- Who is responsible for your personal data?
The Data controller of your personal data is a company operating under the name OANDA TMS BROKERS S.A. with its registered office in Warsaw, address: ul. Złota 59, 00-120 Warsaw, entered into the register of entrepreneurs under number 0000204776.
- How to contact the Data controller?
A Data Protection Inspector has been appointed at OANDA TMS BROKERS S.A. In matters regarding the processing of personal data by the Data controller, you can contact via the following e-mail address: email@example.com.
- Data security
In connection with the conducted business activity, the Data controller collects and processes personal data in accordance with the relevant provisions, including in particular the GDPR and the principles of data processing contained therein.
OANDA ensures transparency of data processing, informs about data processing and ensures that data is collected only to the extent necessary for the purpose indicated and is processed only for the period in which it is necessary.
In order to ensure data integrity and confidentiality, the Data controller has implemented procedures enabling access to personal data only to authorised persons and only to the extent that it is necessary for their tasks.
OANDA takes all necessary actions so that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data at the request of the Data controller.
- Use of the website
When you use the OANDA website, standard information is downloaded, such as the IP address, type of search engine, language, access time and address of the page from which the user was redirected. These data can be collected by cookies and analytical tools.
In the event of contact from you through the telephone numbers, e-mail addresses or complaint form provided on the website, data related to the means of communication chosen by you and data provided during communication are also processed, if it is necessary to resolve the reported matter.
- What are "cookies" ?
Personalisation and efficiency of services provided by the Data controller requires saving and storing information on how you use the website. OANDA does this by using small text files called cookies. Cookies contain little information and are saved on the user's computer or other terminal device by the server operating the website. The web browser sends them back to the website each time a given user uses it, as a consequence the server remembers your preferences.
The Data controller informs that disabling cookies in the browser used by the user may cause difficulties or inaction of some functions of the website.
As part of the OANDA website, two types of cookies are generally used:
a) session cookies - temporary files that are stored on the user's device until logging out, leaving the website or turning off the software (web browser),
b) permanent cookies - files stored on the user's device for the time specified in the cookie file parameters or until they are deleted by the User.
Due to functionality, the Data controller divides cookies into two following groups:
a) necessary - files of key importance enabling users to navigate the website and use its functions, such as access to secure areas and to ensure security,
b) performance - files collecting information about how users use the website, which parts of the website you visit most often, and whether you receive error messages from websites. The data collected by these cookies are anonymous and only serve to improve the functioning of the website,
c) functional - files recording the choices made by users, these files can also be used to remember changes made by the user, e.g. changes in the size and font of the text.
- Social media
Overview of Facebook plugins - https://developers.facebook.com/docs/plugins/
The OANDA website also has a Messenger plugin (provided by Facebook) that allows you to contact the Data controller via live chat. This plug-in downloads data when the user entering the Data controller's website is simultaneously logged in to Messenger.
The website occasionally uses third-party internet services to display certain content, such as images or videos. As in the case of social media icons, the Data controller is not able to prevent these pages or domains from collecting information on how users use the content there.
OANDA also runs its fanpage on social media. All information contained on your profile and activities resulting from its use are directly administered by a third party (Facebook, Twitter, LinkedIn).
- Purposes and basis for data processing
Cookies are used to:
a) adapting the content of the OANDA website to the User's preferences and optimising its use; in particular, these files allow to recognize the user's device and properly display the website tailored to your individual needs,
b) creating statistics that help understand how users use the website, which allows improving their structure and content,
c) maintaining the user's session (after logging in), thanks to which you do not have to re-enter your login and password,
d) enabling interaction with social networks (e.g. publishing posts directly from the website),
The legal basis for processing in this case is the Data controller's legitimate interest (article 6 paragraph 1 letter f of the GDPR) consisting in ensuring a higher quality of service.
Contact via email addresses or traditional mail:
In the case of sending to the Data controller via e-mail or traditional correspondence not related to the agreement concluded with OANDA, personal data contained in this correspondence are processed solely for the purpose of communication and resolution of the matter to which the correspondence relates.
The legal basis for processing is the Data controller's legitimate interest (art. 6 para. 1 letter f of the GDPR) consisting in conducting correspondence addressed to OANDA in connection with business operations. The Data controller processes only personal data relevant to the case to which correspondence relates. All correspondence is stored in a manner that ensures the security of personal data contained therein (and other information) and disclosed only to authorised persons.
In the event of contacting the Data controller by phone, in matters not related to the concluded agrement, OANDA may request personal data only if it is necessary to handle the case to which the contact relates. In such a case, the legal basis is the Data controller’s legitimate interest (art. 6 para. 1 letter f of the GDPR) consisting in the need to resolve the reported case related to the business activity conducted by OANDA.
The Data controller provides the opportunity to submit a complaint via the electronic form located on the website. Using the form requires providing personal data necessary to contact you and respond to complaints. You can also provide other data to facilitate contact or service of the case. Providing data marked as mandatory is required to accept and handle complaints, and failure to provide them results in the inability to handle the case. Providing other data is voluntary. Personal data is processed to identify the person submitting the complaint and to handle the notification sent via the provided form - the legal basis for processing is the necessity of processing to perform the agreement for the provision of the service (article 6 para. 1 letter b of the GDPR); in the scope of optional data, the legal basis for processing is consent (article 6 para. 1 letter a of the GDPR).
The Data controller has public profiles on social networks (Facebook, Twitter, LinkedIn, Instagram). Therefore, OANDA processes the data that you leave when visiting these profiles (including comments, likes etc.). Personal data is processed: to enable you to take activity on the Data controller's profiles; for effective profile management; for statistical and analytical purposes; alternatively they may be processed for the purpose of pursuing claims and defending against claims. The legal basis for the processing of personal data is in this case the legitimate interest of the Data controller (article 6 para. 1 letter f of the GDPR), consisting in: promoting business activity and improving the quality of services provided, if necessary - pursuing claims and defending against claims. This information does not apply to personal data administered by website operators (links to third party privacy policies are provided in section 6 above).
Organisation of online events:
In connection with the organisation of online events, the Data controller obtains personal data from people signing up for events and participating in them. The scope of the data transferred is in any case limited to the extent necessary for the organisation of the event and usually does not include information other than name and surname and e-mail address. Such personal data is processed in order to identify participants of the event, contact them and handle participation in the event. In this case, the basis for data processing is the legitimate interest of the Data contoller (Article 6 para. 1 letter f of the GDPR), consisting in the organization of the event in connection with the submitted application for participation in the event. Personal data will also be processed for purposes related to the satisfaction survey with participation in the event and for statistical purposes. In this case, the basis for data processing is the legitimate interest of the Data controller (Article 6 para. 1 letter f of the GDPR), consisting in conducting analyzes to improve the quality of organized events. Online events may be recorded - in any case, the participant will be informed about this fact, in particular in the message displayed as part of the tool used by the Data controller to organise the online event. Recordings can be made available to event participants.
Data collection as part of business contacts:
In connection with the conducted activity, the Data controller collects personal data also in other cases (e.g. during business meetings or by exchanging business cards) for purposes related to initiating and maintaining business contacts. The legal basis for processing in this case is the legitimate interest of the Data controller (Article 6 para. 1 letter f of the GDPR) consisting in creating a network of contacts in connection with the conducted activity.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Data controller ensures their appropriate protection.
- Providing data
If you do not accept cookies, you can change your settings or disable cookies at any time in your browser.
OANDA informs that changing the configuration of the web browser, which prevents or limits the storage of cookies on the User's end device may result in functional limitations of the services provided. Deleting cookies while providing the service may lead to similar effects.
The following links provide information on how to delete cookies in the most popular web browsers:
Firefox - https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Opera - http://help.opera.com/Linux/9.60/en/cookies.html
Internet Explorer - http://support.microsoft.com/kb/278835/en
Chrome - http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647
Safari - http://support.apple.com/kb/HT1677?viewlocale=en_US
Due to the many technological solutions, it is not possible to provide precise guidelines on how to specify the conditions for storing or accessing cookies using the settings of all available telecommunications terminal equipment and software installed on this device.
- Analytical tools and third parties
The Data controller's website uses Google Analytics, a website analysis service provided by Google, Inc.
Google will use this information to evaluate your use of the OANDA website, to compile reports on website traffic and to provide other services related to website traffic.
Google may also transfer this information to third parties if it is required to do so on the basis of legal provisions or if such persons process such information on behalf of Google.
The user can disable Google Analytics by installing the Google Analytics blocking browser add-on - https://support.google.com/analytics/answer/181881?hl=en
Google Analytics cookies are stored based on art. 6 para. 1 letter of the f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both the website and the advertising process.
The Data controller's website uses Facebook conversion files to monitor the results of advertising campaigns conducted on Facebook. Facebook will use this information to evaluate your use of the OANDA website (based on art. 6 para. 1 letter of the f GDPR).
The Data controller's website uses also OSGM conversion files to monitor the results of advertising campaigns conducted on websites (based on art. 6 para. 1 letter of the f GDPR).
- User rights
The Data controller informs that in connection with the processing of personal data you have the following rights:
a) the right to information about the processing of personal data - on this basis, the Data controller provides you with a request for information on data processing, including primarily the purposes and legal grounds for processing, the scope of data held, entities to which it is disclosed, and the planned date of deletion data;
b) the right to obtain a copy of the data - on this basis, the Data controller provides you with a copy of the data processed in the event of a request;
c) the right to rectification - the Data controller is obliged to remove any incompatibilities or errors of personal data being processed and supplement them if they are incomplete;
d) the right to delete data - on this basis, you can request the deletion of data the processing of which is no longer necessary to achieve any of the purposes for which it was collected;
e) the right to limit processing - in the event of such a request, the Data controller ceases to perform operations on personal data until the reasons for the restriction of data processing cease (e.g. a decision of the supervisory authority allowing further processing of data is issued);
f) the right to transfer data - on this basis - to the extent that the data is processed in an automated manner in connection with the concluded agreement or consent - the Data controller issues the data provided by you in a format that allows data to be read by a computer. It is also possible to request that the data be sent to another entity, however, provided that there are technical possibilities in this respect both on the part of the Data controller and the indicated entity;
g) the right to object to the processing of data for marketing purposes - you can object to the processing of personal data for marketing purposes, without giving any reason;
h) the right to object to other purposes of data processing - you can at any time oppose - for reasons related to your particular situation - the processing of personal data that is based on the legitimate interest of the Data controller (e.g. for analytical or statistical purposes), objection in this respect it should contain a justification;
i) the right to withdraw consent - if the data are processed on the basis of consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;
j) the right to complain - if you find that the processing of personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, you can submit a complaint to the body supervising the processing of personal data competent for your habitual residence, place of work or place of committing alleged violation. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
- Data processing period
The period of data processing by the Data controller depends on the type of service provided and the purpose of processing. The period of data processing may also result from provisions when they constitute the basis for processing. In the case of data processing on the basis of the Data controller's legitimate interest, the data is processed for a period enabling the implementation of this interest or to object effectively to data processing. If the processing is based on consent, the data is processed until its withdrawal. When the basis for processing is necessary to conclude and perform the agreement, the data is processed until its termination. The period of data processing may be extended if the processing is necessary to establish or assert claims or defend against claims, and after that period - only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
- Recipients and transfer of data outside the EEA
In connection with conducting operations that require the processing of personal data, personal data may be disclosed to external entities, including in particular suppliers responsible for operating IT systems and analytical tools, entities providing accounting services, postal operators, couriers, marketing agencies, legal advisers.
The Data controller reserves the right to disclose selected information about you to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
The Data controller transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily through:
a) applying binding corporate rules approved by the competent supervisory authority,
b) the use of standard contractual clauses issued by the European Commission,
c) obtaining a certificate of compliance with the Privacy Shield by a third party,
d) the transfer of data to a third country for which the European Commission has determined on the basis of a decision that the third country in question meets an adequate level of protection.
- Automated decision-making
The Data controller will not apply automated decisions to you.
- Final provisions
More information on data processing by the Data controller is available at: https://www.tms.pl/rodo
Date of last modification: 26/07/2021