To verify you are a real human and match your ID photo.
- Storage: Vertex does not store raw biometric templates. Sumsub stores this data on secure EU servers in compliance with GDPR.
- Consent: By proceeding with onboarding, you explicitly consent to this processing.
19. Complaints and Regulatory Recourse
We take your privacy concerns seriously. If you believe we have mishandled your data, please contact our DPO at privacy@vertex1brokers.com first.
Right to Lodge a Complaint
If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority:
End of Privacy Policy • Vertex1 Brokers Limited