PRIVACY AND COOKIES POLICY

Contents

1. Introduction
2. General
3. Personal Information
4. General requirements for Data processing
5. Rights of the Data subject
6. Data collected in databases
7. Sources/Means of data collection
8. Cookies
9. Tracking systems
10. Security
11. Legal Disclaimer
12. Amendment/Review
13. Governing Law
14. Consent

1. Introduction
Full Trading Ltd (hereinafter, the “Company”) is incorporated in Bulgaria under registration number 204014063. The Company is registered at London Stock Exchange under LEI number 21380056T2HK47T29G05. The Company operates under the under the Law of the Republic of Bulgaria.

2. General
The Company shall not disclose to a third party, any of its Clients’ confidential information unless required to do so by a regulatory authority of a competent jurisdiction; such disclosure shall occur on a ‘need-to-know’ basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company shall expressly inform the third party regarding the confidential nature of the information. Any personal information is treated as confidential and may be shared only within the Company, by its employees and affiliates for business purposes, as permitted by the applicable law. The information may be disclosed to third parties, such as the Company Partners and Affiliates for business purposes only, such as, but not limited to, servicing Client accounts and informing Clients about new products and services. Information may also be provided to non-affiliated companies, providing professional, legal, and accounting services. Non-affiliated companies that assist the Company in providing services to you are required to maintain the confidentiality of such information and to use your personal information only in the course of providing such services for the purposes that the Company dictates and within the ambit of the applicable law. The Company will not sell or give away any information provided. The Company will use various security measures, of electronic nature, such as encryption, firewalls, etc., and of physical nature, such as restricting access to several departments and hard copy files, to protect your information from unauthorized users. The policy sets out the procedures and methods used by the Company to collect, process, use, manage and store personal information from its visitors, potential and active clients through the Company’s website. The Company cannot guarantee that its Company Partners, Affiliates, and Business Introducers will maintain the privacy of your information to the same extent the Company does, in accordance with the policy. The Company shall be responsible only for information that it retains itself and cannot be held liable for information that has been disseminated to any third parties. The policy forms part of the Client’s agreement, (the «Terms and Conditions») with the Company, thus the Client is also bound by the terms of this policy, as set out herein.

3. Personal Information
By providing your personal details to us, the client accepts to receive information, newsletters, current company offers, or for any other business relationship, via emails from the company to their registered email address, unless they explicitly opt out from receiving this information through registration, if they are new and potential clients or via e-mail, if they are existing clients. The personal Data collected, processed and stored by the Company may include, but not limited to:

a. Personal information the Clients provide on their applications and other form, such as name, residential address, date of birth, passport or identification number, telephone number, email address, occupation and payment information;
b. Personal information related to identity checks or authentication of information, including checks performed via credit or other reference agencies that may retain information, for fraud, money-laundering, terrorist financing or related crime prevention.
c. Financial information such as income, assets, financial investment experience, and other information that aids to the creation of his economic profile;
d. Documents provided by the Clients to enable the Company to verify the Clients’ identity, such as
passport or in certain situations the Clients’ company’s incorporation documents. The Company is obliged to keep the Clients’ personal data on record for a period of five (5) years which is calculated after the termination of the business relationship of the Clients.

4. General Requirements for Data processing
a. Data processing means collection, recording, arrangement, storage, alteration, disclosing, consultation, extraction, use, transmission, cross-use transferring or granting access to third parties, interconnecting, closure, deletion or destruction of data, or several of the aforementioned operations, regardless of the manner in which they are performed or the means used.
b. The Company shall compile a list and documentation of means used in data processing and shall keep records of data processing. The list of means used in data processing shall include the name, type and number of the equipment and the name of the manufacturer of the equipment; the name and number of the license of the software used and the name of the software manufacturer; the location of the documentation of the software used
c. Persons engaged in the processing of data shall process data only for authorized purposes under the established conditions and according to the instructions and orders received, and they shall maintain the confidentiality of data which has become known to them in the course of performance of their duties and which are not intended for public or any other unauthorized use. Such confidentiality requirement continues after termination of the employment or service relationship with the Company. Strict confidentiality rules are enforced to all Company employees.
d. Unauthorized processing of data (including recording, alteration, deletion, reading, copying, transmission), unauthorized transportation of records and any other unauthorized use of data (not prescribed by official duties) shall be prohibited.
e. The Company shall implement adequate and sufficient measures to ensure that every data processing operation leaves a trace, which would afterwards enable identification of the person who performed the operation, the nature and time of the operation and any other relevant facts, including when, by whom and which data were recorded, altered or deleted, or when, by whom and which data in the data processing system were accessed, as well as information on any transmissions of data. A possibility for restoring the content of data before modifications shall be available when any modifications are made in data or documents.
f. Every user of database shall be issued personal means of authentication, enabling them to use the database. The access password for electronic databases shall be changed at least once a quarter. The use of any means of automatic entry of passwords shall be prohibited. A user of the data processing system shall not have access to data, which are not required for authorized data processing and the performance of duties of that particular user
g. Adequate security measures, including encryption of data if necessary, shall be implemented upon transmission of data by means of data communication equipment or in the transport of records.
h. The manager or an employee of the Company shall rely on justified expectation that data submitted by persons who submit data are correct. The manager or an employee of The Company shall, from time to time, verify the accuracy of data in the database(s) by requesting the data subject to check the data and, if necessary, make corrections or confirm the accuracy of data.
i. Any incomplete or incorrect data known to the manager or an employee of the Company shall be closed and any necessary measures shall be taken promptly to supplement and correct the data in question. Upon a request of a data subject, the manager or an employee of The Company shall correct any incorrect data on the data subject in the database if the data subject notifies the manager or employee of the Company of the inaccuracy of the data on the data subject and submits correct data; the incorrect data shall be stored with the correct data and with a note indicating in which period the incorrect data were used.
j. If the accuracy of data is in dispute, the data in questions shall be closed until confirmation of accuracy of the data or determination of correct data. Third persons who provided or received the data shall be promptly notified of any corrections made in data if it is technically feasible and does not lead to disproportionate expenses.
k. Automatic decisions of the data processing system, without participation of the data subject, shall be permitted only on the conditions and pursuant to procedures specified by law.

5. Rights of the Data subject
a. The data subject shall have the right to withdraw at any time the consent for the processing of personal data, in which case the Company shall cease processing the data to the corresponding extent. However, without providing the information requested in the application for, the Company may not be able to open an account for you, or to provide you with any other services, information or assistance you have requested.
b. Every person has the right to access data concerning themselves, which are collected in databases, unless this right is restricted by law. Decisions on granting or withholding authorizations for access to data and issuing copies of data shall be made by the executive manager of the Company.
c. Upon request of the data subject, the Company shall notify the data subject of the data, which is available on the data subject in the database, and the sources of such data, the purpose of data processing and any third parties or categories of third parties that have receive authorization for data transmission, as well as any other facts of which the owner (processor) of the database is required to notify the data subject, unless the right of the data subject to receive information is restricted by law. The data shall be issued by using the method requested by the data subject, if possible, within five business days from the receipt of the respective request.
d. In the cases specified by law, data shall be released to third parties with a statutory right to request and receive such data. In all other cases, data shall be released to third parties only if the data subject has granted a respective consent.
e. Authorized persons may review, on site in the Company, the documents on the establishment of databases and any other documents pertaining to the databases.

6. Data collected in databases
a. The Company may collect in databases any publicly available data or any data voluntarily submitted by data subjects. Only data necessary for the provision of service to the clients and/or for the performance of operations, may be requested from the clients.
b. The Company shall collect and process the clients’ data to the extent, which is necessary for the achievement of specified objectives (provision of services), and in a manner, which is designed for the specific purpose. Unnecessary data shall be deleted or destroyed at once. Use of data in any other manner than previously agreed is permitted only with a respective consent of the data subject or on the conditions specified by law.
c. The managers and employees of the Company shall register and preserve the data and documents associated with the provision of services, including:
i. documents, which specify the rights and obligations of the Company and the clients, or the conditions of provision of service by the Company to the clients;
ii. details of provided services and transactions and any communications between the clients and the Company to the extent, which ensures an overview of the actions of the Company in the provision of services.
iii. documents related to client identification or payment.
d. The managers and employees of the Company shall register and preserve the data on the decisions pertaining to the business and management of the Company, and preserve the internal procedure rules of the Company.
e. A person appointed by the Management Board of the Company shall keep records of the documents of the Company and shall organize preservation and archival of such documentation according to the conditions and pursuant to procedures specified by law and internal procedure rules (including periods of preservation).
f. The Company shall preserve data for at least five (5) years, unless other terms for the preservation of data or documents are prescribed by law, and the internal regulations of the Company or the decisions of the managing bodies of the Company.
g. Client agreements and/or conditions of the provision of service by the Company to the clients shall be preserved for at least as long as the contractual or other legal relationship connected to the provision of investment services or ancillary investment services to the Client continues, unless a longer term is specified by law.

7. Sources/Means of data collection
In order for Full Trading to be in the position to offer its services, it is of outmost importance to collect client information through a variety of different sources, including, amongst others, the website and relevant forms, the Customer Relationship Manager System (CRM), over the telephone, e-mail, Company employees, third party processors or third party service providers.

8. Cookies
When using the Company’s Website, we may use cookies to collect information. A cookie is a small data file that is stored on the Clients’ computer, for the purpose of making it easier for them to navigate the Website by for example; remembering their IDs, passwords and viewing preferences, thus allowing them to visit member-only areas of the Website without logging in again. The Clients can set their web browser to inform them when cookies are enabled, or to disable cookies. If the Clients do not wish to receive cookies, most web browsers will permit them to decline/disable cookies and in most cases will still allow them complete access to our Site.

9. Tracking Systems
Tracking systems used on the Company’s Website(s) may collect data detailing the pages you have accessed, how you discovered this site, the frequency of visits etc; this information is obtained in order to improve the content of the Company’s website and may also be used to contact the Clients, through any appropriate means and providing the Clients with any information the Company believes to be useful to them.

10. Security
The privacy and confidentiality of the Clients personal information is of fundamental importance to the Company. The Company takes all appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data and personal information. The Company restrict access to personal information to employees who need to know the specific information in order to operate, develop or improve our services. These individuals are bound by confidentiality and will be subject to penalties if they fail to meet these obligations.

11. Legal Disclaimer
The Company reserves the right to disclose the Clients’ personally identifiable information as required by rules and regulations and when the Company believes that disclosure is necessary to protect their rights and/or to comply with a judicial proceeding, court order, or legal process served. The Company will not be liable for misuse or loss of personal information resulting from cookies on the Company’s Website(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorized use of your personal information due to misuse or misplacement of your passwords, negligent or malicious.

12. Amendment/Review
The Company will not be obliged to notify its Clients individually of changes, other than substantial material changes to the policy. Thus, the Clients should refer to the Company’s website for the latest and most up to date version of the Policy, which will be applicable from the date of publication on the web.

13. Governing Law
For any issues not specifically addressed within the Present Policy, the Laws of the Republic of Bulgaria will apply.

14. Consent
By continuing to use our website and our services, you are agreeing to the collection, process, use and storage of your personal data.