Personal Information: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
cold storage: means storage of Personal Information on a server that is not directly connected to the internet and, thus, cannot be connected with by unauthorised personnel and/or third party entities.
Sub-processor(s): means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.2 Personal information and purpose of processing
During Account creation and registration, the Customer is obligated to provide certain Personal Information. This data, as described below, serve to identify the Customer and are the minimum requirements following European and/or national laws and regulations.
French law dictates and obligates Phoenix to require Customers with a French nationality to upload an identification document as well as a proof of residence, before these Customers may make use of the Services.
The following information is collected, processed and/or stored by Phoenix:
In addition, the Customer has the voluntary choice to provide additional Personal Information in order to step up the level of their Account. A higher level equals higher buying and selling limits.
If a Customer has chosen to provide additional Personal Information, and when it has been verified and validated by Phoenix employees, this data will constitute an addendum to the Agreement and the Services (as explained in the Terms) from the moment of awarding the higher level.
This means that the Customer gives permission for adding the additional Personal Information to his/her Account. It is a necessity for the Customer to have a functioning Account in order to use the Services as provided by Phoenix. The partial withdrawal of consent for the collection, processing and/or storage of Personal Information is therefore not possible - as this would result in an unreasonable and disproportionate burden on the business operations of Phoenix.
The following information is provided voluntarily by the Customer and subsequently collected, processed and/or stored by Phoenix:
Phoenix retains the right to, in light of providing adequate customer support, request the Customer to verify his/her identity.
1.3 Legal persons and partnerships
The following information is collected, processed and/or stored by Phoenix:
1.4 Enhanced Due Diligence (EDD)
Phoenix retains the right to subject Customers to an EDD procedure, in the event Phoenix is obligated by law to do so or when it has reasons to believe EDD is a necessity for entering into a business relation with a Customer.
EDD procedures encompasses, among others: video-verification; inspection of the transparency register; establishing whether the Customer is a politically exposed person; establishing whether the Customer is listed on a sanction-list.
1.5 Information collected, processed and/or stored when requiring Customer support
For adequate Customer support, Phoenix has employed the Zendesk, Inc. platform. Zendesk, Inc. (Zendesk) serves as a Sub-processor of certain Personal Information as it collects, processes and stores that information to make sure the best support can be given by Phoenix.
1.5.1 The following information is collected, processed and/or stored by Zendesk, Inc.
If Customer requires customer support via the live chat on the Website, the Customer will receive a transcript of those proceedings automatically. Also, the Customer is free to use the function to extract the transcript after each live chat.
Phoenix respects the privacy of all its visitors and Customers. Therefore, Personal Information, privacy and the information needed for the prevention of fraud, money laundering and financing terrorism are constantly carefully weighed within the limits of legislation and regulations.
Information provided to Phoenix by visitors and Customers remain classified and will not be shared with any third party, unless i) court order forces Phoenix to provide confidential data and ii) in the event of fraud or undesired actions, provided such data requests are individually focused and substantiated.
3. Know Your Customer
Like all companies active in the financial sector, Phoenix obliges itself to the Know Your Customer ("KYC") principle. The KYC process includes a number of verification steps, depending on the range of services desired. The KYC-policy is further explained in paragraph 9 of the Terms.
4.Use of information
Phoenix can use the information provided by the Customer for a number of purposes, e.g.:
5. Security and retention period
Various security measures ensure the confidentiality of visitors and Customer data and protect such data against loss, abuse or modification. Access to the data is protected by a password and an additional 2-factor authentication. Within Phoenix only specifically authorized staff members have access to the confidential data.
The safety measures are reviewed in accordance with legal and technical developments. Notifications will be posted on the Website.
Identifiable information required for the services of Phoenix will be saved if necessary. All data is stored offline for 5 (five) years after termination of a Customer Account, in line with the General Data Protection Directive as well as the Fourth Anti-Money Laundering Directive and any subsequent or supplementary Union or national law. Regular inspections by Phoenix’s compliance-department and third party specialists warrant that Phoenix data security and safety measures are up to standards.
6. Customer rights and obligations in relation to Personal Information
The Customer also recognises that Phoenix collects, processes and/or stores such Personal Information in accordance with the General Data Protection Regulation as well as the Fourth Anti-Money Laundering Directive and any subsequent or complementary Union or national law.
6.2 Withdrawal of consent
The Customer is free to withdraw consent at any given time, however, the Customer also recognises that the withdrawal of consent does not affect the lawfulness of processing based on given consent prior to withdrawal.
If the Customer withdraws consent in relation to the collection and processing of Personal Information - where such information is crucial to the execution of the business relationship between the Customer and Phoenix - the Customer, effectively, requests for their Account to be terminated as this would inhibit Phoenix to adhere to Union or member state law.
Following ‘paragraph 1.2 Personal Information and purpose of processing’ and specifically the provision and giving consent with regards to additional Personal Information: although the act of giving consent implies the right to withdraw such consent, the sporadic withdrawal of consent for collection, processing and/or storage of additional Personal Information would unreasonably disrupt business processes. In order to ensure a process that is as flawless as possible, the provided additional Personal Information becomes an inherent part of the Account of the Customer. By this very fact follows that partial withdrawal of consent is not possible. Should a Customer wish to withdraw consent, the Customer should terminate the Account.
6.3 Termination of the account
The Customer has the right to terminate their Account at any given time and the Customer may initiate this process by following the instructions as provided under the “Account settings” in their personal environment on the Website. Termination of the Account can only be honoured if the Customer does not have any open buy- or sell orders or any other disputes relating to their Account.
Phoenix recognises the termination of the Account as a valid request for withdrawal of consent.
6.4 Right of access
The Customer has the right to access the Personal Information collected and stored by Phoenix. Any such requests must be directed to the designated Data Protection Officer (DPO), otherwise the request will not be taken under advisement. The DPO shall take the request under advisement and provide communication to the Customer concerning; the Personal Information it collects, stores and processes; the purpose; retention period; right to lodge a complaint with the Supervisory Authority; right to rectification and right to erasure.
Phoenix shall provide, within 1 (one) month, the requested data or reasons explaining the grounds on which it cannot provide such information. Furthermore, Phoenix has the right to further extend the aforementioned period with 2 (two) months, provided the Customer has been notified of this within the original timeframe.
The Personal Information shall, in principle, be provided to the Customer, free of charge, in a structured, commonly used and machine-readable format unless the Customer specifically requests otherwise. The Customer has the right to request Personal Information, from the DPO, free of charge, once per calendar-year.
The Data Protection Officer may be contacted, via email, at: firstname.lastname@example.org
The Customer specifically requests access to the collected, processed and/or stored data and includes at least the following identifiable information: registered first- and last names and the registered email-address. The Customer may include additional information (such as an Order ID). This is imperative because the Data Protection Officer has to be able to test, in a reasonable and simple manner, whether the applicant has legal right to receive (access to) the Personal Information. The DPO may, at his/her own discretion, require additional information from the Customer in order to determine their identity.
7. Transfer of Personal Information
Phoenix will never transfer, sell, rent, lease or otherwise make available, personal data to third parties, unless required to do so under Union or member state law and/or to assist the Financial Intelligence Unit (FIU) and/or to assist with national law enforcement agencies and/or to protect Phoenix' financial position in case of fraudulent orders or default payments. Should such a request be made to Phoenix, Phoenix will notify the Customer without undue delay - unless Phoenix is prohibited from doing so.
In order to provide the Services to Customers, Phoenix may enter into contract with third-party processors which support, or make available, certain (parts of the) Services.
Service specific Sub-processors:
United States of America
LexisNexis Business Information Solutions BV
(Enhanced) customer due diligence
9. Filing a complaint with the National Supervisory Authority (NSA)
Customer may file a complaint directly to the NSA. Customer may choose to file a complaint to the NSA in their country or file a complaint with the Dutch NSA, which, by virtue of Phoenix having legal residence in the Netherlands, will be the Lead Supervisory Authority. Each European member state has designated a person or institution which has competences related to data protection. The NSA can be reached at the following contact details:
A full overview of all the NSAs in the European Union and their contact information can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Release date: 12 June 2018