Your personal data privacy and trust are of crucial importance to us and the success of our business. We collect information about our client, and here we’ll outline the type of information we gather, the reasons we do so and what we do with it. You’ll also be able to see how you can modify any information you entrust to us. Please note that this policy only applies to our website ebhforex.com.
We provide investment services and activities according to art. 6 para 1 and 2 from the Bulgarian Markets in Financial Instruments Act and European Directive 2014/65 on markets in financial instruments (MiFID). This includes the acceptance and transmission of orders in relation to one or more financial instruments, executing orders on behalf of clients and additional services according to art. 6 para 3 from Markets in Financial Instruments Act.
Who we are
European Brokerage House, hereafter EBH, is a Bulgarian company, which has its registered office at Sofia 1303, Bulgaria, Vazrazhdane District, 33 Shar Planina Str., fl. 2, office 8 and is authorised and regulated by the Financial Supervision Commission – the regulatory authority of the Republic of Bulgaria. EBH holds the license No RG-03-0197/20.12.2017, issued by the Financial Supervision Commission, to conduct business in the European Union and the European Economic Area.
More information on the activities of EBH is available at ebhforex.com.
For clients to open and maintain accounts, we obtain, hold and process their personal information. This policy outlines how we manage such information, ensuring we meet our obligations to respect our customers’ privacy and that all such information remains confidential.
EBH is a personal data controller following Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – General Data Protection Regulation (GDPR) and Bulgarian Personal Data Protection Act.
How you can contact EBH
If you have any questions about your privacy rights or if you would like to change your privacy preferences, you can contact us in the following ways:
- By registered mail: Address Sofia 1303, Bulgaria, Vazrazhdane District, 33 Shar Planina Str., fl. 2, office 8;
- By contacting one of our Client support on +359 32571827 or our General queries phone: +359 24374073;
- By email at email@example.com
- By using the Live Chat service on our website, at ebhforex.com
If you do not agree with the response you receive from EBH, you are entitled to complain to the Office of the Data Protection Commission:
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Call centre – tel. +359291-53-518
Reception hall – working hours 9:00 – 17:30
You can visit the Office of the Data Protection Commission for the Republic of Bulgaria’s website at www.cpdp.bg for more details.
How and why we use your personal data
We collect and process personal data subject to the requirements of local and European legislation only. We process your data with a specific reason in focus, and we understand that we cannot use your data without limitation.
We gather and process your personal data for a variety of reasons and rely on a number of different legal bases to use that information. For example, we use your personal data to process your applications, to help administer our services to you, to ensure we provide you with the best service possible, to prevent unauthorised access to your accounts and to meet our legal and regulatory obligations.
1. For fulfilment of a contract or in the context of pre-contractual relations. To enter into and perform a contract for a service.
Before EBH provides you with services, we have to gather some personal data to process your application and to assess the terms upon which we can enter into the contract with you. This includes, for instance, gathering and processing personal information.
To open an account for you, we need to collect information that enables us to establish your identity and the appropriateness of our services to you. To do this, we will request the personal information described below.
The purpose for collecting information is to identify prospective clients and to assess whether the services requested by them are appropriate. We also collect information to provide you with the services you need as per our Client agreement, to administer your accounts with us, to manage and execute your orders or service requests and to fulfil the concluded agreements with you. We use the information you provide to us to identify and/or prevent any unlawful actions or actions inconsistent with our Client agreement, policies and terms and conditions; to process, report and accept any payment – deposits or withdrawals, related with the provided services. In addition, this information helps us fulfil our regulatory requirements in relation to the conclusion of this contract with you.
From time to time, EBH may request further information which will help us to improve the services we provide. Separately, we may also need further information as part of our regulatory obligations to maintain the data.
As part of this process, we may be required to pass some personal information to an intermediary or counterparty (e.g. if you perform a payment transaction, we pass information on the progress of the transaction to the payment provider or banks).
If you choose not to provide some information, this may mean that we cannot provide you with the service you have requested.
We keep the information as up to date as possible and will change any details, such as your address, promptly when you inform us that they have changed.
2. To comply with legal obligations
We are required to process your personal information to comply with certain legal obligations, for example:
- to report and respond to queries raised by and to provide information to regulatory authorities, such as the Bulgarian Financial Supervision Commission, law enforcement and other government agencies such as the Bulgarian Central Bank, the National Revenue Agency in Bulgaria and other authorities;
- for age verification
- for the provision of information to the Data Protection Commission in connection with obligations provided by the legislation on the protection of personal data – Data Protection Act, Regulation (EC) 2016/679 of 27 April 2016 and others;
- to verify the personal data provided to us and meet our legal and compliance obligations, including to prevent money laundering, tax avoidance, financing of terrorism and fraud. For example, we are required to verify your identity, check your activity and transactions and ascertain your money laundering risk profile; To investigate allegations of fraud and prevent fraud by third parties or customers;
- to gather information about our clients’ knowledge and experience, financial capacity, investment objectives and attitude to risk/return in relation to the services offered prior to provide any services;
- to meet obligations provided by the Personal Data Protection Law, the Measures Against Money Laundering Act and its implementing regulations, the Measures Against the Financing of Terrorism Act, the Accountancy Law, the Tax and Social Insurance Procedure Code, the Market in financial instruments Law, the Law on Measures against Market Abuse with Financial Instruments, the Ordinance № 38 of 25 July, 2007 on the requirements to the activities of the investment intermediaries and all the ordinances and regulations of the Financial Supervision Commission, and other related statutory instruments, in relation to the keeping of proper and lawful accounting;
- to provide information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of procedural and other legal acts applicable;
3. Where you have provided consent
In some cases, we process your personal data only upon your prior consent. The consent is a separate reason for processing of your personal data, and the purpose of the processing is specified therein.
If you give us the appropriate consent and until you withdraw it, we use your personal information:
- to make you aware of services which may be of interest to you;
- to provide you with customised offers and personalised customer service;
- to provide ongoing information or opportunities we believe may be of interest to you;
- to review your ongoing needs; to send our newsletters or information about other opportunities we believe will be of interest to you (we will only send this to you if you have indicated that you wish to receive such information);
- to notify users about updates to our website;
- to improve the content of the website;
- to customise the content and/or the layout of the website for each individual user
To be able to do this, we will ask you for your consent. You can at any time withdraw that consent through the contact channels set out in the Section ‘How you can contact EBH’ above.
The information we collect about you and how it is used
The information we collect and hold about you can vary depending on the services you use. This includes personal information which you give to us when you are looking for a service, personal information we collect automatically, for instance, your IP address and the date and time you accessed our services when you visit our website or platform; and personal information we receive from other sources.
A more detailed look at the information we hold about you, including examples of how we use it, is outlined in the following:
Identity & contact information
Name, surname, date of birth, nationality and other information available on your ID, as well as copies of ID. Home address, copies of provided proof of address, contact details, email address and phone number. Tax residency and tax-related information.
We use this type of information to identify you and to help us combat fraud and other illegal activity. Your contact information is needed to manage and administer your accounts, products or services; to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you; and to notify you about either important changes or developments to the features and operation of those products and services. We also use this information to respond to your enquiries and complaints.
Financial details/Risk appetite information
Trading account details, digital account details, bank account details, credit/debit card details, income details, application processing and administration records, your employment status and employment details, investment details, transaction details, financial needs/attitudes, trading experience, information relating to power of attorney arrangements.
Based on a review of the information contained in your client profile, we can, for example, effectively analyse which service might work best for you or which services you may need and offer these to you. We also use your risk appetite to help us determine the suitability of products for investments.
Information to help us better serve your needs
Information gathered from simulations, applications, competition entries etc. Interactions with EBH staff by phone, email or through our digital channels. Your comments and suggestions, past complaints.
We collect this information to analyse, assess and improve our services to customers, and also for training and quality control purposes. For example, we may monitor or record any communications between you and us including telephone calls.
Information made available by another party or in a public domain
Publicly available information including information on your social media profile where it is publicly accessible. Information about you which is obtained from other parties, for example, joint account holders or people appointed to act on your behalf. Information available in public and private databases with regards to anti-money laundering checks.
We sometimes use this type of information to verify that the information we hold in our databases is correct. We also use this information to help us understand our relationship with you and to help us offer you products and services we believe will be of interest to you.
Sensitive categories of data
We may hold information about you which includes sensitive personal data, such as criminal conviction information. We will only hold this data when we need it for the product or services we provide to you, or where we have a legal obligation to do so.
If you have criminal convictions, we may process this information in the context of compliance with our anti-money laundering obligations.
Information which you have consented to us using
Your agreement to allow us to contact you through certain channels to offer you relevant products and services. We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers. We collect information about your internet browser settings or otherwise Internet Protocol (IP) and other relevant information to help us identify your geographic location when providing you with our services.
We use online activity data to provide you with the best possible experience when using our website. We use your internet protocol address to estimate your geographic location, and we use your location to filter certain features available to your country, such as different payment methods. We may also use your location information to develop anonymised analytical models to improve our services. The analysis is never personal, and you will never be identifiable.
EBH shall not be responsible in the event of insufficient parental control that leads to EBH receiving personal data from children under 18. If EBH does receive such personal data, it shall be deleted immediately. EBH does not accept children aged under 18 as clients and does not collect personal data on them.
You can control the personal information you have given to EBH
When your personal data is handled in connection with an EBH service, you are entitled to a number of rights. These rights allow you to exercise meaningful control over the way in which your personal data is processed. You may execute any of these rights free of charge (in certain exceptional circumstances a reasonable fee may be charged, or EBH may refuse to act on the request), and we may ask you to verify your identity prior to proceeding with your instruction by way of requesting additional information/documentation from you. Once we are satisfied that we have effectively verified your identity, we will respond to the majority of requests without undue delay and within a one month period. EBH will action your request to have your personal data corrected within 10 calendar days. These periods may be extended in exceptional circumstances, and we will inform you where the extended period applies to you along with an explanation of the reasons for the extension.
You are entitled to:
Access your personal data
You can access the personal data we hold about you by contacting us with a data access request using the channels outlined in the Section ‘How you can contact EBH’ from above. We will endeavour to provide you with as complete a list of personal data as possible. However, some personal data from backup files, logs and stored records may not be included in that list as this information is not processed by EBH on an ongoing basis and it is not therefore immediately available. For that reason, this personal data may not be communicated to you. However, this personal data remains subject to standard data maintenance procedures and will only be processed and retained in accordance with those procedures.
Correct/ restrict /delete your personal data
If you believe that certain personal data we hold about you is inaccurate or out of date, you can request that the data to be corrected at any time using the channels outlined in the Section ‘How you can contact EBH’ from above, after we have verified the information. If you dispute the accuracy of information held, you can request that we restrict the processing of this information while your complaint is being examined.
If you suspect that we are processing certain information without a legitimate reason, or that we are no longer entitled to use your personal data, you can also ask for that personal data to be deleted.
We are not under obligation to delete your personal data where to do so would prevent us from meeting our contractual obligations to you, or where EBH is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations.
We ask that you keep us informed of any relevant changes in your personal data to enable us to keep the data on our systems up to date and accurate.
Withdraw your consent
Whenever you have provided us with your consent to process your personal data, for example, so that we can contact you about one of our services, you have the right to withdraw that consent at any time through one of the channels identified in the Section ‘How you can contact EBH’ from above. If you withdraw your consent to processing (and if there is no other justification for continuing to process your data), you are also entitled to request that your personal data is deleted. Withdrawing consent does not affect the lawfulness of any processing undertaken by us based on your consent before its withdrawal.
Object to your personal data being used for certain purposes
If you disagree with the way in which we process certain data, you can object to this through one of the channels identified in the Section ‘How you can contact EBH’ from above. In such cases, we will provide you with details regarding the rationale for processing your personal data.
Some operations are automated, with no human intervention, and this may include making decisions based solely on automated processing. For more details see the Section ‘Why and how we use automated algorithms and decision making’ below. If you disagree with the outcome of such an automated decision-making process, you can speak to an EBH member to express your point of view and contest the decision using one of the contact channels identified in the Section ‘How you can contact EBH’ from above.
Request your personal data to be transferred in electronic form
You can (in certain cases) request that your personal data is transferred to you or another service provider so that you can store and reuse your personal data for your own purposes across different services. We will not be in any way accountable or liable for any damage, loss or distress sustained, incurred or suffered by you and/or the designated service provider as a result of improper use of the personal data upon and after receipt from us.
Right to complain
If you believe that we are breaching the applicable legislation, please contact us to clarify the issue. Of course, you have the right to file a complaint with the Personal Data Protection Commission. After 25 May 2018, you will be able to file a complaint with a regulatory body within the EU.
How to exercise your rights
You can exercise the rights outlined above free of charge by contacting us using any of the channels from the Section ‘How you can contact EBH’.
We recommend that you provide as much detail as possible in your correspondence with us so that we can deal with your query promptly and efficiently. You may be asked to provide proof of identification and/ or additional information to validate your identity when making such a request.
Security and Confidentiality
We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. We also take steps to ensure that only persons with appropriate authorisation can access your personal data.
We have in place systems and procedures to prevent unauthorised access, improper modification or disclosure, misuse or loss of information.
Only staff members who are suitably authorised can access your personal data if that data is relevant to the performance of their duties, whether it be in connection with the providing of services or in accordance with legal or regulatory obligations. This may include, for example, staff members working in our Marketing and Sales Department, Finance Department, Customer Support Department, Management Board or customer services representatives.
We use internal technical and organisational measures to protect your personal data from unauthorised access, to maintain data accuracy and to help ensure the appropriate use of your personal data. These security measures include encryption of your personal data, firewalls, intrusion detection systems, physical protection of facilities where your personal data is stored and strong security procedures across all service operations. Your personal data is only accessible by a limited number of people who are required to keep the data confidential. We use strong encryption algorithms for the transmission and storage of your Information.
To ensure the security of information transfer we use SSL certificate with 256-bit encryption to encrypt the information transmitted by or to any visitor through our website.
We will not sell or hire your personal information to third parties for their own use.
Why and how we use automated algorithms and Decision Making
We use automated algorithms and decision making to enable us to deliver decisions within a shorter time frame and to improve the efficiency of our processes and services, with the aim of improving our services.
An example of where we use automated decision making involves assessing your application and your risk appetite, the information you have provided in your application, your trading experience, income, employment details, etc.;
EBH uses this information to apply internal risk assessment rules consistently. This ensures that your application is treated fairly, efficiently and that we believe you are eligible for the services, and you can be fairly classified as an Eligible counterparty, Professional Client or Retail Client, pursuant to the European Directive 2014/65 on markets in financial instruments (MiFID).
A cookie is a small piece of data that a server sends to a visitor’s web browser. It is stored in the user’s device as a simple text file, and the browser sends it back to the server when requested.
Do we share your personal information?
EBH sometimes shares your personal data with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we use third-party service providers for security or technical issues. We go into more detail below about the reasons we share personal information with third parties.
We provide your personal information to third parties, and our primary purpose is to offer you qualitative, fast and comprehensive service by taking care of the services we offer to meet your expectations. We do not provide your personal data to third parties before we are sure that all technical and organisational measures have been taken to protect this data as we do strict control to meet this goal. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (personal data controllers):
- When we engage the services of solicitors, lawyers, auditors, valuers and other consultants to act on our behalf, or persons performing consultant services in different fields;
- When we work with persons you have instructed to represent you, or any other person you have informed us is authorised to give instructions or to use the account or services on your behalf (such as under a power of attorney);
- When we engage the services of our banks and payment providers or other partners, or when we use specialist third parties such as liquidity providers, Borica Bankservice AD, VISA and MasterCard to help us process your payments;
- When we are required to cooperate, by law or otherwise, through a legal process with Bulgarian and EU regulatory and enforcement bodies such as the Bulgarian Financial Supervision Commission, the Bulgarian Central Bank, the National Revenue Agency in Bulgaria, the courts, fraud prevention agencies or other bodies. We are also required to report personal and account information to Trade Repositories (TR) and Approved Reporting Mechanisms (ARM) pursuant to European Directive 2014/65 on markets in financial instruments (MiFID);
- We work with software that enables EBH to identify and analyse your user behaviour on our website, for example, Google Analytics.
- To postal operators regarding the sending of items containing contracts, agreements and other documents and the need to verify your identity when they are delivered;
- To entities that provide equipment, software and hardware used for the processing of personal data and that are needed to build the company’s network to perform various services of accounting, payment of services and products, technical support, etc.;
- To persons providing service support to terminal equipment;
- To authorities, institutions and individuals to which we are required to provide personal data under the applicable legislation;
- To providers of electronic authentication services where a document related to the provision of a product or service is signed with a digital signature;
- To banks for servicing payments ordered by you;
- To security companies holding a license to perform security activities in connection with the provision of the access regime in the sites;
- To persons providing services of organising, storing, indexing and destruction of archives in hard and/or electronic copies.
We sometimes may need to share information with organisations which are located or who otherwise undertake processing outside the European Economic Area (EEA). We will, however, only transfer personal data to a country or territory outside of the EEA if that country provides an adequate level of protection for personal data. That level of protection will be as set down by the European Commission. We may transfer your information under a legally binding agreement which covers the EU requirements for the transfer of personal data to data processors outside of the EEA.
We may disclose personal data relating to our customers to any third party in the event of a sale, transfer, assignment, disposal (or potential sale, transfer, assignment or disposal), merger, liquidation, receivership, of all, or substantially all or any part of the enterprise or the assets of EBH.
How long will we retain your personal information?
How long certain personal information is stored depends on the nature of the information we hold and the purposes for which they are processed. As a rule, we stop using your personal data for the purposes of the contractual relationship after the termination of the contract with you, but we do not delete the data immediately.
EBH determines appropriate retention periods as having regard to any statutory obligations imposed on us by law. For example, we are required to retain some customer information for 5 years after the end of the customer relationship in accordance to art. 8 from the Measures Against Money Laundering Act and art. 97, para. 2 from the Market in Financial Instruments Law. According to art. 12 of Accountancy Law, we are obliged to keep some information, related to our accounting for 50, 10 or 3 years.
You should note that we will not delete or anonymise your personal data if it is necessary for pending court, administrative proceedings or proceedings related to your complaint to us.
If the purpose for which the information was obtained has ceased and the personal data is no longer required, the personal data will be deleted or anonymised which means that your personal data is stripped of all possible identifying characteristics. EBH has put in place procedures to ensure that files are regularly purged and that personal information is not retained any longer than is necessary.
We keep this policy under regular review and from time to time will look to amend it to reflect changes to the way in which we are processing personal information. The most recent version will always be available on our website ebhforex.com.
The rights in points 4, 5 and 6 from the Section ‘You can control the personal information you have given to EBH’ will be applicable after 25 May 2018.